From 26e27c7f77b35367b7fa848314749a66951bbb99 Mon Sep 17 00:00:00 2001 From: JPryce-Aklundh Date: Thu, 17 Nov 2022 15:02:08 +0100 Subject: [PATCH 001/876] draft on locks/deadlocks page --- modules/ROOT/content-nav.adoc | 1 + modules/ROOT/pages/performance/index.adoc | 1 + .../pages/performance/locks-deadlocks.adoc | 54 +++++++++++++++++++ 3 files changed, 56 insertions(+) create mode 100644 modules/ROOT/pages/performance/locks-deadlocks.adoc diff --git a/modules/ROOT/content-nav.adoc b/modules/ROOT/content-nav.adoc index 333f61c42..d7c214735 100644 --- a/modules/ROOT/content-nav.adoc +++ b/modules/ROOT/content-nav.adoc @@ -132,6 +132,7 @@ ** xref:performance/gc-tuning.adoc[] ** xref:performance/bolt-thread-pool-configuration.adoc[] ** xref:performance/linux-file-system-tuning.adoc[] +** xref:performance/locks-deadlocks.adoc[] ** xref:performance/disks-ram-and-other-tips.adoc[] ** xref:performance/statistics-execution-plans.adoc[] ** xref:performance/space-reuse.adoc[] diff --git a/modules/ROOT/pages/performance/index.adoc b/modules/ROOT/pages/performance/index.adoc index efe2c6cd2..e1c1b6eeb 100644 --- a/modules/ROOT/pages/performance/index.adoc +++ b/modules/ROOT/pages/performance/index.adoc @@ -10,6 +10,7 @@ The following topics are covered: * xref:performance/gc-tuning.adoc[Garbage collector] -- How to configure the Java Virtual Machine's garbage collector. * xref:performance/bolt-thread-pool-configuration.adoc[Bolt thread pool configuration] -- How to configure the Bolt thread pool. * xref:performance/linux-file-system-tuning.adoc[Linux file system tuning] -- How to configure the Linux file system. +* xref:performance/locks-deadlocks.adoc[Linux file system tuning] -- Information about locks and deadlocks in Neo4j. * xref:performance/disks-ram-and-other-tips.adoc[Disks, RAM and other tips] -- Disks, RAM and other tips. * xref:performance/statistics-execution-plans.adoc[Statistics and execution plans] -- How schema statistics and execution plans affect Cypher query performance. * xref:performance/space-reuse.adoc[Space reuse] -- Data deletion and storage space reuse. diff --git a/modules/ROOT/pages/performance/locks-deadlocks.adoc b/modules/ROOT/pages/performance/locks-deadlocks.adoc new file mode 100644 index 000000000..6ac7775fd --- /dev/null +++ b/modules/ROOT/pages/performance/locks-deadlocks.adoc @@ -0,0 +1,54 @@ += Locks and deadlocks +:description: This page discusses how locks are used in Neo4j, and strategies to avoid deadlocks. + +Neo4j is fully https://neo4j.com/docs/java-reference/current/transaction-management/[ACID compliant]. +This means that all database operations which access graphs, indexes or schemas must be performed in a transaction. +When a transaction occurs, Neo4j takes locks to prevent data corruption. + +== Locks + +Locks are taken automatically by the queries that users run. +They ensure that a node/relationship is locked to one particular transaction until that transaction is completed. +For example: a lock on a node by one transaction will prevent additional transactions which seek to simultaneously modify the same node. +As such, locks prevent concurrent modifications of shared resources between transactions. + +Locks are used in Neo4j to ensure data consistency and isolation levels. +They not only protect logical entities (such as nodes and relationships), but also the integrity of internal data structures. + +The default isolation is read-committed isolation level. +It is, however, possible to manually acquire write locks on nodes and relationships. +For more information on how to manually acquire write locks, see https://neo4j.com/docs/java-reference/current/transaction-management/#transactions-isolation[Neo4j's Java-reference manual on transaction management] + +== Lock contention + +Lock contention may arise if an application needs to perform updates on the same nodes/relationships. +In such a scenario, transactions must wait for locks to be released in order to be completed. +In general, the more nodes/relationships a graph has, the more likely it is that transactions will have to wait for a lock to be released in order to perform an update. + +== Locks in practice + +When creating or deleting relationships in Neo4j, nodes are not exclusively locked during a transaction. +Rather, internally shared locks prevent the deletion of nodes, and shared degree locks are acquired for synchronizing with concurrent label changes for those nodes (to ensure correct count updates). + +At commit time, relationships are inserted into their relationship chains at places that are currently uncontested (i.e. not currently modified by another transaction), and the surrounding relationships are exclusively locked. + +In other words, relationship modifications acquires coarse-grained shared node locks when doing the operation in the transaction, and then acquires precise exclusive relationship locks during commit. + +The locking is very similar for sparse and dense nodes. The biggest contention for sparse nodes is the update of the degree (i.e. number of relationships) for the node. +Dense nodes store this data in a concurrent data structure, and so can avoid exclusive node locks in almost all cases for relationship modifications. + +== Deadlocks + +When multiple locks are taken by concurrent operations, a scenario may arise where none of the transactions can proceed. +This is called a deadlock. +For example, given two specific nodes (A and B), adding or deleting relationships to both of these nodes in a random order for each transaction, will result in deadlocks when there are are two or more transactions doing it concurrently. + +Neo4j assists transactions by internally sorting operations. That said, deadlocks can happen regardless. + +When Neo4j detects a deadlock, the transaction is aborted (with the transient error message code `Neo.TransientError.Transaction.DeadlockDetected`). + +Most likely, a deadlock will be resolved by retrying the transaction. + +To avoid deadlocks, it is recommended that updates occur in the same order (first A, then B). Another option is to avoid lock contention by not modifying the same entities at the same time concurrently. + +For more on deadlocks and their resolution, see https://neo4j.com/docs/java-reference/5/transaction-management/#transactions-deadlocks[Neo4j's Java-reference manual on transaction management]. \ No newline at end of file From a33cef8fccf9f2b8afa83f0791ab491c3369cce5 Mon Sep 17 00:00:00 2001 From: JPryce-Aklundh Date: Thu, 17 Nov 2022 15:05:52 +0100 Subject: [PATCH 002/876] update --- modules/ROOT/pages/performance/index.adoc | 2 +- modules/ROOT/pages/performance/locks-deadlocks.adoc | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/pages/performance/index.adoc b/modules/ROOT/pages/performance/index.adoc index e1c1b6eeb..52ab598aa 100644 --- a/modules/ROOT/pages/performance/index.adoc +++ b/modules/ROOT/pages/performance/index.adoc @@ -10,7 +10,7 @@ The following topics are covered: * xref:performance/gc-tuning.adoc[Garbage collector] -- How to configure the Java Virtual Machine's garbage collector. * xref:performance/bolt-thread-pool-configuration.adoc[Bolt thread pool configuration] -- How to configure the Bolt thread pool. * xref:performance/linux-file-system-tuning.adoc[Linux file system tuning] -- How to configure the Linux file system. -* xref:performance/locks-deadlocks.adoc[Linux file system tuning] -- Information about locks and deadlocks in Neo4j. +* xref:performance/locks-deadlocks.adoc[Locks and deadlocks] -- Information about locks and deadlocks in Neo4j. * xref:performance/disks-ram-and-other-tips.adoc[Disks, RAM and other tips] -- Disks, RAM and other tips. * xref:performance/statistics-execution-plans.adoc[Statistics and execution plans] -- How schema statistics and execution plans affect Cypher query performance. * xref:performance/space-reuse.adoc[Space reuse] -- Data deletion and storage space reuse. diff --git a/modules/ROOT/pages/performance/locks-deadlocks.adoc b/modules/ROOT/pages/performance/locks-deadlocks.adoc index 6ac7775fd..d1743040e 100644 --- a/modules/ROOT/pages/performance/locks-deadlocks.adoc +++ b/modules/ROOT/pages/performance/locks-deadlocks.adoc @@ -17,7 +17,7 @@ They not only protect logical entities (such as nodes and relationships), but al The default isolation is read-committed isolation level. It is, however, possible to manually acquire write locks on nodes and relationships. -For more information on how to manually acquire write locks, see https://neo4j.com/docs/java-reference/current/transaction-management/#transactions-isolation[Neo4j's Java-reference manual on transaction management] +For more information on how to manually acquire write locks, see https://neo4j.com/docs/java-reference/current/transaction-management/#transactions-isolation[Neo4j's Java-reference manual on transaction management]. == Lock contention @@ -51,4 +51,4 @@ Most likely, a deadlock will be resolved by retrying the transaction. To avoid deadlocks, it is recommended that updates occur in the same order (first A, then B). Another option is to avoid lock contention by not modifying the same entities at the same time concurrently. -For more on deadlocks and their resolution, see https://neo4j.com/docs/java-reference/5/transaction-management/#transactions-deadlocks[Neo4j's Java-reference manual on transaction management]. \ No newline at end of file +For information about deadlocks, see https://neo4j.com/docs/java-reference/5/transaction-management/#transactions-deadlocks[Neo4j's Java-reference manual on transaction management]. \ No newline at end of file From 3bb4b42c01b43876fb692b8e89f43afe68c4c909 Mon Sep 17 00:00:00 2001 From: Neil Dewhurst Date: Mon, 21 Nov 2022 16:13:14 +0000 Subject: [PATCH 003/876] Update antora.yml --- antora.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/antora.yml b/antora.yml index 22f773682..2fd253cf9 100644 --- a/antora.yml +++ b/antora.yml @@ -7,7 +7,7 @@ nav: asciidoc: attributes: neo4j-version: '5' - neo4j-version-minor: '5.1' - neo4j-version-exact: '5.1.0' - neo4j-buildnumber: '5.1' - neo4j-debian-package-version: '1:5.1.0@' + neo4j-version-minor: '5.3' + neo4j-version-exact: '5.3.0' + neo4j-buildnumber: '5.3' + neo4j-debian-package-version: '1:5.3.0@' From 6f996eb7fc90c236cb244738e0c99c8a82c95d8e Mon Sep 17 00:00:00 2001 From: Neil Dewhurst Date: Mon, 21 Nov 2022 18:13:43 +0000 Subject: [PATCH 004/876] Update publish.yml --- publish.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/publish.yml b/publish.yml index e9aa0ea63..08121f3e1 100644 --- a/publish.yml +++ b/publish.yml @@ -7,7 +7,7 @@ site: content: sources: - url: https://github.com/neo4j/docs-operations.git - branches: ['3.5', '4.0', '4.1', '4.2', '4.3', '4.4', '5.0'] + branches: ['3.5', '4.0', '4.1', '4.2', '4.3', '4.4', 'dev'] exclude: - '!**/_includes/*' - '!**/readme.adoc' @@ -56,4 +56,4 @@ asciidoc: '0': "\\{0}" neo4j-base-uri: '' neo4j-docs-base-uri: /docs - neo4j-download-center-uri: /download-center \ No newline at end of file + neo4j-download-center-uri: /download-center From 0b6aadcfc41a60dd702a81658eebd1f35ba6b6cf Mon Sep 17 00:00:00 2001 From: Neil Dewhurst Date: Mon, 21 Nov 2022 18:16:27 +0000 Subject: [PATCH 005/876] Update README.adoc --- README.adoc | 77 ----------------------------------------------------- 1 file changed, 77 deletions(-) diff --git a/README.adoc b/README.adoc index 18d012070..fe344139d 100644 --- a/README.adoc +++ b/README.adoc @@ -35,80 +35,3 @@ When you run `npm start`, the project is monitored for updates to asciidoc files If a change to an asciidoc file is detected the site is automatically rebuilt. -== Generating asciidoc source files - -If you are creating new documentation from scratch, creating all the asciidoc files can be time-consuming. -This repo contains a script that you can use to save time by generating skeleton asciidoc files from your navigation. - -To use the script, first create your navigation file, or files if your doc set has more than one component. To use the script, all navigation files should have the filename `content-nav.adoc`. -Then, to create the asciidoc source files, run `npm run adoc-gen`. - -For every file that is included as a list item entry in a `content-nav.adoc` file, an asciidoc file is created in the location specified. -For example, if _modules/ROOT/content-nav.adoc_ includes `+++* xref:installation/introduction.adoc[]+++`, a file is created at _modules/ROOT/pages/installation/introduction.adoc_. - -The file contents consist of a comment to indicate that the file was generated by the script, and a top level title element. -If title text is specified in the entry in the navigation file, that value will be used for the title in the generated file. -If no title text is specified, the default title text is taken from the filename, formatted with sentence capitalization. - -== Configuring your project - -You'll need to update the following for your project - -=== antora.yml - -- `name:` - replace `docs-template` with the name of the project as it will appear in the URL https://neo4j.com/docs/`, for example 'getting-started', 'cypher-manual'. -- `title:` - the title of the manual, for example Getting Started Guide, Cypher Manual. This value is displayed in the breadcrumbs above each page. -- `version:` - the version of the content that is generated from the branch containing this `antora.yml` file. - -Optionally, you can add the following attributes: - -- `display_version:` - Use this attribute when you want the version that is displayed in your content and in the UI to be different from the version that appears in the URL. For example, you might want to use _/2.0/_ in URLs, but display the version as `2.0-beta` in the version selector drop-down. -- `prerelease:` - if you publish multiple versions of this project, you can mark a version as being a prerelease, by adding `prerelease: true`. The content is published alongside the other versions, but does not appear in the drop-down version selector, and is not included when Antora is calculating the default (or 'latest') version in order to resolve links between pages. For more information, see link:https://docs.antora.org/antora/latest/component-prerelease/[Antora // Docs -> Identify a Prerelease Version] - -=== preview.yml - -Antora uses a link:https://docs.antora.org/antora/latest/playbook/[playbook] to determine what content is included in a site, and the appearance of that content. - -In our projects, we use `preview.yml` as the default playbook name. - -Update the `start_page` attribute to match the value of the `name` attribute in your `antora.yml` file. - ----- -site: - start_page: docs-template:ROOT:index.adoc ----- - -Update the information for the sitemap extension: - ----- -antora: - extensions: - - require: "@neo4j-antora/antora-modify-sitemaps" - sitemap_version: '1.0' - sitemap_loc_version: 'current' - move_sitemaps_to_components: true ----- - -The link:https://www.npmjs.com/package/@neo4j-antora/antora-modify-sitemaps[`antora-modify-sitemaps`] Antora extension generates sitemaps for Neo4j docs that include information about the current release only, and makes sure those sitemaps are included in the right output folder when the HTML is built. -In this example, a sitemap file would be generated at _build/site/docs-template/1.0/sitemap.xml_. -Change the value of `sitemap_version` to the 'current' release version of your project. -For example, Neo4j manuals such as the Getting Started Guide or Cypher Manual use 4.4 as their current version, so for those manuals this is set as `sitemap_version: '4.4`. - -=== [Optional] Add an 'Edit this page' link - -If your repo is public, you can add an `Edit this page` link to your pages to encourage external contributors, and to provide a quick way for users to suggest changes. - -Update the following attribute in your playbook: - ----- -asciidoc: - attributes: - page-origin-private: false ----- - -=== [Optional] Add a 'preview' note to each page - -When we publish preview content to either development or production environments, we prepend an admonition to every page to make it clear that this is preview content, for example, as in link:https://neo4j.com/docs/graph-data-science/2.0-preview/[Graph Data Science 2.0-preview]. - -You can use the link:https://www.npmjs.com/package/@neo4j-antora/antora-add-notes[antora-add-notes] extension to add content to your pages. -Follow the Usage instructions in the package documentation. From a23b8671e3f5544b7a91b93e453db5aaf94adb07 Mon Sep 17 00:00:00 2001 From: lidiazuin <102308961+lidiazuin@users.noreply.github.com> Date: Tue, 22 Nov 2022 10:59:14 +0100 Subject: [PATCH 006/876] Fixing windows command updated to 5.0 (#154) https://github.com/neo4j/docs-operations/pull/152 with fixed conflicts Copied from manual modeling https://github.com/neo-technology/neo4j-manual-modeling/pull/3350 --- modules/ROOT/pages/installation/windows.adoc | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/modules/ROOT/pages/installation/windows.adoc b/modules/ROOT/pages/installation/windows.adoc index 6aa844f68..1c455773c 100644 --- a/modules/ROOT/pages/installation/windows.adoc +++ b/modules/ROOT/pages/installation/windows.adoc @@ -20,7 +20,7 @@ Select the appropriate ZIP distribution. . Place the extracted files in a permanent home on your server, for example `D:\neo4j\`. The top level directory is referred to as NEO4J_HOME. .. To run Neo4j as a console application, use: `\bin\neo4j console`. -.. To install Neo4j as a service use: `\bin\neo4j install-service`. +.. To install Neo4j as a service use: `\bin\neo4j windows-service install`. .. For additional commands and to learn about the Windows PowerShell module included in the Zip file, see xref:installation/windows.adoc#powershell[Windows PowerShell module]. . Visit http://localhost:7474 in your web browser. . Connect using the username 'neo4j' with default password 'neo4j'. @@ -32,13 +32,13 @@ You'll then be prompted to change the password. == Windows service Neo4j can also be run as a Windows service. -Install the service with `bin\neo4j install-service`, and start it with `bin\neo4j start`. +Install the service with `bin\neo4j windows-service install`, and start it with `bin\neo4j start`. -The available commands for `bin\neo4j` are: `help`, `start`, `stop`, `restart`, `status`, `install-service`, `uninstall-service`, and `update-service`. +The available commands for `bin\neo4j` are: `version`, `help`, `console`, `start`, `stop`, `restart`, `status`, and `windows-service`. [NOTE] ==== -When installing a new release of Neo4j, you must first run `bin\neo4j uninstall-service` on any previously installed versions. +When installing a new release of Neo4j, you must first run `bin\neo4j windows-service uninstall` on any previously installed versions. ==== [[windows-update-service]] @@ -49,6 +49,7 @@ Changes to these options after the service is installed will not take effect unt For example, changing the setting `server.memory.heap.initial_size` in xref:configuration/file-locations.adoc[_neo4j.conf_] will not take effect until the service is updated and restarted. To update the service, run `bin\neo4j update-service`. Then restart the service to run it with the new configuration. +To update the service, run `bin\neo4j windows-service update`. The same applies to the path to where Java is installed on the system. If the path changes, for example when upgrading to a new version of Java, it is necessary to run the `update-service` command and restart the service. @@ -59,7 +60,7 @@ Then the new Java location will be used by the service. . Install service + ---- -bin\neo4j install-service +bin\neo4j windows-service install ---- . Change memory configuration @@ -72,7 +73,7 @@ echo server.memory.heap.initial_size=16g >> conf\neo4j.conf . Update service + ---- -bin\neo4j update-service +bin\neo4j windows-service update ---- . Restart service From 1696873503cb9a9a97724034486620051ec5c914 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Tue, 22 Nov 2022 12:02:50 +0200 Subject: [PATCH 007/876] Helm charts 5.x feedback (#155) --- .../quickstart-cluster/create-value-file.adoc | 8 ++- .../quickstart-cluster/prerequisites.adoc | 49 ++++++++++--------- .../quickstart-cluster/uninstall-cleanup.adoc | 32 ++++++++++++ .../create-value-file.adoc | 9 ++-- .../quickstart-standalone/prerequisites.adoc | 30 ++++++++++-- .../uninstall-cleanup.adoc | 34 ++++++++++++- .../verify-installation.adoc | 2 +- 7 files changed, 125 insertions(+), 39 deletions(-) diff --git a/modules/ROOT/pages/kubernetes/quickstart-cluster/create-value-file.adoc b/modules/ROOT/pages/kubernetes/quickstart-cluster/create-value-file.adoc index a5f942084..be084e80a 100644 --- a/modules/ROOT/pages/kubernetes/quickstart-cluster/create-value-file.adoc +++ b/modules/ROOT/pages/kubernetes/quickstart-cluster/create-value-file.adoc @@ -119,11 +119,9 @@ neo4j: volumes: data: mode: "dynamic" - volume: - dynamic: - # gp2 is a general-purpose SSD volume - # gp3 is a high-performance SSD volume (Recommended but requires the EBS CSI driver to be installed in the cluster.) - storageClassName: gp2 + dynamic: + # gp2 is a general-purpose SSD volume + storageClassName: gp2 ---- ====== diff --git a/modules/ROOT/pages/kubernetes/quickstart-cluster/prerequisites.adoc b/modules/ROOT/pages/kubernetes/quickstart-cluster/prerequisites.adoc index 53884e479..166da39ea 100644 --- a/modules/ROOT/pages/kubernetes/quickstart-cluster/prerequisites.adoc +++ b/modules/ROOT/pages/kubernetes/quickstart-cluster/prerequisites.adoc @@ -78,7 +78,6 @@ Make sure you complete the AWS configuration step (https://docs.aws.amazon.com/c [source, shell] ---- export AWS_DEFAULT_REGION="eu-west-1" -export AWS_AVAILABILITY_ZONE="eu-west-1c" ---- . If you do not have an AWS Elastic Kubernetes Service (EKS) cluster, you can create a multi-node cluster (one node per Neo4j instance) using the following command: + @@ -95,32 +94,36 @@ ssh-keygen -t rsa -C "your-name@example.com" + [source, shell] ---- -eksctl create cluster -f <(echo " -apiVersion: eksctl.io/v1alpha5 -kind: ClusterConfig -metadata: - name: my-neo4j-eks-cluster - region: ${AWS_DEFAULT_REGION} -managedNodeGroups: - - name: neo4j-nodes - availabilityZones: - - "${AWS_AVAILABILITY_ZONE}" - minSize: 1 - maxSize: 4 - instanceType: c4.xlarge - desiredCapacity: 4 - volumeSize: 10 - ssh: - allow: true -iam: - withOIDC: true -") +eksctl create cluster --name "my-neo4j-eks-cluster" --region "${AWS_DEFAULT_REGION}" --nodegroup-name "neo4j-nodes" --nodes-min 1 --nodes-max 4 --node-type c4.xlarge --nodes 4 --node-volume-size 10 --ssh-access --with-oidc +---- +. Create an IAM role (e.g., `AmazonEKS_EBS_CSI_DriverRole`) and attach the required AWS-managed policy to it (e.g., `AmazonEBSCSIDriverPolicy`). ++ +[source, shell] +---- +eksctl create iamserviceaccount \ + --name ebs-csi-controller-sa \ + --namespace kube-system \ + --cluster my-neo4j-eks-cluster \ + --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \ + --approve \ + --role-only \ + --role-name AmazonEKS_EBS_CSI_DriverRole +---- + +. Add the EBS CSI Driver as an Amazon EKS add-on to your cluster: ++ +[source, shell] +---- +eksctl create addon \ + --name aws-ebs-csi-driver \ + --cluster my-neo4j-eks-cluster \ + --service-account-role-arn arn:aws:iam:::role/AmazonEKS_EBS_CSI_DriverRole \ + --force ---- + [NOTE] ==== -If you want to use high-performance SSD `(gp3)` disks for the database or manually allocate disks, you must install the EBS CSI Driver. -See the link:https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html[AWS documentation] for instructions on installing the driver. +Make sure to replace `` with your AWS account ID. ==== . Configure `kubectl` to use your EKS cluster using: + diff --git a/modules/ROOT/pages/kubernetes/quickstart-cluster/uninstall-cleanup.adoc b/modules/ROOT/pages/kubernetes/quickstart-cluster/uninstall-cleanup.adoc index 409bbf6fb..c4b56944f 100644 --- a/modules/ROOT/pages/kubernetes/quickstart-cluster/uninstall-cleanup.adoc +++ b/modules/ROOT/pages/kubernetes/quickstart-cluster/uninstall-cleanup.adoc @@ -26,7 +26,39 @@ release "headless" uninstalled Uninstalling the Helm releases does not remove the created resources and data. Therefore, after uninstalling the helm deployments, you also have to delete all the data and resources. +. Delete all persistent volume claims in the `neo4j` namespace: ++ [source, shell] ---- kubectl delete pvc --all --namespace neo4j ---- +. Delete the entire Kubernetes cluster in your cloud provider: ++ +[.tabbed-example] +===== +[.include-with-gke] +====== +[source, shell] +---- +gcloud container clusters delete my-neo4j-gke-cluster +---- +====== + +[.include-with-aws] +====== + +[source, shell] +---- +eksctl delete cluster --name=my-neo4j-eks-cluster +---- +====== + +[.include-with-azure] +====== + +[source, shell] +---- +az aks delete --name my-neo4j-aks-cluster --resource-group +---- +====== +===== \ No newline at end of file diff --git a/modules/ROOT/pages/kubernetes/quickstart-standalone/create-value-file.adoc b/modules/ROOT/pages/kubernetes/quickstart-standalone/create-value-file.adoc index fc2c029c9..2da3120f5 100644 --- a/modules/ROOT/pages/kubernetes/quickstart-standalone/create-value-file.adoc +++ b/modules/ROOT/pages/kubernetes/quickstart-standalone/create-value-file.adoc @@ -105,11 +105,10 @@ neo4j: volumes: data: - mode: "volume" - volume: - dynamic: - # gp2 is a general purpose SSD volume - storageClassName: gp2 + mode: "dynamic" + dynamic: + # gp2 is a general-purpose SSD volume + storageClassName: gp2 ---- ====== diff --git a/modules/ROOT/pages/kubernetes/quickstart-standalone/prerequisites.adoc b/modules/ROOT/pages/kubernetes/quickstart-standalone/prerequisites.adoc index b9a7f49c3..226f2e158 100644 --- a/modules/ROOT/pages/kubernetes/quickstart-standalone/prerequisites.adoc +++ b/modules/ROOT/pages/kubernetes/quickstart-standalone/prerequisites.adoc @@ -76,7 +76,6 @@ Make sure you complete the AWS configuration step (https://docs.aws.amazon.com/c [source, shell] ---- export AWS_DEFAULT_REGION="eu-west-1" -export AWS_AVAILABILITY_ZONE="eu-west-1c" ---- . If you do not have an AWS Elastic Kubernetes Service (EKS) cluster, you can create a single-node one using the following command: + @@ -93,13 +92,36 @@ ssh-keygen -t rsa -C "your-name@example.com" + [source, shell] ---- -eksctl create cluster --name "my-neo4j-eks-cluster" --region "${AWS_DEFAULT_REGION}" --nodegroup-name "neo4j-nodes" --node-zones "${AWS_AVAILABILITY_ZONE}" --nodes-min 1 --nodes-max 2 --node-type c4.xlarge --nodes 1 --node-volume-size 10 --ssh-access --with-oidc +eksctl create cluster --name "my-neo4j-eks-cluster" --region "${AWS_DEFAULT_REGION}" --nodegroup-name "neo4j-nodes" --nodes-min 1 --nodes-max 2 --node-type c4.xlarge --nodes 1 --node-volume-size 10 --ssh-access --with-oidc +---- +. Create an IAM role (e.g., `AmazonEKS_EBS_CSI_DriverRole`) and attach the required AWS-managed policy to it (e.g., `AmazonEBSCSIDriverPolicy`). ++ +[source, shell] +---- +eksctl create iamserviceaccount \ + --name ebs-csi-controller-sa \ + --namespace kube-system \ + --cluster my-neo4j-eks-cluster \ + --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \ + --approve \ + --role-only \ + --role-name AmazonEKS_EBS_CSI_DriverRole +---- + +. Add the EBS CSI Driver as an Amazon EKS add-on to your cluster: ++ +[source, shell] +---- +eksctl create addon \ + --name aws-ebs-csi-driver \ + --cluster my-neo4j-eks-cluster \ + --service-account-role-arn arn:aws:iam:::role/AmazonEKS_EBS_CSI_DriverRole \ + --force ---- + [NOTE] ==== -If you want to use high-performance SSD `(gp3)` disks for the database or manually allocate disks, you must install the EBS CSI Driver. -See the link:https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html[AWS documentation] for instructions on installing the driver. +Make sure to replace `` with your AWS account ID. ==== . Configure `kubectl` to use your EKS cluster using: + diff --git a/modules/ROOT/pages/kubernetes/quickstart-standalone/uninstall-cleanup.adoc b/modules/ROOT/pages/kubernetes/quickstart-standalone/uninstall-cleanup.adoc index d1d95651b..97dfde0b2 100644 --- a/modules/ROOT/pages/kubernetes/quickstart-standalone/uninstall-cleanup.adoc +++ b/modules/ROOT/pages/kubernetes/quickstart-standalone/uninstall-cleanup.adoc @@ -22,7 +22,39 @@ release "my-neo4j-release" uninstalled Uninstalling the Helm release does not remove the created resources and data. Therefore, after uninstalling the helm deployment, you also have to delete all the data and resources. +. Delete all persistent volume claims in the `neo4j` namespace: ++ [source, shell] ---- kubectl delete pvc --all --namespace neo4j ----- \ No newline at end of file +---- +. Delete the entire Kubernetes cluster in your cloud provider: ++ +[.tabbed-example] +===== +[.include-with-gke] +====== +[source, shell] +---- +gcloud container clusters delete my-neo4j-gke-cluster +---- +====== + +[.include-with-aws] +====== + +[source, shell] +---- +eksctl delete cluster --name=my-neo4j-eks-cluster +---- +====== + +[.include-with-azure] +====== + +[source, shell] +---- +az aks delete --name my-neo4j-aks-cluster --resource-group +---- +====== +===== \ No newline at end of file diff --git a/modules/ROOT/pages/kubernetes/quickstart-standalone/verify-installation.adoc b/modules/ROOT/pages/kubernetes/quickstart-standalone/verify-installation.adoc index c4dc1a3a5..2ab5d4ad2 100644 --- a/modules/ROOT/pages/kubernetes/quickstart-standalone/verify-installation.adoc +++ b/modules/ROOT/pages/kubernetes/quickstart-standalone/verify-installation.adoc @@ -73,7 +73,7 @@ To access the Neo4j Browser with the Community edition, forward port `7474`: + [source, shell] ---- -kubectl port-forward svc/my-neo4j-release 7475:7474 +kubectl port-forward svc/my-neo4j-release 7475:7474 7687:7687 ---- + . In a web browser, open the Neo4j Browser at _http://localhost:7475/browser_. From d717f074366e3446a506fb4cedccf381a24f9d6b Mon Sep 17 00:00:00 2001 From: AlexicaWright <49636617+AlexicaWright@users.noreply.github.com> Date: Tue, 22 Nov 2022 13:26:13 +0100 Subject: [PATCH 008/876] 5.2 dryrun note (#160) --- modules/ROOT/pages/clustering/servers.adoc | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/clustering/servers.adoc b/modules/ROOT/pages/clustering/servers.adoc index 2a4b34b55..8686a0e48 100644 --- a/modules/ROOT/pages/clustering/servers.adoc +++ b/modules/ROOT/pages/clustering/servers.adoc @@ -151,6 +151,12 @@ Once enabled, a server does not automatically host databases unless: The command `REALLOCATE DATABASE[S]` can be used to rebalance database allocations across the cluster, adding some to the newly added server(s). This command can be used with `DRYRUN` to get a view of how the databases would be rebalanced. + +[NOTE] +==== +`DRYRUN` is introduced in Neo4j 5.2 and thus does not work in previous versions. +==== + [source,cypher] ---- neo4j@neo4j> DRYRUN REALLOCATE DATABASES; @@ -173,7 +179,7 @@ Remember that before removing a server from an existing cluster, any databases a [source,cypher] ---- -neo4j@neo4j> DEALLOCATE DATABASES FROM SERVER '135ad202-5405-4d3c-9822-df39f59b823c'; +neo4j@neo4j> DRYRUN DEALLOCATE DATABASES FROM SERVER '135ad202-5405-4d3c-9822-df39f59b823c'; ---- When deallocating databases from servers, it is important to be mindful of the topology for each database to ensure that there are sufficient servers left in the cluster to satisfy the topologies of each database. @@ -181,6 +187,18 @@ Attempting to deallocate database(s) from a server that would result in less ava For example, if the cluster contains 5 servers and a database `foo` has a topology requiring 3 primaries and 2 secondaries, then it is _not_ possible to deallocate any of the original 5 servers, without first enabling a 6th, or altering the desired topology of `foo` to require fewer servers overall. +The command can be used with `DRYRUN` to get a view of how the databases would be moved from the deallocated server(s). + +[source,cypher] +---- +neo4j@neo4j> DRYRUN DEALLOCATE DATABASES FROM SERVER '135ad202-5405-4d3c-9822-df39f59b823c'; ++------------------------------------------------------------------------------------------------------------------------------------------+ +| database | fromServerName | fromServerId | toServerName | toServerId | mode | ++------------------------------------------------------------------------------------------------------------------------------------------+ +| "db1" | "server-3" | "135ad202-5405-4d3c-9822-df39f59b823c" | "server-5" | "00000003-b30a-434e-b9bf-1a5c8009773a" | "secondary" | ++------------------------------------------------------------------------------------------------------------------------------------------+ +---- + === Dropping a server Once `DEALLOCATE DATABASES` is executed for a server, its databases begin being moved. From b3fbe0fa5290030916cee1d817b509da431d70d9 Mon Sep 17 00:00:00 2001 From: JPryce-Aklundh Date: Tue, 22 Nov 2022 14:13:34 +0100 Subject: [PATCH 009/876] update --- modules/ROOT/pages/performance/locks-deadlocks.adoc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/ROOT/pages/performance/locks-deadlocks.adoc b/modules/ROOT/pages/performance/locks-deadlocks.adoc index d1743040e..4471fee97 100644 --- a/modules/ROOT/pages/performance/locks-deadlocks.adoc +++ b/modules/ROOT/pages/performance/locks-deadlocks.adoc @@ -8,8 +8,7 @@ When a transaction occurs, Neo4j takes locks to prevent data corruption. == Locks Locks are taken automatically by the queries that users run. -They ensure that a node/relationship is locked to one particular transaction until that transaction is completed. -For example: a lock on a node by one transaction will prevent additional transactions which seek to simultaneously modify the same node. +They ensure that a node/relationship is locked to one particular transaction until that transaction is completed. In other words, a lock on a node by one transaction will prevent additional transactions which seek to concurrently modify the same node. As such, locks prevent concurrent modifications of shared resources between transactions. Locks are used in Neo4j to ensure data consistency and isolation levels. From d28603a7381ca4d439707f221bd3dd4b267e4fbd Mon Sep 17 00:00:00 2001 From: JPryce-Aklundh Date: Tue, 22 Nov 2022 14:15:04 +0100 Subject: [PATCH 010/876] update --- modules/ROOT/pages/performance/locks-deadlocks.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/performance/locks-deadlocks.adoc b/modules/ROOT/pages/performance/locks-deadlocks.adoc index 4471fee97..f9ccffeb5 100644 --- a/modules/ROOT/pages/performance/locks-deadlocks.adoc +++ b/modules/ROOT/pages/performance/locks-deadlocks.adoc @@ -48,6 +48,6 @@ When Neo4j detects a deadlock, the transaction is aborted (with the transient er Most likely, a deadlock will be resolved by retrying the transaction. -To avoid deadlocks, it is recommended that updates occur in the same order (first A, then B). Another option is to avoid lock contention by not modifying the same entities at the same time concurrently. +To avoid deadlocks, it is recommended that updates occur in the same order (first A, then B). Another option is to avoid lock contention by not modifying the same entities concurrently. -For information about deadlocks, see https://neo4j.com/docs/java-reference/5/transaction-management/#transactions-deadlocks[Neo4j's Java-reference manual on transaction management]. \ No newline at end of file +For more information about deadlocks, see https://neo4j.com/docs/java-reference/5/transaction-management/#transactions-deadlocks[Neo4j's Java-reference manual on transaction management]. \ No newline at end of file From 21579611025ce064ecce880fafe18f7852af696d Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 23 Nov 2022 10:04:18 +0200 Subject: [PATCH 011/876] Update the unbind command based on #55 (#161) Replaces #54 and #55 --- .../ROOT/pages/tools/neo4j-admin/unbind.adoc | 39 +++++++------------ 1 file changed, 14 insertions(+), 25 deletions(-) diff --git a/modules/ROOT/pages/tools/neo4j-admin/unbind.adoc b/modules/ROOT/pages/tools/neo4j-admin/unbind.adoc index 8aa4b101d..84a0f95d4 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/unbind.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/unbind.adoc @@ -63,39 +63,28 @@ The `neo4j-admin server unbind` command has the following options: The Neo4j server must be shut down before running the `neo4j-admin server unbind` command. [[unbind-command-usage]] -== Examples +== Usage -You can use the `neo4j-admin server unbind` command to: +You can use the `neo4j-admin server unbind` command to remove the cluster state of a cluster server, turn a cluster server into a standalone server, or remove and archive the cluster state of a cluster server. -* Turn a cluster member into a standalone server: -+ -To start the Neo4j server in single (standalone) mode after unbinding it from the cluster, verify that xref:reference/configuration-settings.adoc#config_initial.server.mode_constraint[`initial.server.mode_constraint`] is set to `NONE` in xref:configuration/neo4j-conf.adoc[The neo4j.conf file]. +=== Remove the cluster state of a server + +To remove the cluster state of a server, run the `neo4j-admin server unbind` command from the __ folder of that server. +When restarted, an unbound server rejoins the cluster as a new server and has to be enabled using the `ENABLE SERVER` command. -* Seed a Neo4j cluster with existing store files: -+ -To seed a new cluster using the store files of another cluster, you must first run `neo4j-admin server unbind` on each server. -For more information about seeding a Neo4j cluster, see xref:clustering/databases.adoc#cluster-seed[Seed a cluster]. -+ [WARNING] ==== -If a cluster holds a previous version of any of the databases being seeded, you must `DROP` those databases before seeding. -Alternatively, you can stop every server, unbind it from the cluster using `neo4j-admin server unbind`, and then forcefully restore the correct seeds (backups) for the databases in question. -If you do not `DROP` or `unbind` before seeding, either with `neo4j-admin database restore` or `neo4j-admin database load`, the database's store files and cluster state will be out of sync, potentially leading to logical corruptions. +Note that the `unbind` command preserves all database stores on the server. +When the unbound server is restarted and enabled, it is seen as an entirely new server. +Therefore, there is no guarantee that the allocator will pick this server to host the same databases. +This may lead to having orphaned database stores on this server. ==== -* Recover a Neo4j Cluster: -+ -In the event of serious failures, you may need to recover an entire cluster from backups. -Before restoring those backups, you must first run `neo4j-admin server unbind` on each server. -For more information about recovering databases from online backups, see xref:backup-restore/restore-backup.adoc[Restore a database backup]. -+ -[NOTE] -==== -You *must* run the `neo4j-admin server unbind` command on both primary and secondary servers. -==== +=== Turn a cluster member into a standalone server + +To start the Neo4j server in single (standalone) mode after unbinding it from the cluster, verify that xref:reference/configuration-settings.adoc#config_initial.server.mode_constraint[`initial.server.mode_constraint`] is set to `NONE` in xref:configuration/neo4j-conf.adoc[The neo4j.conf file]. -[[unbind-command-archive]] -== Archive cluster state +=== Archive cluster state To archive the cluster state, from the __ folder, run the `neo4j-admin server unbind` command with the arguments `--archive-cluster-state=true` and `--archive-path=`: From 6f4b57cb6430d21a9cba7333351eceb75ef5f249 Mon Sep 17 00:00:00 2001 From: JPryce-Aklundh Date: Wed, 23 Nov 2022 12:21:55 +0100 Subject: [PATCH 012/876] further updates --- .../pages/performance/locks-deadlocks.adoc | 83 +++++++++++++++---- 1 file changed, 68 insertions(+), 15 deletions(-) diff --git a/modules/ROOT/pages/performance/locks-deadlocks.adoc b/modules/ROOT/pages/performance/locks-deadlocks.adoc index f9ccffeb5..036b13402 100644 --- a/modules/ROOT/pages/performance/locks-deadlocks.adoc +++ b/modules/ROOT/pages/performance/locks-deadlocks.adoc @@ -3,12 +3,13 @@ Neo4j is fully https://neo4j.com/docs/java-reference/current/transaction-management/[ACID compliant]. This means that all database operations which access graphs, indexes or schemas must be performed in a transaction. -When a transaction occurs, Neo4j takes locks to prevent data corruption. - +When a write transaction occurs, Neo4j takes locks to preserve data consistency while updating. + == Locks Locks are taken automatically by the queries that users run. -They ensure that a node/relationship is locked to one particular transaction until that transaction is completed. In other words, a lock on a node by one transaction will prevent additional transactions which seek to concurrently modify the same node. +They ensure that a node/relationship is locked to one particular transaction until that transaction is completed. +In other words, a lock on a node or a relationship by one transaction will pause additional transactions which seek to concurrently modify the same node or relationship. As such, locks prevent concurrent modifications of shared resources between transactions. Locks are used in Neo4j to ensure data consistency and isolation levels. @@ -22,11 +23,36 @@ For more information on how to manually acquire write locks, see https://neo4j.c Lock contention may arise if an application needs to perform updates on the same nodes/relationships. In such a scenario, transactions must wait for locks to be released in order to be completed. -In general, the more nodes/relationships a graph has, the more likely it is that transactions will have to wait for a lock to be released in order to perform an update. - +If two or more transactions attempt to modify the same data concurrently, it will increase the likelihood of a deadlock (explained in more detail below). +In larger graphs, it is less likely that two transactions modify the same data concurrently, and so the likelihood of a deadlock is reduced. +That said, even in large graphs, a deadlock can occur if two or more transactions are attempting to modify the same data concurrently. + == Locks in practice - -When creating or deleting relationships in Neo4j, nodes are not exclusively locked during a transaction. + +.Locks taken for specific graph modifications +[cols="1,3a"] +|=== +| Creating a node | No lock +| Updating a node label | Node lock +| Updating a node property | Node lock +| Deleting a node | Node lock +| Creating a relationship* | If node is sparse: node lock. + +If node is dense: node delete prevention lock. +| Updating a relationship property | Relationship lock +| Deleting a relationship* | If node is sparse: node lock. + +If node is dense: node delete prevention lock. + +Relationship lock for both sparse and dense nodes. +|=== +*_Applies for both source nodes and target nodes._ + +Additional locks are taken to maintain indexes and other internal structures. + +== Locks and dense nodes + +When creating or deleting relationships in Neo4j, dense nodes are not exclusively locked during a transaction (a node is considered dense when it has 50 or more relationships). Rather, internally shared locks prevent the deletion of nodes, and shared degree locks are acquired for synchronizing with concurrent label changes for those nodes (to ensure correct count updates). At commit time, relationships are inserted into their relationship chains at places that are currently uncontested (i.e. not currently modified by another transaction), and the surrounding relationships are exclusively locked. @@ -38,16 +64,43 @@ Dense nodes store this data in a concurrent data structure, and so can avoid exc == Deadlocks -When multiple locks are taken by concurrent operations, a scenario may arise where none of the transactions can proceed. -This is called a deadlock. -For example, given two specific nodes (A and B), adding or deleting relationships to both of these nodes in a random order for each transaction, will result in deadlocks when there are are two or more transactions doing it concurrently. - -Neo4j assists transactions by internally sorting operations. That said, deadlocks can happen regardless. - -When Neo4j detects a deadlock, the transaction is aborted (with the transient error message code `Neo.TransientError.Transaction.DeadlockDetected`). +A deadlock occurs when two transactions are blocked by each other because they are attempting to concurrently modify a node or a relationship that is locked by the other transaction. In such a scenario, neither of the transactions will be able to proceed. + +When Neo4j detects a deadlock, the transaction is cancelled (with the transient error message code `Neo.TransientError.Transaction.DeadlockDetected`). + +For example, running the following two transactions in https://neo4j.com/docs/operations-manual/current/tools/cypher-shell/[Cypher-shell] will result in a deadlock because they are attempting to modify the same node properties concurrently. + +.Transaction A +[source, cypher, indent=0] +---- +:begin +MATCH (n:Test) SET n.prop = 1 +WITH collect(n) as nodes +CALL apoc.util.sleep(5000) +MATCH (m:Test2) SET m.prop = 1; +---- + +.Transaction B +[source, cypher, indent=0] +---- +:begin +MATCH (n:Test2) SET n.prop = 1 +WITH collect(n) as nodes +CALL apoc.util.sleep(5000) +MATCH (m:Test) SET m.prop = 1; +---- + +.The following error message is thrown by running the above example: +[source, cypher, indent=0] +---- +The transaction will be rolled back and terminated. Error: ForsetiClient[transactionId=6698, clientId=1] can't acquire ExclusiveLock{owner=ForsetiClient[transactionId=6697, clientId=3]} on NODE(27), because holders of that lock are waiting for ForsetiClient[transactionId=6698, clientId=1]. + Wait list:ExclusiveLock[ +Client[6697] waits for [ForsetiClient[transactionId=6698, clientId=1]]] +---- Most likely, a deadlock will be resolved by retrying the transaction. -To avoid deadlocks, it is recommended that updates occur in the same order (first A, then B). Another option is to avoid lock contention by not modifying the same entities concurrently. +To avoid deadlocks, it is recommended that updates occur in the same order (first A, then B). +Another option is to avoid lock contention by not modifying the same entities concurrently. For more information about deadlocks, see https://neo4j.com/docs/java-reference/5/transaction-management/#transactions-deadlocks[Neo4j's Java-reference manual on transaction management]. \ No newline at end of file From e56838ffcf0d333f6033583de5d44cd55a166332 Mon Sep 17 00:00:00 2001 From: lidiazuin <102308961+lidiazuin@users.noreply.github.com> Date: Wed, 23 Nov 2022 12:24:17 +0100 Subject: [PATCH 013/876] Documenting the new minimum password length (#166) New requirement is going to be added on 5.3. --- modules/ROOT/pages/configuration/set-initial-password.adoc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/configuration/set-initial-password.adoc b/modules/ROOT/pages/configuration/set-initial-password.adoc index 10138da63..19451295c 100644 --- a/modules/ROOT/pages/configuration/set-initial-password.adoc +++ b/modules/ROOT/pages/configuration/set-initial-password.adoc @@ -7,7 +7,8 @@ This must be performed before starting up the database for the first time. [NOTE] ==== -It is recommended that passwords have at least 8 characters. +The default minimum password length is 8 characters. +Use the `dbms.security.auth_minimum_password_length` configuration to change it. ==== *Syntax:* From 52cf6cc1797cc6133bdbdb8cbb6e929fb968f57c Mon Sep 17 00:00:00 2001 From: lidiazuin <102308961+lidiazuin@users.noreply.github.com> Date: Wed, 23 Nov 2022 12:25:42 +0100 Subject: [PATCH 014/876] Updating the name of `dbms.databases.writable` (#163) (#165) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As of 5.x, this has been changed to `server.databases.writable`. https://github.com/neo4j/docs-operations/pull/163 Co-authored-by: Izabela Śmietana --- .../ROOT/pages/configuration/dynamic-settings.adoc | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/ROOT/pages/configuration/dynamic-settings.adoc b/modules/ROOT/pages/configuration/dynamic-settings.adoc index e5b3ac332..9f2a68095 100644 --- a/modules/ROOT/pages/configuration/dynamic-settings.adoc +++ b/modules/ROOT/pages/configuration/dynamic-settings.adoc @@ -143,7 +143,7 @@ CALL dbms.setConfigValue('db.logs.query.enabled', '') |xref:reference/configuration-settings.adoc#config_dbms.cypher.render_plan_description[dbms.cypher.render_plan_description]|If set to `true` a textual representation of the plan description will be rendered on the server for all queries running with `EXPLAIN` or `PROFILE`. |xref:reference/configuration-settings.adoc#config_server.databases.default_to_read_only[server.databases.default_to_read_only]|Whether or not any database on this instance are read_only by default. |xref:reference/configuration-settings.adoc#config_server.databases.read_only[server.databases.read_only]|List of databases for which to prevent write queries. -|xref:configuration/dynamic-settings.adoc#config_dbms.databases.writable[dbms.databases.writable]|List of databases for which to allow write queries. +|xref:configuration/dynamic-settings.adoc#config_server.databases.writable[server.databases.writable]|List of databases for which to allow write queries. |xref:reference/configuration-settings.adoc#config_dbms.memory.transaction.total.max[dbms.memory.transaction.total.max]|Limit the amount of memory that all of the running transactions can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). |xref:reference/configuration-settings.adoc#config_dbms.routing.client_side.enforce_for_domains[dbms.routing.client_side.enforce_for_domains]|Always use client side routing (regardless of the default router) for neo4j:// protocol connections to these domains. |xref:reference/configuration-settings.adoc#config_dbms.routing.reads_on_writers_enabled[dbms.routing.reads_on_writers_enabled]|Configure if the `dbms.routing.getRoutingTable()` procedure should include the leader as read endpoint or return only read replicas/followers. @@ -537,7 +537,7 @@ m|+++false+++ [cols="<1s,<4"] |=== |Description -a|Whether or not any database on this instance are read_only by default. If false, individual databases may be marked as read_only using dbms.database.read_only. If true, individual databases may be marked as writable using xref:configuration/dynamic-settings.adoc#config_dbms.databases.writable[dbms.databases.writable]. +a|Whether or not any database on this instance are read_only by default. If false, individual databases may be marked as read_only using dbms.database.read_only. If true, individual databases may be marked as writable using xref:configuration/dynamic-settings.adoc#config_server.databases.writable[server.databases.writable]. |Valid values a|server.databases.default_to_read_only, a boolean |Dynamic a|true @@ -558,14 +558,14 @@ a|server.databases.read_only, a ',' separated set with elements of type 'A valid m|++++++ |=== -[[config_dbms.databases.writable]] -.dbms.databases.writable +[[config_server.databases.writable]] +.server.databases.writable [cols="<1s,<4"] |=== |Description -a|List of databases for which to allow write queries. Databases not included in this list will allow write queries anyway, unless xref:reference/configuration-settings.adoc#config_server.databases.default_to_read_only[server.databases.default_to_read_only] is set to true. +a|Formerly `dbms.databases.writable`. List of databases for which to allow write queries. Databases not included in this list will allow write queries anyway, unless xref:reference/configuration-settings.adoc#config_server.databases.default_to_read_only[server.databases.default_to_read_only] is set to true. |Valid values -a|dbms.databases.writable, a ',' separated set with elements of type 'A valid database name containing only alphabetic characters, numbers, dots and dashes with a length between 3 and 63 characters, starting with an alphabetic character but not with the name 'system''. +a|server.databases.writable, a ',' separated set with elements of type 'A valid database name containing only alphabetic characters, numbers, dots and dashes with a length between 3 and 63 characters, starting with an alphabetic character but not with the name 'system''. |Dynamic a|true |Default value m|++++++ From 7f13a8e49a207f24be45bbad9d7981ae2fc31486 Mon Sep 17 00:00:00 2001 From: JPryce-Aklundh Date: Wed, 23 Nov 2022 15:38:28 +0100 Subject: [PATCH 015/876] post-review update + added Cypher example --- .../pages/performance/locks-deadlocks.adoc | 25 +++++++++++++------ 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/modules/ROOT/pages/performance/locks-deadlocks.adoc b/modules/ROOT/pages/performance/locks-deadlocks.adoc index 036b13402..e2d557ee2 100644 --- a/modules/ROOT/pages/performance/locks-deadlocks.adoc +++ b/modules/ROOT/pages/performance/locks-deadlocks.adoc @@ -66,9 +66,9 @@ Dense nodes store this data in a concurrent data structure, and so can avoid exc A deadlock occurs when two transactions are blocked by each other because they are attempting to concurrently modify a node or a relationship that is locked by the other transaction. In such a scenario, neither of the transactions will be able to proceed. -When Neo4j detects a deadlock, the transaction is cancelled (with the transient error message code `Neo.TransientError.Transaction.DeadlockDetected`). +When Neo4j detects a deadlock, the transaction is terminated (with the transient error message code `Neo.TransientError.Transaction.DeadlockDetected`). -For example, running the following two transactions in https://neo4j.com/docs/operations-manual/current/tools/cypher-shell/[Cypher-shell] will result in a deadlock because they are attempting to modify the same node properties concurrently. +For example, running the following two queries in https://neo4j.com/docs/operations-manual/current/tools/cypher-shell/[Cypher-shell] at the same time, will result in a deadlock because they are attempting to modify the same node properties concurrently. .Transaction A [source, cypher, indent=0] @@ -90,17 +90,26 @@ CALL apoc.util.sleep(5000) MATCH (m:Test) SET m.prop = 1; ---- -.The following error message is thrown by running the above example: -[source, cypher, indent=0] +The following error message is thrown: + +[source, output, role="noheader", indent=0] ---- The transaction will be rolled back and terminated. Error: ForsetiClient[transactionId=6698, clientId=1] can't acquire ExclusiveLock{owner=ForsetiClient[transactionId=6697, clientId=3]} on NODE(27), because holders of that lock are waiting for ForsetiClient[transactionId=6698, clientId=1]. Wait list:ExclusiveLock[ Client[6697] waits for [ForsetiClient[transactionId=6698, clientId=1]]] ---- - -Most likely, a deadlock will be resolved by retrying the transaction. - -To avoid deadlocks, it is recommended that updates occur in the same order (first A, then B). + +== Avoiding deadlocks + +Most likely, a deadlock will be resolved by retrying the transaction. +This will, however, impact the cost of the total throughput of the transaction, so it is useful to know about strategies to avoid deadlocks. + +Neo4j assists transactions by internally sorting operations. +However, this internal sorting only applies for the locks taken when creating or deleting relationships. +Users are, therefore, encouraged to sort their operations in cases where Neo4j does not internally assist, such as when locks are taken for property updates. +This is done by ensuring that updates occur in the same order. +For example, if the three locks `A`, `B`, and `C` are always taken in the same order (e.g. `A->B->C`), then a transaction will never hold lock `B` while waiting for lock `A` to be released, and so a deadlock will not occur. + Another option is to avoid lock contention by not modifying the same entities concurrently. For more information about deadlocks, see https://neo4j.com/docs/java-reference/5/transaction-management/#transactions-deadlocks[Neo4j's Java-reference manual on transaction management]. \ No newline at end of file From 1c8e58e8c4dcbb71dca82ffe9b0cb700085751eb Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Fri, 25 Nov 2022 11:31:37 +0200 Subject: [PATCH 016/876] Improve the incremental importer section (#167) --- .../tools/neo4j-admin/neo4j-admin-import.adoc | 81 ++++++++++++++++--- 1 file changed, 69 insertions(+), 12 deletions(-) diff --git a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc index 7845cea7d..3da100dac 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc @@ -416,17 +416,18 @@ The `high_limit` format is available for Enterprise Edition only. [[import-tool-incremental]] == Incremental import +The `neo4j-admin database import incremental` command imports a large amount of data from CSV files into an existing, non-empty database. + [WARNING] ==== Incremental import needs to be used with care. These options should not be used for experimentation. -You will need to append any incremental import command with `--force`. +You need to append any incremental import command with `--force`. For more information, please contact Neo4j Professional Services. ==== - [[import-tool-incremental-syntax]] === Syntax @@ -464,14 +465,55 @@ neo4j-admin database import incremental [-h] ---- +=== Usage and limitations + +The incremental import command can be used to add: + +* New nodes with labels and properties. +* New relationships between existing or new nodes. + +The incremental import command cannot be used to: + +* Add new properties to existing nodes or relationships. +* Update or delete properties in nodes or relationships. +* Update or delete labels in nodes. +* Delete existing nodes and relationships. + +The importer works well on single instances. +In clustering environments with multiple copies of the database, the updated database must be reseeded. + + [[import-tool-incremental-examples]] === Examples +There are two ways of importing data incrementally: + +* If downtime is not a concern, you can run a single command with the option `--stage=all`. +This option requires the database to be stopped. +* If you cannot afford a full downtime of your database, you can run the import in three stages: + +** _prepare_ stage: ++ +During this stage, the import tool analyzes the CSV headers and copies the relevant data over to the new increment database path. +The import command is run with the option `--stage=prepare` and the database must be stopped. + +** _build_ stage: ++ +During this stage, the import tool imports the data into the database. +This is the longest stage and you can put the database in read-only mode to allow read access. +The import command is run with the option `--stage=build`. + +** _merge_ stage: ++ +During this stage, the import tool merges the new with the existing data in the database. +It also updates the affected indexes and upholds the affected uniqueness constraints and property existence constraints. +The import command is run with the option `--stage=merge` and the database must be stopped. + .Incremental import in a single command ==== [source, shell, role=noplay] ---- -neo4j@system> STOP DATABASE db1; +neo4j@system> STOP DATABASE db1 WAIT; ... $ bin/neo4j-admin database import incremental --stage=all --nodes=N1=../../raw-data/incremental-import/b.csv db1 ---- @@ -479,32 +521,47 @@ $ bin/neo4j-admin database import incremental --stage=all --nodes=N1=../../raw-d .Incremental import in stages ==== -. The `prepare` stage: +. `prepare` stage: +.. Stop the database with the `WAIT` option to ensure a checkpoint happens before you run the incremental import command. +The database must be stopped to run `--stage=prepare`. + -The database must be stopped in order to run `--stage=prepare`. +[source, shell, role=noplay] +---- +neo4j@system> STOP DATABASE db1 WAIT; +---- +.. Run the incremental import command with the `--stage=prepare` option: + [source, shell, role=noplay] ---- -neo4j@system> STOP DATABASE db1; -... $ bin/neo4j-admin database import incremental --stage=prepare --nodes=N1=../../raw-data/incremental-import/c.csv db1 ---- -. The `build` stage: +. `build` stage: +.. Put the database in read-only mode: + -While the database must be stopped in order to run `--stage=prepare`, you can run `--stage=build` on a started database in read-only mode. +[source, shell, role=noplay] +---- +ALTER DATABASE db1 SET ACCESS READ ONLY; +---- +.. Run the incremental import command with the `--stage=build` option: + [source, shell, role=noplay] ---- $ bin/neo4j-admin database import incremental --stage=build --nodes=N1=../../raw-data/incremental-import/c.csv db1 ---- -. The `merge` stage: +. `merge` stage: + It is not necessary to include the `--nodes` or `--relationships` options when using `--stage=merge`. + +.. Stop the database with the `WAIT` option to ensure a checkpoint happens before you run the incremental import command. ++ +[source, shell, role=noplay] +---- +neo4j@system> STOP DATABASE db1 WAIT; +---- +.. Run the incremental import command with the `--stage=merge` option: ++ [source, shell, role=noplay] ---- -neo4j@system> STOP DATABASE db1; -... $ bin/neo4j-admin database import incremental --stage=merge db1 ---- ==== From e3052e1ba480c1a90cdb193603bf948a04bbba77 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Fri, 25 Nov 2022 11:39:03 +0200 Subject: [PATCH 017/876] Replace push-to-cloud url by upload-to-aura (#171) --- modules/ROOT/content-nav.adoc | 2 +- modules/ROOT/pages/tools/index.adoc | 2 +- modules/ROOT/pages/tools/neo4j-admin/index.adoc | 2 +- .../neo4j-admin/{push-to-cloud.adoc => upload-to-aura.adoc} | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) rename modules/ROOT/pages/tools/neo4j-admin/{push-to-cloud.adoc => upload-to-aura.adoc} (99%) diff --git a/modules/ROOT/content-nav.adoc b/modules/ROOT/content-nav.adoc index 4d36ae8cd..c5857970f 100644 --- a/modules/ROOT/content-nav.adoc +++ b/modules/ROOT/content-nav.adoc @@ -159,7 +159,7 @@ *** xref:tools/neo4j-admin/neo4j-admin-memrec.adoc[] *** xref:tools/neo4j-admin/neo4j-admin-import.adoc[] *** xref:tools/neo4j-admin/unbind.adoc[] -*** xref:tools/neo4j-admin/push-to-cloud.adoc[] +*** xref:tools/neo4j-admin/upload-to-aura.adoc[] *** xref:tools/neo4j-admin/migrate-database.adoc[] *** xref:tools/neo4j-admin/migrate-configuration.adoc[] ** xref:tools/cypher-shell.adoc[] diff --git a/modules/ROOT/pages/tools/index.adoc b/modules/ROOT/pages/tools/index.adoc index 1f2a2dfc0..5cb516b0b 100644 --- a/modules/ROOT/pages/tools/index.adoc +++ b/modules/ROOT/pages/tools/index.adoc @@ -12,7 +12,7 @@ This chapter covers the following topics: ** xref:tools/neo4j-admin/neo4j-admin-memrec.adoc[Memory recommendations] -- How to get an initial recommendation for Neo4j memory settings. ** xref:tools/neo4j-admin/neo4j-admin-import.adoc[Import] -- How to import data into Neo4j using the command `neo4j-admin import`. ** xref:tools/neo4j-admin/unbind.adoc[Unbind a Neo4j cluster server] -- How to remove cluster state data from a Neo4j server. -** xref:tools/neo4j-admin/push-to-cloud.adoc[Upload to Neo4j AuraDB] -- How to upload an existing Neo4j graph to Neo4j AuraDB. +** xref:tools/neo4j-admin/upload-to-aura.adoc[Upload to Neo4j AuraDB] -- How to upload an existing Neo4j graph to Neo4j AuraDB. ** xref:tools/neo4j-admin/migrate-database.adoc[Migrate a database] -- How to migrate a Neo4j database from one store format to another or to a later `MAJOR` version of the same format. ** xref:tools/neo4j-admin/migrate-configuration.adoc[Migrate the Neo4j configuration file] -- How to migrate a Neo4j configuration file. * xref:tools/cypher-shell.adoc[Cypher Shell] -- How to use the Cypher Shell. diff --git a/modules/ROOT/pages/tools/neo4j-admin/index.adoc b/modules/ROOT/pages/tools/neo4j-admin/index.adoc index 911b96164..7957c6810 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/index.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/index.adoc @@ -140,7 +140,7 @@ For details, see xref:tools/neo4j-admin/neo4j-admin-store-info.adoc[Display stor | `upload` | Pushes a local database to a Neo4j Aura instance. -For details, see xref:tools/neo4j-admin/push-to-cloud.adoc[Upload to Neo4j AuraDB]. +For details, see xref:tools/neo4j-admin/upload-to-aura.adoc[Upload to Neo4j AuraDB]. |=== == The `neo4j` tool diff --git a/modules/ROOT/pages/tools/neo4j-admin/push-to-cloud.adoc b/modules/ROOT/pages/tools/neo4j-admin/upload-to-aura.adoc similarity index 99% rename from modules/ROOT/pages/tools/neo4j-admin/push-to-cloud.adoc rename to modules/ROOT/pages/tools/neo4j-admin/upload-to-aura.adoc index 3849d356a..360702bc8 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/push-to-cloud.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/upload-to-aura.adoc @@ -1,6 +1,6 @@ :description: How to import a database from an existing Neo4j instance into Neo4j Aura using `neo4j-admin database upload`. [role=aura] -[[neo4j-admin-push-to-cloud]] +[[neo4j-admin-upload-to-aura]] = Upload to Neo4j Aura You can use the `neo4j-admin database upload` command to upload a local Neo4j database dump into a Neo4j Aura instance. From 3eafacdc58eea5b8def9e1b8122a59c9b1f1786e Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Fri, 25 Nov 2022 11:56:49 +0200 Subject: [PATCH 018/876] Remove availability zone from AWS (#172) --- .../ROOT/pages/kubernetes/quickstart-cluster/prerequisites.adoc | 2 +- .../pages/kubernetes/quickstart-standalone/prerequisites.adoc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/kubernetes/quickstart-cluster/prerequisites.adoc b/modules/ROOT/pages/kubernetes/quickstart-cluster/prerequisites.adoc index 166da39ea..9a4985f6e 100644 --- a/modules/ROOT/pages/kubernetes/quickstart-cluster/prerequisites.adoc +++ b/modules/ROOT/pages/kubernetes/quickstart-cluster/prerequisites.adoc @@ -73,7 +73,7 @@ kubeconfig entry generated for my-neo4j-gke-cluster. . Install the `aws` command-line interface (CLI) (https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html). Make sure you complete the AWS configuration step (https://docs.aws.amazon.com/cli/latest/userguide/getting-started-quickstart.html). . Install the `eksctl` command-line interface (CLI) (https://docs.aws.amazon.com/eks/latest/userguide/getting-started-eksctl.html). -. All the shell commands in this guide assume that the AWS region and availability zone to use, have been set using the `AWS_DEFAULT_REGION` and `AWS_AVAILABILITY_ZONE` environment variables, for example: +. All the shell commands in this guide assume that the AWS region to use has been set using the `AWS_DEFAULT_REGION` environment variable, for example: + [source, shell] ---- diff --git a/modules/ROOT/pages/kubernetes/quickstart-standalone/prerequisites.adoc b/modules/ROOT/pages/kubernetes/quickstart-standalone/prerequisites.adoc index 226f2e158..d01c548f8 100644 --- a/modules/ROOT/pages/kubernetes/quickstart-standalone/prerequisites.adoc +++ b/modules/ROOT/pages/kubernetes/quickstart-standalone/prerequisites.adoc @@ -71,7 +71,7 @@ kubeconfig entry generated for my-neo4j-gke-cluster. . Install the `aws` command-line interface (CLI) (https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html). Make sure you complete the AWS configuration step (https://docs.aws.amazon.com/cli/latest/userguide/getting-started-quickstart.html). . Install the `eksctl` command-line interface (CLI) (https://docs.aws.amazon.com/eks/latest/userguide/getting-started-eksctl.html). -. All the shell commands in this guide assume that the AWS region and availability zone to use have been set using the `AWS_DEFAULT_REGION` and `AWS_AVAILABILITY_ZONE` environment variables, for example: +. All the shell commands in this guide assume that the AWS region to use has been set using the `AWS_DEFAULT_REGION` environment variable, for example: + [source, shell] ---- From 2a6302516d19db1723d51b8fe2f5b20b4c8b6b3e Mon Sep 17 00:00:00 2001 From: JPryce-Aklundh Date: Fri, 25 Nov 2022 11:47:10 +0100 Subject: [PATCH 019/876] update --- .../ROOT/pages/performance/locks-deadlocks.adoc | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/pages/performance/locks-deadlocks.adoc b/modules/ROOT/pages/performance/locks-deadlocks.adoc index e2d557ee2..bb8e832a2 100644 --- a/modules/ROOT/pages/performance/locks-deadlocks.adoc +++ b/modules/ROOT/pages/performance/locks-deadlocks.adoc @@ -38,7 +38,7 @@ That said, even in large graphs, a deadlock can occur if two or more transaction | Deleting a node | Node lock | Creating a relationship* | If node is sparse: node lock. -If node is dense: node delete prevention lock. +If node is dense: node delete prevention lock.** | Updating a relationship property | Relationship lock | Deleting a relationship* | If node is sparse: node lock. @@ -48,7 +48,10 @@ Relationship lock for both sparse and dense nodes. |=== *_Applies for both source nodes and target nodes._ -Additional locks are taken to maintain indexes and other internal structures. +**_A node is considered dense when it has 50 or more relationships, and sparse when it has less than 50 relationships._ + +Additional locks are often taken to maintain indexes and other internal structures, depending on how other data in the graph is affected by a transaction. +For these additional locks, no assumptions or guarantees can be made with regard to which lock will or will not be taken. == Locks and dense nodes @@ -99,10 +102,16 @@ The transaction will be rolled back and terminated. Error: ForsetiClient[transac Client[6697] waits for [ForsetiClient[transactionId=6698, clientId=1]]] ---- +[NOTE] +==== +The Cypher clause `MERGE` takes locks out of order to ensure uniqueness of the data, and this may prevent Neo4j's internal sorting operations from ordering transactions in a way which avoids deadlocks. +When possible, users are, therefore, encouraged to use the Cypher clause `CREATE` instead, which does not take locks out of order. +==== + == Avoiding deadlocks Most likely, a deadlock will be resolved by retrying the transaction. -This will, however, impact the cost of the total throughput of the transaction, so it is useful to know about strategies to avoid deadlocks. +This will, however, negatively impact the cost of the total throughput of the transaction, so it is useful to know about strategies to avoid deadlocks. Neo4j assists transactions by internally sorting operations. However, this internal sorting only applies for the locks taken when creating or deleting relationships. From 6363c1d4293040895010c225fd3d847b9dd34e54 Mon Sep 17 00:00:00 2001 From: JPryce-Aklundh Date: Fri, 25 Nov 2022 15:03:24 +0100 Subject: [PATCH 020/876] add internal lock type table --- .../pages/performance/locks-deadlocks.adoc | 62 +++++++++++++++++-- 1 file changed, 58 insertions(+), 4 deletions(-) diff --git a/modules/ROOT/pages/performance/locks-deadlocks.adoc b/modules/ROOT/pages/performance/locks-deadlocks.adoc index bb8e832a2..51cd5f6de 100644 --- a/modules/ROOT/pages/performance/locks-deadlocks.adoc +++ b/modules/ROOT/pages/performance/locks-deadlocks.adoc @@ -32,6 +32,8 @@ That said, even in large graphs, a deadlock can occur if two or more transaction .Locks taken for specific graph modifications [cols="1,3a"] |=== +| Modification | Lock taken + | Creating a node | No lock | Updating a node label | Node lock | Updating a node property | Node lock @@ -48,14 +50,15 @@ Relationship lock for both sparse and dense nodes. |=== *_Applies for both source nodes and target nodes._ -**_A node is considered dense when it has 50 or more relationships, and sparse when it has less than 50 relationships._ +**_A node is considered dense if it at any point has had 50 or more relationships (i.e. it will still be considered dense even it comes to have less than 50 relationships at any point in the future)._ +_A node is considered sparse if it has never had more than 50 relationships._ Additional locks are often taken to maintain indexes and other internal structures, depending on how other data in the graph is affected by a transaction. For these additional locks, no assumptions or guarantees can be made with regard to which lock will or will not be taken. == Locks and dense nodes -When creating or deleting relationships in Neo4j, dense nodes are not exclusively locked during a transaction (a node is considered dense when it has 50 or more relationships). +When creating or deleting relationships in Neo4j, dense nodes are not exclusively locked during a transaction (a node is considered dense if, at any point in time, it has had more than 50 relationships). Rather, internally shared locks prevent the deletion of nodes, and shared degree locks are acquired for synchronizing with concurrent label changes for those nodes (to ensure correct count updates). At commit time, relationships are inserted into their relationship chains at places that are currently uncontested (i.e. not currently modified by another transaction), and the surrounding relationships are exclusively locked. @@ -113,7 +116,7 @@ When possible, users are, therefore, encouraged to use the Cypher clause `CREATE Most likely, a deadlock will be resolved by retrying the transaction. This will, however, negatively impact the cost of the total throughput of the transaction, so it is useful to know about strategies to avoid deadlocks. -Neo4j assists transactions by internally sorting operations. +Neo4j assists transactions by internally sorting operations (see below for more information about internal locks). However, this internal sorting only applies for the locks taken when creating or deleting relationships. Users are, therefore, encouraged to sort their operations in cases where Neo4j does not internally assist, such as when locks are taken for property updates. This is done by ensuring that updates occur in the same order. @@ -121,4 +124,55 @@ For example, if the three locks `A`, `B`, and `C` are always taken in the same o Another option is to avoid lock contention by not modifying the same entities concurrently. -For more information about deadlocks, see https://neo4j.com/docs/java-reference/5/transaction-management/#transactions-deadlocks[Neo4j's Java-reference manual on transaction management]. \ No newline at end of file +For more information about deadlocks, see https://neo4j.com/docs/java-reference/5/transaction-management/#transactions-deadlocks[Neo4j's Java-reference manual on transaction management]. + +== Internal lock types + +To avoid deadlocks, internal locks should be taken in the following order: + +[cols="2,1,3a"] +|=== +| Lock type | Locked entity | Description + + +| `LABEL` or `RELATIONSHIP_TYPE` +| Token id +| Schema locks, which lock indexes and constraints on the particular label or relationship type. + +| `SCHEMA_NAME` +| Schema name +| Lock a schema name to avoid duplicates. +Note, collisions are possible because the hash is stringed (this only affects concurrency and not correctness). + +| `NODE_RELATIONSHIP_GROUP_DELETE` +| Node id +| Lock taken on a node during the transaction creation phase to prevent deletion of said node and/or relationship group. +This is different from the NODE lock to allow concurrent label and property changes together with relationship modifications. + +| `NODE` +| Node id +| Lock on a node, used to prevent concurrent updates to the node records (i.e. add/remove label, set property, add/remove relationship). +Note that updating relationships will only require a lock on the node if the head of the relationship chain/relationship group chain must be updated, since that is the only data part of the node record. + +| `DEGREES` +| Node id +| Used to lock nodes to avoid concurrent label changes when a relationship is added or deleted. +Such an update would otherwise lead to an inconsistent count store. + +| `RELATIONSHIP_DELETE` +| Relationship id +| Lock a relationship for exclusive access during deletion. + +| `RELATIONSHIP_GROUP` +| Node id +| Lock the full relationship group chain for a given dense node.* +This will not lock the node, in contrast to the lock `NODE_RELATIONSHIP_GROUP_DELETE`. + +| `RELATIONSHIP` +| Relationship +| Lock on a relationship, or more specifically a relationship record, to prevent concurrent updates. +|=== + +*_A node is considered dense if it at any point has had 50 or more relationships (i.e. it will still be considered dense even it comes to have less than 50 relationships at any point in the future)._ + +Note that these locks may change without any notification between different Neo4j versions. \ No newline at end of file From 3d4bfb424b696ac34c3dfba937feb51557487d06 Mon Sep 17 00:00:00 2001 From: JPryce-Aklundh Date: Fri, 25 Nov 2022 16:14:48 +0100 Subject: [PATCH 021/876] post-review update --- modules/ROOT/pages/performance/locks-deadlocks.adoc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/ROOT/pages/performance/locks-deadlocks.adoc b/modules/ROOT/pages/performance/locks-deadlocks.adoc index 51cd5f6de..d9f753b28 100644 --- a/modules/ROOT/pages/performance/locks-deadlocks.adoc +++ b/modules/ROOT/pages/performance/locks-deadlocks.adoc @@ -21,8 +21,8 @@ For more information on how to manually acquire write locks, see https://neo4j.c == Lock contention -Lock contention may arise if an application needs to perform updates on the same nodes/relationships. -In such a scenario, transactions must wait for locks to be released in order to be completed. +Lock contention may arise if an application needs to perform concurrent updates on the same nodes/relationships. +In such a scenario, transactions must wait for locks held by other transactions to be released in order to be completed. If two or more transactions attempt to modify the same data concurrently, it will increase the likelihood of a deadlock (explained in more detail below). In larger graphs, it is less likely that two transactions modify the same data concurrently, and so the likelihood of a deadlock is reduced. That said, even in large graphs, a deadlock can occur if two or more transactions are attempting to modify the same data concurrently. @@ -114,7 +114,7 @@ When possible, users are, therefore, encouraged to use the Cypher clause `CREATE == Avoiding deadlocks Most likely, a deadlock will be resolved by retrying the transaction. -This will, however, negatively impact the cost of the total throughput of the transaction, so it is useful to know about strategies to avoid deadlocks. +This will, however, negatively impact the total transactional throughput of the database, so it is useful to know about strategies to avoid deadlocks. Neo4j assists transactions by internally sorting operations (see below for more information about internal locks). However, this internal sorting only applies for the locks taken when creating or deleting relationships. @@ -147,7 +147,7 @@ Note, collisions are possible because the hash is stringed (this only affects co | `NODE_RELATIONSHIP_GROUP_DELETE` | Node id | Lock taken on a node during the transaction creation phase to prevent deletion of said node and/or relationship group. -This is different from the NODE lock to allow concurrent label and property changes together with relationship modifications. +This is different from the `NODE` lock to allow concurrent label and property changes together with relationship modifications. | `NODE` | Node id @@ -175,4 +175,4 @@ This will not lock the node, in contrast to the lock `NODE_RELATIONSHIP_GROUP_DE *_A node is considered dense if it at any point has had 50 or more relationships (i.e. it will still be considered dense even it comes to have less than 50 relationships at any point in the future)._ -Note that these locks may change without any notification between different Neo4j versions. \ No newline at end of file +Note that these lock types may change without any notification between different Neo4j versions. \ No newline at end of file From 1fecbf881dc3860ffdc8430b5cebf5dd1447b4e8 Mon Sep 17 00:00:00 2001 From: Hannes Sandberg Date: Mon, 28 Nov 2022 10:23:59 +0100 Subject: [PATCH 022/876] add dbms.security.auth_minimum_password_length to list of all config settings --- .../ROOT/partials/neo4j-config/all-settings.adoc | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/modules/ROOT/partials/neo4j-config/all-settings.adoc b/modules/ROOT/partials/neo4j-config/all-settings.adoc index 9fb068817..e3ef98f7b 100644 --- a/modules/ROOT/partials/neo4j-config/all-settings.adoc +++ b/modules/ROOT/partials/neo4j-config/all-settings.adoc @@ -147,6 +147,7 @@ When configured, this allows requests to be forwarded from one cluster member to |<>|label:enterprise-edition[Enterprise only]The time to live (TTL) for cached authentication and authorization info when using external auth providers (LDAP or plugin). |<>|label:enterprise-edition[Enterprise only]Enable time-based eviction of the authentication and authorization info cache for external auth providers (LDAP or plugin). |<>|Enable auth requirement to access Neo4j. +|<>|The minimum number of characters required in a password. |<>|The amount of time user account should be locked after a configured number of unsuccessful authentication attempts. |<>|The maximum number of unsuccessful authentication attempts before imposing a user lock for the configured amount of time, as defined by `dbms.security.auth_lock_time`.The locked out user will not be able to log in until the lock period expires, even if correct credentials are provided. |<>|label:enterprise-edition[Enterprise only]A list of security authentication providers containing the users and roles. @@ -2149,6 +2150,18 @@ a|dbms.security.auth_enabled, a boolean m|true |=== +[[config_config_dbms.security.auth_minimum_password_length]] +.dbms.security.auth_minimum_password_length +[cols="<1s,<4"] +|=== +|Description +a|The minimum number of characters required in a password. +|Valid values +a|dbms.security.auth_minimum_password_length, an integer +|Default value +m|+++8+++ +|=== + [[config_dbms.security.auth_lock_time]] .dbms.security.auth_lock_time [cols="<1s,<4"] From c51559c117297b0baf9922950996f86598658862 Mon Sep 17 00:00:00 2001 From: lidiazuin <102308961+lidiazuin@users.noreply.github.com> Date: Mon, 28 Nov 2022 14:43:21 +0100 Subject: [PATCH 023/876] Changing information about password and user recovery (#178) (#181) It is not about recovering the password but creating a new one to recover access. Some editorial changes were done to make this clearer and more correct. Original PR: https://github.com/neo4j/docs-operations/pull/178 Co-authored-by: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> --- .../ROOT/pages/configuration/password-and-user-recovery.adoc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/configuration/password-and-user-recovery.adoc b/modules/ROOT/pages/configuration/password-and-user-recovery.adoc index cbecf6ed1..bdc544d3e 100644 --- a/modules/ROOT/pages/configuration/password-and-user-recovery.adoc +++ b/modules/ROOT/pages/configuration/password-and-user-recovery.adoc @@ -1,8 +1,9 @@ -:description: How to recover from a lost password, specifically for an admin user, how to recover an admin user if all the admin users have been unassigned the admin role, and how to recreate the built-in admin role if it has been dropped. +:description: This page describes how to reset a password to recover a user's access when their password is lost. It specifically focuses on how to recover an admin user if all the admin users have been unassigned the admin role, and how to recreate the built-in admin role if it has been dropped. [[password-and-user-recovery]] = Password and user recovery -This page describes how to recover from a lost password, specifically for an admin user, how to recover an admin user if all the admin users have been unassigned the admin role, and how to recreate the built-in admin role if it has been dropped. +This page describes how to reset a password to recover a user's access when their password is lost. +It specifically focuses on how to recover an admin user if all the admin users have been unassigned the admin role, and how to recreate the built-in admin role if it has been dropped. [[disable-authentication]] == Disable authentication From e323a1e667f168e418cd21422c81df39bce7968a Mon Sep 17 00:00:00 2001 From: JPryce-Aklundh Date: Tue, 29 Nov 2022 08:36:20 +0100 Subject: [PATCH 024/876] post-review corrections 2 --- .../ROOT/pages/performance/locks-deadlocks.adoc | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/modules/ROOT/pages/performance/locks-deadlocks.adoc b/modules/ROOT/pages/performance/locks-deadlocks.adoc index d9f753b28..1532df628 100644 --- a/modules/ROOT/pages/performance/locks-deadlocks.adoc +++ b/modules/ROOT/pages/performance/locks-deadlocks.adoc @@ -2,7 +2,7 @@ :description: This page discusses how locks are used in Neo4j, and strategies to avoid deadlocks. Neo4j is fully https://neo4j.com/docs/java-reference/current/transaction-management/[ACID compliant]. -This means that all database operations which access graphs, indexes or schemas must be performed in a transaction. +This means that all database operations which access graphs, indexes, or schemas must be performed in a transaction. When a write transaction occurs, Neo4j takes locks to preserve data consistency while updating. == Locks @@ -17,7 +17,7 @@ They not only protect logical entities (such as nodes and relationships), but al The default isolation is read-committed isolation level. It is, however, possible to manually acquire write locks on nodes and relationships. -For more information on how to manually acquire write locks, see https://neo4j.com/docs/java-reference/current/transaction-management/#transactions-isolation[Neo4j's Java-reference manual on transaction management]. +For more information on how to manually acquire write locks, see https://neo4j.com/docs/java-reference/current/transaction-management/#transactions-isolation[Neo4j Java Reference Manual -> Transaction management]. == Lock contention @@ -65,16 +65,18 @@ At commit time, relationships are inserted into their relationship chains at pla In other words, relationship modifications acquires coarse-grained shared node locks when doing the operation in the transaction, and then acquires precise exclusive relationship locks during commit. -The locking is very similar for sparse and dense nodes. The biggest contention for sparse nodes is the update of the degree (i.e. number of relationships) for the node. +The locking is very similar for sparse and dense nodes. +The biggest contention for sparse nodes is the update of the degree (i.e. number of relationships) for the node. Dense nodes store this data in a concurrent data structure, and so can avoid exclusive node locks in almost all cases for relationship modifications. == Deadlocks -A deadlock occurs when two transactions are blocked by each other because they are attempting to concurrently modify a node or a relationship that is locked by the other transaction. In such a scenario, neither of the transactions will be able to proceed. +A deadlock occurs when two transactions are blocked by each other because they are attempting to concurrently modify a node or a relationship that is locked by the other transaction. +In such a scenario, neither of the transactions will be able to proceed. When Neo4j detects a deadlock, the transaction is terminated (with the transient error message code `Neo.TransientError.Transaction.DeadlockDetected`). -For example, running the following two queries in https://neo4j.com/docs/operations-manual/current/tools/cypher-shell/[Cypher-shell] at the same time, will result in a deadlock because they are attempting to modify the same node properties concurrently. +For example, running the following two queries in https://neo4j.com/docs/operations-manual/current/tools/cypher-shell/[Cypher-shell] at the same time, will result in a deadlock because they are attempting to modify the same node properties concurrently: .Transaction A [source, cypher, indent=0] @@ -124,7 +126,7 @@ For example, if the three locks `A`, `B`, and `C` are always taken in the same o Another option is to avoid lock contention by not modifying the same entities concurrently. -For more information about deadlocks, see https://neo4j.com/docs/java-reference/5/transaction-management/#transactions-deadlocks[Neo4j's Java-reference manual on transaction management]. +For more information about deadlocks, see https://neo4j.com/docs/java-reference/5/transaction-management/#transactions-deadlocks[Neo4j Java Reference Manual -> Transaction management]. == Internal lock types From 2b1368ebc771094f95b34ca707e257de0bae2a8c Mon Sep 17 00:00:00 2001 From: lidiazuin <102308961+lidiazuin@users.noreply.github.com> Date: Tue, 29 Nov 2022 16:51:35 +0100 Subject: [PATCH 025/876] Updating the table with missing cluster-related procedures (#179) (#190) Original PR: https://github.com/neo4j/docs-operations/pull/179#pullrequestreview-1197723676 --- modules/ROOT/pages/reference/procedures.adoc | 158 +++++++++++++++++-- 1 file changed, 143 insertions(+), 15 deletions(-) diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index cd5ac3c86..053ac40cd 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -207,7 +207,7 @@ In 4.2, signature changed to `db.listLocks() :: (mode :: STRING?, resourceType : // New in 5.0 // Only for admins -| xref:reference/procedures.adoc#procedure_dbms_checkconfigvalue[`dbms.checkConfigValue`] +| xref:reference/procedures.adoc#procedure_dbms_checkconfigvalue[`dbms.checkConfigValue()`] | label:no[] | label:yes[] | New in 5.0. @@ -216,10 +216,20 @@ In 4.2, signature changed to `db.listLocks() :: (mode :: STRING?, resourceType : // Internal // dbms.clientConfig() +| xref:reference/procedures.adoc#procedure_dbms_cluster_checkConnectivity[`dbms.cluster.checkConnectivity()`] +| label:no[] +| label:yes[] +| label:admin-only[] + +| xref:reference/procedures.adoc#procedure_dbms_cluster_cordonServer[`dbms.cluster.cordonServer()`] +| label:no[] +| label:yes[] +| label:admin-only[] + // Clustering is an Enterprise feature, the naming is weird. // dbms.routing.getRoutingTable() does the same thing. | xref:reference/procedures.adoc#procedure_dbms_cluster_routing_getroutingtable[`dbms.cluster.routing.getRoutingTable()`] -| label:no[] +| label:yes[] | label:yes[] | @@ -228,7 +238,8 @@ In 4.2, signature changed to `db.listLocks() :: (mode :: STRING?, resourceType : | xref:reference/procedures.adoc#procedure_dbms_cluster_overview[`dbms.cluster.overview()`] | label:no[] | label:yes[] -| +| label:removed[] + +Replaced by: `SHOW SERVERS`. // New in 4.0 // com.neo4j.causaulclustering.discovery.procedures.InstalledProtocolsProcedure @@ -242,7 +253,7 @@ In 4.2, signature changed to `db.listLocks() :: (mode :: STRING?, resourceType : | xref:reference/procedures.adoc#procedure_dbms_cluster_quarantinedatabase[`dbms.cluster.quarantineDatabase()`] | label:no[] | label:yes[] -| label:deprecated[Deprecated in 4.3] + +| label:removed[] + Replaced by: `dbms.quarantineDatabase()`. // New in 4.2 @@ -250,7 +261,7 @@ Replaced by: `dbms.quarantineDatabase()`. | xref:reference/procedures.adoc#procedure_dbms_cluster_readreplicatoggle[`dbms.cluster.readReplicaToggle()`] | label:no[] | label:yes[] -| +| label:admin-only[] // New in 4.0 // Removed in 5.0 @@ -270,6 +281,11 @@ Replaced by: `SHOW DATABASES`. | label:removed[] + Replaced by: `dbms.setDefaultDatabase` +| xref:reference/procedures.adoc#procedure_dbms_cluster_uncordonServer[`dbms.cluster.uncordonServer()`] +| label:no[] +| label:yes[] +| label:admin-only[] + | xref:reference/procedures.adoc#procedure_dbms_components[`dbms.components()`] | label:yes[] | label:yes[] @@ -324,7 +340,7 @@ Replaced by: `SHOW DATABASES`. | xref:reference/procedures.adoc#procedure_dbms_quarantineDatabase[`dbms.quarantineDatabase()`] | label:no[] | label:yes[] -| +| label:admin-only[] | xref:reference/procedures.adoc#procedure_dbms_queryjmx[`dbms.queryJmx()`] | label:yes[] @@ -334,7 +350,22 @@ Replaced by: `SHOW DATABASES`. | xref:reference/procedures.adoc#procedure_dbms_routing_getroutingtable[`dbms.routing.getRoutingTable()`] | label:yes[] | label:yes[] -| +| + +| xref:reference/procedures.adoc#procedure_dbms_setDatabaseAllocator[`dbms.setDatabaseAllocator()`] +| label:no[] +| label:yes[] +| label:admin-only[] + +| xref:reference/procedures.adoc#procedure_dbms_setDefaultAllocationNumbers[`dbms.setDefaultAllocationNumbers()`] +| label:no[] +| label:yes[] +| label:admin-only[] + +| xref:reference/procedures.adoc#procedure_dbms_setDefaultDatabase[`dbms.setDefaultDatabase()`] +| label:no[] +| label:yes[] +| label:admin-only[] // New in 4.2 | xref:reference/procedures.adoc#procedure_dbms_scheduler_failedjobs[`dbms.scheduler.failedJobs()`] @@ -481,6 +512,11 @@ Replaced by: `ALTER USER`. | label:yes[] | +| xref:reference/procedures.adoc#procedure_dbms_showTopologyGraphConfig[`dbms.showTopologyGraphConfig()`] +| label:no[] +| label:yes[] +| label:admin-only[] + // New in 4.1 | xref:reference/procedures.adoc#procedure_dbms_upgrade[`dbms.upgrade()`] | label:yes[] @@ -1037,7 +1073,7 @@ m|READ |=== [[procedure_dbms_checkconfigvalue]] -.dbms.checkConfigValue label:enterprise-edition[] +.dbms.checkConfigValue() label:enterprise-edition[] [cols="<15s,<85"] |=== | Description @@ -1060,6 +1096,36 @@ m|DBMS // m|admin |=== +[[procedure_dbms_cluster_checkConnectivity]] +.dbms.cluster.checkConnectivity() label:enterprise-edition[] label:admin-only[] +[cols="<15s,<85"] +|=== +| Description +a| +Checks the connectivity of this instance to other cluster members. +Not all ports are relevant to all members. +Valid values for 'port-name' are: [CLUSTER, RAFT]. +| Signature +m|dbms.cluster.checkConnectivity +| Mode +m|DBMS +|=== + +[[procedure_dbms_cluster_cordonServer]] +.dbms.cluster.cordonServer() label:enterprise-edition[] label:admin-only[] +[cols="<15s,<85"] +|=== +| Description +a| Marks a server in the topology as not suitable for new allocations. +It will not force current allocations off the server. +This is useful when deallocating databases when you have multiple unavailable servers. +| Signature +m|dbms.cluster.cordonServer(server :: STRING?) +| Mode +m|WRITE +|=== + + [[procedure_dbms_cluster_routing_getroutingtable]] .dbms.cluster.routing.getRoutingTable() [cols="<15s,<85"] @@ -1067,6 +1133,7 @@ m|DBMS | Description a| Returns endpoints of this instance. +Used in disaster recovery. | Signature m|dbms.cluster.routing.getRoutingTable(context :: MAP?, database = null :: STRING?) :: (ttl :: INTEGER?, servers :: LIST? OF MAP?) | Mode @@ -1077,18 +1144,19 @@ m|DBMS [[procedure_dbms_cluster_overview]] -.dbms.cluster.overview() label:enterprise-edition[] +.dbms.cluster.overview() label:enterprise-edition[] label:removed[] [cols="<15s,<85"] |=== | Description -a| -Overview of all currently accessible cluster members, their databases and roles. +a| Overview of all currently accessible cluster members, their databases and roles. | Signature m|dbms.cluster.overview() :: (id :: STRING?, addresses :: LIST? OF STRING?, databases :: MAP?, groups :: LIST? OF STRING?) | Mode m|READ // | Default roles // m|reader, editor, publisher, architect, admin +| Replaced by +a| `SHOW SERVERS` |=== @@ -1111,7 +1179,7 @@ m|READ [[procedure_dbms_cluster_quarantinedatabase]] -.dbms.cluster.quarantineDatabase() label:enterprise-edition[] label:deprecated[Deprecated in 4.3] +.dbms.cluster.quarantineDatabase() label:enterprise-edition[] label:removed[] [cols="<15s,<85"] |=== | Description @@ -1129,7 +1197,7 @@ a| xref:reference/procedures.adoc#procedure_dbms_quarantineDatabase[`dbms.quaran [[procedure_dbms_cluster_readreplicatoggle]] -.dbms.cluster.readReplicaToggle() label:enterprise-edition[] +.dbms.cluster.readReplicaToggle() label:enterprise-edition[] label:admin-only[] [cols="<15s,<85"] |=== | Description @@ -1153,7 +1221,7 @@ If connected directly to a Read Replica, Data Scientists can execute analysis on [NOTE] ==== -This procedure can only be executed on a Read Replica cluster member. +This procedure can only be executed on a database which runs in a secondary role on the connected server. ==== .Pause transaction pulling for database `neo4j` @@ -1218,6 +1286,18 @@ m|WRITE // m|admin |=== +[[procedure_dbms_cluster_uncordonServer]] +.dbms.cluster.uncordonServer() label:enterprise-edition[] label:admin-only[] +[cols="<15s,<85"] +|=== +| Description +a| Removes the cordon on a server, returning it to 'enabled'. +| Signature +m| dbms.cluster.uncordonServer(server :: STRING?) +| Mode +m| WRITE +|=== + [[procedure_dbms_components]] .dbms.components() @@ -1376,12 +1456,13 @@ m|DBMS |=== [[procedure_dbms_quarantineDatabase]] -.dbms.quarantineDatabase +.dbms.quarantineDatabase() label:enterprise-edition[] label:admin-only[] [cols="<15s,<85"] |=== | Description a| Place a database in quarantine or remove thereof. +It must be executed over `bolt://`. | Signature m|dbms.quarantineDatabase(databaseName :: STRING?, setStatus :: BOOLEAN?, reason = No reason given :: STRING?) :: (databaseName :: STRING?, quarantined :: BOOLEAN?, result :: STRING?) | Mode @@ -1424,6 +1505,42 @@ m|DBMS // m|reader, editor, publisher, architect, admin |=== +[[procedure_dbms_setDatabaseAllocator]] +.dbms.setDatabaseAllocator() label:enterprise-edition[] label:admin-only[] +[cols="<15s,<85"] +|=== +| Description +a| With this method you can set the allocator, which is responsible to select servers for hosting databases. +| Signature +m|dbms.setDatabaseAllocator(allocator :: STRING?) +| Mode +a|WRITE +|=== + +[[procedure_dbms_setDefaultAllocationNumbers]] +.dbms.setDefaultAllocationNumbers() label:enterprise-edition[] label:admin-only[] +[cols="<15s,<85"] +|=== +| Description +a| With this method you can set the default number of primaries and secondaries. +| Signature +m|dbms.setDefaultAllocationNumbers(primaries :: INTEGER?, secondaries :: INTEGER?) +| Mode +a|WRITE +|=== + +[[procedure_dbms_setDefaultDatabase]] +.dbms.setDefaultDatabase() label:enterprise-edition[] label:admin-only[] +[cols="<15s,<85"] +|=== +| Description +a| Changes the default database to the provided value. +The database must exist and the old default database must be stopped. +| Signature +m|dbms.setDefaultDatabase(databaseName :: STRING?) :: (result :: STRING?) +| Mode +a|WRITE +|=== [[procedure_dbms_scheduler_failedjobs]] .dbms.scheduler.failedJobs() label:enterprise-edition[] label:admin-only[] @@ -1748,6 +1865,17 @@ m|DBMS // m|reader, editor, publisher, architect, admin |=== +[[procedure_dbms_showTopologyGraphConfig]] +.dbms.showTopologyGraphConfig() label:enterprise-only[] label:admin-only[] +[cols="<15s,<85"] +|=== +| Description +a| With this method the configuration of the Topology Graph can be displayed. +| Signature +m|dbms.showTopologyGraphConfig() :: (allocator :: STRING?, defaultPrimariesCount :: INTEGER?, defaultSecondariesCount :: INTEGER?, defaultDatabase :: STRING?) +| Mode +m|READ +|=== [[procedure_dbms_upgrade]] .dbms.upgrade() label:admin-only[] From ccb38f6b18721e88adc1b92149896fd2e846af1a Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 30 Nov 2022 14:06:45 +0200 Subject: [PATCH 026/876] Add more ways of passing a Cypher script file to a Neo4j Docker container (#188) --- modules/ROOT/pages/docker/operations.adoc | 84 +++++++++++++++++++---- 1 file changed, 71 insertions(+), 13 deletions(-) diff --git a/modules/ROOT/pages/docker/operations.adoc b/modules/ROOT/pages/docker/operations.adoc index 74327e5c7..d04c5822f 100644 --- a/modules/ROOT/pages/docker/operations.adoc +++ b/modules/ROOT/pages/docker/operations.adoc @@ -126,7 +126,7 @@ docker run --interactive --tty --name \ + [source, shell] ---- -docker exec --interactive --tty cypher-shell -u neo4j -p neo4j +docker exec --interactive --tty cypher-shell -u neo4j -p ---- . Retrieve some data. @@ -154,28 +154,86 @@ neo4j@neo4j> match (n:Actors)-[r]->(m:Movies) return n.name AS Actors, m.title A [[docker-cypher-shell-script]] === Pass a Cypher script file to a Neo4j Docker container -Because `cypher-shell` does not support file streams, such as `cypher-shell -a localhost -u -p --file myscript.cypher`, you can use the commands `cat` or `curl` to pipe the contents of your script file into your container. +There are different ways to pass a Cypher script file to a Neo4j Docker container, all of them using the Cypher Shell tool. + +* Using the `--file` option of the `cypher-shell` command followed by the file name. +After the statements are executed `cypher-shell` shuts down. + +* Using the `:source` command followed by the file name when in the Cypher interactive shell. + +* Using the commands `cat` or `curl` with `cypher-shell` to pipe the contents of your script file into your container. + +[NOTE] +==== +To use the `--file` option or the `:source` command of Cypher Shell, the Cypher script file must be readable from inside the container, otherwise `cypher-shell` will not be able to open the file. +The folder containing the examples must be mounted to the container when the container is started. +==== + The following are syntax examples of how to use these commands: -.Invoke `curl` with Cypher Shell +._example.cypher_ script [source, shell] ---- -curl http://mysite.com/config/script.cypher | sudo docker exec --interactive cypher-shell -u neo4j -p neo4j +match (n:Actors)-[r]->(m:Movies) return n.name AS Actors, m.title AS Movies, m.year AS MovieYear; ---- -.Invoke `cat` with Cypher Shell -[source, shell] +.Invoke `cypher-shell` with the `--file` option +[source, shell, subs="attributes"] ---- -# Prepare the example.cypher script, for instance, containing the query: +# Put the example.cypher file in the local folder ./examples. -match (n:Actors)-[r]->(m:Movies) return n.name AS Actors, m.title AS Movies, m.year AS MovieYear; +# Start a Neo4j container and mount the ./examples folder inside the container: + +docker run --rm \ +--volume /path/to/local/examples:/examples \ +--publish=7474:7474 \ +--publish=7687:7687 \ +--env NEO4J_AUTH=neo4j/ \ +neo4j:{neo4j-version-exact} + +# Run the Cypher Shell tool with the --file option passing the example.cypher file: + +docker exec --interactive --tty cypher-shell -u neo4j -p --file /examples/example.cypher +---- -# Run the following command: +.Use the `:source` command to run a Cypher script file +[source, shell, subs="attributes"] +---- +# Put the example.cypher file in the local folder ./examples. + +# Start a Neo4j container and mount the ./examples folder inside the container: + +docker run --rm \ +--volume /path/to/local/examples:/examples \ +--publish=7474:7474 \ +--publish=7687:7687 \ +--env NEO4J_AUTH=neo4j/ \ +neo4j:{neo4j-version-exact} + +# Use the container ID or name to get into the container, and then, run the cypher-shell command and authenticate. + +docker exec --interactive --tty cypher-shell -u neo4j -p + +# Invoke the :source command followed by the file name. + +neo4j@neo4j> :source example.cypher +---- -cat example.cypher | sudo docker exec --interactive cypher-shell -u neo4j -p neo4j +.Invoke `curl` with Cypher Shell +[source, shell] +---- +curl http://mysite.com/config/example.cypher | sudo docker exec --interactive cypher-shell -u neo4j -p +---- -# The command runs the script and returns the following result: +.Invoke `cat` with Cypher Shell +[source, shell] +---- +cat example.cypher | sudo docker exec --interactive cypher-shell -u neo4j -p +---- +.Example output +[source, shell, role="noheader"] +---- Actors, Movies, MovieYear "Keanu Reeves", "The Matrix Revolutions", 2003 "Keanu Reeves", "The Matrix Reloaded", 2003 @@ -188,8 +246,8 @@ Actors, Movies, MovieYear "Carrie-Anne Moss", "The Matrix", 1999 ---- -These commands take the contents of the script file and pass it into the Docker container. -Then, they run `cypher-shell`, authenticate with the provided `` and ``, and execute a cypher example, LOAD CSV dataset, which might be hosted somewhere on a server (with `curl`), create indexes, constraints, or do other administrative operations. +These commands take the contents of the script file and pass it into the Docker container using Cypher Shell. +Then, they run a Cypher example, `LOAD CSV` dataset, which might be hosted somewhere on a server (with `curl`), create indexes, constraints, or do other administrative operations. [[docker-procedures]] == Install user-defined procedures From 4425bad1f8bee38598814344acc492288ca4897d Mon Sep 17 00:00:00 2001 From: lidiazuin <102308961+lidiazuin@users.noreply.github.com> Date: Thu, 1 Dec 2022 11:36:37 +0100 Subject: [PATCH 027/876] Note about Let's Encrypt (#164) (#197) The request was to incorporate a Medium post about getting certificates with Let's Encrypt, but since we do not document third party tools in product documentation, one way to solve this was to actually leave a note mentioning the open tool (Let's Encrypt) as a suggestion. Original PR: https://github.com/neo4j/docs-operations/pull/164 Co-authored-by: Nicola Vitucci --- modules/ROOT/pages/security/ssl-framework.adoc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/ROOT/pages/security/ssl-framework.adoc b/modules/ROOT/pages/security/ssl-framework.adoc index 1393c744b..73318e86a 100644 --- a/modules/ROOT/pages/security/ssl-framework.adoc +++ b/modules/ROOT/pages/security/ssl-framework.adoc @@ -81,6 +81,11 @@ Using OpenSSL can significantly improve performance, especially for AES-GCM-cryp The SSL configuration requires SSL xref:security/ssl-framework.adoc#term-ssl-certificate[certificates] to be issued by a Certificate Authority (CA). All certificates must follow the xref:security/ssl-framework.adoc#term-ssl-x509[X.509] standard and be saved in a `PEM-encoded` file. +[TIP] +==== +Open tools such as Let's Encrypt allow the automatic generation of browser-trusted certificates. +==== + .Example public.crt file [source, text] ---- From 40ac6d65b46912f7412c72fff6a625473c87ce42 Mon Sep 17 00:00:00 2001 From: lidiazuin <102308961+lidiazuin@users.noreply.github.com> Date: Mon, 5 Dec 2022 13:43:13 +0100 Subject: [PATCH 028/876] Update Let's Encrypt note (#204) (#208) Original PR https://github.com/neo4j/docs-operations/pull/204 Co-authored-by: Nicola Vitucci --- modules/ROOT/pages/security/ssl-framework.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/security/ssl-framework.adoc b/modules/ROOT/pages/security/ssl-framework.adoc index 73318e86a..7c9286b51 100644 --- a/modules/ROOT/pages/security/ssl-framework.adoc +++ b/modules/ROOT/pages/security/ssl-framework.adoc @@ -83,7 +83,7 @@ All certificates must follow the xref:security/ssl-framework.adoc#term-ssl-x509[ [TIP] ==== -Open tools such as Let's Encrypt allow the automatic generation of browser-trusted certificates. +Valid trusted certificates can be generated for free using non-profit CAs such as Let's Encrypt. ==== .Example public.crt file From b84953443baca66f05f1ce0a05611ce960df25f7 Mon Sep 17 00:00:00 2001 From: lidiazuin <102308961+lidiazuin@users.noreply.github.com> Date: Mon, 5 Dec 2022 14:38:33 +0100 Subject: [PATCH 029/876] Removing a duplicate "for" in settings description (#214) (#215) Original PR https://github.com/neo4j/docs-operations/pull/214 --- modules/ROOT/pages/clustering/settings.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/clustering/settings.adoc b/modules/ROOT/pages/clustering/settings.adoc index 843445f01..e08469f29 100644 --- a/modules/ROOT/pages/clustering/settings.adoc +++ b/modules/ROOT/pages/clustering/settings.adoc @@ -79,7 +79,7 @@ If this server is included in the `discovery.endpoints` of other cluster members | xref:reference/configuration-settings.adoc#config_server.cluster.raft.advertised_address[`server.cluster.raft.advertised_address`] | The address/port setting that specifies where the Neo4j server advertises to other members of the cluster that it listens for Raft messages within the cluster. -**Example:** `server.cluster.raft.advertised_address=192.168.33.20:7000` listens for for cluster communication in the network interface bound to `192.168.33.20` on port `7000`. +**Example:** `server.cluster.raft.advertised_address=192.168.33.20:7000` listens for cluster communication in the network interface bound to `192.168.33.20` on port `7000`. | xref:reference/configuration-settings.adoc#config_server.cluster.advertised_address[`server.cluster.advertised_address`] | The address/port setting that specifies where the instance advertises it listens for requests for transactions in the transaction-shipping catchup protocol. From e88558433499e89fd770959463517c5b402b8ba0 Mon Sep 17 00:00:00 2001 From: lidiazuin <102308961+lidiazuin@users.noreply.github.com> Date: Tue, 6 Dec 2022 14:15:47 +0100 Subject: [PATCH 030/876] Updating steps to create dynamic password (#222) (#223) According to previous discussion on Slack. Original PR https://github.com/neo4j/docs-operations/pull/222 --- .../ROOT/pages/security/ssl-framework.adoc | 30 +++++++++++++++++-- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/pages/security/ssl-framework.adoc b/modules/ROOT/pages/security/ssl-framework.adoc index 7c9286b51..8095baeee 100644 --- a/modules/ROOT/pages/security/ssl-framework.adoc +++ b/modules/ROOT/pages/security/ssl-framework.adoc @@ -993,11 +993,35 @@ dbms.ssl.policy.cluster.private_key_password= dbms.ssl.policy.backup.private_key_password= ---- -If hardcoding of clear text private key password is not feasible due to security constraints, it can be set up to use dynamic password pickup: +If hardcoding of clear text private key password is not feasible due to security constraints, it can be set up to use dynamic password pickup by following these steps: -[source, properties] +. Create a file containing the `cleartext` password for the private key password and encrypt it with the certificate (assuming private key for cert has password set and certificate is in `pwd`): ++ +[source] +---- +echo "password123" > passwordfile + +openssl aes-256-cbc -a -salt -in passwordfile -out password.enc -pass file:certificate.crt +---- ++ +[NOTE] +==== +Delete the password file and set file permissions for `password.enc` to `400` (e.g. `chmod 400 password.enc`). +==== + +. Verify that encrypted password can be read from password.enc: ++ +[source] +---- +openssl aes-256-cbc -a -d -in password.enc -pass file:certificate.crt +---- + +. Set the neo4j.conf `dbms.ssl.policy..private_key_password` to be able to read out encrypted password. +To adjust paths to cert and encrypted password file, use full paths: ++ +[source] ---- -dbms.ssl.policy.bolt.private_key_password=$(openssl aes-256-cbc -a -d -in /opt/neo4j/etc/neo4j/neo4j_cert_pwd.enc -kfile /opt/neo4j/var/lib/neo4j/certificates/bolt/neo4j.cert) +dbms.ssl.policy.bolt.private_key_password=$(openssl aes-256-cbc -a -d -in password.enc -pass file:certificate.crt) ---- [NOTE] From ab765de17d4674bf7e4541969a1939876fb0ca1f Mon Sep 17 00:00:00 2001 From: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> Date: Tue, 6 Dec 2022 14:33:33 +0100 Subject: [PATCH 031/876] 5.2 cluster glossary (#142) Co-authored-by: Nick Giles <100630647+nick-giles-neo@users.noreply.github.com> --- modules/ROOT/content-nav.adoc | 1 + modules/ROOT/pages/clustering/glossary.adoc | 130 ++++++++++++++++++++ modules/ROOT/pages/clustering/index.adoc | 1 + 3 files changed, 132 insertions(+) create mode 100644 modules/ROOT/pages/clustering/glossary.adoc diff --git a/modules/ROOT/content-nav.adoc b/modules/ROOT/content-nav.adoc index 9b525fbfd..7b119a98e 100644 --- a/modules/ROOT/content-nav.adoc +++ b/modules/ROOT/content-nav.adoc @@ -100,6 +100,7 @@ ** xref:clustering/disaster-recovery.adoc[] //** xref:clustering/internals.adoc[] ** xref:clustering/settings.adoc[] +** xref:clustering/glossary.adoc[] * xref:backup-restore/index.adoc[] ** xref:backup-restore/planning.adoc[] diff --git a/modules/ROOT/pages/clustering/glossary.adoc b/modules/ROOT/pages/clustering/glossary.adoc new file mode 100644 index 000000000..0580cddcd --- /dev/null +++ b/modules/ROOT/pages/clustering/glossary.adoc @@ -0,0 +1,130 @@ +[[cluster-glossary]] += Clustering glossary +:description: This section contains a glossary of terms used in the clustering documentation. + + +[cols="<,<",frame="topbot",options="header"] +|=== +| Term +| Description + +[[glossary-allocator]] +| Allocator +| A component in the cluster that allocates databases to servers according to the topology constraints specified and an allocation strategy. + +[[glossary-async-replication]] +| Asynchronous replication +| Enables efficient scale-out of secondary database copies but offers no guarantees under fault conditions. +The data present in the secondary copy is not guaranteed to be up-to-date with a majority of the database's primary copies. + +[[glossary-availabiility]] +| Availability +| The ability to access data in a database. +A database can be available for read-write, read-only, or altogether unavailable. +A clustered database is fault-tolerant, i.e. it can maintain both read and write availability if some primaries fail (see <> for more information). +If the number of failed primaries exceeds the fault tolerance limit, the database becomes read-only. +Should all copies fail, the database becomes unavailable. + +[[glossary-bookmark]] +| Bookmark +| A marker the client can request from the cluster to ensure that it is able to read its own writes so that the application's state is consistent and only databases that have a copy of the bookmark are permitted to respond. + +[[glossary-causal-consistency]] +| Causal consistency +| When a client (driver) creates a session and executes a query, the responding server issues the client a bookmark. +This reflects the state of the database copy on that server at the time the query was executed. +The bookmark is passed along and updated by all subsequent queries in the session, regardless of which server executes what query. +A bookmark can only be updated monotonically increasing. +If a server is behind the state in the bookmark, it waits until it has caught up, or time out the query. +Thus, clients executing queries within a session are guaranteed to read their own writes, and only see successively later states of the database. +This is sometimes also referred to as <>. + +[[glossary-cluster]] +| Cluster +| A collection of servers running Neo4j that are configured to communicate with each other. +These may be used to host databases and the databases may be configured to replicate across servers in the cluster thus achieving read scalability or high availability. +A minimum of three servers is required for the cluster to be fault-tolerant. + +[[glossary-database]] +| Database +| The data store for the nodes, relationships, and properties that make up the graph. +Multiple databases can be hosted on a Database Management Server (DBMS). + +[[glossary-dbms]] +| Database Management Server (DBMS) +| The Neo4j services and system database running on an instance of a single server or cluster to provide one or more databases. + +[[glossary-deallocate]] +| Deallocate +| An act of safely removing (i.e. without loss of data or reduced fault tolerance) a database from a server, or removing a server from a cluster. + +[[glossary-disaster-recovery]] +| Disaster recovery +| A manual intervention to restore availability of a cluster, or databases within a cluster. + +[[glossary-election]] +| Election +| In the event that a leader becomes unresponsive, followers automatically trigger an election and vote for a new leader. +A majority is required for the vote to be successful. + +[[glossary-fault-tolerance]] +| Fault tolerance +| A guarantee that a database can maintain persistence and availability in the event of one or more failures. +The number of failures `f` that can be tolerated is dependent on the number of primaries `n` for the database and follows the formula `f = (n-1)/2`. +In the event that more than `f` primaries fail, the database can no longer process write transactions and becomes read-only. + +[[glossary-follower]] +| Follower +| A primary copy of a database acting as a follower, receives and acknowledges synchronous writes from the leader. + +[[glossary-leader]] +| Leader +| A single primary copy of a database is designated as the leader. +It receives all write transactions from clients and replicates writes synchronously to followers and asynchronously to secondary copies of the database. +Each database can have a different leader within the cluster. + +[[glossary-primary]] +| Primary +| A copy of the database that is able to process write transactions and is eligible to be elected as a leader. +It participates in fault tolerant writes as it is part of the majority required to acknowledge and commit write transactions. + +[[glossary-read-scaling]] +| Read scaling +| Adding secondary copies of the database to the cluster can offload read queries from the primary databases and thus reduce the load and aid write performance of the cluster. + +[[glossary-secondary]] +| Secondary +| An asynchronously replicated copy of the database that provides read scaling within the cluster. +It is also suitable for running graph analytic workloads in a cluster using Graph Data Science and taking backups without incurring load on the primary. + +[[glossary-seed]] +| Seed +| A file used to create a copy of a database on a single instance or on a member of a cluster. +This can be a database dump or a database backup. +_Seed_ can also be used as a verb to describe the act seeding a cluster from a backup. + +[[glossary-server]] +| Server +| A physical machine, a virtual machine, or a container running Neo4j DBMS. +The server can be standalone or part of a cluster. + +[[glossary-session-consistency]] +| Session consistency +| An alternative name for Neo4j's <>. + +[[glossary-topology]] + +[[glossary-standalone-server]] +| Standalone server +| A single server, or container, running Neo4j DBMS and not part of a cluster. + +[[glossary-sync-replication]] +| Synchronous replication +| When attempting to commit a transaction, the leader primary replicates the transaction and block, requiring the follower primaries to acknowledge the replication before allowing the commit to proceed. +This blocking replication is known as _synchronous_, and ensures data durability and consistency within the cluster. +See also <>. + +[[glossary-topology]] +| Topology +| A configuration that describes how the copies of a database should be spread across the servers in a cluster. +|=== \ No newline at end of file diff --git a/modules/ROOT/pages/clustering/index.adoc b/modules/ROOT/pages/clustering/index.adoc index 4fcdf6190..dc3807e6e 100644 --- a/modules/ROOT/pages/clustering/index.adoc +++ b/modules/ROOT/pages/clustering/index.adoc @@ -17,6 +17,7 @@ This chapter describes the following: ** xref:clustering/monitoring/show-servers-monitoring.adoc[Monitoring servers] -- The tools available for monitoring the servers in a cluster. ** xref:clustering/monitoring/show-databases-monitoring.adoc[Monitoring databases] -- The tools available for monitoring the databases in a cluster. * xref:clustering/settings.adoc[Settings reference] -- A summary of the most important cluster settings. +* xref:clustering/glossary.adoc[Clustering glossary] -- A glossary of terms used in the clustering documentation. //* <> -- A few internals regarding the operation of the cluster. Further information: From e067fd03cb6e62bf14cb68ec6242f3dfbd2dc192 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Tue, 6 Dec 2022 16:43:10 +0200 Subject: [PATCH 032/876] Add composite database tutorial to the index page (#227) --- modules/ROOT/pages/tutorial/index.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/tutorial/index.adoc b/modules/ROOT/pages/tutorial/index.adoc index 40302cf75..4c2b663c6 100644 --- a/modules/ROOT/pages/tutorial/index.adoc +++ b/modules/ROOT/pages/tutorial/index.adoc @@ -8,6 +8,6 @@ The following step-by-step tutorials cover common operational tasks or otherwise //* <> -- This tutorial walks through the basics of setting up a Neo4j Causal Cluster. //* <> -- This tutorial provides a detailed example of how to back up and restore a database in a running Causal Cluster. * xref:tutorial/neo4j-admin-import.adoc[Neo4j Admin import] -- This tutorial provides detailed examples to illustrate the capabilities of importing data from CSV files with the command `neo4j-admin database import`. +* xref:tutorial/tutorial-composite-database.adoc[Set up and use a composite database] -- This tutorial walks through the basics of setting up and using composite databases. * xref:tutorial/tutorial-sso-configuration.adoc[SSO configuration] -- This tutorial presents examples and solutions to common problems when configuring SSO. -//* <> -- This tutorial walks through the basics of setting up and using Neo4j Fabric. * xref:tutorial/tutorial-immutable-privileges.adoc[Administering immutable privileges] -- This tutorial describes methods for administering immutable privileges. From 21a505852a3a078cf3db5d0a7dfece16de5e8279 Mon Sep 17 00:00:00 2001 From: Jack Waudby Date: Tue, 6 Dec 2022 21:21:47 +0000 Subject: [PATCH 033/876] add documentation on show databases behaviour when servers are offline --- .../pages/clustering/monitoring/show-databases-monitoring.adoc | 2 ++ modules/ROOT/pages/manage-databases/queries.adoc | 2 ++ 2 files changed, 4 insertions(+) diff --git a/modules/ROOT/pages/clustering/monitoring/show-databases-monitoring.adoc b/modules/ROOT/pages/clustering/monitoring/show-databases-monitoring.adoc index 63e278248..dddcc2b95 100644 --- a/modules/ROOT/pages/clustering/monitoring/show-databases-monitoring.adoc +++ b/modules/ROOT/pages/clustering/monitoring/show-databases-monitoring.adoc @@ -46,6 +46,8 @@ For example: The possible statuses are `initial`, `offline`, `store copying`, `deallocating`, `unknown`, `dirty`, and `quarantined`. +Additionally, note that databases hosted on servers that are offline are also returned. For such databases the `address` column displays `NULL`, the `currentStatus` column displays `unknown`, and the `statusMessage` displays `Server is unavailable`. + .Listing databases in standalone Neo4j ==== When executing `SHOW DATABASES` against a standalone server, the following output is expected: diff --git a/modules/ROOT/pages/manage-databases/queries.adoc b/modules/ROOT/pages/manage-databases/queries.adoc index d8f72f759..ee925850a 100644 --- a/modules/ROOT/pages/manage-databases/queries.adoc +++ b/modules/ROOT/pages/manage-databases/queries.adoc @@ -95,6 +95,8 @@ Or in a cluster: Switching between `online` and `offline` states is achieved using the xref:manage-databases/queries.adoc#manage-databases-queries-start-database[`START DATABASE`] and xref:manage-databases/queries.adoc#manage-databases-queries-stop-database[`STOP DATABASE`] commands. +Note, databases hosted on offline servers are also returned. For such databases the `address` column displays `NULL`, the `currentStatus` column displays `unknown`, and the `statusMessage` displays `Server is unavailable`. + [[manage-databases-queries-show-default-databases]] == Show the status of the default database From 94dc76d13772c8783ba8090c8eca06091f2b5caf Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 7 Dec 2022 14:20:17 +0200 Subject: [PATCH 034/876] Add missing note about `noexec` (#229) --- modules/ROOT/pages/configuration/file-locations.adoc | 10 +++++++++- modules/ROOT/pages/installation/requirements.adoc | 7 +++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/configuration/file-locations.adoc b/modules/ROOT/pages/configuration/file-locations.adoc index 10f67beb7..9398e6b9f 100644 --- a/modules/ROOT/pages/configuration/file-locations.adoc +++ b/modules/ROOT/pages/configuration/file-locations.adoc @@ -171,4 +171,12 @@ Read and write:: * _run_ Execute:: - * all files in _bin_ + * all files in _bin_ and _tmp_ + +[NOTE] +==== +If _tmp_ is set to `noexec`, it is recommended to set `dbms.jvm.additional=-Djava.io.tmpdir=/home/neo4j` in _conf/neo4j.conf_. +Additionally, replace _/home/neo4j_ with a path that has `exec` permissions. + +For _/bin/cypher-shell_, set this via an environment variable: `export JAVA_OPTS=-Djava.io.tmpdir=/home/neo4j` and replace `/home/neo4j` with a path that has `exec` permissions. +==== \ No newline at end of file diff --git a/modules/ROOT/pages/installation/requirements.adoc b/modules/ROOT/pages/installation/requirements.adoc index 8d23fc10f..9b6ee5ddb 100644 --- a/modules/ROOT/pages/installation/requirements.adoc +++ b/modules/ROOT/pages/installation/requirements.adoc @@ -113,6 +113,13 @@ For cloud environments, and server-based, on-premise environments: For proper ACID behavior, the filesystem must support flush (_fsync_, _fdatasync_). See xref:performance/linux-file-system-tuning.adoc[Linux file system tuning] for a discussion on how to configure the filesystem in Linux for optimal performance. +[NOTE] +==== +If _tmp_ is set to `noexec`, it is recommended to set `dbms.jvm.additional=-Djava.io.tmpdir=/home/neo4j` in _conf/neo4j.conf_. +Additionally, replace _/home/neo4j_ with a path that has `exec` permissions. + +For _/bin/cypher-shell_, set this via an environment variable: `export JAVA_OPTS=-Djava.io.tmpdir=/home/neo4j` and replace `/home/neo4j` with a path that has `exec` permissions. +==== [[deployment-requirements-java]] == Java From 700c1dfcc28d32fa4b1fec6165be6010bdca3f72 Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Thu, 8 Dec 2022 09:28:02 +0100 Subject: [PATCH 035/876] Update introduction page (#238) Co-authored-by: Reneta Popova --- modules/ROOT/pages/introduction.adoc | 138 ++++++++++++++++----------- 1 file changed, 82 insertions(+), 56 deletions(-) diff --git a/modules/ROOT/pages/introduction.adoc b/modules/ROOT/pages/introduction.adoc index 0b6a2ce01..9ed07a5fa 100644 --- a/modules/ROOT/pages/introduction.adoc +++ b/modules/ROOT/pages/introduction.adoc @@ -1,7 +1,9 @@ [[introduction]] = Introduction -:description: A brief overview of the Neo4j editions, versioning, Cypher language, interaction, and capabilities. +:description: This section provides a brief overview of the Neo4j editions, versioning, Cypher language, interaction, and capabilities. +:description: Introduction to Neo4j, ACID-compliant, property graph, community edition, enterprise edition, Neo4j Aura. :keywords: neo4j, edition, version, acid, cluster, node, relationship, property + :semver-uri: https://semver.org/ :aura-uri: https://neo4j.com/cloud/aura/ :bloom-uri: https://neo4j.com/bloom/ @@ -34,7 +36,7 @@ Neo4j offers dedicated memory management and memory-efficient operations. Neo4j is scalable and can be deployed as a standalone server or across multiple machines in a fault-tolerant cluster for production environments. Other features for production applications include hot backups and extensive monitoring. -There are two editions of Neo4j to choose from, the xref:introduction.adoc#community-edition[_Community Edition_] and the xref:introduction.adoc#enterprise-edition[_Enterprise Edition_]. +There are two editions of Neo4j to choose from, the <> and the <>. The Enterprise Edition includes all that Community Edition has to offer, plus extra enterprise requirements such as backups, clustering, and failover capabilities. @@ -59,7 +61,7 @@ It is the choice for production systems with requirements for scale and availabi Neo4j uses semantic versioning (link:{semver-uri}[Semantic Versioning Specification 2.0.0]). Given a version number `MAJOR.MINOR.PATCH`, the increment is based on: -* `MAJOR` version - incompatible API changes towards the previous `MAJOR` version. +* `MAJOR` version - incompatible API changes towards previous `MAJOR` version. * `MINOR` version - functionality in a backward-compatible manner. * `PATCH` release - backward-compatible bug fixes. @@ -74,12 +76,12 @@ Cypher is a powerful, graph-optimized query language that understands, and takes When trying to find patterns or insights in data, Cypher queries are often much simpler and easier to write than massive SQL JOINs. Since Neo4j does not have tables, there are no JOINs to worry about. -For more details, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/index[Cypher Manual -> Cypher - The Graph Query Language]. +For more details, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/introduction/[The Neo4j Cypher Manual -> Introduction]. == Interaction -The recommended way of programmatically interacting with the database is either through the official Neo4j Drivers, or through using the link:{neo4j-docs-base-uri}/java-reference/{page-version}/index#java-reference[Java Reference -> Neo4j Java API]. +The recommended way of programmatically interacting with the database is either through the official Neo4j Drivers, or through using the link:{neo4j-docs-base-uri}/java-reference/{page-version}/javadocs/[Neo4j Java API]. Neo4j provides an link:{wiki-acid-uri}[ACID]-compliant transactional backend for your applications. @@ -90,7 +92,7 @@ The official Neo4j Drivers interacts with Neo4j via the link:{bolt-protocol-uri} * link:{github-neo4j-neo4j-java-driver}[Neo4j Java Driver] + -For Spring-powered applications, there is also link:{github-spring-projects-spring-data-neo4j}[Spring Data Neo4j]. +For Spring-powered applications there is also link:{github-spring-projects-spring-data-neo4j}[Spring Data Neo4j]. * link:{github-neo4j-neo4j-javascript-driver}[Neo4j JavaScript Driver] * link:{github-neo4j-neo4j-python-driver}[Neo4j Python Driver] * link:{github-neo4j-neo4j-dotnet-driver}[Neo4j .NET Driver] @@ -124,6 +126,14 @@ See the link:{download-center-drivers}[Neo4j Download Center - Drivers] for more | Community Edition | Enterprise Edition +a| link:https://www.gnu.org/licenses/quick-guide-gplv3.html[Open source under GPLv3] +|{check-mark} +|{cross-mark} + +| *Native Graph* +| +| + | Property graph model | {check-mark} | {check-mark} @@ -132,6 +142,14 @@ See the link:{download-center-drivers}[Neo4j Download Center - Drivers] for more | {check-mark} | {check-mark} +a| Standard and Aligned store format (link:https://neo4j.com/docs/operations-manual/current/tools/neo4j-admin/neo4j-admin-store-info/#neo4j-admin-store-standard[34 Billion Nodes & Relationships]) +| {check-mark} +| {check-mark} + +a| High_limit (link:https://neo4j.com/docs/operations-manual/current/tools/neo4j-admin/neo4j-admin-store-info/#neo4j-admin-store-high-limit[1 Quadrillion Nodes & Relationships]) +| {cross-mark} +| {check-mark} + | ACID-compliant transactions | {check-mark} | {check-mark} @@ -140,60 +158,76 @@ See the link:{download-center-drivers}[Neo4j Download Center - Drivers] for more | {check-mark} | {check-mark} -| Neo4j Browser with syntax highlighting +| _Slotted_ Cypher runtime | {check-mark} | {check-mark} -| Bolt Protocol +| _Pipelined_ Cypher runtime (faster) +| {cross-mark} | {check-mark} + +| Listing and terminating running queries +| {cross-mark} | {check-mark} -| Language drivers for C#, Go, Java, JavaScript & Python footnote:sepinstall[Must be downloaded and installed separately.] +| High-performance caching | {check-mark} | {check-mark} -| High-performance native API +| Cost-based query optimizer | {check-mark} | {check-mark} -| High-performance caching +| *Clients and APIs* +| +| + +| Cypher Client | {check-mark} | {check-mark} -| Cost-based query optimizer +| Neo4j Browser with syntax highlighting | {check-mark} | {check-mark} -| Graph algorithms to support AI initiatives footnote:sepinstall[] +| Bolt Protocol | {check-mark} | {check-mark} -| Fast writes via native label indexes +| Language drivers for C#, Go, Java, JavaScript & Python footnote:sepinstall[Must be downloaded and installed separately.] | {check-mark} | {check-mark} -| Composite indexes +| High-performance native API | {check-mark} | {check-mark} -| Full-text node & relationship indexes +a| APOC 450+ link:https://neo4j.com/docs/apoc/5/[Core Procedures and Functions] | {check-mark} | {check-mark} -| Store copy +| Support for Neo4j Graph Data Science Community Edition footnote:sepinstall[] +| {check-mark} +| {check-mark} + +| Support for Neo4j Graph Data Science Enterprise Edition footnote:sepinstall[] | {cross-mark} | {check-mark} -| Auto-reuse of space +| *Indexes and constraints* +| +| + +| Fast writes via native label indexes | {check-mark} | {check-mark} -| Multiple databases (beyond the `system` and default databases) -| {cross-mark} +| Composite indexes +| {check-mark} | {check-mark} -| _Slotted_ and _Pipelined_ Cypher runtimes -| {cross-mark} +| Full-text node & relationship indexes +| {check-mark} | {check-mark} | Property-existence constraints @@ -204,9 +238,9 @@ See the link:{download-center-drivers}[Neo4j Download Center - Drivers] for more | {cross-mark} | {check-mark} -| Listing and terminating running queries -| {cross-mark} -| {check-mark} +| *Security* +| +| | Role-based access control | {cross-mark} @@ -224,67 +258,59 @@ See the link:{download-center-drivers}[Neo4j Download Center - Drivers] for more | {cross-mark} | {check-mark} -|=== - +| *Data management* +| +| -=== Performance and scalability - -.Performance and scalability features -[cols="<60,^20,^20",frame="topbot",options="header"] -|=== -| Feature -| Community Edition -| Enterprise Edition - -| Clustering for global-scale applications -| {cross-mark} -| {check-mark} - -| Enterprise lock manager accesses all cores on a server +| Offline import | {cross-mark} | {check-mark} -| Intra-cluster encryption +| Offline incremental import | {cross-mark} | {check-mark} -| Offline backups +| Auto-reuse of space | {check-mark} | {check-mark} -| Online backups +| Store copy | {cross-mark} | {check-mark} -| Encrypted backups -| {cross-mark} +| Offline backup (dump) +| {check-mark} | {check-mark} -| Rolling upgrades +| *Scale and availability* +| +| + +| Online back-up and restore | {cross-mark} | {check-mark} -| Automatic cache warming +| Multiple databases (beyond the `system` and default databases) | {cross-mark} | {check-mark} -| Routing and load balancing with Neo4j Drivers +| Autonomous clustering | {cross-mark} | {check-mark} -| Advanced monitoring +| Sharded and federated Composite databases | {cross-mark} | {check-mark} -| Graph size limitations -| 34 billion nodes, 34 billion relationships, and 68 billion properties -| No limit +| *Monitoring and management* +| +| -| Bulk import tool -| {check-mark} +| Endpoints and metrics for monitoring via Prometheus +| {cross-mark} | {check-mark} -| Bulk import tool, resumable +| Neo4j Operations Manager | {cross-mark} | {check-mark} From 8aee1cebcad05c5a00f14b421c20061aa5cebec0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mattias=20Finn=C3=A9?= Date: Fri, 9 Dec 2022 14:30:44 +0100 Subject: [PATCH 036/876] Adds information about multiple node ID columns (#232) Co-authored-by: Reneta Popova --- .../tools/neo4j-admin/neo4j-admin-import.adoc | 18 +++++++++++------- .../pages/tutorial/neo4j-admin-import.adoc | 8 ++++++++ 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc index 3da100dac..94085c579 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc @@ -808,16 +808,20 @@ For example, you can use `uuid:ID(Person){label:Person}`, where the relationship [[import-tool-header-format-nodes]] == Node files -Files containing node data can have an `ID` field, a `LABEL` field as well as properties. +Files containing node data can have an `ID` field, a `LABEL` field, and properties. ID:: Each node must have a unique ID if it is to be connected by any relationships created in the import. - The IDs are used to find the correct nodes when creating relationships. - Note that the ID has to be unique across all nodes in the import; even for nodes with different labels. - The unique ID can be persisted in a property whose name is defined by the `` part of the field definition `:ID`. - If no such property name is defined, the unique ID will be used for the import but not be available for reference later. - If no ID is specified, the node will be imported but it will not be able to be connected by any relationships during the import. - When a property name is provided, the type of that property can only be configured globally via the `--id-type` option, and can’t be specified with a `` in the header field (as is possible for <>) + Neo4j uses the IDs to find the correct nodes when creating relationships. + Note that the ID has to be unique across all nodes within the group, regardless of their labels. + The unique ID is persisted in a property whose name is defined by the `` part of the field definition `:ID`. + If no such property `name` is defined, the unique ID will be used for the import but not be available for reference later. + If no ID is specified, the node will be imported, but it will not be connected to other nodes during the import. + When a property `name` is provided, that property type can only be configured globally via the `--id-type` option and cannot be specified by `` in the header field (as for <>). + + From Neo4j v5.3, a node header can also contain multiple `ID` columns, where the relationship data references the composite value of all those columns. + This also implies using `string` as `id-type`. + For each `ID` column, you can specify to store its values as different node properties. + However, the composite value cannot be stored as a node property. LABEL:: Read one or more labels from this field. Like array values, multiple labels are separated by `;`, or by the character specified with `--array-delimiter`. diff --git a/modules/ROOT/pages/tutorial/neo4j-admin-import.adoc b/modules/ROOT/pages/tutorial/neo4j-admin-import.adoc index 7104ea369..10e319291 100644 --- a/modules/ROOT/pages/tutorial/neo4j-admin-import.adoc +++ b/modules/ROOT/pages/tutorial/neo4j-admin-import.adoc @@ -639,6 +639,14 @@ See xref:tools/neo4j-admin/neo4j-admin-import.adoc#import-tool-id-spaces[Using I Each node processed by `neo4j-admin database import` must provide an ID if it is to be connected in any relationships. The node ID is used to find the start node and end node when creating a relationship. +[NOTE] +==== +From Neo4j v5.3, a node header can also contain multiple `ID` columns, where the relationship data references the composite value of all those columns. +This also implies using `string` as `id-type`. +For each `ID` column, you can specify to store its values as different node properties. +However, the composite value cannot be stored as a node property. +==== + .ID space ==== To define an ID space `Movie-ID` for `movieId:ID`, use the syntax `movieId:ID(Movie-ID)`. From d96f10cf8c3bea7d6a44cae731d37dfb98c44563 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Mon, 12 Dec 2022 12:16:54 +0200 Subject: [PATCH 037/876] Update Dynamic Settings (#221) - Removed `dbms.cluster.num_primaries` and `dbms.cluster.num_secondaries`. - Turned the Dynamic Reference section from Configuration into an individual page under References. - Updated the links and some other minor editorial updates. --- modules/ROOT/content-nav.adoc | 1 + .../built-in-roles.adoc | 3 +- .../ldap-integration.adoc | 2 +- .../sso-integration.adoc | 2 +- .../pages/configuration/dynamic-settings.adoc | 1034 +---------------- modules/ROOT/pages/configuration/index.adoc | 4 +- .../ROOT/pages/configuration/neo4j-conf.adoc | 2 +- .../reference/configuration-settings.adoc | 1 - .../dynamic-settings-reference.adoc} | 100 +- modules/ROOT/pages/reference/index.adoc | 3 +- 10 files changed, 85 insertions(+), 1067 deletions(-) rename modules/ROOT/{partials/neo4j-config/dynamic-settings.adoc => pages/reference/dynamic-settings-reference.adoc} (78%) diff --git a/modules/ROOT/content-nav.adoc b/modules/ROOT/content-nav.adoc index 7b119a98e..52423bc95 100644 --- a/modules/ROOT/content-nav.adoc +++ b/modules/ROOT/content-nav.adoc @@ -169,6 +169,7 @@ * Appendix ** xref:reference/index.adoc[] *** xref:reference/configuration-settings.adoc[] +*** xref:reference/dynamic-settings-reference.adoc[] *** xref:reference/procedures.adoc[] ** xref:tutorial/index.adoc[] diff --git a/modules/ROOT/pages/authentication-authorization/built-in-roles.adoc b/modules/ROOT/pages/authentication-authorization/built-in-roles.adoc index c6d2ea8e2..1ba71eefd 100644 --- a/modules/ROOT/pages/authentication-authorization/built-in-roles.adoc +++ b/modules/ROOT/pages/authentication-authorization/built-in-roles.adoc @@ -407,8 +407,7 @@ The subset of the functionality which is available with Community Edition is als | | {check-mark} -| Dynamically change configuration (see xref:configuration/dynamic-settings.adoc[Dynamic settings]) -| +| Dynamically change configuration footnote:[For more information, see xref:configuration/dynamic-settings.adoc[Update dynamic settings]]| | | | diff --git a/modules/ROOT/pages/authentication-authorization/ldap-integration.adoc b/modules/ROOT/pages/authentication-authorization/ldap-integration.adoc index 1dfd35a2c..d125f77da 100644 --- a/modules/ROOT/pages/authentication-authorization/ldap-integration.adoc +++ b/modules/ROOT/pages/authentication-authorization/ldap-integration.adoc @@ -36,7 +36,7 @@ For a more detailed overview of the LDAP configuration options, see xref:referen [[auth-ldap-parameters]] == LDAP dynamic configuration settings -The following configuration settings can be updated while the database is running, see xref:configuration/dynamic-settings.adoc[Dynamic settings]. +The following configuration settings can be updated while the database is running, see xref:configuration/dynamic-settings.adoc[Update dynamic settings]. Altering any of these settings clears the authentication and authorization cache. [options="header",cols="<,<,<"] diff --git a/modules/ROOT/pages/authentication-authorization/sso-integration.adoc b/modules/ROOT/pages/authentication-authorization/sso-integration.adoc index 030870d2e..a38a13963 100644 --- a/modules/ROOT/pages/authentication-authorization/sso-integration.adoc +++ b/modules/ROOT/pages/authentication-authorization/sso-integration.adoc @@ -16,7 +16,7 @@ For example, if you are using Okta as your identity provider you might use `okta The following configuration settings are important to consider when configuring single sign-on. For a more detailed overview of the single sign-on configuration options, see xref:reference/configuration-settings.adoc[Configuration settings]. -These settings can also be updated while the database is running, see xref:configuration/dynamic-settings.adoc[Dynamic settings] for more information on how to do this. +These settings can also be updated while the database is running, see xref:configuration/dynamic-settings.adoc[Update dynamic settings] for more information on how to do this. Altering any of these settings causes users to re-authenticate as their permissions may have changed as a result. [options="header",cols="<3,<1,<3"] diff --git a/modules/ROOT/pages/configuration/dynamic-settings.adoc b/modules/ROOT/pages/configuration/dynamic-settings.adoc index 9f2a68095..0a79c8c04 100644 --- a/modules/ROOT/pages/configuration/dynamic-settings.adoc +++ b/modules/ROOT/pages/configuration/dynamic-settings.adoc @@ -1,7 +1,7 @@ :description: How to change your Neo4j configuration while Neo4j is running, and which settings can be changed. [role=enterprise-edition] [[dynamic-settings]] -= Dynamic settings += Update dynamic settings Neo4j Enterprise Edition supports changing some configuration settings at runtime, without restarting the service. @@ -18,32 +18,73 @@ If you want to change the configuration settings on all cluster members, you hav [[dynamic-settings-discover]] == Discover dynamic settings -Use the procedure `dbms.listConfig()` to discover which configuration values can be dynamically updated, or consult xref:configuration/dynamic-settings.adoc#dynamic-settings-reference[Dynamic settings reference]. +Use the procedure `dbms.listConfig()` to discover which configuration values can be dynamically updated, or consult xref:reference/dynamic-settings-reference.adoc[Dynamic configuration settings reference]. .Discover dynamic settings ==== - [source, cypher] ---- CALL dbms.listConfig() YIELD name, dynamic WHERE dynamic RETURN name -ORDER BY name -LIMIT 4; ---- [queryresult] ---- -+----------------------------------------------+ -| name | -+----------------------------------------------+ -| "db.checkpoint.iops.limit" | -| "db.logs.query.enabled" | -+----------------------------------------------+ -4 rows ++----------------------------------------------------------------+ +| name | ++----------------------------------------------------------------+ +| "db.checkpoint.iops.limit" | +| "db.format" | +| "db.lock.acquisition.timeout" | +| "db.logs.query.early_raw_logging_enabled" | +| "db.logs.query.enabled" | +| "db.logs.query.max_parameter_length" | +| "db.logs.query.obfuscate_literals" | +| "db.logs.query.parameter_logging_enabled" | +| "db.logs.query.plan_description_enabled" | +| "db.logs.query.threshold" | +| "db.logs.query.transaction.enabled" | +| "db.logs.query.transaction.threshold" | +| "db.memory.transaction.max" | +| "db.memory.transaction.total.max" | +| "db.track_query_cpu_time" | +| "db.transaction.bookmark_ready_timeout" | +| "db.transaction.concurrent.maximum" | +| "db.transaction.sampling.percentage" | +| "db.transaction.timeout" | +| "db.transaction.tracing.level" | +| "db.tx_log.preallocate" | +| "db.tx_log.rotation.retention_policy" | +| "db.tx_log.rotation.size" | +| "dbms.cypher.render_plan_description" | +| "dbms.memory.transaction.total.max" | +| "dbms.routing.client_side.enforce_for_domains" | +| "dbms.routing.reads_on_writers_enabled" | +| "dbms.security.key.name" | +| "dbms.security.keystore.password" | +| "dbms.security.keystore.path" | +| "dbms.security.ldap.authentication.attribute" | +| "dbms.security.ldap.authentication.user_dn_template" | +| "dbms.security.ldap.authorization.access_permitted_group" | +| "dbms.security.ldap.authorization.group_membership_attributes" | +| "dbms.security.ldap.authorization.group_to_role_mapping" | +| "dbms.security.ldap.authorization.nested_groups_enabled" | +| "dbms.security.ldap.authorization.nested_groups_search_filter" | +| "dbms.security.ldap.authorization.user_search_base" | +| "dbms.security.ldap.authorization.user_search_filter" | +| "server.cluster.catchup.connect_randomly_to_server_group" | +| "server.databases.default_to_read_only" | +| "server.databases.read_only" | +| "server.databases.writable" | +| "server.groups" | +| "server.memory.pagecache.flush.buffer.enabled" | +| "server.memory.pagecache.flush.buffer.size_in_pages" | ++----------------------------------------------------------------+ + +46 rows ---- - ==== @@ -64,7 +105,7 @@ Nothing on success. |=== | Unknown or invalid setting name. -| The setting is not dynamic and can not be changed at runtime. +| The setting is not dynamic and cannot be changed at runtime. | Invalid setting value. |=== @@ -102,968 +143,3 @@ To reset a config value to its default, pass an empty string as the _value_ argu CALL dbms.setConfigValue('db.logs.query.enabled', '') ---- ==== - - -[[dynamic-settings-reference]] -== Dynamic settings reference - -//include::partial$/neo4j-config/dynamic-settings.adoc[tags=reference-dynamic-settings-reference] -// -//This file can be found in: -//neo4j-documentation/config-docs/target/docs/ops/dynamic-settings.adoc - -[options="header"] -|=== -|Name|Description -|xref:reference/configuration-settings.adoc#config_db.checkpoint.iops.limit[db.checkpoint.iops.limit]|Limit the number of IOs the background checkpoint process will consume per second. -|xref:reference/configuration-settings.adoc#config_db.format[db.format]|Database format. -|xref:reference/configuration-settings.adoc#config_db.lock.acquisition.timeout[db.lock.acquisition.timeout]|The maximum time interval within which lock should be acquired. -|xref:reference/configuration-settings.adoc#config_db.logs.query.early_raw_logging_enabled[db.logs.query.early_raw_logging_enabled]|Log query text and parameters without obfuscating passwords. -|xref:reference/configuration-settings.adoc#config_db.logs.query.enabled[db.logs.query.enabled]|Log executed queries. -|xref:reference/configuration-settings.adoc#config_db.logs.query.max_parameter_length[db.logs.query.max_parameter_length]|Sets a maximum character length use for each parameter in the log. -|xref:reference/configuration-settings.adoc#config_db.logs.query.obfuscate_literals[db.logs.query.obfuscate_literals]|Obfuscates all literals of the query before writing to the log. -|xref:reference/configuration-settings.adoc#config_db.logs.query.parameter_logging_enabled[db.logs.query.parameter_logging_enabled]|Log parameters for the executed queries being logged. -|xref:reference/configuration-settings.adoc#config_db.logs.query.plan_description_enabled[db.logs.query.plan_description_enabled]|Log query plan description table, useful for debugging purposes. -|xref:reference/configuration-settings.adoc#config_db.logs.query.threshold[db.logs.query.threshold]|If the execution of query takes more time than this threshold, the query is logged once completed - provided query logging is set to INFO. -|xref:reference/configuration-settings.adoc#config_db.logs.query.transaction.enabled[db.logs.query.transaction.enabled]|Log the start and end of a transaction. -|xref:reference/configuration-settings.adoc#config_db.logs.query.transaction.threshold[db.logs.query.transaction.threshold]|If the transaction is open for more time than this threshold, the transaction is logged once completed - provided transaction logging (db.logs.query.transaction.enabled) is set to `INFO`. -|xref:reference/configuration-settings.adoc#config_db.memory.transaction.max[db.memory.transaction.max]|Limit the amount of memory that a single transaction can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). -|xref:reference/configuration-settings.adoc#config_db.memory.transaction.total.max[db.memory.transaction.total.max]|Limit the amount of memory that all transactions in one database can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). -|xref:reference/configuration-settings.adoc#config_db.track_query_cpu_time[db.track_query_cpu_time]|Enables or disables tracking of how much time a query spends actively executing on the CPU. -|xref:reference/configuration-settings.adoc#config_db.transaction.bookmark_ready_timeout[db.transaction.bookmark_ready_timeout]|The maximum amount of time to wait for the database state represented by the bookmark. -|xref:reference/configuration-settings.adoc#config_db.transaction.concurrent.maximum[db.transaction.concurrent.maximum]|The maximum number of concurrently running transactions. -|xref:reference/configuration-settings.adoc#config_db.transaction.sampling.percentage[db.transaction.sampling.percentage]|Transaction sampling percentage. -|xref:reference/configuration-settings.adoc#config_db.transaction.timeout[db.transaction.timeout]|The maximum time interval of a transaction within which it should be completed. -|xref:reference/configuration-settings.adoc#config_db.transaction.tracing.level[db.transaction.tracing.level]|Transaction creation tracing level. -|xref:reference/configuration-settings.adoc#config_db.tx_log.preallocate[db.tx_log.preallocate]|Specify if Neo4j should try to preallocate logical log file in advance. -|xref:reference/configuration-settings.adoc#config_db.tx_log.rotation.retention_policy[db.tx_log.rotation.retention_policy]|Tell Neo4j how long logical transaction logs should be kept to backup the database.For example, "10 days" will prune logical logs that only contain transactions older than 10 days.Alternatively, "100k txs" will keep the 100k latest transactions from each database and prune any older transactions. -|xref:reference/configuration-settings.adoc#config_db.tx_log.rotation.size[db.tx_log.rotation.size]|Specifies at which file size the logical log will auto-rotate. -|xref:configuration/dynamic-settings.adoc#config_dbms.cluster.num_primaries[dbms.cluster.num_primaries]|Default number of primaries in Large Cluster. -|xref:configuration/dynamic-settings.adoc#config_dbms.cluster.num_secondaries[dbms.cluster.num_secondaries]|Default number of secondaries in Large Cluster. -|xref:reference/configuration-settings.adoc#config_dbms.cypher.render_plan_description[dbms.cypher.render_plan_description]|If set to `true` a textual representation of the plan description will be rendered on the server for all queries running with `EXPLAIN` or `PROFILE`. -|xref:reference/configuration-settings.adoc#config_server.databases.default_to_read_only[server.databases.default_to_read_only]|Whether or not any database on this instance are read_only by default. -|xref:reference/configuration-settings.adoc#config_server.databases.read_only[server.databases.read_only]|List of databases for which to prevent write queries. -|xref:configuration/dynamic-settings.adoc#config_server.databases.writable[server.databases.writable]|List of databases for which to allow write queries. -|xref:reference/configuration-settings.adoc#config_dbms.memory.transaction.total.max[dbms.memory.transaction.total.max]|Limit the amount of memory that all of the running transactions can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). -|xref:reference/configuration-settings.adoc#config_dbms.routing.client_side.enforce_for_domains[dbms.routing.client_side.enforce_for_domains]|Always use client side routing (regardless of the default router) for neo4j:// protocol connections to these domains. -|xref:reference/configuration-settings.adoc#config_dbms.routing.reads_on_writers_enabled[dbms.routing.reads_on_writers_enabled]|Configure if the `dbms.routing.getRoutingTable()` procedure should include the leader as read endpoint or return only read replicas/followers. -|xref:reference/configuration-settings.adoc#config_dbms.security.ldap.authentication.attribute[dbms.security.ldap.authentication.attribute]|The attribute to use when looking up users. -Using this setting requires `dbms.security.ldap.authentication.search_for_attribute` to be true and thus `dbms.security.ldap.authorization.system_username` and `dbms.security.ldap.authorization.system_password` to be configured. -|xref:reference/configuration-settings.adoc#config_dbms.security.ldap.authentication.user_dn_template[dbms.security.ldap.authentication.user_dn_template]|LDAP user DN template. -|xref:reference/configuration-settings.adoc#config_dbms.security.ldap.authorization.access_permitted_group[dbms.security.ldap.authorization.access_permitted_group]|The LDAP group to which a user must belong to get any access to the system.Set this to restrict access to a subset of LDAP users belonging to a particular group. -|xref:reference/configuration-settings.adoc#config_dbms.security.ldap.authorization.group_membership_attributes[dbms.security.ldap.authorization.group_membership_attributes]|A list of attribute names of a user object that contains groups to be used for mapping roles when LDAP authorization is enabled. This setting is ignored when `dbms.ldap_authorization_nested_groups_enabled` is `true`. -|xref:reference/configuration-settings.adoc#config_dbms.security.ldap.authorization.nested_groups_enabled[dbms.security.ldap.authorization.nested_groups_enabled]|This setting determines whether multiple LDAP search results will be processed (as required for the lookup of nested groups). If set to `true`, instead of using attributes on the user object to determine group membership (as specified by `dbms.security.ldap.authorization.group_membership_attributes`), the `user` object will only be used to determine the user's Distinguished Name. This will subsequently be used with `dbms.security.ldap.authorization.nested_groups_search_filter` in order to perform a nested group search. The Distinguished Names of the resultant group search results will be used to determine roles. -|xref:reference/configuration-settings.adoc#config_dbms.security.ldap.authorization.nested_groups_search_filter[dbms.security.ldap.authorization.nested_groups_search_filter]|The search template that will be used to find the nested groups which the user is a member of. The filter should contain the placeholder token `{0}`, which will be substituted with the user's Distinguished Name (found for the specified user principle by using `dbms.security.ldap.authorization.user_search_filter`). The default value specifies Active Directory's LDAP_MATCHING_RULE_IN_CHAIN (aka 1.2.840.113556.1.4.1941) implementation which will walk the ancestry of group membership for the specified user. -|xref:reference/configuration-settings.adoc#config_dbms.security.ldap.authorization.group_to_role_mapping[dbms.security.ldap.authorization.group_to_role_mapping]|An authorization mapping from LDAP group names to Neo4j role names. -|xref:reference/configuration-settings.adoc#config_dbms.security.ldap.authorization.user_search_base[dbms.security.ldap.authorization.user_search_base]|The name of the base object or named context to search for user objects when LDAP authorization is enabled. -|xref:reference/configuration-settings.adoc#config_dbms.security.ldap.authorization.user_search_filter[dbms.security.ldap.authorization.user_search_filter]|The LDAP search filter to search for a user principal when LDAP authorization is enabled. -|xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.audience[dbms.security.oidc..audience]|Expected values of the Audience (aud) claim in the id token. -|xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.auth_endpoint[dbms.security.oidc..auth_endpoint]|The OIDC authorization endpoint. -|xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.auth_flow[dbms.security.oidc..auth_flow]|The OIDC flow to use. -|xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.auth_params[dbms.security.oidc..auth_params]|Optional additional parameters that the auth endpoint requires. -|xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.authorization.group_to_role_mapping[dbms.security.oidc..authorization.group_to_role_mapping]|An authorization mapping from IdP group names to Neo4j role names. -|xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.claims.groups[dbms.security.oidc..claims.groups]|The claim to use as the list of groups in Neo4j. -|xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.claims.username[dbms.security.oidc..claims.username]|The claim to use as the username in Neo4j. -|xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.client_id[dbms.security.oidc..client_id]|Client id needed if token contains multiple Audience (aud) claims. -|xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.config[dbms.security.oidc..config]|The accepted values (all optional) are: `principal`, `code_challenge_method`, `token_type_principal`, `token_type_authentication`, and `implicit_flow_requires_nonce`. -|xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.get_groups_from_user_info[dbms.security.oidc..get_groups_from_user_info]|When turned on, Neo4j gets the groups from the provider user info endpoint. -|xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.get_username_from_user_info[dbms.security.oidc..get_username_from_user_info]|When turned on, Neo4j gets the username from the provider user info endpoint. -|xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.issuer[dbms.security.oidc..issuer]|The expected value of the iss claim in the id token. -|xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.jwks_uri[dbms.security.oidc..jwks_uri]|The location of the JWK public key set for the identity provider. -|xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.params[dbms.security.oidc..params]|The map is a semicolon separated list of key-value pairs. -|xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.token_endpoint[dbms.security.oidc..token_endpoint]|The OIDC token endpoint. -|xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.token_params[dbms.security.oidc..token_params]|Optional query parameters that the token endpoint requires. -|xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.user_info_uri[dbms.security.oidc..user_info_uri]|The identity providers user info uri. -|xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.well_known_discovery_uri[dbms.security.oidc..well_known_discovery_uri]|The 'well known' OpenID Connect Discovery endpoint used to fetch identity provider settings. -|xref:configuration/dynamic-settings.adoc#config_dbms.dbms.security.key.name[dbms.dbms.security.key.name]|Name of the 256 length AES encryption key, which is used for the symmetric encryption. -|xref:configuration/dynamic-settings.adoc#config_dbms.dbms.security.keystore.password[dbms.dbms.security.keystore.password]|Password for accessing the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption. -|xref:configuration/dynamic-settings.adoc#config_dbms.dbms.security.keystore.path[dbms.dbms.security.keystore.path]|Location of the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption of secrets held in system database. -|xref:reference/configuration-settings.adoc#config_server.cluster.catchup.connect_randomly_to_server_group[server.cluster.catchup.connect_randomly_to_server_group]|Comma separated list of groups to be used by the connect-randomly-to-server-group selection strategy. -|xref:reference/configuration-settings.adoc#config_server.groups[server.groups]|A list of group names for the server used when configuring load balancing and replication policies. -|xref:reference/configuration-settings.adoc#config_server.memory.pagecache.flush.buffer.enabled[server.memory.pagecache.flush.buffer.enabled]|Page cache can be configured to use a temporal buffer for flushing purposes. -|xref:reference/configuration-settings.adoc#config_server.memory.pagecache.flush.buffer.size_in_pages[server.memory.pagecache.flush.buffer.size_in_pages]|Page cache can be configured to use a temporal buffer for flushing purposes. -|=== - -[[config_db.checkpoint.iops.limit]] -.db.checkpoint.iops.limit -[cols="<1s,<4"] -|=== -|Description -a|Limit the number of IOs the background checkpoint process will consume per second. This setting is advisory, is ignored in Neo4j Community Edition, and is followed to best effort in Enterprise Edition. An IO is in this case a 8 KiB (mostly sequential) write. Limiting the write IO in this way will leave more bandwidth in the IO subsystem to service random-read IOs, which is important for the response time of queries when the database cannot fit entirely in memory. The only drawback of this setting is that longer checkpoint times may lead to slightly longer recovery times in case of a database or system crash. A lower number means lower IO pressure, and consequently longer checkpoint times. Set this to -1 to disable the IOPS limit and remove the limitation entirely; this will let the checkpointer flush data as fast as the hardware will go. Removing the setting, or commenting it out, will set the default value of 600. -|Valid values -a|db.checkpoint.iops.limit, an integer -|Dynamic a|true -|Default value -m|+++600+++ -|=== - -[[config_db.format]] -.db.format -[cols="<1s,<4"] -|=== -|Description -a|Database format. This is the format that will be used for new databases. Valid values are `standard`, `aligned`, or `high_limit`.The `aligned` format is essentially the `standard` format with some minimal padding at the end of pages such that a single record will never cross a page boundary. The `high_limit` format is available for Enterprise Edition only. It is required if you have a graph that is larger than 34 billion nodes, 34 billion relationships, or 68 billion properties. -|Valid values -a|db.format, a string -|Dynamic a|true -|Default value -m|+++aligned+++ -|=== - -[[config_db.lock.acquisition.timeout]] -.db.lock.acquisition.timeout -[cols="<1s,<4"] -|=== -|Description -a|The maximum time interval within which lock should be acquired. Zero (default) means timeout is disabled. -|Valid values -a|db.lock.acquisition.timeout, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Dynamic a|true -|Default value -m|+++0s+++ -|=== - -[[config_db.logs.query.early_raw_logging_enabled]] -.db.logs.query.early_raw_logging_enabled -[cols="<1s,<4"] -|=== -|Description -a|Log query text and parameters without obfuscating passwords. This allows queries to be logged earlier before parsing starts. -|Valid values -a|db.logs.query.early_raw_logging_enabled, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_db.logs.query.enabled]] -.db.logs.query.enabled -[cols="<1s,<4"] -|=== -|Description -a|Log executed queries. Valid values are `OFF`, `INFO`, or `VERBOSE`. - -`OFF`:: no logging. -`INFO`:: log queries at the end of execution, that take longer than the configured threshold, `xref:reference/configuration-settings.adoc#config_db.logs.query.threshold[db.logs.query.threshold]`. -`VERBOSE`:: log queries at the start and end of execution, regardless of `xref:reference/configuration-settings.adoc#config_db.logs.query.threshold[db.logs.query.threshold]`. - -This feature is available in the Neo4j Enterprise Edition. -|Valid values -a|db.logs.query.enabled, one of [OFF, INFO, VERBOSE] -|Dynamic a|true -|Default value -m|+++VERBOSE+++ -|=== - -[[config_db.logs.query.max_parameter_length]] -.db.logs.query.max_parameter_length -[cols="<1s,<4"] -|=== -|Description -a|Sets a maximum character length use for each parameter in the log. This only takes effect if `xref:reference/configuration-settings.adoc#config_db.logs.query.parameter_logging_enabled[db.logs.query.parameter_logging_enabled] = true`. -|Valid values -a|db.logs.query.max_parameter_length, an integer -|Dynamic a|true -|Default value -m|+++2147483647+++ -|=== - -[[config_db.logs.query.obfuscate_literals]] -.db.logs.query.obfuscate_literals -[cols="<1s,<4"] -|=== -|Description -a|Obfuscates all literals of the query before writing to the log. Note that node labels, relationship types and map property keys are still shown. Changing the setting will not affect queries that are cached. So, if you want the switch to have immediate effect, you must also call `CALL db.clearQueryCaches()`. -|Valid values -a|db.logs.query.obfuscate_literals, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_db.logs.query.parameter_logging_enabled]] -.db.logs.query.parameter_logging_enabled -[cols="<1s,<4"] -|=== -|Description -a|Log parameters for the executed queries being logged. -|Valid values -a|db.logs.query.parameter_logging_enabled, a boolean -|Dynamic a|true -|Default value -m|+++true+++ -|=== - -[[config_db.logs.query.plan_description_enabled]] -.db.logs.query.plan_description_enabled -[cols="<1s,<4"] -|=== -|Description -a|Log query plan description table, useful for debugging purposes. -|Valid values -a|db.logs.query.plan_description_enabled, a boolean -|Dynamic a|true -|Default value -m|false -|=== - -[[config_db.logs.query.threshold]] -.db.logs.query.threshold -[cols="<1s,<4"] -|=== -|Description -a|If the execution of query takes more time than this threshold, the query is logged once completed - provided query logging is set to INFO. Defaults to 0 seconds, that is all queries are logged. -|Valid values -a|db.logs.query.threshold, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Dynamic a|true -|Default value -m|+++0s+++ -|=== - -[[config_db.logs.query.transaction.enabled]] -.db.logs.query.transaction.enabled -[cols="<1s,<4"] -|=== -|Description -a|Log the start and end of a transaction. Valid values are 'OFF', 'INFO', or 'VERBOSE'. -OFF: no logging. -INFO: log start and end of transactions that take longer than the configured threshold, xref:reference/configuration-settings.adoc#config_db.logs.query.transaction.threshold[db.logs.query.transaction.threshold]. -VERBOSE: log start and end of all transactions. -This feature is available in the Neo4j Enterprise Edition. -|Valid values -a|db.logs.query.transaction.enabled, one of [OFF, INFO, VERBOSE] -|Dynamic a|true -|Default value -m|+++OFF+++ -|=== - -[[config_db.logs.query.transaction.threshold]] -.db.logs.query.transaction.threshold -[cols="<1s,<4"] -|=== -|Description -a|If the transaction is open for more time than this threshold, the transaction is logged once completed - provided transaction logging (xref:reference/configuration-settings.adoc#config_db.logs.query.transaction.enabled[db.logs.query.transaction.enabled]) is set to `INFO`. Defaults to 0 seconds (all transactions are logged). -|Valid values -a|db.logs.query.transaction.threshold, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Dynamic a|true -|Default value -m|+++0s+++ -|=== - -[[config_db.memory.transaction.max]] -.db.memory.transaction.max -[cols="<1s,<4"] -|=== -|Description -a|Limit the amount of memory that a single transaction can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). Zero means 'largest possible value'. When `server.cluster.initial_mode_constraint=CORE` or `server.cluster.initial_mode_constraint=SINGLE` and `dbms.clustering.enable=true` this is '2G', in other cases this is 'unlimited'. -|Valid values -a|db.memory.transaction.max, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `1.00MiB` or is `0B` and depends on server.cluster.initial_mode_constraint. If server.cluster.initial_mode_constraint one of `[CORE]` then it is maximum `2.00GiB` otherwise it depends on server.cluster.initial_mode_constraint. If server.cluster.initial_mode_constraint one of `[SINGLE]` then it depends on dbms.clustering.enable. If dbms.clustering.enable is `true` then it is maximum `2.00GiB` otherwise it is unconstrained. otherwise it is unconstrained.. -|Dynamic a|true -|Default value -m|+++0B+++ -|=== - -[[config_db.memory.transaction.total.max]] -.db.memory.transaction.total.max -[cols="<1s,<4"] -|=== -|Description -a|Limit the amount of memory that all transactions in one database can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). Zero means 'unlimited'. -|Valid values -a|db.memory.transaction.total.max, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `10.00MiB` or is `0B` -|Dynamic a|true -|Default value -m|+++0B+++ -|=== - -[[config_db.track_query_cpu_time]] -.db.track_query_cpu_time -[cols="<1s,<4"] -|=== -|Description -a|Enables or disables tracking of how much time a query spends actively executing on the CPU. Calling `SHOW TRANSACTIONS` will display the time. This information is also available in the query log by default. -|Valid values -a|db.track_query_cpu_time, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_db.transaction.bookmark_ready_timeout]] -.db.transaction.bookmark_ready_timeout -[cols="<1s,<4"] -|=== -|Description -a|The maximum amount of time to wait for the database state represented by the bookmark. -|Valid values -a|db.transaction.bookmark_ready_timeout, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) which is minimum `1s` -|Dynamic a|true -|Default value -m|+++30s+++ -|=== - -[[config_db.transaction.concurrent.maximum]] -.db.transaction.concurrent.maximum -[cols="<1s,<4"] -|=== -|Description -a|The maximum number of concurrently running transactions. If set to 0, limit is disabled. -|Valid values -a|db.transaction.concurrent.maximum, an integer -|Dynamic a|true -|Default value -m|+++1000+++ -|=== - -[[config_db.transaction.sampling.percentage]] -.db.transaction.sampling.percentage -[cols="<1s,<4"] -|=== -|Description -a|Transaction sampling percentage. -|Valid values -a|db.transaction.sampling.percentage, an integer which is in the range `1` to `100` -|Dynamic a|true -|Default value -m|+++5+++ -|=== - -[[config_db.transaction.timeout]] -.db.transaction.timeout -[cols="<1s,<4"] -|=== -|Description -a|The maximum time interval of a transaction within which it should be completed. -|Valid values -a|db.transaction.timeout, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Dynamic a|true -|Default value -m|+++0s+++ -|=== - -[[config_db.transaction.tracing.level]] -.db.transaction.tracing.level -[cols="<1s,<4"] -|=== -|Description -a|Transaction creation tracing level. -|Valid values -a|db.transaction.tracing.level, one of [DISABLED, SAMPLE, ALL] -|Dynamic a|true -|Default value -m|+++DISABLED+++ -|=== - -[[config_db.tx_log.preallocate]] -.db.tx_log.preallocate -[cols="<1s,<4"] -|=== -|Description -a|Specify if Neo4j should try to preallocate logical log file in advance. -|Valid values -a|db.tx_log.preallocate, a boolean -|Dynamic a|true -|Default value -m|+++true+++ -|=== - -[[config_db.tx_log.rotation.retention_policy]] -.db.tx_log.rotation.retention_policy -[cols="<1s,<4"] -|=== -|Description -a|Tell Neo4j how long logical transaction logs should be kept to backup the database.For example, "10 days" will prune logical logs that only contain transactions older than 10 days.Alternatively, "100k txs" will keep the 100k latest transactions from each database and prune any older transactions. -|Valid values -a|db.tx_log.rotation.retention_policy, a string which matches the pattern `^(true{vbar}keep_all{vbar}false{vbar}keep_none{vbar}(\d+[KkMmGg]?( (files{vbar}size{vbar}txs{vbar}entries{vbar}hours{vbar}days))))$` (Must be `true` or `keep_all`, `false` or `keep_none`, or of format ` `. Valid units are `K`, `M` and `G`. Valid types are `files`, `size`, `txs`, `entries`, `hours` and `days`. For example, `100M size` will limit logical log space on disk to 100MB per database,and `200K txs` will limit the number of transactions kept to 200 000 per database.) -|Dynamic a|true -|Default value -m|+++7 days+++ -|=== - -[[config_db.tx_log.rotation.size]] -.db.tx_log.rotation.size -[cols="<1s,<4"] -|=== -|Description -a|Specifies at which file size the logical log will auto-rotate. Minimum accepted value is 128 KiB. -|Valid values -a|db.tx_log.rotation.size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `128.00KiB` -|Dynamic a|true -|Default value -m|+++250.00MiB+++ -|=== - -[[config_dbms.cluster.num_primaries]] -.dbms.cluster.num_primaries -[cols="<1s,<4"] -|=== -|Description -a|Default number of primaries in Large Cluster. -|Valid values -a|dbms.cluster.num_primaries, an integer which is minimum `2` and is maximum `11` -|Dynamic a|true -|Default value -m|+++3+++ -|=== - -[[config_dbms.cluster.num_secondaries]] -.dbms.cluster.num_secondaries -[cols="<1s,<4"] -|=== -|Description -a|Default number of secondaries in Large Cluster. -|Valid values -a|dbms.cluster.num_secondaries, an integer which is minimum `0` and is maximum `20` -|Dynamic a|true -|Default value -m|+++0+++ -|=== - -[[config_dbms.cypher.render_plan_description]] -.dbms.cypher.render_plan_description -[cols="<1s,<4"] -|=== -|Description -a|If set to `true` a textual representation of the plan description will be rendered on the server for all queries running with `EXPLAIN` or `PROFILE`. This allows clients such as the neo4j browser and Cypher shell to show a more detailed plan description. -|Valid values -a|dbms.cypher.render_plan_description, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_server.databases.default_to_read_only]] -.server.databases.default_to_read_only -[cols="<1s,<4"] -|=== -|Description -a|Whether or not any database on this instance are read_only by default. If false, individual databases may be marked as read_only using dbms.database.read_only. If true, individual databases may be marked as writable using xref:configuration/dynamic-settings.adoc#config_server.databases.writable[server.databases.writable]. -|Valid values -a|server.databases.default_to_read_only, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_server.databases.read_only]] -.server.databases.read_only -[cols="<1s,<4"] -|=== -|Description -a|List of databases for which to prevent write queries. Databases not included in this list maybe read_only anyway depending upon the value of xref:reference/configuration-settings.adoc#config_server.databases.default_to_read_only[server.databases.default_to_read_only]. -|Valid values -a|server.databases.read_only, a ',' separated set with elements of type 'A valid database name containing only alphabetic characters, numbers, dots and dashes with a length between 3 and 63 characters, starting with an alphabetic character but not with the name 'system''. which Value 'system' can't be included in read only databases collection! -|Dynamic a|true -|Default value -m|++++++ -|=== - -[[config_server.databases.writable]] -.server.databases.writable -[cols="<1s,<4"] -|=== -|Description -a|Formerly `dbms.databases.writable`. List of databases for which to allow write queries. Databases not included in this list will allow write queries anyway, unless xref:reference/configuration-settings.adoc#config_server.databases.default_to_read_only[server.databases.default_to_read_only] is set to true. -|Valid values -a|server.databases.writable, a ',' separated set with elements of type 'A valid database name containing only alphabetic characters, numbers, dots and dashes with a length between 3 and 63 characters, starting with an alphabetic character but not with the name 'system''. -|Dynamic a|true -|Default value -m|++++++ -|=== - -[[config_dbms.memory.transaction.total.max]] -.dbms.memory.transaction.total.max -[cols="<1s,<4"] -|=== -|Description -a|Limit the amount of memory that all of the running transactions can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). Zero means 'unlimited'. -|Valid values -a|dbms.memory.transaction.total.max, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `10.00MiB` or is `0B` -|Dynamic a|true -|Default value -m|+++0B+++ -|=== - -[[config_dbms.routing.client_side.enforce_for_domains]] -.dbms.routing.client_side.enforce_for_domains -[cols="<1s,<4"] -|=== -|Description -a|Always use client side routing (regardless of the default router) for neo4j:// protocol connections to these domains. A comma separated list of domains. Wildcards (*) are supported. -|Valid values -a|dbms.routing.client_side.enforce_for_domains, a ',' separated set with elements of type 'a string'. -|Dynamic a|true -|Default value -m|++++++ -|=== - -[[config_dbms.routing.reads_on_writers_enabled]] -.dbms.routing.reads_on_writers_enabled -[cols="<1s,<4"] -|=== -|Description -a|Configure if the `dbms.routing.getRoutingTable()` procedure should include the leader as read endpoint or return only read replicas/followers. Note: leader is returned as read endpoint if no other member is present all. -|Valid values -a|dbms.routing.reads_on_writers_enabled, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_dbms.security.ldap.authentication.attribute]] -.dbms.security.ldap.authentication.attribute -[cols="<1s,<4"] -|=== -|Description -a|The attribute to use when looking up users. -Using this setting requires `dbms.security.ldap.authentication.search_for_attribute` to be true and thus `dbms.security.ldap.authorization.system_username` and `dbms.security.ldap.authorization.system_password` to be configured. -|Valid values -a|dbms.security.ldap.authentication.attribute, a string which matches the pattern `[A-Za-z0-9-]*` (has to be a valid LDAP attribute name, only containing letters [A-Za-z], digits [0-9] and hyphens [-].) -|Dynamic a|true -|Default value -m|+++samaccountname+++ -|=== - -[[config_dbms.security.ldap.authentication.user_dn_template]] -.dbms.security.ldap.authentication.user_dn_template -[cols="<1s,<4"] -|=== -|Description -a|LDAP user DN template. An LDAP object is referenced by its distinguished name (DN), and a user DN is an LDAP fully-qualified unique user identifier. This setting is used to generate an LDAP DN that conforms with the LDAP directory's schema from the user principal that is submitted with the authentication token when logging in. The special token {0} is a placeholder where the user principal will be substituted into the DN string. -|Valid values -a|dbms.security.ldap.authentication.user_dn_template, a string which must contain '{0}' to understand where to insert the runtime authentication principal. -|Dynamic a|true -|Default value -m|+++uid={0},ou=users,dc=example,dc=com+++ -|=== - -[[config_dbms.security.ldap.authorization.access_permitted_group]] -.dbms.security.ldap.authorization.access_permitted_group -[cols="<1s,<4"] -|=== -|Description -a|The LDAP group to which a user must belong to get any access to the system.Set this to restrict access to a subset of LDAP users belonging to a particular group. If this is not set, any user to successfully authenticate via LDAP will have access to the PUBLIC role and any other roles assigned to them via xref:reference/configuration-settings.adoc#config_dbms.security.ldap.authorization.group_to_role_mapping[dbms.security.ldap.authorization.group_to_role_mapping]. -|Valid values -a|dbms.security.ldap.authorization.access_permitted_group, a string -|Dynamic a|true -|Default value -m|++++++ -|=== - -[[config_dbms.security.ldap.authorization.group_membership_attributes]] -.dbms.security.ldap.authorization.group_membership_attributes -[cols="<1s,<4"] -|=== -|Description -a|A list of attribute names of a user object that contains groups to be used for mapping to roles when LDAP authorization is enabled. -This setting is ignored when `dbms.ldap_authorization_nested_groups_enabled` is `true`. -|Valid values -a|dbms.security.ldap.authorization.group_membership_attributes, a ',' separated list with elements of type 'a string'. which Can not be empty -|Dynamic a|true -|Default value -m|+++memberOf+++ -|=== - -[[config_dbms.security.ldap.authorization.nested_groups_enabled]] -.dbms.security.ldap.authorization.nested_groups_enabled -[cols="<1s,<4"] -|=== -|Description -a|This setting determines whether multiple LDAP search results will be processed (as required for the lookup of nested groups). If set to `true`, instead of using attributes of the user object to determine group membership (as specified by `dbms.security.ldap.authorization.group_membership_attributes`), the `user` object will only be used to determine the user's Distinguished Name. This will subsequently be used with `dbms.security.ldap.authorization.nested_groups_search_filter` in order to perform a nested group search. The Distinguished Names of the resultant group search results will be used to determine roles. -|Valid values -a|dbms.security.ldap.authorization.nested_groups_enabled, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_dbms.security.ldap.authorization.nested_groups_search_filter]] -.dbms.security.ldap.authorization.nested_groups_search_filter -[cols="<1s,<4"] -|=== -|Description -a|The search template that will be used to find the nested groups which the user is a member of. -The filter should contain the placeholder token `{0}`, which will be substituted with the user's Distinguished Name (found for the specified user principle by using `dbms.security.ldap.authorization.user_search_filter`). -The default value specifies Active Directory's `LDAP_MATCHING_RULE_IN_CHAIN` (aka 1.2.840.113556.1.4.1941) implementation which will walk the ancestry of group membership for the specified user. -|Valid values -a|`dbms.security.ldap.authorization.nested_groups_search_filter`, a string which must contain `{0}` to understand where to insert the user's Distinguished Name. -|Dynamic a|true -|Default value -m|+++(&(objectclass=group)(member:1.2.840.113556.1.4.1941:={0}))+++ -|=== - -[[config_dbms.security.ldap.authorization.group_to_role_mapping]] -.dbms.security.ldap.authorization.group_to_role_mapping -[cols="<1s,<4"] -|=== -|Description -a|An authorization mapping from LDAP group names to Neo4j role names. The map should be formatted as a semicolon separated list of key-value pairs, where the key is the LDAP group name and the value is a comma separated list of corresponding role names. For example: group1=role1;group2=role2;group3=role3,role4,role5 -You could also use whitespaces and quotes around group names to make this mapping more readable, for example: ----- -`dbms.security.ldap.authorization.group_to_role_mapping`=\ - "cn=Neo4j Read Only,cn=users,dc=example,dc=com" = reader; \ - "cn=Neo4j Read-Write,cn=users,dc=example,dc=com" = publisher; \ - "cn=Neo4j Schema Manager,cn=users,dc=example,dc=com" = architect; \ - "cn=Neo4j Administrator,cn=users,dc=example,dc=com" = admin ----- -|Valid values -a|dbms.security.ldap.authorization.group_to_role_mapping, a string which must be semicolon separated list of key-value pairs or empty -|Dynamic a|true -|Default value -m|++++++ -|=== - -[[config_dbms.security.ldap.authorization.user_search_base]] -.dbms.security.ldap.authorization.user_search_base -[cols="<1s,<4"] -|=== -|Description -a|The name of the base object or named context to search for user objects when LDAP authorization is enabled. A common case is that this matches the last part of `xref:reference/configuration-settings.adoc#config_dbms.security.ldap.authentication.user_dn_template[dbms.security.ldap.authentication.user_dn_template]`. -|Valid values -a|dbms.security.ldap.authorization.user_search_base, a string which Can not be empty -|Dynamic a|true -|Default value -m|+++ou=users,dc=example,dc=com+++ -|=== - -[[config_dbms.security.ldap.authorization.user_search_filter]] -.dbms.security.ldap.authorization.user_search_filter -[cols="<1s,<4"] -|=== -|Description -a|The LDAP search filter to search for a user principal when LDAP authorization is enabled. The filter should contain the placeholder token {0} which will be substituted for the user principal. -|Valid values -a|dbms.security.ldap.authorization.user_search_filter, a string -|Dynamic a|true -|Default value -m|+++(&(objectClass=*)(uid={0}))+++ -|=== - -[[config_dbms.security.oidc.-provider-.audience]] -.dbms.security.oidc..audience -[cols="<1s,<4"] -|=== -|Description -a|Expected values of the Audience (aud) claim in the id token. -|Valid values -a|dbms.security.oidc..audience, a ',' separated list with elements of type 'a string'. which Can not be empty -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.auth_endpoint]] -.dbms.security.oidc..auth_endpoint -[cols="<1s,<4"] -|=== -|Description -a|The OIDC authorization endpoint. If this is not supplied Neo4j will attempt to discover it from the well_known_discovery_uri. -|Valid values -a|dbms.security.oidc..auth_endpoint, a URI -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.auth_flow]] -.dbms.security.oidc..auth_flow -[cols="<1s,<4"] -|=== -|Description -a|The OIDC flow to use. This is exposed to clients via the discovery endpoint. Supported values are `pkce` and `implicit` -|Valid values -a|dbms.security.oidc..auth_flow, one of [PKCE, IMPLICIT] -|Dynamic a|true -|Default value -m|+++PKCE+++ -|=== - -[[config_dbms.security.oidc.-provider-.auth_params]] -.dbms.security.oidc..auth_params -[cols="<1s,<4"] -|=== -|Description -a|Optional additional parameters that the auth endpoint requires. Please use params instead. The map is a semicolon separated list of key-value pairs. For example: `k1=v1;k2=v2`. -|Valid values -a|dbms.security.oidc..auth_params, A simple key value map pattern `k1=v1;k2=v2`. -|Dynamic a|true -|Default value -m|+++{}+++ -|Deprecated -a|The `dbms.security.oidc..auth_params` configuration setting has been deprecated. -|=== - -[[config_dbms.security.oidc.-provider-.authorization.group_to_role_mapping]] -.dbms.security.oidc..authorization.group_to_role_mapping -[cols="<1s,<4"] -|=== -|Description -a|An authorization mapping from IdP group names to Neo4j role names. The map should be formatted as a semicolon separated list of key-value pairs, where the key is the IdP group name and the value is a comma separated list of corresponding role names. For example: group1=role1;group2=role2;group3=role3,role4,role5 -You could also use whitespaces and quotes around group names to make this mapping more readable, for example: ----- -dbms.security.oidc..authorization.group_to_role_mapping=\ - "Neo4j Read Only" = reader; \ - "Neo4j Read-Write" = publisher; \ - "Neo4j Schema Manager" = architect; \ - "Neo4j Administrator" = admin ----- -|Valid values -a|dbms.security.oidc..authorization.group_to_role_mapping, a string which must be semicolon separated list of key-value pairs or empty -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.claims.groups]] -.dbms.security.oidc..claims.groups -[cols="<1s,<4"] -|=== -|Description -a|The claim to use as the list of groups in Neo4j. These could be Neo4J roles directly, or can be mapped using dbms.security.oidc..authorization.group_to_role_mapping. -|Valid values -a|dbms.security.oidc..claims.groups, a string -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.claims.username]] -.dbms.security.oidc..claims.username -[cols="<1s,<4"] -|=== -|Description -a|The claim to use as the username in Neo4j. This would typically be sub, but in some situations it may be be desirable to use something else such as email. -|Valid values -a|dbms.security.oidc..claims.username, a string -|Dynamic a|true -|Default value -m|+++sub+++ -|=== - -[[config_dbms.security.oidc.-provider-.client_id]] -.dbms.security.oidc..client_id -[cols="<1s,<4"] -|=== -|Description -a|Client id needed if token contains multiple Audience (aud) claims. -|Valid values -a|dbms.security.oidc..client_id, a string -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.config]] -.dbms.security.oidc..config -[cols="<1s,<4"] -|=== -|Description -a|The accepted values (all optional) are: ----- - principal: in which JWT claim the user's email address is specified, - email is the default. This is the value that will be shown in browser. - code_challenge_method: default is `S256` and it's the only supported method - at this moment. This setting applies only for pkce auth flow - token_type_principal: the options are almost always either access_token, - which is the default, or id_token. - token_type_authentication: the options are almost always either access_token, - which is the default, or id_token. - implicit_flow_requires_nonce: true or false. Defaults to false. ----- -|Valid values -a|dbms.security.oidc..config, A simple key value map pattern `k1=v1;k2=v2`. Valid key options are: `[principal, code_challenge_method, implicit_flow_requires_nonce, token_type_authentication, token_type_principal]`. -|Dynamic a|true -|Default value -m|+++{}+++ -|=== - -[[config_dbms.security.oidc.-provider-.get_groups_from_user_info]] -.dbms.security.oidc..get_groups_from_user_info -[cols="<1s,<4"] -|=== -|Description -a|When turned on, Neo4j gets the groups from the provider user info endpoint. -|Valid values -a|dbms.security.oidc..get_groups_from_user_info, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_dbms.security.oidc.-provider-.get_username_from_user_info]] -.dbms.security.oidc..get_username_from_user_info -[cols="<1s,<4"] -|=== -|Description -a|When turned on, Neo4j gets the username from the provider user info endpoint. -|Valid values -a|dbms.security.oidc..get_username_from_user_info, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_dbms.security.oidc.-provider-.issuer]] -.dbms.security.oidc..issuer -[cols="<1s,<4"] -|=== -|Description -a|The expected value of the iss claim in the id token. If this is not supplied Neo4j will attempt to discover it from the well_known_discovery_uri. -|Valid values -a|dbms.security.oidc..issuer, a string -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.jwks_uri]] -.dbms.security.oidc..jwks_uri -[cols="<1s,<4"] -|=== -|Description -a|The location of the JWK public key set for the identity provider. If this is not supplied Neo4j will attempt to discover it from the well_known_discovery_uri. -|Valid values -a|dbms.security.oidc..jwks_uri, a URI -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.params]] -.dbms.security.oidc..params -[cols="<1s,<4"] -|=== -|Description -a|The map is a semicolon separated list of key-value pairs. For example: `k1=v1;k2=v2`. -The user should at least provide: ----- - client_id: the SSO Idp client idenfifier. - response_type: code if auth_flow is pkce or token for implicit auth_flow. - scope: often containing a subset of 'email profile openid groups'. ----- -For example: `client_id=my-client-id;response_type=code;scope=openid profile email`. -|Valid values -a|dbms.security.oidc..params, A simple key value map pattern `k1=v1;k2=v2`. Required key options are: `[client_id, response_type, scope]`. -|Dynamic a|true -|Default value -m|+++{}+++ -|=== - -[[config_dbms.security.oidc.-provider-.token_endpoint]] -.dbms.security.oidc..token_endpoint -[cols="<1s,<4"] -|=== -|Description -a|The OIDC token endpoint. If this is not supplied Neo4j will attempt to discover it from the well_known_discovery_uri. -|Valid values -a|dbms.security.oidc..token_endpoint, a URI -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.token_params]] -.dbms.security.oidc..token_params -[cols="<1s,<4"] -|=== -|Description -a|Optional query parameters that the token endpoint requires. The map is a semicolon separated list of key-value pairs. For example: `k1=v1;k2=v2`.If the token endpoint requires a client_secret then this parameter should contain `client_secret=super-secret` -|Valid values -a|dbms.security.oidc..token_params, A simple key value map pattern `k1=v1;k2=v2`. -|Dynamic a|true -|Default value -m|+++{}+++ -|=== - -[[config_dbms.security.oidc.-provider-.user_info_uri]] -.dbms.security.oidc..user_info_uri -[cols="<1s,<4"] -|=== -|Description -a|The identity providers user info uri. -|Valid values -a|dbms.security.oidc..user_info_uri, a URI -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.well_known_discovery_uri]] -.dbms.security.oidc..well_known_discovery_uri -[cols="<1s,<4"] -|=== -|Description -a|The 'well known' OpenID Connect Discovery endpoint used to fetch identity provider settings. If not provided, `issuer`, `jwks_uri`, `auth_endpoint` should be present. If the auth_flow is pkce, `token_endpoint` should also be provided. -|Valid values -a|dbms.security.oidc..well_known_discovery_uri, a URI -|Dynamic a|true -|=== - -[[config_dbms.dbms.security.key.name]] -.dbms.dbms.security.key.name -[cols="<1s,<4"] -|=== -|Description -a|Name of the 256 length AES encryption key, which is used for the symmetric encryption. -|Valid values -a|dbms.dbms.security.key.name, a string -|Dynamic a|true -|Default value -m|+++aesKey+++ -|=== - -[[config_dbms.dbms.security.keystore.password]] -.dbms.dbms.security.keystore.password -[cols="<1s,<4"] -|=== -|Description -a|Password for accessing the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption. -|Valid values -a|dbms.dbms.security.keystore.password, a secure string -|Dynamic a|true -|=== - -[[config_dbms.dbms.security.keystore.path]] -.dbms.dbms.security.keystore.path -[cols="<1s,<4"] -|=== -|Description -a|Location of the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption of secrets held in system database. -|Valid values -a|dbms.dbms.security.keystore.path, a path -|Dynamic a|true -|=== - -[[config_server.cluster.catchup.connect_randomly_to_server_group]] -.server.cluster.catchup.connect_randomly_to_server_group -[cols="<1s,<4"] -|=== -|Description -a|Comma separated list of groups to be used by the connect-randomly-to-server-group selection strategy. The connect-randomly-to-server-group strategy is used if the list of strategies (`server.cluster.catchup.upstream_strategy`) includes the value `connect-randomly-to-server-group`. -|Valid values -a|server.cluster.catchup.connect_randomly_to_server_group, a ',' separated list with elements of type 'a string identifying a Server Group'. -|Dynamic a|true -|Default value -m|++++++ -|=== - -[[config_server.groups]] -.server.groups -[cols="<1s,<4"] -|=== -|Description -a|A list of group names for the server used when configuring load balancing and replication policies. -|Valid values -a|server.groups, a ',' separated list with elements of type 'a string identifying a Server Group'. -|Dynamic a|true -|Default value -m|++++++ -|=== - -[[config_server.memory.pagecache.flush.buffer.enabled]] -.server.memory.pagecache.flush.buffer.enabled -[cols="<1s,<4"] -|=== -|Description -a|Page cache can be configured to use a temporal buffer for flushing purposes. It is used to combine, if possible, sequence of several cache pages into one bigger buffer to minimize the number of individual IOPS performed and better utilization of available I/O resources, especially when those are restricted. -|Valid values -a|server.memory.pagecache.flush.buffer.enabled, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_server.memory.pagecache.flush.buffer.size_in_pages]] -.server.memory.pagecache.flush.buffer.size_in_pages -[cols="<1s,<4"] -|=== -|Description -a|Page cache can be configured to use a temporal buffer for flushing purposes. It is used to combine, if possible, sequence of several cache pages into one bigger buffer to minimize the number of individual IOPS performed and better utilization of available I/O resources, especially when those are restricted. Use this setting to configure individual file flush buffer size in pages (8KiB). To be able to utilize this buffer during page cache flushing, buffered flush should be enabled. -|Valid values -a|server.memory.pagecache.flush.buffer.size_in_pages, an integer which is in the range `1` to `512` -|Dynamic a|true -|Default value -m|+++128+++ -|=== diff --git a/modules/ROOT/pages/configuration/index.adoc b/modules/ROOT/pages/configuration/index.adoc index 6d10e3017..55bcdf451 100644 --- a/modules/ROOT/pages/configuration/index.adoc +++ b/modules/ROOT/pages/configuration/index.adoc @@ -11,10 +11,10 @@ The topics described are: * xref:configuration/connectors.adoc[Configure Neo4j connectors] -- How to configure Neo4j connectors. * xref:configuration/set-initial-password.adoc[Set initial password] -- How to set an initial password. * xref:configuration/password-and-user-recovery.adoc[Password and user recovery] -- How to recover after a lost admin password. -* xref:configuration/dynamic-settings.adoc[Configure dynamic settings] -- How to configure certain Neo4j parameters while Neo4j is running. +* xref:configuration/dynamic-settings.adoc[Update dynamic settings] -- How to configure certain Neo4j parameters while Neo4j is running. * xref:configuration/transaction-logs.adoc[Transaction logs] -- The transaction logs record all write operations in the database. -For a complete reference of Neo4j configuration settings, see xref:reference/configuration-settings.adoc[Configuration settings]. +For a complete reference of Neo4j configuration settings, see xref:reference/configuration-settings.adoc[All configuration settings]. //include::network-architecture.adoc[leveloffset=+1] diff --git a/modules/ROOT/pages/configuration/neo4j-conf.adoc b/modules/ROOT/pages/configuration/neo4j-conf.adoc index 017740a62..d3eee520b 100644 --- a/modules/ROOT/pages/configuration/neo4j-conf.adoc +++ b/modules/ROOT/pages/configuration/neo4j-conf.adoc @@ -137,7 +137,7 @@ LIMIT 3; [TIP] ==== -For information about dynamic settings, see xref:configuration/dynamic-settings.adoc[Dynamic settings]. +For information about dynamic settings, see xref:configuration/dynamic-settings.adoc[Update dynamic settings] and xref:reference/dynamic-settings-reference.adoc[Dynamic configuration settings reference]. For a complete reference of Neo4j configuration settings, see xref:reference/configuration-settings.adoc[Configuration settings]. ==== diff --git a/modules/ROOT/pages/reference/configuration-settings.adoc b/modules/ROOT/pages/reference/configuration-settings.adoc index 77a00a100..0036c1ee8 100644 --- a/modules/ROOT/pages/reference/configuration-settings.adoc +++ b/modules/ROOT/pages/reference/configuration-settings.adoc @@ -1,7 +1,6 @@ [[configuration-settings]] = Configuration settings :description: This page provides a complete reference to the Neo4j configuration settings. -:description: Reference for Neo4j procedures. This page provides a complete reference to the Neo4j configuration settings, which can be set in xref::/configuration/file-locations.adoc#file-locations[_neo4j.conf_]. Refer to xref::/configuration/neo4j-conf.adoc#neo4j-conf[The neo4j.conf file] for details on how to use configuration settings. diff --git a/modules/ROOT/partials/neo4j-config/dynamic-settings.adoc b/modules/ROOT/pages/reference/dynamic-settings-reference.adoc similarity index 78% rename from modules/ROOT/partials/neo4j-config/dynamic-settings.adoc rename to modules/ROOT/pages/reference/dynamic-settings-reference.adoc index f73611528..153d3d83f 100644 --- a/modules/ROOT/partials/neo4j-config/dynamic-settings.adoc +++ b/modules/ROOT/pages/reference/dynamic-settings-reference.adoc @@ -1,7 +1,24 @@ -// tag::reference-dynamic-settings-reference[] -[[reference-dynamic-settings-reference]] +[role=enterprise-edition] +[[dynamic-settings-reference]] += Dynamic configuration settings +:description: This page provides a complete reference to the Neo4j dynamic configuration settings. + + +This page provides a complete reference to the Neo4j dynamic configuration settings, which can be changed at runtime, without restarting the service. +This complete reference is a sub-list of all the Neo4j configuration settings. + +[NOTE] +==== +Changes to the configuration at runtime are not persisted. +To avoid losing changes when restarting Neo4j, make sure you update xref:configuration/file-locations.adoc[_neo4j.conf_] as well. + +In a clustered environment, `CALL dbms.setConfigValue` affects only the server it is run against, and it is not propagated to other members. +If you want to change the configuration settings on all cluster members, you have to run the procedure against each of them and update their _neo4j.conf_ file. + +For more information on how to update dynamic configuration settings, see xref:configuration/dynamic-settings.adoc[Update dynamic settings]. +==== + .Dynamic settings reference -ifndef::nonhtmloutput[] [options="header"] |=== |Name|Description @@ -74,81 +91,6 @@ Using this setting requires `dbms.security.ldap.authentication.search_for_attrib |<>|Page cache can be configured to use a temporal buffer for flushing purposes. |<>|Page cache can be configured to use a temporal buffer for flushing purposes. |=== -endif::nonhtmloutput[] - -ifdef::nonhtmloutput[] -* <>: Limit the number of IOs the background checkpoint process will consume per second. -* <>: Database format. -* <>: The maximum time interval within which lock should be acquired. -* <>: Log query text and parameters without obfuscating passwords. -* <>: Log executed queries. -* <>: Sets a maximum character length use for each parameter in the log. -* <>: Obfuscates all literals of the query before writing to the log. -* <>: Log parameters for the executed queries being logged. -* <>: Log query plan description table, useful for debugging purposes. -* <>: If the execution of query takes more time than this threshold, the query is logged once completed - provided query logging is set to INFO. -* <>: Log the start and end of a transaction. -* <>: If the transaction is open for more time than this threshold, the transaction is logged once completed - provided transaction logging (db.logs.query.transaction.enabled) is set to `INFO`. -* <>: Limit the amount of memory that a single transaction can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). -* <>: Limit the amount of memory that all transactions in one database can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). -* <>: Enables or disables tracking of how much time a query spends actively executing on the CPU. -* <>: The maximum amount of time to wait for the database state represented by the bookmark. -* <>: The maximum number of concurrently running transactions. -* <>: Transaction sampling percentage. -* <>: The maximum time interval of a transaction within which it should be completed. -* <>: Transaction creation tracing level. -* <>: Specify if Neo4j should try to preallocate logical log file in advance. -* <>: Tell Neo4j how long logical transaction logs should be kept to backup the database.For example, "10 days" will prune logical logs that only contain transactions older than 10 days.Alternatively, "100k txs" will keep the 100k latest transactions from each database and prune any older transactions. -* <>: Specifies at which file size the logical log will auto-rotate. -* <>: If set to `true` a textual representation of the plan description will be rendered on the server for all queries running with `EXPLAIN` or `PROFILE`. -* <>: Limit the amount of memory that all of the running transactions can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). -* <>: Always use client side routing (regardless of the default router) for neo4j:// protocol connections to these domains. -* <>: label:enterprise-edition[Enterprise only]Configure if the `dbms.routing.getRoutingTable()` procedure should include the writer as read endpoint or return only non-writers (non writer primaries and secondaries) Note: writer is returned as read endpoint if no other member is present all. -* <>: label:enterprise-edition[Enterprise only]Name of the 256 length AES encryption key, which is used for the symmetric encryption. -* <>: label:enterprise-edition[Enterprise only]Password for accessing the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption. -* <>: label:enterprise-edition[Enterprise only]Location of the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption of secrets held in system database. -* <>: label:enterprise-edition[Enterprise only]The attribute to use when looking up users. -Using this setting requires `dbms.security.ldap.authentication.search_for_attribute` to be true and thus `dbms.security.ldap.authorization.system_username` and `dbms.security.ldap.authorization.system_password` to be configured. -* <>: label:enterprise-edition[Enterprise only]LDAP user DN template. -* <>: label:enterprise-edition[Enterprise only]The LDAP group to which a user must belong to get any access to the system.Set this to restrict access to a subset of LDAP users belonging to a particular group. -* <>: label:enterprise-edition[Enterprise only]A list of attribute names on a user object that contains groups to be used for mapping to roles when LDAP authorization is enabled. -* <>: label:enterprise-edition[Enterprise only]An authorization mapping from LDAP group names to Neo4j role names. -* <>: label:enterprise-edition[Enterprise only]This setting determines whether multiple LDAP search results will be processed (as is required for the lookup of nested groups). -* <>: label:enterprise-edition[Enterprise only]The search template which will be used to find the nested groups which the user is a member of. -* <>: label:enterprise-edition[Enterprise only]The name of the base object or named context to search for user objects when LDAP authorization is enabled. -* <>: label:enterprise-edition[Enterprise only]The LDAP search filter to search for a user principal when LDAP authorization is enabled. -* <.audience>>: label:enterprise-edition[Enterprise only]Expected values of the Audience (aud) claim in the id token. -* <.auth_endpoint>>: label:enterprise-edition[Enterprise only]The OIDC authorization endpoint. -* <.auth_flow>>: label:enterprise-edition[Enterprise only]The OIDC flow to use. -* <.auth_params>>: label:enterprise-edition[Enterprise only]Optional additional parameters that the auth endpoint requires. -* <.authorization.group_to_role_mapping>>: label:enterprise-edition[Enterprise only]An authorization mapping from IdP group names to Neo4j role names. -* <.claims.groups>>: label:enterprise-edition[Enterprise only]The claim to use as the list of groups in Neo4j. -* <.claims.username>>: label:enterprise-edition[Enterprise only]The claim to use as the username in Neo4j. -* <.client_id>>: label:enterprise-edition[Enterprise only]Client id needed if token contains multiple Audience (aud) claims. -* <.config>>: label:enterprise-edition[Enterprise only]The accepted values (all optional) are: ----- - principal: in which JWT claim the user's email address is specified, - email is the default. -* <.get_groups_from_user_info>>: label:enterprise-edition[Enterprise only]When turned on, Neo4j gets the groups from the provider user info endpoint. -* <.get_username_from_user_info>>: label:enterprise-edition[Enterprise only]When turned on, Neo4j gets the username from the provider user info endpoint. -* <.issuer>>: label:enterprise-edition[Enterprise only]The expected value of the iss claim in the id token. -* <.jwks_uri>>: label:enterprise-edition[Enterprise only]The location of the JWK public key set for the identity provider. -* <.params>>: label:enterprise-edition[Enterprise only]The map is a semicolon separated list of key-value pairs. -* <.token_endpoint>>: label:enterprise-edition[Enterprise only]The OIDC token endpoint. -* <.token_params>>: label:enterprise-edition[Enterprise only]Optional query parameters that the token endpoint requires. -* <.user_info_uri>>: label:enterprise-edition[Enterprise only]The identity providers user info uri. -* <.well_known_discovery_uri>>: label:enterprise-edition[Enterprise only]The 'well known' OpenID Connect Discovery endpoint used to fetch identity provider settings. -* <>: label:enterprise-edition[Enterprise only]Comma separated list of groups to be used by the connect-randomly-to-server-group selection strategy. -* <>: Whether or not any database on this instance are read_only by default. -* <>: List of databases for which to prevent write queries. -* <>: List of databases for which to allow write queries. -* <>: label:enterprise-edition[Enterprise only]A list of tag names for the server used when configuring load balancing and replication policies. -* <>: Page cache can be configured to use a temporal buffer for flushing purposes. -* <>: Page cache can be configured to use a temporal buffer for flushing purposes. -endif::nonhtmloutput[] - - -// end::reference-dynamic-settings-reference[] [[config_db.checkpoint.iops.limit]] .db.checkpoint.iops.limit @@ -797,7 +739,7 @@ a|label:enterprise-edition[Enterprise only]The accepted values (all optional) ar implicit_flow_requires_nonce: true or false. Defaults to false. ---- |Valid values -a|dbms.security.oidc..config, A simple key value map pattern `k1=v1;k2=v2`. Valid key options are: `[implicit_flow_requires_nonce, token_type_authentication, token_type_principal, principal, code_challenge_method]`. +a|dbms.security.oidc..config, A simple key value map pattern `k1=v1;k2=v2`. Valid key options are: `[principal, code_challenge_method, implicit_flow_requires_nonce, token_type_authentication, token_type_principal]`. |Dynamic a|true |Default value m|+++{}+++ diff --git a/modules/ROOT/pages/reference/index.adoc b/modules/ROOT/pages/reference/index.adoc index 9df108cbc..8ec0f52a1 100644 --- a/modules/ROOT/pages/reference/index.adoc +++ b/modules/ROOT/pages/reference/index.adoc @@ -5,7 +5,8 @@ This appendix contains the following topics: -* xref:reference/configuration-settings.adoc[Configuration settings] +* xref:reference/configuration-settings.adoc[All configuration settings] +* xref:reference/dynamic-settings-reference.adoc[Dynamic configuration settings] * xref:reference/procedures.adoc[Procedures] From d0ef1db891aad7e5525bba87641b75d1721f0128 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Mon, 12 Dec 2022 12:46:51 +0200 Subject: [PATCH 038/876] Add compatibility between the dump version and the version of the Neo4j Aura instance (#240) --- modules/ROOT/pages/tools/index.adoc | 2 +- .../tools/neo4j-admin/upload-to-aura.adoc | 37 ++++++++++++++++--- 2 files changed, 33 insertions(+), 6 deletions(-) diff --git a/modules/ROOT/pages/tools/index.adoc b/modules/ROOT/pages/tools/index.adoc index 5cb516b0b..e3f4c3402 100644 --- a/modules/ROOT/pages/tools/index.adoc +++ b/modules/ROOT/pages/tools/index.adoc @@ -12,7 +12,7 @@ This chapter covers the following topics: ** xref:tools/neo4j-admin/neo4j-admin-memrec.adoc[Memory recommendations] -- How to get an initial recommendation for Neo4j memory settings. ** xref:tools/neo4j-admin/neo4j-admin-import.adoc[Import] -- How to import data into Neo4j using the command `neo4j-admin import`. ** xref:tools/neo4j-admin/unbind.adoc[Unbind a Neo4j cluster server] -- How to remove cluster state data from a Neo4j server. -** xref:tools/neo4j-admin/upload-to-aura.adoc[Upload to Neo4j AuraDB] -- How to upload an existing Neo4j graph to Neo4j AuraDB. +** xref:tools/neo4j-admin/upload-to-aura.adoc[Upload to Neo4j Aura] -- How to upload an existing local database to a Neo4j Aura instance. ** xref:tools/neo4j-admin/migrate-database.adoc[Migrate a database] -- How to migrate a Neo4j database from one store format to another or to a later `MAJOR` version of the same format. ** xref:tools/neo4j-admin/migrate-configuration.adoc[Migrate the Neo4j configuration file] -- How to migrate a Neo4j configuration file. * xref:tools/cypher-shell.adoc[Cypher Shell] -- How to use the Cypher Shell. diff --git a/modules/ROOT/pages/tools/neo4j-admin/upload-to-aura.adoc b/modules/ROOT/pages/tools/neo4j-admin/upload-to-aura.adoc index 360702bc8..22d6ae23a 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/upload-to-aura.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/upload-to-aura.adoc @@ -3,7 +3,23 @@ [[neo4j-admin-upload-to-aura]] = Upload to Neo4j Aura -You can use the `neo4j-admin database upload` command to upload a local Neo4j database dump into a Neo4j Aura instance. +The `neo4j-admin database upload` command uploads a local Neo4j database dump into a Neo4j Aura instance. + +The following table shows the compatibility between the dump version that you want to upload and the version of the Neo4j Aura instance. + +[options="header" cols="50%, 50%"] +|=== +| Dump version +| Aura version + +| v5.x +| v5.latest + +| v4.4 +| v4 and v5.latest + +| v4.3 +| v4 and v5.latest +|=== [NOTE] ==== @@ -72,7 +88,7 @@ Alternatively, the `NEO4J_PASSWORD` environment variable can be used. | --to-uri | `` | The Bolt URI of the target Aura database. -For example, `neo4j://myaurainstanceid.databases.neo4j.io`. +For example, `neo4j+s://your-aura-instance-id.databases.neo4j.io`. | --to-user | `` @@ -82,7 +98,7 @@ Alternatively, you can use the `NEO4J_USERNAME` environment variable. | | -| Name of the database that should be uploaded. The name is used to select a dump file which is expected to be named _.dump_. +| Name of the database dump that should be uploaded. |=== == Limitations @@ -91,7 +107,7 @@ Alternatively, you can use the `NEO4J_USERNAME` environment variable. == Output -If the `upload` function completes successfully, it will exit with the following log line: +If the `upload` function completes successfully, it exits with the following log line: ---- “Your data was successfully pushed to Aura and is now running”. @@ -99,11 +115,22 @@ If the `upload` function completes successfully, it will exit with the following If the `upload` function encounters an error at any point, you will be provided with instructions on how to try again or to contact Neo4j Aura support. +Additionally, you can use the `--verbose` option to enable verbose output. + == Example +The following examples show how to use the `neo4j-admin database upload` command to upload a database dump to a Neo4j Aura instance. +You need your Aura instance URI (`neo4j+s://your-aura-instance-id.databases.neo4j.io`), as can be seen in the Aura console, and your Aura instance password. + +[NOTE] +==== +You should use the `--overwrite-destination=true` option to overwrite the target database. +Otherwise, the command aborts and throws an error. +==== + [source, shell,role=nocopy] ---- -$neo4j-home> bin/neo4j-admin database upload neo4j --from-path= --to-uri= +$neo4j-home> bin/neo4j-admin database upload --from-path= --to-uri= --overwrite-destination=true Neo4j cloud database user name: neo4j Neo4j cloud database password: Upload From 16a5e9fc63b7c051ac582712499ca44d427891ca Mon Sep 17 00:00:00 2001 From: lidiazuin <102308961+lidiazuin@users.noreply.github.com> Date: Mon, 12 Dec 2022 16:56:54 +0100 Subject: [PATCH 039/876] Fixing the version of Neo4j in example code (#243) (#245) Cherry-pick of https://github.com/lidiazuin/docs-operations/pull/new/5.3-cherry-pick-243 --- modules/ROOT/pages/tutorial/tutorial-composite-database.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/tutorial/tutorial-composite-database.adoc b/modules/ROOT/pages/tutorial/tutorial-composite-database.adoc index e6137dbe0..4d3029772 100644 --- a/modules/ROOT/pages/tutorial/tutorial-composite-database.adoc +++ b/modules/ROOT/pages/tutorial/tutorial-composite-database.adoc @@ -117,7 +117,7 @@ bin/cypher-shell -u neo4j -p neo4j ---- Password change required new password: ***** -Connected to Neo4j 4.1.x at neo4j://localhost:7687 as user neo4j. +Connected to Neo4j 5 at neo4j://localhost:7687 as user neo4j. Type :help for a list of available commands or :exit to exit the shell. Note that Cypher queries must end with a semicolon. ---- From 0f9cd57d03c446e6960cdb080b6d775fd59d4a57 Mon Sep 17 00:00:00 2001 From: Ed Randall <68006845+edrandall-dev@users.noreply.github.com> Date: Mon, 12 Dec 2022 16:36:22 +0000 Subject: [PATCH 040/876] refs to licensing@neo4j.com -> contact form (#239) https://trello.com/c/VSNAv5zM/196-please-change-references-to-licensingneo4jcom-on-helm-charts-page-to-direct-readers-to-contact-us Co-authored-by: Reneta Popova --- modules/ROOT/pages/docker/introduction.adoc | 2 +- modules/ROOT/pages/kubernetes/configuration.adoc | 4 ++-- .../kubernetes/quickstart-cluster/create-value-file.adoc | 2 +- .../pages/kubernetes/quickstart-cluster/prerequisites.adoc | 2 +- .../pages/kubernetes/quickstart-standalone/prerequisites.adoc | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/ROOT/pages/docker/introduction.adoc b/modules/ROOT/pages/docker/introduction.adoc index 679087ed4..32b521992 100644 --- a/modules/ROOT/pages/docker/introduction.adoc +++ b/modules/ROOT/pages/docker/introduction.adoc @@ -25,7 +25,7 @@ ____ Use of this Software without a proper commercial license with Neo4j, Inc. or its affiliates is prohibited. -Email inquiries can be directed to: licensing@neo4j.com +Email inquiries can be sent using the form https://neo4j.com/contact-us[Contact Neo4j]. More information is also available at: https://neo4j.com/licensing/ ____ diff --git a/modules/ROOT/pages/kubernetes/configuration.adoc b/modules/ROOT/pages/kubernetes/configuration.adoc index 6789a6d70..07fbe15bd 100644 --- a/modules/ROOT/pages/kubernetes/configuration.adoc +++ b/modules/ROOT/pages/kubernetes/configuration.adoc @@ -946,7 +946,7 @@ This way, you can ensure when building the container that the correct plugin ver [NOTE] ==== The Neo4j Bloom plugin (https://neo4j.com/download-center/#bloom) requires a license activation key, which needs to be placed in a directory accessible by the Neo4j Docker container, for example, mounted to _/licenses_ (default). -To obtain a valid license, reach out to your Neo4j account representative or write to licensing@neo4j.com. +To obtain a valid license, reach out to your Neo4j account representative or use the form https://neo4j.com/contact-us[Contact Neo4j]. ==== Building a Docker container image that is based on the official Neo4j Docker image and does not override the official image's `ENTRYPOINT` and `COMMAND` is the recommended method to use with the Neo4j Helm chart, as shown in this example Dockerfile: @@ -997,7 +997,7 @@ With this method, the plugin jar files are stored on a Persistent Volume that is [NOTE] ==== The Neo4j Bloom plugin (https://neo4j.com/download-center/#bloom) requires a license activation key, which needs to be placed in a directory accessible by the Neo4j Docker container, for example, mounted to _/licenses_ (default). -To obtain a valid license, reach out to your Neo4j account representative or write to licensing@neo4j.com. +To obtain a valid license, reach out to your Neo4j account representative or use the form https://neo4j.com/contact-us[Contact Neo4j]. ==== The simplest way to set up a persistent `plugins` volume is to share the Persistent Volume that is used for storing Neo4j data. diff --git a/modules/ROOT/pages/kubernetes/quickstart-cluster/create-value-file.adoc b/modules/ROOT/pages/kubernetes/quickstart-cluster/create-value-file.adoc index be084e80a..0b9bc2d41 100644 --- a/modules/ROOT/pages/kubernetes/quickstart-cluster/create-value-file.adoc +++ b/modules/ROOT/pages/kubernetes/quickstart-cluster/create-value-file.adoc @@ -58,7 +58,7 @@ You cannot use `neo4j` as the initial password as this is the default password. By default, the Neo4j Helm chart installs Neo4j Enterprise Edition since clusters are not available in Community Edition. This means that you do not have to explicitly set the configuration parameter `edition:` to `"enterprise"`, as you would do for a standalone server of Neo4j Enterprise Edition. However, you must acknowledge license compliance by setting `neo4j.acceptLicenseAgreement` to `"yes"`. -For more information on how to obtain a valid license for Neo4j Enterprise Edition, see https://neo4j.com/licensing/ or write to licensing@neo4j.com. +For more information on how to obtain a valid license for Neo4j Enterprise Edition, see https://neo4j.com/licensing/ or use the form https://neo4j.com/contact-us[Contact Neo4j]. `volumes.data`:: The `volumes.data` parameter maps the `data` volume mount of each cluster member to the persistent volume for that member. diff --git a/modules/ROOT/pages/kubernetes/quickstart-cluster/prerequisites.adoc b/modules/ROOT/pages/kubernetes/quickstart-cluster/prerequisites.adoc index 9a4985f6e..79feead17 100644 --- a/modules/ROOT/pages/kubernetes/quickstart-cluster/prerequisites.adoc +++ b/modules/ROOT/pages/kubernetes/quickstart-cluster/prerequisites.adoc @@ -10,7 +10,7 @@ Before you can deploy a Neo4j cluster on Kubernetes, you need to: * xref:kubernetes/helm-charts-setup.adoc[Configure the Neo4j Helm chart repository]. * Obtain a valid license for Neo4j Enterprise Edition. -For more information, see https://neo4j.com/licensing/ or write to licensing@neo4j.com. +For more information, see https://neo4j.com/licensing/ or use the form https://neo4j.com/contact-us[Contact Neo4j]. * Install the Kubernetes client command-line tool `kubectl` (https://kubernetes.io/docs/tasks/tools/). * Set up a Kubernetes cluster with sufficient CPU and memory for your Neo4j deployment. + diff --git a/modules/ROOT/pages/kubernetes/quickstart-standalone/prerequisites.adoc b/modules/ROOT/pages/kubernetes/quickstart-standalone/prerequisites.adoc index d01c548f8..0194a80bd 100644 --- a/modules/ROOT/pages/kubernetes/quickstart-standalone/prerequisites.adoc +++ b/modules/ROOT/pages/kubernetes/quickstart-standalone/prerequisites.adoc @@ -10,7 +10,7 @@ Before you can deploy a Neo4j standalone instance on Kubernetes, you need to: * xref:kubernetes/helm-charts-setup.adoc[Configure the Neo4j Helm chart repository]. * Obtain a valid license if you want to install Neo4j Enterprise Edition. The Neo4j Community Edition (default for the standalone chart) does not require a license. -For more information, see https://neo4j.com/licensing/ or write to licensing@neo4j.com. +For more information, see https://neo4j.com/licensing/ or use the form https://neo4j.com/contact-us[Contact Neo4j]. * Install the Kubernetes client command-line tool `kubectl` (https://kubernetes.io/docs/tasks/tools/). * Set up a Kubernetes cluster with sufficient CPU and memory for your Neo4j deployment. + From 0bb860295c8dbfa0d06dac194c6ea44268996db3 Mon Sep 17 00:00:00 2001 From: lidiazuin <102308961+lidiazuin@users.noreply.github.com> Date: Tue, 13 Dec 2022 11:42:06 +0100 Subject: [PATCH 041/876] Adding link for logging reference in memory configuration docs (#244) (#247) As per request. Cherry-pick of https://github.com/neo4j/docs-operations/pull/244 --- modules/ROOT/pages/performance/memory-configuration.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/performance/memory-configuration.adoc b/modules/ROOT/pages/performance/memory-configuration.adoc index 4de124c13..00b78c9d8 100644 --- a/modules/ROOT/pages/performance/memory-configuration.adoc +++ b/modules/ROOT/pages/performance/memory-configuration.adoc @@ -243,4 +243,4 @@ CALL dbms.listPools() SHOW TRANSACTIONS ---- -Or alternatively, you can monitor the memory usage of each query in the _query.log_. +Or alternatively, you can monitor the memory usage of each query in the xref:monitoring/logging.adoc#query-logging[_query.log_]. From 9434962301bcadf5d895cc85caaa01f27e9550b7 Mon Sep 17 00:00:00 2001 From: Jack Waudby <33488812+jackwaudby@users.noreply.github.com> Date: Wed, 14 Dec 2022 13:06:44 +0000 Subject: [PATCH 042/876] Update to reflect suggestion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Jens Pryce-Åklundh <112686610+JPryce-Aklundh@users.noreply.github.com> --- modules/ROOT/pages/manage-databases/queries.adoc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/manage-databases/queries.adoc b/modules/ROOT/pages/manage-databases/queries.adoc index ee925850a..4c9271b8a 100644 --- a/modules/ROOT/pages/manage-databases/queries.adoc +++ b/modules/ROOT/pages/manage-databases/queries.adoc @@ -95,7 +95,8 @@ Or in a cluster: Switching between `online` and `offline` states is achieved using the xref:manage-databases/queries.adoc#manage-databases-queries-start-database[`START DATABASE`] and xref:manage-databases/queries.adoc#manage-databases-queries-stop-database[`STOP DATABASE`] commands. -Note, databases hosted on offline servers are also returned. For such databases the `address` column displays `NULL`, the `currentStatus` column displays `unknown`, and the `statusMessage` displays `Server is unavailable`. +Note that databases hosted on offline servers are also returned by the `SHOW DATABASES` command. +For such databases the `address` column displays `NULL`, the `currentStatus` column displays `unknown`, and the `statusMessage` displays `Server is unavailable`. [[manage-databases-queries-show-default-databases]] From 06588d4b9d402a2f6b7ff4eb64c636ea4df8a0c3 Mon Sep 17 00:00:00 2001 From: Jack Waudby <33488812+jackwaudby@users.noreply.github.com> Date: Wed, 14 Dec 2022 13:06:54 +0000 Subject: [PATCH 043/876] Update to reflect suggestion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Jens Pryce-Åklundh <112686610+JPryce-Aklundh@users.noreply.github.com> --- .../pages/clustering/monitoring/show-databases-monitoring.adoc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/clustering/monitoring/show-databases-monitoring.adoc b/modules/ROOT/pages/clustering/monitoring/show-databases-monitoring.adoc index dddcc2b95..4b23c4935 100644 --- a/modules/ROOT/pages/clustering/monitoring/show-databases-monitoring.adoc +++ b/modules/ROOT/pages/clustering/monitoring/show-databases-monitoring.adoc @@ -46,7 +46,8 @@ For example: The possible statuses are `initial`, `offline`, `store copying`, `deallocating`, `unknown`, `dirty`, and `quarantined`. -Additionally, note that databases hosted on servers that are offline are also returned. For such databases the `address` column displays `NULL`, the `currentStatus` column displays `unknown`, and the `statusMessage` displays `Server is unavailable`. +Additionally, note that databases hosted on servers that are offline are also returned by the `SHOW DATABASES` command. +For such databases the `address` column displays `NULL`, the `currentStatus` column displays `unknown`, and the `statusMessage` displays `Server is unavailable`. .Listing databases in standalone Neo4j ==== From 70d31c14e70a24c8c8ee9d3ecf352179d537f23f Mon Sep 17 00:00:00 2001 From: Jenny Owen Date: Wed, 14 Dec 2022 17:27:18 +0100 Subject: [PATCH 044/876] removed references to deprecated NEO4JLABS_PLUGINS feature name (#254) The docker image reports that the environment `NEO4JLABS_PLUGINS` is deprecated since 5.0.0 and renamed to `NEO4J_PLUGINS` now, but I forgot to update the documentation about it. Here is the documentation update. --- modules/ROOT/pages/docker/operations.adoc | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/modules/ROOT/pages/docker/operations.adoc b/modules/ROOT/pages/docker/operations.adoc index d04c5822f..d07c7ae03 100644 --- a/modules/ROOT/pages/docker/operations.adoc +++ b/modules/ROOT/pages/docker/operations.adoc @@ -262,26 +262,26 @@ docker run \ neo4j:{neo4j-version-exact} ---- -[[docker-neo4jlabs-plugins]] -== Configure Neo4j Labs plugins +[[docker-neo4j-plugins]] +== Configure Neo4j plugins The Neo4j Docker image includes a startup script that can automatically download and configure certain Neo4j plugins at runtime. [NOTE] ==== -This feature is intended to facilitate using Neo4j Labs plugins in development environments, but it is not recommended for use in production environments. +This feature is intended to facilitate using Neo4j plugins in development environments, but it is not recommended for use in production environments. To use plugins in production with Neo4j Docker containers, see xref:docker/operations.adoc#docker-procedures[Install user-defined procedures]. ==== -The `NEO4JLABS_PLUGINS` environment variable can be used to specify the plugins to install using this method. +The `NEO4J_PLUGINS` environment variable can be used to specify the plugins to install using this method. This should be set to a JSON-formatted list of supported plugins. For example, to install the APOC plugin (`apoc`), you can use the Docker argument; [source, argument, role=noheader] ---- ---env NEO4JLABS_PLUGINS='["apoc"]' +--env NEO4J_PLUGINS='["apoc"]' ---- and run the following command: @@ -292,7 +292,7 @@ docker run -it --rm \ --publish=7474:7474 --publish=7687:7687 \ --user="$(id -u):$(id -g)" \ -e NEO4J_AUTH=none \ - --env NEO4JLABS_PLUGINS='["apoc"]' \ + --env NEO4J_PLUGINS='["apoc"]' \ neo4j:{neo4j-version-exact} ---- @@ -300,10 +300,10 @@ For example, to install the APOC plugin (`apoc`) and the Neo Semantics plugin (` [source, argument, role=noheader] ---- ---env NEO4JLABS_PLUGINS='["apoc", "n10s"]' +--env NEO4J_PLUGINS='["apoc", "n10s"]' ---- -.Supported Neo4j Labs plugins +.Supported Neo4j plugins [options="header",cols="d,m,a"] |=== |Name |Key |Further information From 62c272eea4588e310ff9f25a5a07c9b281b49c5e Mon Sep 17 00:00:00 2001 From: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> Date: Thu, 15 Dec 2022 14:30:24 +0100 Subject: [PATCH 045/876] removed erroneous part of example and added clarification (#261) --- modules/ROOT/pages/clustering/servers.adoc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/clustering/servers.adoc b/modules/ROOT/pages/clustering/servers.adoc index 8686a0e48..8c6dd1557 100644 --- a/modules/ROOT/pages/clustering/servers.adoc +++ b/modules/ROOT/pages/clustering/servers.adoc @@ -122,11 +122,12 @@ The `ENABLE` command can take several options: [source,cypher, role=noplay] ---- neo4j@neo4j> ENABLE SERVER '25a7efc7-d063-44b8-bdee-f23357f89f01' OPTIONS - {modeConstraint:'PRIMARY', allowedDatabases:['foo'], deniedDatabases:['bar', 'baz']}; + {modeConstraint:'PRIMARY', allowedDatabases:['foo']}; ---- `modeConstraint` is used to control whether a server can be used to host a database in only primary or secondary mode. `allowedDatabases` and `deniedDatabases` are collections of database names that filter which databases may be hosted on a server. +These are mutually exclusive and if both are specified, an error is returned. If no options are set, a server can host any database in any mode. Servers can also provide default values for these options via their _neo4j.conf_ files on first startup. From 17486dc68f991819fe7a0f16688b672f18f9f229 Mon Sep 17 00:00:00 2001 From: Neil Dewhurst Date: Thu, 15 Dec 2022 16:45:55 +0000 Subject: [PATCH 046/876] Update Neo4j version attributes --- antora.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/antora.yml b/antora.yml index 2fd253cf9..85e70e380 100644 --- a/antora.yml +++ b/antora.yml @@ -7,7 +7,7 @@ nav: asciidoc: attributes: neo4j-version: '5' - neo4j-version-minor: '5.3' - neo4j-version-exact: '5.3.0' - neo4j-buildnumber: '5.3' - neo4j-debian-package-version: '1:5.3.0@' + neo4j-version-minor: '5.4' + neo4j-version-exact: '5.4.0' + neo4j-buildnumber: '5.4' + neo4j-debian-package-version: '1:5.4.0@' From 3e47974213cd580eb258e74d5ea248373844af08 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Mon, 19 Dec 2022 13:33:19 +0000 Subject: [PATCH 047/876] Add the required password length (#265) --- modules/ROOT/pages/docker/introduction.adoc | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/docker/introduction.adoc b/modules/ROOT/pages/docker/introduction.adoc index 32b521992..33ac58483 100644 --- a/modules/ROOT/pages/docker/introduction.adoc +++ b/modules/ROOT/pages/docker/introduction.adoc @@ -48,6 +48,12 @@ You can try out your Neo4j container by opening _http://localhost:7474/_ (the Ne By default, Neo4j requires authentication and prompts you to log in with a username/password of `neo4j/neo4j` at the first connection. You are then prompted to set a new password. +[NOTE] +==== +The default minimum password length is 8 characters. +Use the `dbms.security.auth_minimum_password_length` configuration to change it. +==== + The following sections provide more information about how to set an initial password, configure Neo4j to persist data between restarts, and use the Neo4j Docker image. [[docker-auth]] @@ -139,7 +145,7 @@ This table lists some of the options available: |--env |Set config as environment variables for the Neo4j database -|docker run --env NEO4J_AUTH=neo4j/test +|docker run --env NEO4J_AUTH=neo4j/your_password |--restart |Control whether Neo4j containers start automatically when they exit, or when Docker restarts. From 7bee734091fc59a28fa57a9f1afa5c2c50dec9f6 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Mon, 19 Dec 2022 13:37:54 +0000 Subject: [PATCH 048/876] Fix the dump-config example in Docker (#263) --- modules/ROOT/pages/docker/configuration.adoc | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/modules/ROOT/pages/docker/configuration.adoc b/modules/ROOT/pages/docker/configuration.adoc index 01ca74b00..888f55191 100644 --- a/modules/ROOT/pages/docker/configuration.adoc +++ b/modules/ROOT/pages/docker/configuration.adoc @@ -79,6 +79,17 @@ This can be done by setting `server.default_listen_address=0.0.0.0`. ==== To dump the initial set of configuration files, run the image with the `dump-config` command. +You must set the `neo4j` user as the owner of _$HOME/neo4j/conf_ to allow _write_ access from the Neo4j docker container: + +[source, shell, subs="attributes"] +---- +sudo chown neo4j:neo4j $HOME/neo4j/conf +---- + +[NOTE] +==== +Processes in the Neo4j docker container run under the `neo4j` user by default. +==== [source, shell, subs="attributes"] ---- From ae744bdebe612abd2908a709354902837f7f8cff Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Tue, 20 Dec 2022 14:22:05 +0000 Subject: [PATCH 049/876] Adding info on how to log JWT claims (#255) (#270) Cherry-picked from #255 Co-authored-by: Phil Wright <95368282+phil198@users.noreply.github.com> --- .../sso-integration.adoc | 42 ++++++++++++++++++- .../tutorial/tutorial-sso-configuration.adoc | 14 ++++++- .../partials/neo4j-config/all-settings.adoc | 14 +++++++ 3 files changed, 67 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/pages/authentication-authorization/sso-integration.adoc b/modules/ROOT/pages/authentication-authorization/sso-integration.adoc index a38a13963..4441d0cd7 100644 --- a/modules/ROOT/pages/authentication-authorization/sso-integration.adoc +++ b/modules/ROOT/pages/authentication-authorization/sso-integration.adoc @@ -16,95 +16,120 @@ For example, if you are using Okta as your identity provider you might use `okta The following configuration settings are important to consider when configuring single sign-on. For a more detailed overview of the single sign-on configuration options, see xref:reference/configuration-settings.adoc[Configuration settings]. -These settings can also be updated while the database is running, see xref:configuration/dynamic-settings.adoc[Update dynamic settings] for more information on how to do this. +Some of these settings can also be updated while the database is running, see xref:configuration/dynamic-settings.adoc[Dynamic settings] for more information on how to do this. Altering any of these settings causes users to re-authenticate as their permissions may have changed as a result. -[options="header",cols="<3,<1,<3"] +[options="header",cols="<3,<1,<1,<3"] |=== | Parameter name | Default value +| Dynamic | Description | xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.display_name[dbms.security.oidc..display_name] | +| false | The display name for the provider. This is displayed in clients such as Neo4j Browser and Bloom. | xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.auth_flow[dbms.security.oidc..auth_flow] | pkce +| true | The OIDC auth_flow for clients such as Neo4j Browser and Bloom to use. Supported values are `pkce` and `implicit`. | xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.well_known_discovery_uri[dbms.security.oidc..well_known_discovery_uri] | +| true | The OpenID Connect Discovery URL for the provider. | xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.auth_endpoint[dbms.security.oidc..auth_endpoint] | +| true | URL of the provider's Authorization Endpoint. | xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.auth_params[dbms.security.oidc..auth_params] | +| true | Optional parameters that clients may require with the Authorization Endpoint. The map is a semicolon-separated list of key-value pairs. For example: k1=v1;k2=v2. | xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.token_endpoint[dbms.security.oidc..token_endpoint] | +| true | URL of the provider's OAuth 2.0 Token Endpoint. | xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.token_params[dbms.security.oidc..token_params] | +| true | Option parameters that clients may require with the Token Endpoint. The map is a semicolon-separated list of key-value pairs. For example: k1=v1;k2=v2. | xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.jwks_uri[dbms.security.oidc..jwks_uri] | +| true | URL of the provider's JSON Web Key Set. | xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.user_info_uri[dbms.security.oidc..user_info_uri] | +| true | URL of the provider's UserInfo Endpoint. | xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.issuer[dbms.security.oidc..issuer] | +| true | URL that the provider asserts as its issuer identifier. This will be checked against the `iss` claim in the token. | xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.audience[dbms.security.oidc..audience] | +| true | The expected value for the `aud` claim. | xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.client_id[dbms.security.oidc..client_id] | +| true | The `client_id` of this client as issued by the provider. | xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.params[dbms.security.oidc..params] | +| true | Option parameters that clients may require. The map is a semicolon-separated list of key-value pairs. For example: k1=v1;k2=v2. | xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.config[dbms.security.oidc..config] | +| true | Option additional configuration that clients may require. The map is a semicolon-separated list of key-value pairs. For example: k1=v1;k2=v2. | xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.get_groups_from_user_info[dbms.security.oidc..get_groups_from_user_info] | false +| true | Whether to fetch the groups claim from the user info endpoint on the identity provider. The default is `false`, to read the claim from the token. | xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.get_username_from_user_info[dbms.security.oidc..get_username_from_user_info] | false +| true | Whether to fetch the username claim from the user info endpoint on the identity provider. The default is `false`, to read the claim from the token. | xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.claims.username[dbms.security.oidc..claims.username] | sub +| true | The claim to use for the database username. | xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.claims.groups[dbms.security.oidc..claims.groups] | +| true | The claim to use for the database roles. | xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.authorization.group_to_role_mapping[dbms.security.oidc..authorization.group_to_role_mapping] | +| true | List an authorization mapping from groups to the pre-defined built-in roles `admin`, `architect`, `publisher`, `editor`, and `reader`, or to any custom-defined roles. + +| xref:reference/configuration-settings.adoc#config_dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled[dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled] +| false +| false +| When set to `true`, it logs the claims from the JWT into the security log (provided the security log level is also set to `DEBUG`). |=== [[auth-sso-configure-sso]] @@ -267,3 +292,16 @@ server.jvm.additional=-Djavax.net.ssl.keyStorePassword=mypasword server.jvm.additional=-Djavax.net.ssl.trustStore=/path/to/MyCert.jks server.jvm.additional=-Djavax.net.ssl.trustStorePassword=mypasword ---- + +[[auth-sso-debug-jwt-claims]] +== Debug logging of JWT claims + +While setting up an OIDC integration, it is sometimes necessary to perform troubleshooting. +In these cases, it can be useful to view the claims contained in the JWT supplied by the identity provider. +To enable the logging of these claims at `DEBUG` level in the security log, set xref:reference/configuration-settings.adoc#config_dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled[dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled] to be `true` and the security log level to `DEBUG`. + +[WARNING] +==== +Make sure to set xref:reference/configuration-settings.adoc#config_dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled[dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled] back to `false` for production environments to avoid unwanted logging of potentially sensitive information. +Also, bear in mind that the set of claims provided by an identity provider in the JWT can change over time. +==== \ No newline at end of file diff --git a/modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc b/modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc index b2960d2ef..beeeb3e00 100644 --- a/modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc +++ b/modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc @@ -280,9 +280,21 @@ It is generally safer to use access tokens when possible due to being shorter-li If authorization permissions change on the identity provider, Neo4j will fail authorization. Neo4j Browser will try to reconnect and reflect the changed permissions faster than if ID tokens were used. +=== Debug logging of JWT claims + +While setting up an OIDC integration, it is sometimes necessary to perform troubleshooting. +In these cases, it can be useful to view the claims contained in the JWT supplied by the identity provider. +To enable the logging of these claims at `DEBUG` level in the security log, set xref:reference/configuration-settings.adoc#config_dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled[dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled] to `true` and the security log level to `DEBUG`. + +[WARNING] +==== +Make sure to set xref:reference/configuration-settings.adoc#config_dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled[dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled] back to `false` for production environments to avoid unwanted logging of potentially sensitive information. +Also, bear in mind that the set of claims provided by an identity provider in the JWT can change over time. +==== + === How to debug further problems with the configuration Apart from the logs available in _logs/debug.log_ and _logs/security.log_ in the Neo4j path, you can also use the web-development console in your web browser when doing the SSO authentication flow with Bloom or Neo4j Browser. -However, this could reveal potential problems as the one presented below with an example identity provider and the Cross-Origin Request policy: +This could reveal potential problems, such as the one presented below with an example identity provider and the Cross-Origin Request policy: image::sso-configuration-tutorials/oidc-cors-error.png[title="CORS error"] diff --git a/modules/ROOT/partials/neo4j-config/all-settings.adoc b/modules/ROOT/partials/neo4j-config/all-settings.adoc index e3ef98f7b..d78b22ecd 100644 --- a/modules/ROOT/partials/neo4j-config/all-settings.adoc +++ b/modules/ROOT/partials/neo4j-config/all-settings.adoc @@ -2689,6 +2689,20 @@ a|dbms.security.oidc..config, A simple key value map pattern `k1=v1;k2 m|+++{}+++ |=== +[[config_dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled]] +.dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled +[cols="<1s,<4"] +|=== +|Description +a|When set to `true`, it logs the claims from the JWT. This will only take effect when the security log level is set to `DEBUG`. + +WARNING: It is strongly advised that this is set to `false` when running in a production environment in order to prevent logging of sensitive information. Also note that the contents of the JWT claims set can change over time because they are dependent entirely upon the ID provider. +|Valid values +a|dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled, a boolean +|Default value +m|+++false+++ +|=== + + [[config_dbms.security.oidc.-provider-.display_name]] .dbms.security.oidc..display_name [cols="<1s,<4"] From 787e5a8b5533298e34f0b912a50022a81066ab95 Mon Sep 17 00:00:00 2001 From: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> Date: Wed, 21 Dec 2022 09:10:33 +0100 Subject: [PATCH 050/876] fix typo in link to cypher manual query tuning (#277) --- modules/ROOT/pages/performance/index-configuration.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/performance/index-configuration.adoc b/modules/ROOT/pages/performance/index-configuration.adoc index 1fcabf30a..06c2afee6 100644 --- a/modules/ROOT/pages/performance/index-configuration.adoc +++ b/modules/ROOT/pages/performance/index-configuration.adoc @@ -73,7 +73,7 @@ Point indexes are a type of highly-specialized, single-property index and they o Point indexes are designed to speed up spatial queries, specifically the `distance` and `bounding box` queries. Exact lookups are the only non-spatial query that this index type supports. -For more information on the queries a point index can be used for, refer to link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/query-tuninges[Cypher Manual -> Query Tuning -> The use of indexes]. +For more information on the queries a point index can be used for, refer to link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/query-tuning[Cypher Manual -> Query Tuning -> The use of indexes]. Point index optionally accepts configuration properties for tuning the behavior of spatial search. For more information on configuring point index, refer to link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/indexes-for-search-performance[Cypher Manual -> Indexes for search performance]. @@ -89,7 +89,7 @@ Text indexes are specifically designed to deal with `ENDS WITH` or `CONTAINS` qu They are used through Cypher and they support a smaller set of string queries. Even though text indexes do support other text queries, `ENDS WITH` or `CONTAINS` queries are the only ones for which this index type provides an advantage over a range index. -For more information on the queries a text index can be used for, refer to link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/query-tuninges[Cypher Manual -> Query Tuning -> The use of indexes]. +For more information on the queries a text index can be used for, refer to link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/query-tuning[Cypher Manual -> Query Tuning -> The use of indexes]. For more information on the different index types, refer to link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/indexes-for-search-performance[Cypher Manual -> Indexes for search performance]. From e59c52541b5e027c5b06f621f8f9483d57e44083 Mon Sep 17 00:00:00 2001 From: Neil Dewhurst Date: Wed, 21 Dec 2022 12:28:47 +0000 Subject: [PATCH 051/876] Fix broken links and link formatting (#271) --- .../authentication-authorization/access-control.adoc | 12 ++++++------ .../authentication-authorization/introduction.adoc | 2 +- modules/ROOT/pages/docker/operations.adoc | 8 ++++---- .../ROOT/pages/performance/index-configuration.adoc | 8 ++++---- modules/ROOT/pages/reference/procedures.adoc | 4 ++-- 5 files changed, 17 insertions(+), 17 deletions(-) diff --git a/modules/ROOT/pages/authentication-authorization/access-control.adoc b/modules/ROOT/pages/authentication-authorization/access-control.adoc index 839a5c82a..a6c2c9534 100644 --- a/modules/ROOT/pages/authentication-authorization/access-control.adoc +++ b/modules/ROOT/pages/authentication-authorization/access-control.adoc @@ -82,7 +82,7 @@ This same database would be used by a number of different users, each with diffe Unlike applications which often require users to be modeled within the application itself, databases provide user management resources such as roles and privileges. This allows users to be created entirely within the database security model, a strategy that allows the separation of access to the data and the data itself. -For more information, see link:/docs/cypher-manual/{neo4j-version}/access-control/[Cypher Manual -> Access control]. +For more information, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/[Cypher Manual -> Access control]. The following examples show two different approaches to using Neo4j security features to support the _healthcare_ database application. The first approach uses xref:authentication-authorization/built-in-roles/auth-built-in-roles[Built-in roles], whereas the second uses more advanced resources with fine-grained privileges for <>. @@ -278,7 +278,7 @@ SHOW ROLE itadmin PRIVILEGES AS COMMANDS; [NOTE] ==== -Privileges that were granted or denied earlier can be revoked using link:/docs/cypher-manual/{neo4j-version}/access-control/manage-privileges/#access-control-revoke-privileges[the `REVOKE` command]. +Privileges that were granted or denied earlier can be revoked using link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/manage-privileges/#access-control-revoke-privileges[the `REVOKE` command]. ==== To provide the IT administrator `tina` these privileges, they must be assigned the new role `itadmin`: @@ -500,7 +500,7 @@ If the `researcherB` role is revoked to Charlie, but `researcherW` is granted, w [NOTE] ==== -Privileges that were granted or denied earlier can be revoked using link:/docs/cypher-manual/{neo4j-version}/access-control/manage-privileges/#access-control-revoke-privileges[the `REVOKE` command]. +Privileges that were granted or denied earlier can be revoked using link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/manage-privileges/#access-control-revoke-privileges[the `REVOKE` command]. ==== === Privileges of `doctor` @@ -787,7 +787,7 @@ GRANT DELETE ON GRAPH healthcare RELATIONSHIPS HAS, DIAGNOSIS TO receptionist; [NOTE] ==== -Privileges that were granted or denied earlier can be revoked using link:/docs/cypher-manual/{neo4j-version}/access-control/manage-privileges/#access-control-revoke-privileges[the `REVOKE` command]. +Privileges that were granted or denied earlier can be revoked using link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/manage-privileges/#access-control-revoke-privileges[the `REVOKE` command]. ==== === Privileges of nurses @@ -838,7 +838,7 @@ SHOW USER daniel PRIVILEGES AS COMMANDS; [NOTE] ==== -Privileges that were granted or denied earlier can be revoked using link:/docs/cypher-manual/{neo4j-version}/access-control/manage-privileges/#access-control-revoke-privileges[the `REVOKE` command]. +Privileges that were granted or denied earlier can be revoked using link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/manage-privileges/#access-control-revoke-privileges[the `REVOKE` command]. ==== Now the intention is that a nurse can perform the actions of a receptionist, which means they should be able to read and write the `address` field of the `Patient` nodes. @@ -1111,7 +1111,7 @@ neo4j@system> SHOW USER tina PRIVILEGES AS COMMANDS; ==== No other privilege management privileges were granted here. How much power this role should have would depend on the requirements of the system. -Refer to the section link:/docs/cypher-manual/{neo4j-version}/access-control/built-in-roles/[Cypher Manual -> The `admin` role] for a complete list of privileges to consider. +Refer to the section link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/built-in-roles/[Cypher Manual -> The `admin` role] for a complete list of privileges to consider. ==== Now Tina should be able to create new users and assign them to roles: diff --git a/modules/ROOT/pages/authentication-authorization/introduction.adoc b/modules/ROOT/pages/authentication-authorization/introduction.adoc index 4f46ed882..b789ff831 100644 --- a/modules/ROOT/pages/authentication-authorization/introduction.adoc +++ b/modules/ROOT/pages/authentication-authorization/introduction.adoc @@ -25,7 +25,7 @@ For more information, see xref:configuration/password-and-user-recovery.adoc[Pas When triggered, Neo4j logs an error containing a timestamp and the message `failed to log in: too many failed attempts` in the _security.log_. ==== + -The Cypher commands to manage users, roles, and permissions are described in detail in link:{neo4j-docs-base-uri}/cypher-manual/{neo4j-version}/access-control/[Cypher Manual -> Administration]. +The Cypher commands to manage users, roles, and permissions are described in detail in link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/[Cypher Manual -> Administration]. Various scenarios that illustrate the use of the native auth provider are available in xref:authentication-authorization/access-control.adoc[Fine-grained access control]. *LDAP auth provider*:: diff --git a/modules/ROOT/pages/docker/operations.adoc b/modules/ROOT/pages/docker/operations.adoc index d07c7ae03..3fa338ce1 100644 --- a/modules/ROOT/pages/docker/operations.adoc +++ b/modules/ROOT/pages/docker/operations.adoc @@ -314,19 +314,19 @@ For example, to install the APOC plugin (`apoc`) and the Neo Semantics plugin (` | APOC Core | `apoc-core` -| https://neo4j.com/docs/apoc/current/ +| link:{neo4j-docs-base-uri}/apoc[APOC] | Bloom | `bloom` -| https://neo4j.com/docs/bloom-user-guide/current/ +| link:{neo4j-docs-base-uri}/bloom-user-guide[Neo4j Bloom] | Streams | `streams` -| https://neo4j.com/docs/labs/neo4j-streams/current/ +| link:{neo4j-docs-base-uri}/kafka-streams[Neo4j Streaming Data Integrations User Guide] | Graph Data Science | `graph-data-science` -| https://neo4j.com/docs/graph-data-science/current/ +| link:{neo4j-docs-base-uri}/graph-data-science[Graph Data Science] | Neo Semantics | `n10s` diff --git a/modules/ROOT/pages/performance/index-configuration.adoc b/modules/ROOT/pages/performance/index-configuration.adoc index 06c2afee6..6492cc80b 100644 --- a/modules/ROOT/pages/performance/index-configuration.adoc +++ b/modules/ROOT/pages/performance/index-configuration.adoc @@ -73,7 +73,7 @@ Point indexes are a type of highly-specialized, single-property index and they o Point indexes are designed to speed up spatial queries, specifically the `distance` and `bounding box` queries. Exact lookups are the only non-spatial query that this index type supports. -For more information on the queries a point index can be used for, refer to link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/query-tuning[Cypher Manual -> Query Tuning -> The use of indexes]. +For more information on the queries a point index can be used for, refer to link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/query-tuning/indexes[Cypher Manual -> Query Tuning -> The use of indexes]. Point index optionally accepts configuration properties for tuning the behavior of spatial search. For more information on configuring point index, refer to link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/indexes-for-search-performance[Cypher Manual -> Indexes for search performance]. @@ -89,7 +89,7 @@ Text indexes are specifically designed to deal with `ENDS WITH` or `CONTAINS` qu They are used through Cypher and they support a smaller set of string queries. Even though text indexes do support other text queries, `ENDS WITH` or `CONTAINS` queries are the only ones for which this index type provides an advantage over a range index. -For more information on the queries a text index can be used for, refer to link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/query-tuning[Cypher Manual -> Query Tuning -> The use of indexes]. +For more information on the queries a text index can be used for, refer to link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/query-tuning/indexes[Cypher Manual -> Query Tuning -> The use of indexes]. For more information on the different index types, refer to link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/indexes-for-search-performance[Cypher Manual -> Indexes for search performance]. @@ -134,7 +134,7 @@ They are however created and dropped using Cypher. The use of full-text indexes does require familiarity with how those indexes operate. Full-text indexes are powered by the http://lucene.apache.org/[Apache Lucene] indexing and search library. -A full description on how to create and use full-text indexes is provided in the link:{neo4j-docs-base-uri}/cypher-manual/{neo4j-version}/indexes-for-full-text-search/[Cypher Manual -> Indexes to support full-text search]. +A full description on how to create and use full-text indexes is provided in the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/indexes-for-full-text-search/[Cypher Manual -> Indexes to support full-text search]. [[index-configuration-fulltext-configuration]] @@ -180,7 +180,7 @@ By default, the analyzer analyzes both the indexed values and query string. In some cases, however, using different analyzers for the indexed values and query string is more appropriate. You can do that by specifying an analyzer for the query string when using the full-text search procedures. -For a detailed information on how to create and use full-text indexes, see the link:{neo4j-docs-base-uri}/cypher-manual/{neo4j-version}/indexes-for-full-text-search/[Cypher Manual -> Indexes to support full-text search]. +For a detailed information on how to create and use full-text indexes, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/indexes-for-full-text-search/[Cypher Manual -> Indexes to support full-text search]. [[index-configuration-fulltext-per-property-analyzer]] === Per-property analyzer diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index 053ac40cd..3a9f619f0 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -25,7 +25,7 @@ SHOW PROCEDURES Some procedures can only be run by users with `Admin` privileges. These are labeled with label:admin-only[]. -For more information, see link:{neo4j-docs-base-uri}/cypher-manual/{neo4j-version}/access-control/manage-privileges/[Cypher Manual -> Manage Privileges]. +For more information, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/manage-privileges/[Cypher Manual -> Manage Privileges]. ==== == List of procedures @@ -650,7 +650,7 @@ m|SCHEMA // m|architect, admin | Replaced by a|`CREATE CONSTRAINT ... IS NODE KEY`. -For more information, see link:{neo4j-docs-base-uri}/cypher-manual/{neo4j-version}/access-control/database-administration/database-administration[Database administration]. +For more information, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/database-administration[Database administration]. |=== From 49e95809ae235b9faeead32aee0181f0671c408a Mon Sep 17 00:00:00 2001 From: Hannes Sandberg Date: Thu, 22 Dec 2022 08:22:23 +0100 Subject: [PATCH 052/876] clarify that the keytool command should be run in the terminal (and therefore not as a cypher command in the browser) --- modules/ROOT/pages/manage-databases/remote-alias.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/manage-databases/remote-alias.adoc b/modules/ROOT/pages/manage-databases/remote-alias.adoc index e10f61e15..936a80ab7 100644 --- a/modules/ROOT/pages/manage-databases/remote-alias.adoc +++ b/modules/ROOT/pages/manage-databases/remote-alias.adoc @@ -114,7 +114,7 @@ In this case, the credentials of a user of **DBMS B** are reversibly encrypted a Since the algorithm used is AES/GCM, an AES encryption key needs to be provided. It should have length 256, and be stored in a password-protected keystore, of format pkcs12. -The key can be generated by using the following keytool command, which is included in link:https://docs.oracle.com/en/java/javase/11/tools/keytool.html[Java Platform, Standard Edition]: +The key can be generated by using the following keytool command in your terminal, which is included in link:https://docs.oracle.com/en/java/javase/11/tools/keytool.html[Java Platform, Standard Edition]: [source] ---- From 557abfcb9db2624dee23b8ab0962247278f29363 Mon Sep 17 00:00:00 2001 From: JPryce-Aklundh Date: Thu, 22 Dec 2022 14:17:12 +0100 Subject: [PATCH 053/876] initial update of procedures list --- modules/ROOT/pages/reference/procedures.adoc | 162 +++++++++++++++---- 1 file changed, 132 insertions(+), 30 deletions(-) diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index 053ac40cd..4c5ca9954 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -59,6 +59,18 @@ For more information, see link:{neo4j-docs-base-uri}/cypher-manual/{neo4j-versio | label:yes[] | label:admin-only[] +| xref:reference/procedures.adoc#procedure_db_constraints[`db.constraints()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `SHOW CONSTRAINTS` + +| xref:reference/procedures.adoc#procedure_db_createindex[`db.createIndex()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `OPTIONS` of the `CREATE INDEX` command. + | xref:reference/procedures.adoc#procedure_db_createlabel[`db.createLabel()`] | label:yes[] | label:yes[] @@ -67,7 +79,7 @@ For more information, see link:{neo4j-docs-base-uri}/cypher-manual/{neo4j-versio | xref:reference/procedures.adoc#procedure_db_createnodekey[`db.createNodeKey()`] | label:no[] | label:yes[] -| label:deprecated[Deprecated in 4.2] + +| label:removed[] + Replaced by: `CREATE CONSTRAINT ... IS NODE KEY`. | xref:reference/procedures.adoc#procedure_db_createproperty[`db.createProperty()`] @@ -75,16 +87,52 @@ Replaced by: `CREATE CONSTRAINT ... IS NODE KEY`. | label:yes[] | +| xref:reference/procedures.adoc#procedure_db_createuniquepropertyconstraint[`db.createPropertyConstraint()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `OPTIONS` of the `CREATE CONSTRAINT ... IS UNIQUE` command + | xref:reference/procedures.adoc#procedure_db_createrelationshiptype[`db.createRelationshipType()`] | label:yes[] | label:yes[] | +| xref:reference/procedures.adoc#procedure_db_indexes[`db.indexes()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `SHOW INDEXES` command + +| xref:reference/procedures.adoc#procedure_db_indexDetails[`db.indexDetails()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `SHOW INDEXES YIELD*` + | xref:reference/procedures.adoc#procedure_db_index_fulltext_awaiteventuallyconsistentindexrefresh[`db.index.fulltext.awaitEventuallyConsistentIndexRefresh()`] | label:yes[] | label:yes[] | +| xref:reference/procedures.adoc#procedure_db_index_fulltext_createnodeindex[`db.index.fulltext.createNodeIndex()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `CREATE FULLTEXT INDEX ...` + +| xref:reference/procedures.adoc#procedure_db_index_fulltext_createrelationshipindex[`db.index.fulltext.createRelationshipIndex()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `CREATE FULLTEXT INDEX ...` + +| xref:reference/procedures.adoc#procedure_db_index_fulltext_drop[`db.index.fulltext.drop()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `DROP INDEX ...` + | xref:reference/procedures.adoc#procedure_db_index_fulltext_listavailableanalyzers[`db.index.fulltext.listAvailableAnalyzers()`] | label:yes[] | label:yes[] @@ -158,6 +206,12 @@ In 4.2, signature changed to `db.listLocks() :: (mode :: STRING?, resourceType : | label:yes[] | +| xref:reference/procedures.adoc#procedure_db_schema_statements[`db.schema.statements()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `SHOW INDEXES YIELD *` and `SHOW CONSTRAINTS YIELD *` + | xref:reference/procedures.adoc#procedure_db_schema_visualization[`db.schema.visualization()`] | label:yes[] | label:yes[] @@ -226,13 +280,6 @@ In 4.2, signature changed to `db.listLocks() :: (mode :: STRING?, resourceType : | label:yes[] | label:admin-only[] -// Clustering is an Enterprise feature, the naming is weird. -// dbms.routing.getRoutingTable() does the same thing. -| xref:reference/procedures.adoc#procedure_dbms_cluster_routing_getroutingtable[`dbms.cluster.routing.getRoutingTable()`] -| label:yes[] -| label:yes[] -| - // New in 4.0 // com.neo4j.causaulclustering.discovery.procedures.ClusterOverviewProcedure | xref:reference/procedures.adoc#procedure_dbms_cluster_overview[`dbms.cluster.overview()`] @@ -263,6 +310,13 @@ Replaced by: `dbms.quarantineDatabase()`. | label:yes[] | label:admin-only[] +// Clustering is an Enterprise feature, the naming is weird. +// dbms.routing.getRoutingTable() does the same thing. +| xref:reference/procedures.adoc#procedure_dbms_cluster_routing_getroutingtable[`dbms.cluster.routing.getRoutingTable()`] +| label:yes[] +| label:yes[] +| + // New in 4.0 // Removed in 5.0 // com.neo4j.causaulclustering.discovery.procedures.RoleProcedure @@ -296,7 +350,13 @@ Replaced by: `dbms.setDefaultDatabase` | label:yes[] | label:yes[] | label:removed[] + -Replaced by: `SHOW DATABASES`. +Replaced by: `SHOW DATABASES` + +| xref:reference/procedures.adoc#procedure_dbms_functions[`dbms.functions()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `SHOW FUNCTIONS` | xref:reference/procedures.adoc#procedure_dbms_info[`dbms.info()`] | label:yes[] @@ -315,16 +375,33 @@ Replaced by: `SHOW DATABASES`. | label:yes[] | +| xref:reference/procedures.adoc#procedure_dbms_killtransaction[`dbms.killTransaction()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `TERMINATE TRANSACTIONS` + +| xref:reference/procedures.adoc#procedure_dbms_killtransactions[`dbms.killTransactions()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `TERMINATE TRANSACTIONS` + | xref:reference/procedures.adoc#procedure_dbms_listactivelocks[`dbms.listActiveLocks()`] | label:yes[] | label:yes[] | -| xref:reference/procedures.adoc#procedure_dbms_listConfig[`dbms.listConfig()`] +| xref:reference/procedures.adoc#procedure_dbms_listconfig[`dbms.listConfig()`] | label:yes[] | label:yes[] | label:admin-only[] +| xref:reference/procedures.adoc#procedure_dbms_listcapabilities[`dbms.listCapabilities()`] +| label:yes[] +| label:yes[] +| + | xref:reference/procedures.adoc#procedure_dbms_listconnections[`dbms.listConnections()`] | label:yes[Available since 4.2] | label:yes[] @@ -336,6 +413,25 @@ Replaced by: `SHOW DATABASES`. | label:yes[] | +| xref:reference/procedures.adoc#procedure_dbms_listqueries[`dbms.listQueries()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `SHOW TRANSACTIONS` + +| xref:reference/procedures.adoc#procedure_dbms_listtransactions[`dbms.lisTransactions()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `SHOW TRANSACTIONS` + + +| xref:reference/procedures.adoc#procedure_dbms_procedures[`dbms.procedures()`] +| label:no[] +| label:yes[] +| label:removed[] + +Replaced by: `SHOW PROCEDURES` + // New in 4.3 | xref:reference/procedures.adoc#procedure_dbms_quarantineDatabase[`dbms.quarantineDatabase()`] | label:no[] @@ -352,21 +448,6 @@ Replaced by: `SHOW DATABASES`. | label:yes[] | -| xref:reference/procedures.adoc#procedure_dbms_setDatabaseAllocator[`dbms.setDatabaseAllocator()`] -| label:no[] -| label:yes[] -| label:admin-only[] - -| xref:reference/procedures.adoc#procedure_dbms_setDefaultAllocationNumbers[`dbms.setDefaultAllocationNumbers()`] -| label:no[] -| label:yes[] -| label:admin-only[] - -| xref:reference/procedures.adoc#procedure_dbms_setDefaultDatabase[`dbms.setDefaultDatabase()`] -| label:no[] -| label:yes[] -| label:admin-only[] - // New in 4.2 | xref:reference/procedures.adoc#procedure_dbms_scheduler_failedjobs[`dbms.scheduler.failedJobs()`] | label:no[] @@ -384,6 +465,11 @@ Replaced by: `SHOW DATABASES`. | label:yes[] | label:admin-only[] +| xref:reference/procedures.adoc#procedure_dbms_security_clearauthcache[`dbms.security.clearAuthCache()`] +| label:no[] +| label:yes[] +| label:admin-only[] + // Removed in 5.0 | xref:reference/procedures.adoc#procedure_dbms_security_activateuser[`dbms.security.activateUser()`] | label:no[] @@ -417,11 +503,6 @@ Replaced by: `ALTER CURRENT USER SET PASSWORD`. In 4.1, mode changed to `write`. + Replaced by: `ALTER USER`. -| xref:reference/procedures.adoc#procedure_dbms_security_clearauthcache[`dbms.security.clearAuthCache()`] -| label:no[] -| label:yes[] -| label:admin-only[] - // Removed in 5.0 | xref:reference/procedures.adoc#procedure_dbms_security_createrole[`dbms.security.createRole()`] | label:no[] @@ -507,6 +588,22 @@ Replaced by: `ALTER USER`. | label:yes[] | label:admin-only[] +| xref:reference/procedures.adoc#procedure_dbms_setDatabaseAllocator[`dbms.setDatabaseAllocator()`] +| label:no[] +| label:yes[] +| label:admin-only[] + +| xref:reference/procedures.adoc#procedure_dbms_setDefaultAllocationNumbers[`dbms.setDefaultAllocationNumbers()`] +| label:no[] +| label:yes[] +| label:admin-only[] + +| xref:reference/procedures.adoc#procedure_dbms_setDefaultDatabase[`dbms.setDefaultDatabase()`] +| label:no[] +| label:yes[] +| label:admin-only[] + + | xref:reference/procedures.adoc#procedure_dbms_showcurrentuser[`dbms.showCurrentUser()`] | label:yes[] | label:yes[] @@ -529,6 +626,11 @@ Replaced by: `ALTER USER`. | label:yes[] | label:admin-only[] +| xref:reference/procedures.adoc#procedure_jwt_security_requestaccess[`jwt.requestAccess()`] +| label:yes[] +| label:yes[] +| label:admin-only[] + | xref:reference/procedures.adoc#procedure_tx_getmetadata[`tx.getMetaData()`] | label:yes[] | label:yes[] From 62bb00a9f647301ce918a4f2e37e206090a3cbce Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 22 Dec 2022 18:07:02 +0000 Subject: [PATCH 054/876] Update Neo4j on Azure (#287) --- modules/ROOT/content-nav.adoc | 5 +- modules/ROOT/images/az-neo4j-service.png | Bin 0 -> 154275 bytes modules/ROOT/images/az-neo4j-url.png | Bin 0 -> 96939 bytes .../ROOT/pages/cloud-deployments/index.adoc | 2 +- .../pages/cloud-deployments/neo4j-aws.adoc | 16 +- .../pages/cloud-deployments/neo4j-azure.adoc | 59 +++++ .../neo4j-azure/automation-azure.adoc | 230 ------------------ .../neo4j-azure/cluster-azure.adoc | 62 ----- .../cloud-deployments/neo4j-azure/index.adoc | 10 - .../neo4j-azure/single-instance-azure.adoc | 61 ----- 10 files changed, 69 insertions(+), 376 deletions(-) create mode 100644 modules/ROOT/images/az-neo4j-service.png create mode 100644 modules/ROOT/images/az-neo4j-url.png create mode 100644 modules/ROOT/pages/cloud-deployments/neo4j-azure.adoc delete mode 100644 modules/ROOT/pages/cloud-deployments/neo4j-azure/automation-azure.adoc delete mode 100644 modules/ROOT/pages/cloud-deployments/neo4j-azure/cluster-azure.adoc delete mode 100644 modules/ROOT/pages/cloud-deployments/neo4j-azure/index.adoc delete mode 100644 modules/ROOT/pages/cloud-deployments/neo4j-azure/single-instance-azure.adoc diff --git a/modules/ROOT/content-nav.adoc b/modules/ROOT/content-nav.adoc index 52423bc95..02aeb5460 100644 --- a/modules/ROOT/content-nav.adoc +++ b/modules/ROOT/content-nav.adoc @@ -18,10 +18,7 @@ *** xref:cloud-deployments/neo4j-gcp/single-instance-vm.adoc[] *** xref:cloud-deployments/neo4j-gcp/cluster-vm.adoc[] *** xref:cloud-deployments/neo4j-gcp/automation-gcp.adoc[] -** xref:cloud-deployments/neo4j-azure/index.adoc[] -*** xref:cloud-deployments/neo4j-azure/single-instance-azure.adoc[] -*** xref:cloud-deployments/neo4j-azure/cluster-azure.adoc[] -*** xref:cloud-deployments/neo4j-azure/automation-azure.adoc[] +** xref:cloud-deployments/neo4j-azure.adoc[] * xref:docker/index.adoc[] ** xref:docker/introduction.adoc[] diff --git a/modules/ROOT/images/az-neo4j-service.png b/modules/ROOT/images/az-neo4j-service.png new file mode 100644 index 0000000000000000000000000000000000000000..38b8410126de67db4fb4ab62fa4d4606b0e39d9f GIT binary patch literal 154275 zcmeEvby!s2_BSG-Af<%TiimV~ONo@yjevABbj%0{NUNkYN=SE?pn!BqcXtdO1H7AW z+cT0NGd_vx!T%&%4kFx%479$T85AUg(1A%yhBpyE@14Ce~%^L}E9U@FF;Nj1f(9abY9-^9@a&M^iY%Z?L$n}E0kIf38YX@`fl9}U#>8Dc_ZQqo+&c2 zKRq5R6_wbPdrBu;J2TiXoA>3$;OZC9i~2yiFy5K-8M+7uV&ZQJdsh)f%6~8j!az zix+a!3pfNSp(Z`~87F?Ye3g- zB&-DLk}gUVavJsS@2kw;G?Ji09BX)CRNrUTEL01udDHJsMbORSbBmO>iIVuS*NyF$ zNb^X1+hQdsuSE!_Un0{A>+wzE(n~2*5~ilftjNx%!dEQs4q2m3^iKBTy@W&fk2PyP z%Ee2)b}||*%esQpZ3td18CDHLS9l_BAQc*o8uL;hMT#OZB}}({bq(j*J3{sGz>4tV z>p?^NjG~ULHGNI{CHnT2bIRM|FK@rOMu^1p7=1+K2B8=AbLxjzjGkW|zLC{{U4Z%B z=jt?z=~bG~8n$@as6!1_+qmBvkX)|&HK4O#h~i>@5K(?i!uG0zlH?nnfr#!KVSEe; z(SWCH5op)%-YG%RM2!?(c*0(36B;1pIdJ0XM_=sw6)Dr51BN);k4(=^44t(NgP8TyOsjh>oFW1_hhf9-z-M&_pW?d8FJ^d$7h2=jvUlM0+Ls9 zUyYv=84ekg>&F$E6x0qw*RNsw_cxDB3)tcDV9N*6H&``ov?Mf7e8!p~VY6WDJXlF`hs;v0+Sr~a2y=PN$^|DW~Pusy; zuxQIyzDBo5$3PI;#uiB&X-Ma+BB`92g`I_$HIikaa+s;B>Y3-K#IClhHkV0|y`jjT zF{mK%Ozsl{U367oRh*j_Uvj8Q`BRf@lTXo^6i>IFQ4Buqk4eMJc$@$1qn)CdyjX9C znWZM7mEZ=;2KGi!dffx1@cc^2V(DGKMJYxdMheC{)lAjmL91NmQ3os7hU`YjsMTng zV-MdTAH;!h#d4@JdH0E$&X8DiwpNzA`k@zjj!7<2TDiJSv~Kz2>pCxJa@}KC_BrpF z8XCt{3ZEN37(Pm9Vt&eE%wk^pzB6WDh#au^!V@L(KO|+~kgVK6z0(@(M7)1Hgjnl# z3o+3hZW3XxyRj^?igI+ad~$wrSaM%vqhq*Yg;=O!SUdVU%VHegdvcVsgmLRxO&Xt% zKWg{3dS=>d3jg-bV8!aag@%c1JBCG5L0ieFvEu}BnNyj3d0t_i@zt@4;cJ#4j0_zI%4X+UDVZ=P-5 zd^L7mbImO}rR(*J93yS}FBQjCjL!Ts2O|?rI;+s(GX)&2FxfCq@@^BYj>Yat!Ro30 z;qbZ2ex*%`!zTwPBQl#-^PTX#UFfRe?3dkPWA8ZsIt zh^J65Xc|=T-2A-oeBfLGIrwTHGVxWvs|i<$&=apWqWGd%-Kc6GG=Yp@t+#=sIU$J> zyyA=jtAXi~%)ygHXLp;qjXgWQsJE+YSenG!kJnWARfNHz@CEqJtM}JsZsk2#y^nEo zEZkPwPTKvQAuFi{E9ofp@{up$e1Hh{#(F znRCIZ1xn^hew7THgqt#nIQib(Uk~S_chQvumD-h(GF;QGo{&5_l+TxiQ9r+)g=)j* z&F1vNqa*m+cpPsOLDE2cNVj~K&;#XL#u(j8x98`V_5v-%sqeYwxo<9x>)X9{2}60; z5nUoP@b*fkmND(A=wS3xq+0l)*|YHvRL5DzjfhR;HE&K-AKxp!^$e2Ci%gr^1|=^R z-qodbr13|Kwkt+CGI49@)_6RZm<~LN{2KY59>!S2Ovmh2PX|?zDuluVXU{2+VWtev z=@v}3lPa{F4D=O(K~sMbu?*zPX0X+-ju;g)|Z`$p}YZiJ3a z>|@SF`w8;7w;gzl(T~&Thh+&*O^@~zDA-J$NLD->7ojzl9TET9V~mQ^+YRW(0g#EY>&&;-N1dTaN00|jGTV6EHAMWbAkiZx?W)_haBZUE zwLR)?85*W)Js~GwyR?n0_JKj`rOhb41en!|-HKW5qFe4+)!2UMO;!^ElXs*6R@NuOSSdUAd8NFh~M?PKvR=?NRvdd_y8 zd74wiNmY`hu;+012JE^_l0<$XVOD$=hqI<}qN~gj%u;%hh?Enl z4U6_6sf)eiVs{>Wm+6qB&f&4rt&*t?PvJGsrN{H%!f{3@B!#1(edo#-@8OkeGKlDg zUI{%rz3e&-&$T1+owHu`gW;IhREx5~$PZsMWM(4OOkg5W;~~+piQz8EcMaS^mOICk z#XV9G;B{Acjfo`pnwTO?-2{o}HN!3e(!*0E79rxMBc$P0>B4m5=>S(x?SgMfGU3%x zl6O{GgVDAX-p4OoC>{!PJ{3QUJ15$Ii8(PufV%(?Y@m_4w6UBV5*;|chJ&4VDFRIik&%%6&5%(3xJDj)U%uXe&t;q6zpuXYLqZ3C-2@+(WaK}u z#^gx8`sXnUA@~hRR7p%)8hk4m+8Y^JLriTP@KKf=z=`X&k2N4jNQBgvpDWUe_qRd+ z!)D6r4(f8Ue1Pfm;9qS_)GAfse^+pA2YMF zvon)3JClvQ2{S7%FE29-8#5alBe;SQ;%e=n@4{#eq58d(Kl>3kf*9JH**cinSW{m1 zt8ZZA=pcCS-sO${@%nw7MlNRmypuKLkH-QJ$b9(=GbA(E+?@d)8M)qPhR^X-%LjRnw zKN|n*kAE~2V7`3zf1$QLXMmP^PLl(!w-L384 zL72FYbdqom*Gq>+Ew;`kPPavOt1n92Y&K^(pM4*EQOgN$mGVjXpuu$=mr~><(iLQs zYd?2T07uT<@mhTJ<~TgWa-sRa3PGFuOC5lVy%bQ2L?C9iu8!6%u>;w~ce2%BifI~6 z#`!mXejvZybb!#56Vf%St;$RET>kFj_~7b5w*5s;sK+N>3MY9QLi0SX`u(4LvOk^z zVT3u4+!G@|k0=<0E%w zt9mNF=Z!WBt<&1O`6BO5rSC7&{~KmW>{~jHd|fiyo_IPAo5^A=hm~fDfxr0`kPCBu)=?H$=_V^-&O73 zT=F-U{C~qGpCwUa*H+bNf z5X@^F+~pO!c)xbLr?|MLOizb@tq}m1s3@^tMaD-3 zgGBbl`o%HEYJsV%Y)T0GK@tBz^nYbLFK;kNuST?A9AhUVWzYEdY?stucK$=BBBEfB zBKkhRIL1XnTvKanyCtfB9r+KP|Iq3GZE+jEf3=g{xQ>FNE0%1c$|(TvOF83s@UKoJ z7o(RPTaSQi+xM9Fn4E{plY){P0`~nkolAd_|Nh^QkR>lP}Job8}3hfu#h7E!kKX{%VgvgD3^0XMt z36KaPG&-C}5%ULAug*c|on#W7arNkoTvoW7W$$VJ`AK{~GK`SuqaDpXBwj_pdf{Z*IUPVTwNrNkg! z$RdY}p5kpz)K}#r#&N?I`L*|am4`CYIQ3v>`z{9~CWhw-1?_%2TG9mMI`^$w=NlA4 z9tkqFJ8ksvqq#8dnDV(${^lj&i(|{FBBS=%m5iiN_*{$0%nafy{?pp!4?#N<>yXv& znRZj2hel&p(Qdpp3==GCa4}3U>rZd8f$qjxnlAUG*v-F{;^N9JU{0XY>E2uE$2{$m z#30!!_<~)yRd<@lKF#mEIbN|4r8UTR{`HnZ#{u=2Lw&cvuB<9`jf+8S_-1b9SoKyN zNw@HYN9rlF^$Kq)uDhGFWbo~00?JPAO@RdP<&R;;ezf?BHnjMY845}36L+{Q)uGNK z-Er1cw3v|@yU-OGy+C{+J+J8u0JI8L^@y&bu*r)ICegecZkDW{@cT46Raoio^$y7e+X5j;)Nqy-$ z$*93es4Ber>7&6~Zh4oUx5Ce=5z3wqmyGVZT5^Zg>LmC^j#Sttt9i!T5hs~TD7}^7 zJo(<2y}v0PcZRzT9ui1*D+8mkd zTFPEVv;)$`OOuTld#)%=gQ~9diLW#tx}PoQXRox)=NlYnF6MV5;A5B&AD{E4wv%So zV*#i2VYIp9mrhmw_-%K z#)*Z+^q017&VfE1A)Rs!+h>PU^}Qli(DTwE-MCs3Evr(MgLUZX*pwv3QIy5m$$k*4 zVRHmY*P{!wknfUV8VL85-dkzC@*66mqf3>w7Dp)l&~*;s4qWmPeQp5!aN@2+-cvaJK|9-P)7 zg>m;ODzt@`%cU{1rLU) zviIUAxAuetcfL{iZh0!D?C)7GT_j4>XkXZ6tD zevjNp>oN`u*m_JlbUvFp!w{QqIho;gEOLM5tQ|&edK8X*RCd|v`RP`R9QQ;-r=0%u zEqR{1W7g|Z7?fZ_8CBBd2Yg8^XiMC`U~!9Mh&XrG(zH;(JoeT{iW|P;YkN+6p<@gr z4spBal75hjETnK-PB9(I(;;;l)-U{m&HrNQvDcCmg(t^Y-F72pF&vF1{~3)+o_zQH z(mfsN!w6X!t*S#Xxq@zc%XmKMI809`RdC!n<24s~I9r7**VZfk_g?3f(+{YkM6*S{U{jkc=%g^GrpTtlN|7 z*-eLOqupsoRl8I9C0ix^@)kv-PH?-jpI(I#k-@tJYABol8NoNdoB0Ojy4K*gO*qA+ z6l!egGNzv_YuVHi98Ngvo!>0(2C7CJV>eGhCeo)Rlq^ne0)T>9pwKjuzO;2odri{k zRoshW(uwtzQ<`S=RVT5?+*t#B7=;x=%t?p2%*B=OqGz|w;p?VEFsuwO=Mjj<(N1UC z=dM5Qoc)41Hlz)aQ)T5LOL{aOqVirYJg7U`JA0wA;&2?IAREuas&(<{V<;U;2qq0; zR}y1J*L5LM!*|9ba>Y@lh!MLt-TiWvuaByu1D-V+Mn#R z$l6QYUFr_gL(CG595VUBx_Ou4*U8K+6TrL+WP8UqJB=7cKNj6;*0f8m)Q;gLi>70o z^4RShxhdw49Re&wUg1K~>eMkt=R#x0@zwt7gh}}KHcuK0xM$`8q;*Q+oc-eLiKo|M zP2f)(x#0*Dt^g4TvQCMM9aAt5)ney`DdQBdyI+&Nu6}^k*I9&c9){xU%6cv0r^_`A z<8Lyk>68^(Xq8!NXuGYX`KDZ|+QQ?-IHHqCYuO|rLF?N6!S#Z-R8q}&Ql!1}H)%if z*-X~tG;U~^Bn-@tbEuQD$e%I8j@t`&yZAFYAGM=10i$`EV-L|!HZ>ftu!GNsD;T?D z3-0ygtUC1Cmc7ry&;yit8?1;rX+IQ=+}z5dQYk;P!QL%U?2w6erd-RXvLMIU$w+k6 zMWIY;Dt{_;SlQk5R*L*RMVHX7*CLZn)mLDC$DZe?CR}3bfr9>%HIgptRZVjD^}xY`-5Z7*%8ROFfYVMj$xC(`P0Yf4z2 zZzWZ7iBLG`>|l)fUortzKptixD9 zd(D!~Yf)gaNLyke;1*4bxAt^l$^Pa5yC2RJ*XR;*WRg>Mc6QKUu9nnTnH7Cq1c`OU zUEnlDl0`SBoURuutOHqm+gKP`cBvl}E4WJSMQ3I?0ixTC;V@GqY_0VXLotrP8n^)QFy$2;Bf3oAmZasW2wpdt-@wj^^Xg(~S`)HfaJV ziAB?uzL_unEvzl1{lg`Vb(gk~+;#qK&c%iejNk9Z9mU%gmLGY<KuR)suIIAUTS z4ar0?v?2fs9=M!_S(Cy%+pQCAF}ujMeAwAq;YQgQm#cafcEToaDgLbWx~I;R2t<=6 zH(Ik4xwENZAFT9VqVqFtwulcD$ej|me>z9wc{u(sSZ0=X-HFKj%>~O;YFYkXsMK+> z49ntjUg_g?8Z%mAcvCGc^mbe#!*(l#doo7lUe}aZ)`7tD&o3F2`3%0k&Us`9&B^Qr zSe*NTY|I-uUH~YIIAddz=&0)tMlD7n0Im@nBxq*Dw%7z%$qv8@?oy9%!}^nf{Mp*W z$@ax~&x4U(U@_2kDO{$#TmYym_RL6hGgtMkXm};;tP6z6WjV#aXwtfRgD|toR>`U@ zg7)p8d~P8|e_9J6dhF@`8j)dhFm1w4=AIJurm{Xy=@%Sf0jF`hmXNB@Lc^A3U^g9)pe7I2zpSQWMrX2-vclwPD>DTT}-Y9Q;&AgmP~1q z%nCaQPZIS0tl{;NlY1VH&GAP(gl(}aj>4u^kX1EbH{lqEoP(uo(tJDpfPq-sCTsh2 zuV10%2tH@H&=!f+tVpB6Itj>VI9#A_5kjz40aOQMX6t=Z^`N`EXBGhwdhC!1REb96 zFg9yB-Raw1|F4_XTe>lIfWdPNwtyS=(PpX+p0MSS!J=9P2VTinB?Up1D)-ux)6Hrd zQrpj02IX*7&BN<0_en*g9H*k?TA)I#Pgj^UpX z)ws*QUhqW|5|j^rC&Q#+Ay7ZpkHIlCd#dQsJ>bIR`Vo;K0?}>!>6p1?7IG3$s*OoP zbG0#Sj+zIgmob#njpC*B6Io(yXW-b@fWfi?w`LszoFuH~@-gdbo|EN|ALZh>unv~^ z%g60yI$~IrkXqFykd#QttqXg#fg`nvb?>MQfQhcR+z<_9>0Ihgrq zt9EF!H^uYx(M55=Te_zi=Ixi@TQ-Iz#a8AYN_Q`ad$a!H+y$uJVjVCm+7e!K_&01o zTmWuwVWr026HizV2xi!qDm~&FC{}_auq{%9*lF*ra$MtCiidoFEOlAv$Us|2Y-;f8 zPbapDtg{Si^IqDYSM0s_o>?K4D~%#HWx_6t%6>Ec-7_*&$9ck$75KK6hcT>%AN1;> zX-dR<0923^n{;;_Bsla*_twKM(B?9gNH?tl2>v961f%W+(5*p}weHdKKP@a*kQp_n z*>9Q3w{;6$7%=FaOQX&uI1}Fyba$}nJtBeF{pksg+@yW!KI2QorI~j8-Xt;L5*Ngk z=e0GH*b5E-pYzH0ODy6$9&n9MbACc3=P$!}j;iL~;;=TN(+2g8P8Ay#E0=?yMs zG%7>7MK7ewPHT3%EI1q{`>uAD9@QzIRz_423DbBjDw28rtoJ;Ok0PYxwV09U%Cx$s zX1wXXQK;pxK0Kr3j^^m-cp1}kROOlM!IZr_m2|$B@wO{`w3Q}_)bnId!=h5T^%&@g z&V#Lrxlp^K8UK7v6GJCu{+=51fh>la8js_hoJO0hJ$|dvk_uosirNvYYW2ialEJ1s z@03b6WteL@;`+f<^2`OZ$HwceJeR@Z2%``dBKO#CSa(9hAt$|r+P@J1qa$P5!~Ark zTyGt4AXak_KPC}VFnxXv+t`4R+MP3ROs0qAOqS()B9PxrI%=T=;z`*=x?J2aY^s)+v|l>` z|647v+4oe4Hxu)0zJChIi_qE}&99gZjPIVcJOaQsfU#`YAUAV=f8VZ?bLhqHJDJ#_ zYUi!eMXTjdbM)ALM}X+B!gt!4O`;tJHB6d-jY`!8DytN+Hc#_fjHFj!o0F%_#jE+NmTg#?&MzqWFEf(S#sZ%HO z+pHUx;B3ljhaELy3(V*+q+8JN+nc*aOX&sH7#rzP-gU6EA(#%A<;kTxY>{3`yY8}H z*s_?V<}5o=s+r{%kNgD$%+xJ%3dx%E+b+E}G%Vup!zFktdf`9qqQ=zcA)nhBUevIKtTt}Fr@aCHdzX|EJT6Nr@#Y8>;zY~k$k zDnUy7vr&DC01{l@yQp2dVgEN61fqeQZmwX~tq*eIFa)PSB>L@QniD`1ExPWxXF4FV@lmhe34JYA>EquqU3Wif}60TsYcbTv>u&rC;6(1pY#tkuo4P~qDprv*#xuqg73S9LiLG-Z=+YmcK=$QL`~qE-5!XZu6NEJpz} ziMK(N%VO_D(Nt(F8oBP+{44E?g!9&Nhwc^aBvqL$ao`lcaWdZ+Ee!%NkKcWeb~-*$ zt14_r*PT%agfkh|6A~SxnRJM2=l7T3dKjOi9)mq+fPJB17@0QXLA`FHwWY8*O z;1@zoRNAi89s^mi1Lt-3gDz)uYEQPGJwH3UeXO*uNkLShJRd9_7ZKwNm4QPSXHyqC*C>__ zxeqFv2(`Wf_e+E8jkY#kS>arN9e#w+T265rRzBq7GN`5?xUa0Q3sBhXr8e0cGND3M zY6&5U&J8b%GtUg%B?5u6B9&N^?!*M&#yCx?khImWg6;>}LnX1H8Mqd1gW)s^x=XH# zNc^?Ja=zUeAP!f5wqb*rvS1&SzWO=S0Hh=5w#fy^-35|S7dsU#APF!obYky4a{Fa` zGRQf%bfVm5>NdNvYT<9s&-y6umCTGJ>sS4kByKgj^P?k#dfrly_J z%-BA!eil>^;J3%30}dgz?uVgeR%3bHDRJxZ_^S!g*#`;dD^S;;5TCZWX$lVh37~M7hJ&r=cs9Eyx)Yo^fogh=u zE$en7-5ZOa_1#61(=aT7uZqG8R*bdNh7UhVG39WZFTG_P7;&>7N{dU`ep>DS&iiX1K}8q+jsDL9ygwwyoTfk;Emke(Q&81Ol_~H*95%ma zI`OIg>ZsF^<6b0Jrr#s{Sr_!r#~lI5CvhR80Y9!9{NkVyzktqa~^|2xtQ&Xa@WuRWLxFB|Qpz!Y?*ky?%{Dt-J5ZPve8% ziLCq((By8+%C9z40110;QL6WTkgoroeg8CCj{r?D8f1Ufvbq5vF;HA`^A{O~00YqE znlaxmHXFDF*efwD@-MCSkI(t(DWJ(Cmi}Lqrca50z4jS$#s3@E|Iguw_yU>`c)yqb z#b)~eq-2|zQU9Xs{4H`n5X|duk^50={4H`nC>xQ#Meax0`G3gDy)#e``g1RUzb)Rs ziu~Ue?|<6lOUU*&$o$bC`5R>ZtJM6C9RCKHKg!PEAoE8<`8UY?QFi_YnLiCOlbeyd zg-&H_;3pQWGaKcGjjzfL;j>MwF57Qz3%me3tS%GHy}XK@11C_2dZMc4Y7#`Bt!H4R zCqX7%L2AS)+Ud?^p+>Wy^F-v9WD;X}@GZ$C_2rAjNq2*`>Mg>P1uj0PRs1i0SV3e? zN7^@T^Az-&Me8}4<>cfu2PfFCn)QN3kw;U1QAjAV3*2<>{PN;|kIRry7JwR>qaoPw zGsFtKC04*~{u|kxHzso^8OW=AuyjXT*voyZlK-8jIarbl{#ftUaY7aor=q4tgicmq z<8uu2SXb!HR9d=x2$Mu89n;a|@v(LA?LyDsvjsWd^CluFb90D$QIFn`Bv>(?)0z?z zk{6!KSspGl^jXp4IeMuMl1ufcCJw>QgD3mUdw*3M%#jcL_+2-Cl7E|; z5MQQR;(3dQ*1lb4fpQM%QiwrR+)6`k@oWy~H+8&cFOmQYzoz5%V`OW!(-~x7!E9My z@B9g3JL#Nvs#6Fxmc(}XN89@686igyT2VN|t3diU9g-aXc~&B5w!+4Pk&r?CY0Nvi zEo=&*drsqK8OyyNrD{Od8(cZhek+#K0t0e#ut8*KQ^D$Xu&Od_^3mQaiqw?6v^@{- z%XFh$+LEx@?AI8UnGLk9N3q+*?Rl>S5681v)c(47v*#X&IcR+~w8i^3Q5G>o7CvhY zn>!e@roG{~G0J(qTMs3r?a&+t%hUT6+wMy(jlP(e)!qCT?skpKw=g|PA~8$mMRtWf zE-2<+Q-x`+rGrIsqK{!0#vTZGi*MmA1>##v@$S$R=D#keHpK(c6UJHAifjK)E#>DY zC1$KAuWXvyBIz;3hIF~PBtypwdzdG0AI{&hgG&(MJB1LJ%4oapm-<4XR4O~3Y}|(% z<&(kAldd#T47#LZ{#Zf!U&;bNW=2JCR@aIqNUhX{2Jj$WQ+-s*kcap9;Cuy%1Ee5v zAWZZsdUJtQS%_iX!9J*h64T$@S!kb|bl+s!bDlB`8-BpO^*$pha48AKG})%p0+vn5 zwQ$IYLGprl>T2J@C`g$tHvgW90gs^FYX0oyV*pat0zpa{Biek|l(Nh~UedRT!_>8o(etGT%gm-Q1z&-ubDY{^)<9pAwkRt-QaeW*{*W1 z;K*^FbOGP8JJhM~QV6*U>E6FMZ-Eh<{B@%!>KmS%ZzIr{@8BZmD4S z!2b-U0ascv<{*n6rmJpSK5_WEJ-?!;hj~K1*v%2K8wS1IZhvL=`)G;TtqV}3B~k6P zfuUs55kr1)kbiNLISiIrknaNWh{^35e2H2vWedIu5?#^f&@Z-~eLaV!Yz?(N2O{C? z>%w&O^`IZM$~WQ67Y8r{ zkgU+QMdy*ey$3sQxd@R6I?upxgtGXCGarxD2T_Ib@zrNHEP;fu+rlR^I0l0`8kgyn zppMBAF->tntN65X&uteHC@e!yP87CKF5D@yE607#28A{m9m@nL)w!F;JDt4ut^4b; z>|_a0Z(shp?_BfM>MK!CNST-m@Ej9UrH71Fd;3n!2iVSt|t6H+j&oy3WE+ zNn^7SCEazW5^KV0&$A{~)B}*b771g7VbHvy@l;8LIJ(j_+b@14dqa-(X9rpqWPCh_ zTW`~|nsXgrl9Ajm;8CO9?&O|QUmM;ipAu5+k@&M9+hY(FdK5MlhJJ1fo8f}J!K8sL z(EDHJ=U>+2*!3;jw1A?)LDyvslcZaQbr5@fU9;p$*u^;stQWu(H{47ylNMvaGy?HtdXfb~HQxNt|3+zq~LN(WGE*L%b9@^dWTntUhd@^0Tv2 zu1UVGU1#Z##8Q_IF-idme|j2vtipMhG#1$7JT3Z6-~gm#HRk@8{RuQ*0lgmNa)Shh z2iBBB=wVQa&HMzi=y5h$C{2oZMd^A0yEi!WoyQn9r zjq0P6{21Q0?lI%LG*<)Z(zMvC*{vs{2^O-;J#)%od~^O}do8clIM=I}CL!W%f7${I zf5YXhRBf(ANr85Bw{f(6_Q4g zbb%n6ojN}g#<-YjgioCt*Kk9Oxe~K@rjD}XiZ{5dM)P)wQY~~+c#p|kdKyOdUkDG1 zAJhet9KH~U&;FEPLn{K^&2@g!eXm|2nU{IyKX1m@!**$^njyo}*^gl?yj*H&D}!3r zp&-}KdYdm(b2qcH-fe%{N0=g4vvhRYk@RtLya)z*>XVr!#OX?~F%t1-CsSp5!UrU9?u#`WlAOqMr+3OD+*5T9 z!_jj|&^>02a*m$g3h0<^s;GrIPX#V&isz1(66x2gck|qfL>$a~7xC%NJ8fV@Ag6_? zqgH=?-)>(;n0fEwaOzBq^lZSe2%sVz+_^-Ldt>BmFS5sBQ&YW^vhnBK-Q4x?(nqL^ zHefH=qe)*Pqg@-s!tgp#@-F7Z1W5J`&0vwY`2sw^4i8L;lY1V30hu#5tfIE#(aw+oNY6jP5@X%T#tbUxM%qCDbn+x=VJS z#1E~xZjKzrAMzfKpPrrxExBuzT7N87_DJTOC_bQ8k=9e z$)|C662~{mjYG1hUDL3RrJ4(PGBx8&w}FDaZ_D4G7qz zeMr{8VZL~abp6d=zePUW6%mDexD)t|7Jq^2#6Y?VGk*0*L~SRUnc5j*X<&4V0dx?_bqn&9_a7W-pOe7AufH0TM=y0G<%$*O$md1IyrGW$#q3CC0RU2ZA zv!$5tKrs?EyI%Y)c>+~(_v5d|DR&05;0gYAE|7t@RKl$Qq02=Gm6?ucCN2-R;z@}X zUq!zPHlY14?>EyZ4^8E_@4l|Nk|CcMVcbc~pQAit(HhH{t?XKprJSj#VqF23T;nV} z(%+)lC)TWa2WL`_<&|o4a?Vfx(VVCWsAt(Nu7g(>TOec#?$^}M>{WFe==bB~UH>m~T z!T%sUrPsXV^PR8Piwv6Bvb8#6%iqW+RBP%BD||U|T&Ui{){xE~s$&`{Hi_01tZqf$ zs?VPThL?V;u6&@)@K83MMP664vN2Hebd*GsV~vmlhlKSBxo61-KErLWhrneD(-OWhAw?~aw7aa(uaAY}-nUu(BM z+{uc5fv6}{<#@HmV*~71E)Pa5BmUlh;dmeqA|EI(nf|ulH{#w5XXcS2qhgyBE$dp9 z2eR?AM{m2BslIk*>uS<=3v=se;G8Y_%emKqeCPIf*Im@X=;gOzmHO;YK>tc|F=68$INKej^|%!ldtVcmJL&##m& zi|oaQ(h9}4VfRKFssQy2?QJUg%hM69w~UU9(jG`pLY<3K6_O?~NV;F1doCoDbFWTw z4rx=7OirerU8gqnyL~jXgY!gLIl@{hB(}8CEnD#%!TqqkPfaFVa)05o7mRC^fL2qP zkU{&yTHyuQ#v#7w-dQ$5B$brBbOK)~c8hAyc$E>PK~iwexRyulNyOe%e7Wfi^1fgb zN4N?xmpQ|P`(9Dw3`Xq7^K-4$?|GTIoNaPGcNl|$VM^eyoH-@g6ge@q=PMQ`iL&h`$a@p5u*zcF}Atu4yV zP|*FpTqKa7nm4ETSq~}U1F3W?t@6iPH13*qYT9#BK^IM`LRxO4^I@Oiwtxpq!f!AX7BU}NNCoaNMcO2E5V&PeKc=!NZ-z=|0=%EW8sjr*{v z)~d8_K!qWap-DV>AC+_>pX|(cW}o?>W4{5rPbi(jU6H)E*YfKppLy(k!YeY~&sI(3 zo*aF6huyeOzdD)s0*m`wU?ektn) zqB!e~8BXN<*SXKm?06k_QZtZrA^fJ_SfnHAB54?_UQ^0^D3~vC+pu^?Ei<^B^_=gz zxD04!iq}LZ25ujZVqp9__O9{kE-)cvcTG;fo+D{y;eMfxRiZwUMNS*$UIYBqACpJq zeW3qj{c8`V4`tmz8o5lTW@%*Flp=C==jnkbJ-dkja}w_LM z{#30iNjU!tDh6T1l1axqusMpVKip;!v%4MPdT}iVZ?ms7j>Bw}R9E`3=x#}7xY5eH zrYbU*&?H`qGJG`yi@B~uLHdo+l6OAn7lmJMa48&~NqyTm&w1I|?t_LyU|HjHy0Da# z2CW_S-Xfj0uC6WVaM6!Cm`l>>35L{H&X9R6tlCbXQKyrqiVrxUKZ7Lj?V}iOm)~TA zT}<3%6e$bp?N61al8MTV5OCd5m!QJqsNY{C0sHr`tBy3w#XcFb7R)Ko>KRYBauKgIS`icw(9EXA*SxW`|SL6UdT!Ci;jqAMRfWc4B`X~>JR%?@3mcg!I^3o z-RGO2k_vqsTVjTif4f<)%yJ}$!jdYBCANb`h2ju;Rw_i1w!h9q0o|?}Ab)K_$fQZ9LMQk{v{=HI{GXioIv#0~ z;T87{iP@8Vm}J(_rJ}cmn*==xkbd{b7o#2F8?=y> zo!4h~oz_$c7$}ZUYHFZ3K5NXovm;E^L)N+~^W_Nw{KpkfyOW!SzviD=koKQWAvZ11J<%#pH<82w7$9PBiOoQ$h4;{95Y7dQb{%%$C+K+ z34l(Ia7Xp7A4#)?FL!-;Ya8@Yt^J)1yXr>YAf69wpF*xU(Z2{4*Fu`zNs}RL9V6im z)Ju|8EvS^bjzY|B^`LxGb6mV-jP-HPc%hOBXWp)Wfo6#fKx6i`H&6WSlROY_9X9$} z!>JWT*Be+uN0k9KPPLvmQA{;`=4?Ma^NRRmBz;tSYQS8slR-km zS}W^0PBin<9Uof;4#Q9^3cjyd{VpfM>`%2ux%A2ZY1JsHaa|S`RM;Hb?pNB*Jo>iz zXnm|i1G2LH>X4Uk@TLF5>{?tJe|u0H6~)>eN_4v9_X?lmV=k^14rz~GK_=HX(GGzZ z!`DECz7(0pbKm34$=XLyKT$8$+_A@}*koiza9%j7(b?$6=L!hX){=v>&@1@+I*X-H z`{f?d`WFhM3_Lh@_{NJ}xo?WH3!$s#?ttBFa@@LOjz17MY5m5H4^6SJ_)GtHT!8zV z195YDfe!nb)^56PyA*CmuG@l&6&4Sd)kv{>IVkIuNu z#btyhU#lUk=kg&xD_EINr*1f@y1>gY2gC58fSHD6~?_n!l8DGLO2N=ysi zjI4dnViG>v3#aN<-}iB^xUR%2y!z4Ozro0&h}G#kpE645L(XH?Tm80}@KX{$8eZy~drL30y4 zj>zL4M{Ih0l)MpMYC%;z?#IVM0biYeiaj*b)8O+0py8Av-agw9Z#)zPuIkrl%$po@ zDt)+L#(c}tu?Xk{7^tMeI7O!nwXelCSc%lvA+N2>@K~ZP1H-TEI_};nr6!cpd=2tJ zC1^2}Gex3(a7VlaCeFc1zyYhY$SAQG8|}Axy#=SU<@=|udu)b6`P$R^gyVR%omsF^ zSHL}5mE@_r;E0wM6Lu3C32#yymxSQQbIM^6OVY`g%B7l)jDCL92GugAqU@u{^c~?e zay@Z8pybHLCUMeZO!4}=t(sjXshaDbG1$Mh0+4K`0pT($s2DGV5LJSTMY#yaV8wge zci0od9W93VVx;bwN*dvY=WFa{b-X__n0}zC9=bVR8YkkhzH|?dR6nX=E2HOuMs>b!%AcXRkpihN;ek6Ph#Ns%BlN-+mf zRnBkSm{>AvjbT-KPA2MYeC?_K4XC7$%f;E}BItG3oyACrplInThZV#-N9{Ms$6!5x zZSHu*YXNbSvM0X$`CBOC|KaQ^!>VkvwIE0dY(hf1yQEu?l13Ei?uJcwhjaa3Lne&Rs(!^7xy%$cqJihMa@(Unlui8X)8c`Pca-UqTm`r3{-T&qY|K&Yo(2T!LVq^Fea%0v!;QhMAFQoP;4$ywStN&+iC5Sz3UmZ6|x^ePgU2z=<{JmTG$k7 zYWc_=A`DjDNZl*DFBZ{d6Z7S&_%Sbd5^P0j*9hL)6>IV&fDAxOA%NyH{~;cI`R%ws zbbu)uy72FV2r)zWX-X)xnkne2XxsRWwr)9uh{oA+)3kp}F{A5QAH%vohj~y;$RCS@}?gh*7sR#afK-Wei}_{3xEyS43`&=%dh=^UEJ*Yje}k zcv<01Qx!Y0fG{CijERJi8#2sWdW&(|bs&<3BJw_sm%TGj@%6vYPvNj-W?;oLv{D&0&?Qfc$WBl-wqHPMH9&r8+2Fn{=9>{?9Tpj>~{ z|LlYlN|r0=x=o(7J7tg~B&}Z7_j=dk+G9yMVC)_`kz7n>Q_(@M!myB254pS1^^V%@ zm5@fI>G1hEuqv5Zi_mSiQ)*bq z@J`5t!r^gy0>`XGfWUjfmgLOD}jz+R7FIE{G z`lmeS|E&W4Dc}4F$-!4m;l0LbhL2vKyt znrC)n;Xr5;y*Uf?x!(6oTc|dxz5+#2?5mg;6>YYd%rr_Fk9tX1&JWfnOK(|p8*8x% z%<$E7h3$X(SYM}e59FJRF^9Ym+7Fl8v3JpV9?F$avUI5{?{56o|YR!o+{$$($ z(Y|2vereq2n~Q!`+of!ZdSdM1Og53*xw!Y9HLRo@HULjsFPBv$Jx_X3J*6($&h){+ zW}ue$xu~92%>=?RmRiRJ%ak z*X=>S&cV5vU{&m?tI7J{?$7NtLQXv=>23ky41j*5WET~z9*^2iHcHCbpiGm**vlgh zLX>MP#@nF9W<9ZDpPPxk9~7J;_Ak^nyV9EiaAJ_d<(+T}-Q9Z_kHm&JD7uj+mOYQZ zZ?r_@I&G@)bB5uD?#Ig}6(W4HXxFmqD|;J=I1#psLAhqaq#F+^qp93#(Zp=R31uWk zx$zhg%@I`$tg@8ZJe9k8a-#|F0b`{JEqgEbos>lVLyBN!RFmaR1&Qf{2-6PlYMj;a{+(xupB@=Heag>6%H?R_$S zS)gLN8^#N#efKUB#xSKNPAHYc3B><$us?`67mPETGab92eFXv$v2WPE>^FL(1(;rj zjVk>+$nmc*NkxFs3c6GG4Zq=hpT9!&K*%PL9(p)|Db&WV)a4fDrir2n%Y;=A{~l}_ zs6H{t4MIG{i)>s^MU@r1qO#0mMsJh@HfR;n6}Ut%-(1pWx^tMCX08mY?7Hyvm;4(TWhAKMsnB2U+OvJ&3pB;Jo5ZM22jznEps1?g393E1|?`VUdKM}Ha<-p=H`r1ZLBmYTI-LxwNQJnyD9R}iTGnET> zw7DSdOqa?0a6#dhYVtge1^J(*f@}h96ti}t{K4jsT_+(Xz`qdw1N`fspUV=>W3kHQ zr#TVl%b`E2`6lMs)%m^G$GP{m+%SJkS88e2Snu&Gy{S0u%j;DY-WS8N<;d>k_1yFF zH=o)A@M@WOV$>C#fJDalBYI*vkJdb7eX%b_n9?kH77>c^Z4}zdgCM_HiNlKw&6b)y#K)~#30{rS&~VIQ@KU~xxT&=WpiC{uAvj5H|&m9%7;pq9xt7c2*?&r*bsMu2lIf`M?xz4 z;c5>Nt{<#R((p$zx{6Da>Le=0i7>XaIHg|^By_SfE6vk%8BH|=1j3l?8jn9wVfc4~ z^bq>@rEClE;$y8qu;#0HF`*j5Kb!I2toljsvaiCnOXD^jiL ztq_o}cn-gWv_49+d9^)NP|0OC(#M#pY~=K_1FwfNR8l;oIHB!#IZS)m4J$wbXbMfR;Q3w^At!K3tQ|Hj^t|LPd8sb>1NR9 zK3>0-v}LK+&ConpjS=PBKEUw+r(pJz6`Re>C)Y$w)GG4{bs)b&B<+|NurZqdBX-kt zz-bH%H$})I2egmI;)tou_ePout#5zcm0n1#PCVXfzM04+A-qLT7xmR8E%=$;-p3ga ztMA4N7h4z)O0YFf0lwHE2hdV$H&4|mwa{IY_G3D3F=(v)?fCc(we*+tWf!eYB4Nv* zB8}^hx$>!87F>sgrOh)~WM3ZxASd1Erm^nPA!2EEec$Q}6OeVNaZ*0uV$){VvvEtY zO$w!h!NRCCiP0U^R$pbCuN;$ed!AU{Z8M*}7ZgN56$S+4tSP1l^of}}*mUc)0U~Dt zl2FuCVHpCk|0Y)8fnd*q8$PSLcjK8^SET;VckDgA>& zyo)wKWG%U7Qd>oKU43v$FYn#1HSDCdG-~UVT*&DS-#dPoE>R_@+PF zuKhHqu+30q_vy}X?LFEwRd-)$PZ&cOR1!VTvtGE$yxR#h5vlvt8rQp zs8fSfomla~$VT{c5NSnc%by51A8GQ1+PjU!o51gk0C&>hy30)FT_rqo(nWoDBFB}- zru>!e9!Egu)`^Xl9B5vRhg|OYKJHRVF%AwC!sSAWGZ6ZBZR@{kYKMVVlZ0t2$UseC z>7(Z5nyNPpcgsAJq0&dG7P}V6G^|NxWf>YuG3k8L<7)S&p{Q)%$t@?L%6fbTpQH;G7-3`Kh;e@5 zG(1ywx0%-*VwiQ^qA%9030MDHGY;gEHSe2i!+KIUavQ7nbqYWB3ri7!UeZ1EE4wFm zCqDRGXT<@1sRc{b*!Oyi@7DlLGkT3xr$Npi9jQ-(8f9j{8^+Wy0y6gj5f4!~iAxllqoIBb)IIfe$FOFk= zPUtmBDX>gczEod+>*#oM#qXIoW;d)1NUXcSOxXXZVGF3NfDbhOx?vMtyT)uTCCw!A zOcw~RtZqTI5lP*va_*CH^nEOmJ}s%ZZpSQQ7jj+nj*)+Jl1{~1a`&mi@Z4o@W`)g; z?}T4#uJYTq8ApdaYtX-7_VzeEz)j47^I`GsC62g9P=oKtFY7KSV<=v41hRhSMkmKOW=GkVu`_pq3MdWbEZ z84~qS?v(V4ySNyXxYdOFH<0qr8QuT$N_grW#KCY6w;L;BiQsB0wOh8fjWm9%=tSlh zeRw!^_=Xl?@8(P7CT&OaETGa(#Sh2VHnU>*R`z_e(<6yQN3ie}m%fQKnH+ki5o-Vu zJ64cg?S;wh1#AEjgPy(8X2+xR@aT*@_rurGwFHO&5Ghgi?NZ3(6H_ZvHx0N*xeXyQ z?(9n@ad04!u?*N)ZV&0%DJ_QT%Vdc(HD2$TN^A4^Kj=^HU3-cnr17%p>f>5(+9VEH zLRboFszXUOI{N9Hs#GeE6=_`ddEGZvlYPofS~TPhI;A&w3AX(GwHpWPq*SP>8SSl* z|K_xIJOD9g_0^imhxc;t>DGWK-F|w3cyOr6+E#hynLQOCYEvI?k0t8)oOh}kF9b+F zE1DXNK8q%q=>^@Bjj)Dq@8Bz(&Shbj@h*y}@8Ftwyy+k`1 zlzU)rYQLXv;<3?mKW!?GuHAx%Wu)5Aq1}528@)`R<5(rF zaRc&OABPFFN3LJ23$ME>Z=%rS`Q`9%?(gt9wDGxHtfNXV6qeM>@-!c2`gv>DP9dk} z=Hwtu9^>nI?OC7}Rh5FsPbUJL?F@IJ2?$WpS1@2c`F3-jeYpoWu;p(z&xl=yS^U2V z*aiTx;lD2vPSX#9aK39PY37DDP@+DFuQ);-(U+eKIEStW6ApR4+UQM?R%@!5!4W+S z-ZZ%pdcQ>Q2G9X0C12qkuVKDA1Brf~``50_wG9?c*=|K0;{9HoVIjLc;y2vTklY~} zS$cz0Yc@0KcLWG7-_M>4xPD(^IG>Ar^Q``eB-8D4m|hG?g5?V)&-jr0B&;zn4!Wp} zp5bu$UX4hP7F*FNku{ud(V!E#Zx++7e#QbBB(6HQsLxd`mE8Uc%~~h_A+bX_N{7^N zU{9BCqPmz&wiOQ`YgNU+t>H&fRLF81DoPZIzDj33wydSVYJPBd_h{-)};y~DsXRT z;M{lDuCa}ZBo-NnL&6IM$&nbqG}ZuYASwoJz)+IenNZv>>?M0CEn3cp@M%`$jDC&5 zUIB2(8e0PD=GS}PsOqYT`yTNU*Vq;ta<}!OuBXko36($KTBYX9%wh#? zD$E@(v49N#Jjf);J`i?3@;G29c=_2MR5|c!{g}6Bxm0y;X1)Xc$n~OH5QbEIZ&{Mt zaJ{smt|nCrR;Xb9UizqN(^RH6KEH@>fZ??9!f{g3V)9dUQn#CFBfA`|v5s;e^WWI` zQyb@YL*LUiJ@$ux zIZA38w;e@>fGav9Hr>8Yfa&wAh1aJ5X8&>ZDa+|%jG@A~ zm(nxwS zoGl_3<3tsie_vzmW0#N{4MZgS`fs(UK(Xx%F6oMyt-bzmW^%$4;qa+RBq^(&B0Jgl zyVLg zbPE#CeZFH2c`>P;=)U1{|JaMo)(w_E^aVNS_J6J1{F1C?$3l9L4$0>E@KTHXrbbZR z&8NbZtU%{|iSW#FX#Ps(d_(U-lb+xT*4A8p8kfz)91dAp7-C5&cB}y6oX%`4i995m*Fbz0TU#B?FHKR17h+*S|9g2q*mJ z_~ChhD&1Pl;pXuy+gz5Jp&FCizvph=LFwT22XsP|$j9##k`*7BePR4I`ab4|YQ+t; z3@mHoGY1|wo;4#gHbd|;vbA?yj%2=LQg^<-zj(Z`w98ZH7mVi{vv$TmCiVI==k0138JV27&D?E=YeAC`b7pz297Q8<*&&jQ*qG>02sUPs_( z7;Z3YRP=$apI5Op=sy}fV*Vyxq;(N3I6g>KIgT6ITI*nBGCRSdmcG9>l%=P2)WzR! z>HEK0019+H)#eKl&C?B&arX`EFENyQ?qUkjYgCxVfm}&;hRb3d0D;8khB#Az+;{YC zzF$>xxlJ-pD<(5u^cFq9C0)p&?PbSp2zDywF;;4Bn^aVqOup=kJmuxKdW;US54WA0 zS-nRVs_UU-&C-eOV$98My^h?hF9lbOh{BjaZ*=6d9ho~Qp2T?=0KAPD$V_KcA~bL3 zw@|BJ6N}E#7lLkw!W?B(GELHPb%@6tpCcJDoy+3;i~!_J#mhONze`3#iKQ(z(f%Q6 zjP4K2X#dG$r)GuchpwyCccq6Hs#q%o;DBVHHI&>G-H*K1E^C1zxR;}#&bas4LE8X6 zNzQb(hhl~h!*SB_45!%_1d}-H=?Xamnv=PjA6on#N9Ov?RwZ>(Y9$_$nFF9ioo2j~LaXr5zj_r=X|x=CGC^qU10nKA&avb8 zSG=KOGV+m&afs4mLmOm-$`&AV;*c-o0EK_~yItGq9%5_<2_7Xra#K z3A&@fiw=3}*dAoBi*N7iC1I+blvadkPyS74bCA2!CGb`5+#2BD`Rr9T;T?b?mP8T?i)&q=BVdEcm(}ou_p;wcM{dbI^lyC#`N}>o5vWf3 zwmdFSYm%z!6n&`{A?RX`Z_`|h$F&-yBjB2-Bzn%bR`&#WFBH$YDUR~`iAQF=lwiSH zG5~qWDo8jKBISUoml>WvGU@ab*N5idaOEz6OxyTpi`fxJS&lijfb$+BVAq7vCVz-} z5bg=QTeJ)E8~@+d?S(?nKLBCd>`xxr$0J;XkEHgemVh}YE_G|he_1#@PRHT{+)Izc zYfSh!P8RNN!Uijr?pi8or}jRYu;FO+#mvf>d2w|FDWHbwkYWD6`2rzc%tJMlx;EnBYkM)?Bi6pThiRyO1s4 z?6icUI2<(b(@vgn3E6(%dMwvQn{{~xa;CgRKQnli*oMPyYT`+NKdpk4q3-+qWwjl& z4R9Zp^5yW?&o|#$`8xp=#7@U24zNPwd2D8%28Kjk#ot}U-XQ=KOFm=y-zB;KV-PJ^ zukAih=YB=|h+g)F(+p#v9|2qD6)aM}%I)Gw_$zGW@0{okM7Xfj(_5>cO8dApnhXy? zIue)_%5U6}2)y-Ne=uFU40@{lI@r@v3~aaLh>eEtJR#%~L5M2Nm}QjaFN)&TQzv;Yq}HPye5LhS(hYjpc?#)rQdTK|M( z13t2$w#S7!1r~vCBJl9~0DVYrEeVo&WANbijU7ldBgUTc}fliUJu=YLTgj%KXAf@}k zS`ui%Y`fIH;vfiUsaf=*0)#@w?wDIfKpcRCz2=B^A7@J5pIHw;MD3bZC*?m#0EqV! z&~eE+uG9A?+6?d`C%Z`$1zP$Pnnb#zu#P7BH~iLp;6tCSj9aaNL_7Itzj5}S_4tq)usF$fU=J;RaYWp?<;ycZR|}q?930fVcoy4=(~DzQcwy zRGpUZ;-uk}iRj-i6Va~y8M>ynBM$bc9bYl3mno+Yu%$l?ILs4~(%YM1*q!-w5}Ur? z#$301GMeco^>+h~ee6hSZ+}~JaY$XvN%vmGMDIJW{C^9=lILTwgXh4~SfIb0IN^OV z848LE5oH3&U+z2H9|qSL;7;B9-%#KmL|Jy(&xSz6ESE@60Ww_052imGsUddY?V@?B zic)@C$S>OYpC3Ot3Z&L;Kj%9THGY;aOH+f(mV}@=K-icj*4e!Tkxa{er)h zWC(i54(ZjZzrthL2scCc?G~x&-~~l*pSx}X)})N$yrG^<3ngeE1_%6Wo`*lKY>U@R z-2QJ`zerVhXiHZVk@1qBPv*TQz;y0SWJsXP#QL3*#-_t)`{_~% z-uqPg&3XCei!m6he{qq2y5MKJYH&k zHcUJa!tm?k+iRe}JZzEgwKMEcgWUsquy)(#)i3CG{U7fyFYFZ8V43*NAq*r};c_+f zvdjO=h#vb4Ips$mgSjFD6={7IE?4MA`}1EHT5FB)3zS54Z|+rn*DGw&7c$T;@xK-Y z*i9HPFO8AgBN9aUw=3nxrFr+SGd^lF_>Bff)YODS`p`vQ)YNvf&h%fG3MoYZ0eR77 zcK4CdM#TQiJvGJOA3Z!6X3!?oQ_*L?-l`e7Qup^q`K!Cyq4>vLH6$zO|0;r-%7$r{ z8T`x4b7&y4!`hWHYbY-Zy^dCFubhYeId?r%?eLKQ%b$ep!A8lRrR4`T?zfec&4>;EX@)^=(IY47^~< zXXb1d;3WBdLh`7=6MUaHqWH#}TW|E)aQdU}tfqgBbVE26lT?QXrtg6N2_^mQS^g9_ zsRdwmQBPqIxRT;`9{)OEgYRDd_HUE@ljZ;Y#rXSw9D%2%JuB63!GIi-?w=pX?@Nc^ zfIr?H^st|r27W_M6Wq7a59P(bfBsiD%i-xCk4F2MLcO!faJo}>G|Mj^^7m5#zVSDP zO==hmR(+rP{D(n9W&iR5|Ndg$^FQoMb^E^k380(MVTSzuivIi!HXL}sIIZMmDEq*- zJe3oJHX53)|LYGO4(=W72}=mcB$r#@a_LD;2|f7z=>Gm0VjsJKbAb_q1EtaVbw~CH zD*nwMF9)uP>3uf83vq&+1-OU(G8JTh@o{1!VZJQ#UV_d(%^%JMACu}|hwNu}e)%%} zvi2=X#6g3{hIoHR65h?Ewu2?*E- zB8AKR%l=`@6TbjcOl&D?&R@4=x}`$!FD~#;)?$Fe4zp}xo(kiPIA8|Cjo*p?;?qzo zz>Is)!KkqP4}W`3W=f}&nFwGJfOL48fMu!i463vY&+@|Nz}}Ptu)H?}lLuu3EEaoT zq*bE`mNfai;kDC^-);qQ#ANeJ23B>QZj(nmn_hER-qFqOqr7Id7~qse4Bs zAZ>7;gA^j)r2q9J{gyjSA_7BTVNo84ssghh3!(-q%|;#=cmyFdUu-jdTWD(d8=O6% zWhbegI<1Q84;rNXpwYDs%Z9kECaCLd!JBE{!yu+Fc$N=f)D!Bulgd_VNEQNY?g!Ml zkz2U#hZ{*3$2*s=!G;>8wWOE2abOy}7ZiYq?&U63<|E<&G5N05C1JbJsIlO6sKD>` zGdmp+WKr>$=@CI83)V`>MicYP^X#O=4hgGK{o{a@zp>08NAeNz9D!4Kzy`r%BdotP zlQY2ifnFUbgw3$&Hh$<#g_Kv@%&L{tuAnZO0%Y;B!fKNB+wj{!I}gWjE|?EvhIf#; zy}4coI~$tYwcd&&g1R758!W48{`OS30*GjUAuCN5b6v19C4L(Nkec=+SHQ~4kHOn< ziTnL%V$g4+`OeruDlTG&fD}=JI0z=@Ah!H-K2)c|}fSD^0uA37LNzXw# zDFc>c9=!{Obu<83A}!_R>j2r68x62nW_}f{?vnvs{&?>nq3A@k>X>$Q>v&BfwAC0! zIvp3tVw^nN!ytrRNiP9On`a;Z-cq*xGzcWhB%8DSxzt+Wwr}WKg`wxUTm8tO4S_+g zxsi^9=o?s1%sg9TcbZ2*35Z<*$Dcr+7=0AvwdcSU^k;_#Vx}p=fa^Li*h>E>16SDm z3LhTTKmN)eu`Em!=2pqHJO@Dqn*>&mt83QSvM8i-mD5@H$`_}5Fh0YASc})9j2O@t zT9D4<(%8D?ICmCKq!0q$;K8&rSk=bMkgU&_*vkl^&5 zRq7J&87uS!Y=9b|AFOD~+1&<<84+H)m%m*GWS*}RHMuOf3is3vf~H6?0`if_yoMRE zRK++iMjKr1bTF^LYSE|{bi(Cy>`q(CHqQ9mpwti<0y~V%4cKG>LMr)Dt@xqOGIeSK zD31l~t$9#_#FoYiR4+Ki2sG9!heQ&RG ztXrzvRF(ATRKti7)oC)2J?J9@qw#Dd;x+O}#t*QZI$kR3;ZvZ5Wdim z=OhLNvIxcigrC9Q1A~Wa;Otj-@iQ{Yf<59CkeC**6HfsQPv>0se$#t~#}&$nQN|jv z^AInF0*?nTww;0KtB^yTOJ@~2^CoqfNk5){=XU^fp%g)%4S!$5VU!R%oKbeeHhIXx zMb~FwkQ+|`*U0@A_@8)AGsWw=mYa7NmzybKf%l$9;IR-lT>_Vp2mU2c0^avRft>cP zL_b)9G}*d0-yjEetjNcU7`Ef`L=%g6soS+^e)egi60UzNE_5m}N&D^}O7O>qz{$ey zVR_8hx&;~HU~(wu&|fzFAg~Zi<@X@42+*E$KRMltFtZ2U8Q^2ln73BKggBf-F-S&V zzk#mxP?Xi8QKV&g9`w?!1A1i=ShOk&bil4FsMGikX>4TiK=a^XVZ9sh#Kf1t2UM9f zu6D;*^?O#D4$AUCTb!ut&{FsNPLlO}G#Fo&Fatd#-udWBkht%^;$7)e$`mU2!4KIG zcMGw~0GS!bvtfBL=viej|5I{zNXur7fb%wT5kskZxwvd1{qk1IG$b_2cIxNG=FfAJ z%ah%DW)VGt&>8`u+pEKPFoQQ;2YnCg;8ANxs|SWidNpdmyMyssvwX?Tr(v6!TQeO_ z|KK@gzW+M&Cvo*cySdrt2lg8pf6hk!{yinEmPRO}9Jl~bqm}=oq7~CG=^Es?=-6D+ z>dyKnU>~*`c!dG%jY0S7M2C8B##C~VwU{SjNu}%p>6=>Y;g^zqA5AYkWAvbHz zi?Rbp)~`GyFzGuul!)9$wlv}W7X&pq|XCIU)gf|)0ing>CBuE8a;>U51=)(fOA#5oRLm6)_bJ46affIB#!1EjvlLDX?AOa!0r8Z6#%1Y6TB`=<%o zL8nGQLScdW$P8@ioM~GI;#n&eR@Pt8<2C`I@c8Ne$Fnrs`d-V&P64KoqRatL=n>1Y zC6qwG!X23AU2uCcc{d{32f7QMc7;LvJ>g8y&(CkhV8=7*ON;{>Yg;V?v*_yU${bdu z&OtAlMz7gxMj)>NL!G5tJ78Qk@+a5We5It(T+kl}byK!S+avNpYv$pK{%4clCR5Ch5*#tIIr?M?Pl{@_s-v zIvB}Bk2DlitrW~Q{S#uaW_a-nS?@maI;wMxSzFy&YKl)CgkR{}DJfart zbKkCu-aqohXsJfb+`=zGk5m}}{T{Gu*AYZAIX=8p4%aePKq5Q!xL>}Y&$^`R$Gr<6 zK4-2UFabOerb$8%^{vbBve5|y!yW;1F4!Ce6PP=mb{?AX@LwVh)2bofUDtPZ@F&8+tijfxX-cV^l#}3` zuYGaL`MloTxdMT+QB>PmB$?htyB8hkvGu>8DSmcA%8AU+4asJrvUL0zNC}io3pX!bufz{Xt z6(0>&D`JG+vM=B#66kS!Mpzi@S3$}j`n{eKWysLPA6~2nBj>8*N(oqepDNcx-b%&{ zU=B-Ll5e1x;>h7WyFC5D21FGOaYNnEOvu?SCW_wRoz`)Ral!AnLBxoV4$g*cz<3yb{-ssz->b6gH95^`lmN}=}O zzP-=FQ%^aDLb%#Tv$PN_4{T>YDWJ_>_dW4C0ZZJFyXa+x@0Vi~J;Z1 zf|y5M=%9y6?HHo(4R-KpmLYe!gf@dyB};A{Zz@#Rh+$kD%I;@BM z_?nnUW=Vi&CrFPJnJ3F*o1tHvcNxZ^&M6Qu~c=YHd&4{GNBO|EzGc_XolZ<*pne)R&ij5I$MF& zzy56=$TS>e?07C>#!dknDJ6qbTLC8$U?LWzbBL54MMyy5)5VFfO*QN&a00H#6N0xo z%{8mn!E;M*2(NnPR)q;XP=+?!Ixm!Ft z+EWYIOtt-NCX$c#EMz3DhQ9XelVGD6QR`^ON>l;NDMR5P&Qq)~%Ph}5{zXc4QHq0* zG*RDXU8d#5yghIF7zL-=XrRGD1*8H#Wj;_Q+YWB$WZnqK+IqMe*?4jp%Zj@p8c9_G zCscXHANH~Q-I@Q4P$+udELd$rR6Zmv&m_* zGPK=&uYB|U|0%7PME^iLZjIvOy#a2tHe$B;7hnK+9JY*nfN8_}6Qg`QQJ*J%;cPSH zE{xi>Wq4L%j|uxayDGHgi%RQe;rG#t%35EMAcR1&La@0?wd!2>k`RYuW zAeGk>VrG-JoJZRdgkh=%->@<8xGAI@BaSIcQukK`3W*(eiS4(M&8?0rv^G35F<988JXm4;dQjvlnBsq=8*X(>fqzVk7>UpP+Ndb%4mSK_#%@XX};?bR!EULEy; z=yxINM$M}N$Y4;2he)ofY$XD^Iulr}Xdlw)G=|upwPggDmIK zPz?Erx!HC;Vpmk2lA!)1a*9CwxseWDj;1nxT1b<3Me8EeGBG6ZX$Dt&7QB@%weygASs@}RndP?GXhoyne6 zJG6{4h8xa`q|4*t=-b5w%66b$-%t^J4YNL9sLl3awlM>*fw!PrADlZfV(X%UN^uP~9@<-KJu1%ni; z3glBxK^!gG9mKAJht@%Za#LsiRv0_?OT@HuYeno8mg@SOI8dAoio5S+!}@NbL{B1Z z_q=7Kb==fiLhjGSr1IKDZ^dFjsnRzyW0Tnbag5~|`!9UZ4STA=XRD{+!`;vr>0RL? z=vaweb42}_8SZV5AN2qKA{X2A!$y-{X5**@OTQ^)QOJ+8uY)3w8d$3p`>x7*zf#z?Lv_&Ty4)4{!GPf;#N`IW|rSDEn5BD+=J5g#`TQ)oU zkWnR|L=}bItDiBhT#-z~tCmVfL!^2p2SGNP%k^Ps$yuv)$M9uu5qBKEX~MOUuGO+E1j#l{Eh z;}mM|=M$i9CsB{x%Qu?%ST(ux3Vl6My-Oezn>Ms>TSnCouP_}OPnu!*H5JKZB{upu zA=$EZ8CA-0dYZlo3)wS*{2=3KCxk?0dA-xEH0(*fQ3uv)l*h^4DoyX^_qbU~FO{SaQiILKN+iSO{MYU^h#%O?RPcdwOKvgv8)4~<{sNMs;E zWx|()zU?8?G>@H^FVM$j2u`DRZ_LS3n^ey>`CJt1$a>{ZK0d;+DzA{Wt!{TKQ=}mA z?TfDrk8TrE3t%NF1^1q>W}ZR^C8wxD_Pz;Ccc*rX@Ew~r?Vk<2j0Rq~8w>}vn{ne1 zvY5K8Vm9n~DMMJqC)LGE`F8JROl$h@*B!OkQn`zl0KPQ)AWS*kg^^hLZ| z5i`VC`9aQ^*0N(}I-Wg9Cvki*V9x)^$uMydtUmRbT^S#~QL2DrNDZZ}3a_vhi*G&%OH zMFm|3x`unXLYbkvMgc-gxy-0LPBikEJERudT`7i9lJjn~HH)tDnLu@6%W17#6s=>t z+Rr0NUBGfEQ+OlsBFu+^^xHe{y*j^5xWjXart?k}QaF>Rg0eQxhka$2emr%R_G1w# zT=MD*s09{Ni2g?%gV~B=hOh%6Qo~1AP!eO<#5gU44NeU})*@xl+;_#FBO51iztjn>KqY*xjpjVy zPA(o1&S}U#W`wUlv(u(&_GOi>t78Xan_<54a6VLc=vNR}A80pe9M(}{}A(o>8 z7LGecT!U7X-4EO@NP4~N4_nD@7uIabup;Hs3U=G^os&pXVa-jk+ct+jf%jix_)D0h z1z*w2^=O8LLs#a&4*A!QMH0&e!?>|9<5K1&>CDyCLY?bCV#;rS_ue+=sZlx=kiY2~ zLPkznxAy!>>@$b2!n;vX=PPDy-Z5dTlFx7-j;C)KbF#+aok-CGu{Mz~v+~w4A@ z04v>_Ft_{cb1e@gk=8ym$G;ID^!20|D`d9X@u1MeaD?0v>GoNcC$Y#36VFyp3#oQW z3`Y)XZ|Dk`4iFR;+hXo%m}b@@4)*nx?Xhi_FJkUG)9>8k;RxCl8HGHUiHWiV7a%Ss za{2B~JLWMx+Ob&YaR?E#1i&!}8&JBAcfNb|@&u44OoqR*x*Wr{bYNT*a(A3HgHYrhBuE55odUxC6p{BSR&dAngtgu@ zQ^k-G9pMml#qQOV(`aMRl4Vk<;7{abJ7c?Z;PoI;@K5=Pfd$`HcL=j$Ks&`$Cr}2> zQZRF9fII5qyDzupSXf&~y}dT|knr+Yx6p4q8C2M@*eIaUjx+n?xwTT;m5Z#{VHV2W zOq|R)ek8vC=PO{-?;M_q!^_N zkvzi+b`2v_G|i`-KgWShnI4PDfiR zt`$_oY0yw6a}fY6j)8IN(pjJ=t&zr1%tK`S9k1d$z~~ z5^0EzzW!6*Pe9*7SQ|g><~-vr(Q%|QK^nNj?T=~-6iH`H{omD zc7J^UinBpiWC^yc&nJ)^E(js5@XznDE0t3qc}tVd- zbXwd0=>M=weqzFMNncL1n?Yup@;Z3DRL~G)Q_&0Q17%E}x&M{8^lwhbpU(%%Q~k}& ztnIH%txv^yo@9A~E^Lkj$xLZScn$(fv(2+oI(!-~2+b(23F34gC%_t13`tcc)+L&J zbV};C8JPy%#+d3QQQ+1X*JyMr z*LLW9ki#7Q>H=<2R@D6<&lcy4|6w87W-(W~ba=U>#!DO;+;SKXyqgT)Bu;s3Cs|S> zoO{H8Bq>Za5n00Ld>vn9;vS8!&+U)&L>fVz8f?EXY?06xuHq(^bG7C4BSG|VujpH| zY(w<4`F2$)Uu5h$4m!{v;F)-<4$&M@05npKlS!?JUe=2?MOt>)pmTQf2K06%Q7VhL zR>gGm@4QEN4*Jg`3C1Kz1j>m^GNEy>*^o&enlgNv?S#v{2BpLYT1=m313$fuvX}K@ zp~sI_E%gB`(PxQ%a*4GAH9cSnhXjhc)5DDm&{1KLeNIIq_j=6XZC@&ClDX;-l;&9? zteGHfM54SxrGkehsqv9p!#k#Lr2({=BoiSo5^JAtmUF7UE~0VX9&0wiDv%J&k*LoB zx3Z#^LDrZ>HWnx4wvVY4mxi%=G$~sMru%nm*cR?!FGN%<7c4ca>g+^CPi?Z)+MPzWGxX+Nb*e#jt1cY zjpev^z#`!Ym-4wej3%N ziCODY(H>_B*k+TZy7F@VWuC&DN1agb&`P!3B6m`i6=9W$T&(ftOo4n?vBUg``bL5 z$d?R1KlaEj^55~2H7@?~0;Dc@mwcBma(HTCjaHf$AD>@5Jnj$VGfA3EeNsy*a|9}1VQknX>K>aI#tvK;rtR6!NXxW;USn_@xnQ;@*}d=AMY(vPAog>p!HFH(uIo8zZ^(?HH2Rq+BLR( zh_OMJK0{0m{xWJ2>X4jeZjvJAae9c^BO$UDhQf=9O?t0)t(%y9LhUP!8$L07+M%_3 z4uh=)gA5agA<<>m5l401YKi}sFh&G-$ltJLgL3N`TdZ+J3xRQhkcE`w{>n!|x=#gJZZBY6nn6~{#!83zknwjctbRPhl}+0z4}r`)TiADGiD{i#np>zo27?CphHYc%T1U8b;NJkTE5)jI|-D_pvGk{2} zX1--s+O}F$d4u|REb34n=PnPY#7ZPGwiQiKqAd_iiu8orL$UW+5qH%wrBa~|*Z}By z4`>$8zX-l>^aNqA*dD_7Bs)TZK%EMU2Lp=QW^Db)4~mvb;nm)l!f6)05TxJtCbuHB zaC$Y<&UK%~ysNH^0?jD&(<;!+3X`GO4mB4t`;vZ=_gIw2>~Z3Kq~$Vi90h#}tpISR zSSL2X$m_m*pjn!IN6VCU$eu_l9?uf0BQ5&Jy;S)^Zyv?^t987&>;s`Jg5Y3Y`35T&~t>F!p#JETi;(Xil5-hKAI-u*xCx%jfau(()jKF>4f zxX1X7v<9`4`{L5=K_DI#a35?9#0{qRp7n1F8WC{ZvDJ?99t0S=R*X|lNzi=s9p>8B zir$<@HaR?eUQoK~5Jt4BwEi$iZw`Xhq27RTD0P7k=g2;0m_rb7WOo_)^#~q2=}AhJ zG_I!SA~c*N;F>T@>o(&k?e`u-v3bhr}=*1ul-f7noc0eSez{P_?qEprK6 zct0dFy#6N_o|w$j(l;E(&K8F3nBA~)#V@aS-6mH$Bg=+Y(7m9{Stb&;@YFEp%4Vac zsK}VTj-&v&b`h-_qjkKy@sQ;4k;ITBWnfD2Xha<5dCQ0++JW9l8W3SeNPe+kJ=jzp zb$_MriJt6nzMI8lD-vQ+PiSR}aF6}bd2d2o(pVw5>boV2WseS^FHl|v#2NBvoRzAV zr?+ZFlh1so)DuYp_U;2m4OX@Ckl7hpU?@7IH;z^+Z%hEC5xk5Xq8cWpe%Z%QEFXf? z3(?pB%h&7uz%a7N9UU6L)88-`(kVx}ZO-MK*@}Jh`Sha+IIuh_+4h}@4m znd$rPi-7W+(YRUndnVC31U1YM=QY)W9Z6|ew~>j}4*Uob8zrJeLxGS^7+3-w7QoPRYbg~WO<HwFSW1WtXArJ# z6dc}0QEi8zvb|eCilI1C#m2~9wbLjuEaHfb(^8!UhLxIW%>cF?5D_r_(ZzR*mb_tP zjVaj^ifr_u|Ayj-+mbCxBc&ThC%Ik`9N;wS?G!sxP)_86cG#_iI%|V?0~!%5Ph3a7 zJyAi)Y)ZEeB7XU}QZpc)nU1U{2eAVV7&3{vG6N5o#kGc_+TwS5UU+ne#NFsCTHTtJ zTY`z0`*4tn-B6y=sLa}uDt9Q-NTEs72D!XU5eyBuBIjeckpA?bl^K zmsOYbir1QY^*c^?EVH$CV5zz4y|)DHBZn)}HPhkby`8?@Qp3eEgOpJ|jn#;Y$K9U4 z+YTy)9$A{|-Cjqh2U!1U3V*l*c2Cn0Wcj~iF{;WanB>t59=kh*x~rZ9PN$=E4>52% z&;EaZg#1R}Xpcg>^o{IfG;s60f6w@MTpeLp{iv!ch5{Q@|3FTuyq1YP=^9C#EB%0; z8X8|2pTEGqq>C3bINzm-hmvN;nvBuW_Jpa#6L^JlnvV%3D2qT=9ckUC_67#>ZQYe} zaihfOvw&neB&OTq%0{Ohi~DN-HjZI21kSgg`X`+rbmMJ)F$lC!u*UBhPL8 zkGsDs=}x9F|DdO(FBR$_!}@tkd0muYu)%(#^csYxwN7oKadotB{%tMaEEx`Y)yQf- zf6`e^#3zdvhd$BXM*#muVwAd{DMNY24qzM4%o2{|Fuv2)Oy;sK9t>uej71VkQxBCd zJCl*Ksg(^)FTK7#sj*qs%8=F6$0#M6t(3`K^o$XM!aTMkO@VNmnM->XhB$k~;C7Z1Sxl z+N0wST;=^L)3yMIkMLZ&YMNaUDl@iDZs%`fyFFFc6~TWnA!6c`JDkiZo1jefMbeW8 zu9mWAUwh08?;=r<;nbFAT4F7|oJ&qTOFqAJE%bS;i5G)680x38)Z5#; zVAZFO_PNX*NQy+JWE+AeBz+_s{vLGOU+4;Y{_&OLHuF~{nThLYgJG_HZj#WL*QeIQ zZlfm8o3B4Xm)VXWd&1N<5<_$q$FGgJkcBYxGdj4!k&>QeVNHS4%Ds#tIqQ?k1+o#& zmm^+J9yPVJOAo>smTqayBTo5>s6=!P_83X)7d7h}UH%uUXt_?y!1{`+nODV8T8?9~ zrnl3q1FR)iuQ-rLrT;>o47LA63&k9)v&b%xLzOh0UZ>Z8Cz#E~Jx1B?XQw_}Q$*Wv z5)?R2=BcfGU%`l*-K=MHwuE;UAV>4xosYgR<(@34%kP|;6A^00QV|0V=fv+9EG-eV zlPSHBt>vjbE=j)rT=;W*<(}Ko6-u}EJ0|0Eg1fwaZ-1AEwK>%nz7!F7dl7?zsx~-F z-g*X0i2at}<2}3Xv~~TB_V@4-XzrBz6Fx5tpCO--cuTej^@n&nx0S1`P2<)~1>+0a zJWTL;0mo9<#}YNs_9_ng+7E4uO#s_w0=Fj!TbQ^OBshrHht~-P)j66S+R81q_qD=E zaB#|Ky+Xn1-|ev@}G`2nFMH zZrP7~nK&8knDck+j4a??)ZTyoomu8i^@1^}%l$2hU|^)8(QNT2SNit@PbDD~uY)C|?W@H#s?`nU1wJMYQ&Ncp#XP*~-X4{cE+6NWVl#5afA->x2$J>C+b0EdJJX)?lz5 z%k=#v!V}(9i0<0C-moabzCgCOA$S{*Kn(G2p`*-e3%o!WHMbjS3*31daiC=Lx5GEP zXYQ73o2Ir?J|o2qo?zE@H(F02boU}P+HL0M0^?C1Q!CC7U0J}OYEG_F4`&{Tlm5EgLZBA_n51;9XA zcW7O_clG>a+phOa@WH2k_BlNd$#3twB8`_MQ#LetrU*m+IABfW{fEOE^^L(w+@y#D zYYOp1Fn%&#Tb0*iCpA7Ja?8ccqFRp2D*CN@iJG-6%&@GC>=lb%*Z$>}`i#EWXm2uY zS^KDd)lBK4-SA`vw@=om%5}?G0o|h&scWxP>vMf#uj!nE3%7!iS;rTShnIPQKHh}3 zb2YtuUT-e9UqVd6j~k{-W-IcC6ZgVxJ!jV>{yhG!tfyFt|KBVCycu$SXScdfaqnz3 zs!c~PS`x-?0`hT7b*XZ;KqN6YW|IrGYmYiPw;FZHrxMeP<5m57U)(V_ zs_5L~;3}FuIVH59e{H)p6)#G1E2yHpzX>8Ryk%iT$+oFD+1UcgMh*+3osF8Yh!dHX z;$wPc1EGbHn$#^Z?VcWSqviLw=)=?!5ful1ZFr&3pDr}`$*tSW#`3t<>{fFX-;9E) z#$H$!^nJA}e0atXbFGcA$H(MwcZgo070z+0h_($sV9ESFm`GN})u!b_8SU4wp zHXR@EW;KE?2Sh{joOoHI6D!MlN*5HZ$xgzuVX@zrnIC~|-#nN-UT`p$9&cj57WdyUkhC zPxlDxe;t91I1UR0JBvZMMg~RLk9c=ll#JPymP!$$xKLQ)eEu4uut{W>2D7n=ubb>peDpg6jPt%{Xt9y0S{k$$g)yNY)egOwr|Ct@%B$hqa zA%dFTh(?tJPwARM@TtMV63ht+T;Td$I(`BmvRp<7HqY)-yjljf z{CT;j)f3v$RV%G;jaW13l%9E<%);MLHW*Ay{bj>X_m|S4#hD~gYJ4Ls3Td)$tu*eg zc8uiLk%Bj9lrG)=X67eFGDGf(ge+&^wlcUzR03>gd@uU^_YO{cwv)_iAl~XuquOtn z&hc`ieU7*|4Z-%oc>O;)JlIklEet!y)|F6?#f!dAAewkh+KHMxTekXA&DG&-is)cA zsk-dTbg?#w&DS~qTf*b=l;b~$()H2$vh%>Hm;&NUs|3aiW`rzNb@GLN+eW=%nuF@U z+O~}a+0N0Q?@=8rqGgr!N8QaA1FDc2q%9q3cx`4gfX>`zzABE>?gV?(Ib_gVL>PL( z?mW)YbwNDRJ*%$Wx5Z{C0dGil!4;}+^ZhWJgB`9>^B~v@bZLLI2lTk zUTJ=UE`&Pj#UG`E!;4TS8HNx3u(aJaR7DjxieBe1BJ4X9*p2*Q{n2&|JV7lHg|EFN zG*K|HL&`L(`|!Di|G~q>P0}B%HQk4xn7;K@a$gcKZkmyX zm4`7#oYiLdnNYigtM9oP(54c?aii3s0y;~PZMyf zA|+Uh&HH>urVtyahAv{9v}R71KW1TjQOWFbsV!HtZUN!Kv8!*b|E9TnAt@b%Rh) zsH;5^=_XYGE`4{0EQ^HQ=gFPZAwz6ICpwY#NWp9&I}|2{8VPX5>RxW0%)|;^kvI{m zCd$iEC5+397Su=J$Y^7TfaJQ7bO>Gs)jNCli-4Mt?&;+z1c!n>#iK~eHxaWqUaLLb z_xAVK_WXo>ja4nyt1izwam)jZ5%6c~m!o!`4WVF%r&Ni)IL1FpiAX*0&K>>mhWS4+ z*1m{C&0ind5_r5E=t|D_mMdDH05qbDqQxDfR0*TV zx$@)LefI1dTJ6h!p|xS5`FeP7qY~!#Co{e7Fi?wChxb3_DJ+8=qK|K;2ih|AQgX!2 zX0>yM%-~GM04POGqbQy@nwr!&zF|1^_}sEh(Z`5r|{msve&JPH~aI`Iu;SfMGTxQw)?(=Fb%epc_~(yySjV#aGP(3C?7c`wkTA{D3`pXFG5^FaN801pql?v*WM~ zTo~#Crm;%ss}DI0a7lE7?YHT;)kRm4Zhl>#fWTYd36M|}GGYXdtApK&D>ANcW$bc) zej*kY(?qYUM&)!#dPeAz_!vte$BNA6lEVbF?xID!wWq+$pC7dB%3`5j7oPu8t2;=b zT-Subql-QuZMCgJ4!aBlyB?j`XR-x>-i19uP5*XtG!VwhSrw^CNEU?9?7<+3YtX!1 z>Y+gF!o7upapIGRRV!vvgA{=mwomxFAW2_l)%!1gVs1K3jzwh9LX;UMmIB21?0_Ft z4m%27#MU_hmf2!o{G5YJzubYmt5Fsd*L>6KSFzI(*d(|0&^Oja&tPv zR3BYu>Kt%*XYRbD6`R?BgS})1Ii4o0HImafC9Hz%h}00=rUPDCkHSa8dqOgq-z+kp zEp7Iww>fB4YVOeY!ym%hEGLEmZ{n}!AKn!{$KA{w(b_$se7Pjt@A<2Z^StTbS<}F&Pj*prLYcz8*%rtA%wxaq!v`9 zJVQH$^=lEQd161Z8UI)cN)cN!-tr6-^px?D-Oht-s?%aNi=pRV7aDfKzrkN;OVkyE zxgXiRl+fxf+|AO($F>O(WaccQ(FDqkA~GWsg1N-+Iu zto;sQd;N(8v4lEP$Z(QFh5e}8&js#`z5TmAb9!dob=jaYKWL=Ite=e;&m}cvRA%;E zHDzQS#@Tfwm3l>aN8QjZHT`P4r<5Tno24zyQXrVV|5h>ZzLqY0iSPA<3YEJVuHoqE zkRR_b50oUJae=4wkIe7##i8r9kRARZ%|64Wb+_ln&qkx{Tm`#%FfU5Ue(sR{B>x}o z{i_A@8Ig~x{_wJWCD%{kI!~o&({$iZrVby^kpTT3qMy5R_0Pk{%}qhsAbB z0N(*G^+E)GoCf>?hcBCJHmx1toZ%T62jS)SnYhuLN69WcKxOD)eLnJu@SuU!5sl^z zs7k}fCSfRX)2e~TK@IT7W~3Vo_DgWOW+O9#4`HSlV}<RIDy{#B4ZXKG?69LPlD0F=&5;$iKnft+id% zGh2H()(nk67iK>TU?ni3M)i$g#eCR>V*jN_UlXPxTf&+KTltalOd<=Rn)woS7G*U& zan1gK1m`DF0RN~KM8zp&Ft=EPC@)oJ9%>9QX6>;52%QJ8g>z8ML2)^#8O5yT#=h~w zXKQUx#QLA0P%(r=8tvbQgr&K?V_0bN#9ktTD}c7mHfFTIP?MGMsS|s65d-LCd4$=! zIwMJVRnVDEqh79yZ&1AN3&J${qgpZEeRzM46oF$xtAkD$x%+a@82Sb9oy9b(;RvLJJ#L#45ZIvCDCT;zZO(NYJ#E^NPap80hUC$j@u8 zM88lY_he(c`tkO0E?^if1BmVZZbRRFxX<4`M{Fshe?o<2jCFjrdk!JZoyH)7s#O#A zu=$dM8k>uwh~TPFAL9aDmRH$EjYjNkTSPRhc02l>SxI$OhfWIDL^?YQ`Xt`P zpyHoK_z8v$Qw~&>g%;0?d=7JDd&`$bl%eNm8USVI&LLHrZS%TAjz#IxMP(R2nhV&V zHRm!xv<&&sIegNUTFS_Bz==R5Z{-L!ZaCyH1mgkvrXJJRAra&Cv7A<<1jI~#L3)@9 zC{UQ#9HK)Jry-XdDK^;ndqN+hb{NXNKO+tgG_?zjh4Im$FJ&_#Q8ziyPmzYbO!t$DE#py{ahiYkF&Uj5<8{&Ng55-!c=^<4@RRcI*zU}8GA9(vfLn}fI zgDV62F`V&>D~j)Z(3ksb&M^@<0+5Zy7YAZc8j5IHW+0zMz zOi8S+JF3NiXSg;?G#J^6@%^Yd_PM`49SWRa`YCHv8m3RX0hFApB@bk2-5CA~yczuf zhj!xkf0Kwhp0pa(F)QlEEJZr=Hq2y5K0uLTsJ%6`$Blnm9tYyIS}~vbXt3{|GTUB# zLu(E;=#@4+50;XRQM#4S-7?_;ND)g(3O2N4;ofKyZph4R_Lmq-CUdTJ z)Ov9d9@+N*v;nHhM3gU?Q> z2V!r0m{hbHB7qt&)+JfSEgQ}$3<3&YA8%8<>Fq-aao$}Ie%51+Ei5d6Liw3z{AY7O z)-61vS1?{ZwPGn+#doYMD-aw&xWyT$vRUTS#b0WU$8_s%5=1Pj_;^%P(8R}GW#9tZ(lgUdnEft z57DmL-v|~4zrF>!S-tDLkH(;#9mrBNNX;bu?p!$Rt9R4u$mp8q^x-DyA*eC}gPt&4 zd3bH))^MeJ;d%IqsZE%IrAMMWN+pr=mA#>6sZN9oZF@}-)Vo7o`}t}kOS6`B+nul zmAa1w>rjlgR%SWd9?f_gj7c_@u_jmKohj#{&qtrl7zpH{>pfnY&APFOgw1Nxhhn|1 z^6BQ1Q}~@fZ>#r5yFGgA(Q_0|R9t;;b>xh#RhwStB>*T?RsRROEoio6ig3R zo27@YjC?g~+7@V%lNTUi(cxh!iJN9=F<5RgsrDAW{pN0Q--XTsfRS$S3kyV}smCfT zO0%{aZ|M;9ieXnGOg{m>oo|4g_1-Sj!sCgr;PcCBeuDO^4vf%Ux>cvo44>W1TkOL3 zYm=`0GSvqgB~W7e^&;#xb_2aBdN_q&GQM~eRR4KOJtm%=PtNB?R5byIR{f&%ks8c= zq6ck%>sqgJ$_ERQsu`9*SEPptu?c2-doYcq;Ch2!oUzs)@`*v6ZqSnW0-fu8&n(?b zA?y{4;UnvN`z}{{rHbz`gb?kq2!gG4xg;8oDOu$fJH-q^e}N)z4dJ9zmOXstL>9^E z`)Ax0J`j4{{M6TwM;JD8kO6jR3a4d08A6{Q;+ak*04Qhu%}h6YZ{q%20r^6^ppUU{ zMDGIrl(P4EJiFez@PJS>9AsvCms@2)pA zUnW$+ZFPKbnLqXaV>RtvqEv$-BR|O^TZx3JcsDRJ%dnn2_cd zvJ;IuL|knR`pi1ujqI=_7Ia%HZCD=6FsU>S5IeU_w&vIeYpV- zRiN?0f*v(pSRP*Ndvjhv3fA$}VEy-nJL+Q*ZMCMuUzSx)?{1x{G&KvmJfqymFFa&4$$F~&?oi}%x5yB%A#zCq%HeNMN`EN8q%eeqH947 z0Ner*Ps$2(Ibr+k^z~E`ulG&ezFrSN6YxmEx;^_leGj7p8h--0-a7vyhNBk$G1ZPR^D z#hJK*=&-v6(KdY4ng@lFZQEtK0R@vMtvoq~F zY)3;MV7G;5@=6)VjBi-XaZF@jq2W$}SsF@`BX4IwrYm{jTat2-N~3Xapq*9B4kQud^>o5gQ0?Ji%*JHtsr zbc`0ru)DoaI-9jV>(rRr>*|HfDQ%0lGkx@O2;{IFe@|tfTm9ba&XZ{;cI;^RY9%3G zUT{i85_OYe;Da5gap$;{?6i4+LqK7G)6+^*FBs*Q3Jfc^fP2+*%J7N2hp*-Vca8W~6UlD=ONihIOzHe!*9x}eqC0*guj@drgt2XLuj`|9b!-%0% zd>3eA0CTl}gKUj_1l<{qTk*P`AIHdeBM+&AiKM+C=F`w#v6yZ1C(WJF=FD>+=C&qF z6b;8`reil7{j{-f`oWe;u?7XPGbDVNmQeje+pWqKPK9vVv9jOqVVQHZ7=eI7-6rSi z#qJT-F1(=v&~^7qd@V38bF&j=qC}wlOE^2bPg)jZ$2~nLNQ>!@L!#VBH3>FJz#kTz zF}kwacSwl-?ESG{SewH7e6`+knoBvyDdK3szlY5hi}bxl8!;?nE76WfWNxKRmpF;T zB>AX&chIilOSR%OzmKn<^SS#4@jmCsx$01KVt*$jxQZ~uN&bqKv(H=AK~k-@Xd61B zKbNh+Pw9j^*~pylmeNLSBOl~iWAM=O-syITq9ph_f_vtR6>~>&pgo4=dz3g=5-3g2 zDmmB9Z-?}VBfjuRTG?p`PwK`Eyq`+LOL`TVvW4SahkGolneAc74@Q}fX}X~vlxO|7 zk&T$fMQVq9DxkQSzXggYvPKD7KR(wM{f$%qx;HF_eM=>e>Rwrt<&eN~PO=6B{b4nI zXVr||PbsMtZ;VvC^~2r<49|7^_!Mat;iR!=&yO0j=)Is-E}5ua4S`1Bvl@${2V6`4 zc%y9c55GqFH!rgHr%?k9mWtCCBIZLybA>fp7ceH7#FdBY(XF^gf{2uRd7scDEra!q zU6+-xqiU&KSlf5CR1 z=vlsFPpa?pWKs5}tfPOtjtdJ;e*u_n{9|mrax3|*-Qp2F;g=T1Yp$AwI!kg#pZ;HvvIISM`roTP zhf8@SpK8B+I@l~?PdCIQ3$14Q z-`dd}9@bx#c>4#SU4J#}RT`e~h}MLKf86@mcF{-t>1j6oyvgS-%Ar+YXPnMZYZa*Qz<#R5|2Bx@BQtJ z_jrxO8n8DoO7vjJGb=C@rxgEa{-u4+1ILsG=wq>@;sI14&A$talxykT$A*ep)8(K{ z4=G~fe1lHEnd0dK$5rR3gI~*SH7DhR1iEFwsi$2qnu;!ia2WBRnIj>Oe!sNU>#E!K z)#-aXf9kB$(_oz4Y`8YL{#q>BHUi?(px4@77c0K;9XeiKy{!Q{bgSPeCcS=n)m}Gb zjY0OFahL3j*M6S`?4uU&`^KV;`!z9$xt^n%T{jGFI(;zsOHtyKqKL4b(^@c`XmLjg z8JbNjU}a`iTw6+7Nor@=74-AySA2M7hqcCB#JhPQ2y;xaxidB!^D@%{R;b4%TYAF~ zPQ&%h@Ah|CgtBm?F|`so4V2V~Gfv(1aiisC1GRql?Mw`TUM z8Q(2f>*ph%hr(4qa04L5y3MAyx~Eys7d!ptwCFA7RC~C;DO<&7LJK)COGCPgXVTV0 zK*2(jnyf*aVHk3nBsCsb>c-iCa}e(zP$7|Jd8*UDPY$aH@GYgZe$5UUV z?#V%ZIFv#GIItp~NuTH=au3AgDBD{>NWa^`pIts;81R`jtOczteRH5>Bd7OcW!f$! z=HuDI&@3VZLeX9JU5BIV24wA_gd@(yAtyFn^!pKQ?{smca=WKH2(`fVIxqfcz}hWB zdf+%qD&vL`v*UKZ!^7bpLF_iHQk}+$E=bcgtrFlxF@UMUzHL_2srGlVME*NhDyxrb zp@^Qi*I*`bk$MLhinnrmeIe<9d^TL7-|o#V5vVyxoZJD(?oK}a4)XxkWZaVth#$R7S1D-)# z3iO+8a`H+mkOO@~-o&~BUf@Q2RWS+8Ux$JZo;~$y)!R()6G53oMr^UeOwSzqAz%Lm z;A;s}Y_xDY-IiROGYcB7r3fO1@I7#*1T(SsGy~__ zm+yp2SP6-B{Xz2DHHi$dnai51BWdlZ+AMf8B;$SHjxv*Ny0Ih34D$-a$8LLYe{~Q| z+ANYE&4#wt%HEccNtDfjdQxw*h=V;tgtdb`E8KvTRir(pQ?BQAaHv(=)faq%V~xsI z$Zy>asxiJ%(p=)6lr2_Bhubdu$+{3xd)!y9y)mQbLY?khQ??#9zOjGI&(I7f{Jj9&e52Mbb`&mi9;idcMiQz+ zw#U!ee~r*ujq53WpWw)7K0}2F!1Xvl-<~_+7JRvq-1#!(4@&&g4)^u{@&B8o?Q0-TPTH{ z{LM{$WOZ}>n7c8cC*9AKHb6=WWBn68_#QQ4tjBbLw-1*E8UA8@Kxz$1*LKxFa>+Ltp;QxH0fEc=mVkjb z>AYP{McRnL9^N2_GZKW$D2n<#ydnR^S`;=MfA1iWzE3yPb6O_8QM@Ku9}sbnHCe_8a@u^I0*l%}gZ^sGKzHRb(HO{Fx)yI_vi;|18K^70K z+^Yd}Z||9OP_DBxs!y?*fFze@AWYyj!kd0S;-t}Ul*~Qw%0~VYmm>!v97{a#rL2e{ zYK{=zvVDZNca$%jLljMwGSMko(M&US2Rj{PV9rI`gF~kG2=+;`4TexEzL39*NPwK( zXIs{XtQ+`$oQxK%>o)pH$Q3De@h{L*kwNx$*G$2lyYJb+KTgT!LB6x*abaRi3iGHv zt-mfSXHZ6?ef;9pzimKd@y4=a(z?s-jmbIWeK&mcRBgXH&#Q=wN3Rjte8R&cY zL1iK%4K%8>U$cMSG9~}<#}cGF_8FUN``|w10;(Cm+*EmBHSXo7SovK2IW_Lz9BDrK z!GC-oExj|!UwF`*Xa6(*C^LOFPZs}Y-68+)L6)79mgCFw?wT{pSGnHZ64?PCjz0VU zn)agxW(-_f!B2;2AHCDqblZs7blS+-xfrp2j*X=8KhIkxh%_WwUV88sGjYLbCZ3La0V!83*K1@+n{g0OsnquvBV<mgK}7%>nUl}2W#!- zPFQYTER8iQLhiV(J2)+FD-Q|wKhKSIW;13<@pF1dmRzXG7yVk8kEjHnm(+L{Ql3*v zol29OCf<;sLWZDxpC?474R+)KimId+xym+uQ6^;(IHRbYc5}>2?BqIgK8I#cY)?A> zkd1WXY5tc{T$O;y+|2G1ap89Z{k^H5FP+TsINUyRr?&$xbtLG{pD{{*r`1cD#l3pd zi!T1z*->pOz3PpSx^k;?HQ7&|P9S95A>f_3mIij80wduoByq}%B~b$ z#24?B!;LcN*{^Y%oYCwp73HMMR+(Tuwir$DIKLP*%KMm+!3?f=t`*AYC#E)-63e7N z`pk$xfRm5r%)WY?a)ZY2=Y1J{tXnaY1Th+*w!W{W@HwxN}3^$H#lQ{nv&JplhL zV$kpl4d`w28C%D~vreLVIbEt_o{>U*rtiU%K;Ll>v|;dxyDG;KWG{nDXkda?Hk;Nw z>YeUVuuwrQuI?Mz_$Adb0n5vl3K0P_GVCbl-7)EOj|aB`m){N{&O4(i3>oiYC=e|a z0FNZDHdcwL1UGWFNL?R5690VPZ;qzOq9wnPp!Yr-u=)Mh*N?oC8t2-r_iB(f|IoMU#qO$lAB;n--gb>jd<#%c zFW(u}z$gGF;pCg+{sgDh(%F`btSasI;S?61-*!Mu`fe)I0fEiVI}_Gt62XsA1)~2R zns>NxtwadonQygB_*io5{yozz;p}*_-X}!k5gPRE=&vtKc-^?&Z@X%1Kz3`kKmOFJU5$Z9LU%*LIfg?+5@s%n>#r+q^kw_c2`;0uH6imdl%i#QXo zl5_wG_Vo{zpvm;1?GJx%b5GOCOY>20`~s`?vL`UJ(IBg<2_pV!TLR-i8uT<;cQ&my zVuG>Hc4U==`q)y1w=Vsse7V@{i$b1&CUOv@B4IJy2e40C{dAr8n$}7(X>a5UbFCkJ z;wajM+Lq3S>vJ~OhLSEMes=mJ5Bye+v3}WsoceltB_ux6ZEN7wnOpxT)dGnT!IZt9 zw@RfEExlfLZa4S&UR9oKZom5S;SJ8yvWF5d$3JmZ9L1ba;FmEE7YBO&s2q%OXH&dK~w&3T@LqntWWXI%hC62 zxkAEFr?D`w&MS6NEX$nsXV8n8N?+T|w`e|moWWE~SRr{N`DJ0t19oo<6mVz0^;y*Jhcpui+dT<2R>0vuQtVW zuOr?+=`bSLv7w3b*&8ezoKm>9A&; zA3|8yhf&Pi4}Gk{@r0o@MC`OC1CNaBd<_2fPU}5rt@d4eb>f_sx)073hgKtp+5&^npM{Z83palW{oN2bab?{k@Zf7`}OJrlxh`w~LkC zrrlp3>?zH?p=I@XQsYL-YFo=e7qxV?a`RvLO8@tj0WStdEoaV$GrGgUF`92Mk!bP{ zN)uRL9lYXc(c6ktnn$`(OcKx>uC~7D!|}W@>xEhxcU!~hhN80Vv(qXSOkoGP zS$GIEe$@=8ySrpH(F5$kxrRSvwT&r3hwJ6O(?xF$#!sZUrTaV}Eoymz6Ob}~1RTI& z2l$yf`+)+N|0e(acU;JSzQzs%XB$wULnp!=59&c@g+1a?o)a$i@yuB6}54tV|bMY$;0qZDEOlx<#vG<+S)U+R;utcDNd(o&EG z7M{qJXDB+BFAKB^G$^J}FuioYt1<2Zu zQmdfox-Vi+h9gbB>a&~3PH4+yu6zzt=sNU#xye~MBTw-)jX4)lci6#elQrNwjjQrr z*18c5rTF=_UGiOaA8!?Z`HOr`J(wnuiBOYO$(1wAmUIi~5J;VyP7{(#lu&c04>ox}67)wXr!8CPSz7O_ z)MLMU+cTL5?LrT^EzN}&<++z%R_Sc_S$wL;?F~mnOSW$hts*3i3ugjfl(F=_bl!f$ zMdUAAZVq(pt1_c2S->EknoJ>2S5rHpa=I#PM1kt$Vv20r=sU&(A+C_^K1|@=&eS@O zG==#HG^tH2Cn(r{b=|m-`GR@R3g9`#|Bmi~yC-UI0gqIey>!w$ADCVT7Ro2(Q+f1E zN0VuRU)Ik3z#+s!^g`9epa3{RfZ{Z~7|YNEj<(sPeD}nP=<9EW?IhcuR=v}7aoj}q zyyWcx>e`v}s>j9j(hoLc2{aSk719;AH0~>giSozH5TxNb&q@ID-a8ZLHhYhgmXoom z2Az(Ez!>)?%|hs+D#swk+a!%U=^iziL>E0lafN_k$-XZBezx&{uX$DVa&P0K#+|jR z*PLVe!yU75R89-)kNi%#-xdt;rUi}^*xxv0@nbwqAp_n3*NQn;%TFHE#HZ?}w^5g$ znf?zL{(pRttq1}S0L6d%57+p`)AUg70!$ARtF@+QO{T7ltxhK-On7f{@*}s5O_Hjm zVzMdGdc?-=C+Em(KkbmUx?7fvW#MAcngcxloA(|^@V>jexawItL^l=oswQi--~O^+ zRSaAK*toPAEsx(by4Y};v42r0vayo|@}MX;n7*WhKKHSM(wS&5o|*oT-|?l!MK}h5 zYQDr0pUZ;??MfT_g7^X0G%UqzMt#pdF2s$HXI@*NF8+GB)F_I6^t59tTdaxuktZYh zs<(~&sZ>xW=-O@~w&;t$kXAEEmI7 zRWOdl0=J<1Y}vQGxr}xFAIBot?2qnw_5Dn(7QSVU4;r=67i3WPdHLTu#YyqjbC_TM zS^^dY%Aetu!qpkIZ~6ST8y!q#kM%yRi;cZ#@ZMi^UXM4|DXZmXb8Bk<&F_XA+Co2_O?A@@_Y~AmOPa>xmv=T{s(~Rzt!hF z-6OF_|JNX7qmdF<>Jluf??I^QFCc!~_`?u<4dj0_t-)zXV(rm_mkm?Ju&BcwCs1gp z=hmvyYp!V?g&t3r|JtKCe z(D(DtGo=f-wgA`~Uo>g8Ehf%CaaK;)KGo+@0Qb#9lc99i4ycgH= z+%vH*ySp3DL4+3z>87^7E)_sL2Q~K-oiMx8Nis=Ha<%wAReH*uL&I=b_f?LG&|{mH z5SC?oOau6CbL1*29%67ix4;&8fGX-{&4Xz(07+2;E;u|2$*BI5!cW5_mEJt#0_L-S zfbUZt61~=w%%J}3JJ`|v+0=(;+6$7o?+S#T0c!pLo}xgJztBH*aGaz+st_c9$9%u) zQy#Na%BahaG~DWb`MpH_S0M%&Q(6x!9|ht zzae1OQ;I)gmw4$7_)!Bt4m|h3emr*V=_sDzIWd4=*H`yR1!6f0j`g2G9qJh@u~K>F zV9_>c5RBG)lQQQ=b%F;1h^dbT_{v06JjOxL&WWo4cUrCZzDb(u9}fP}aSK!dHjOZJ z%BE{3|3PZu56DXG$^gG>_PuYx-B#+}iY7q63Hw<*VFV$5_NfB7?zc`qYhPfY$ z$&R%+9pGEscY45w|B2x#HJ;3Wpeiq7;a_ru4*QjpwVZwV71B7G%&F>q?H&7qoK3}y zAj8kJ9U7kj9{mgd@1wue!d7LbhT6-U4gLy5K_~T(Lk=6qVpAl+$nG~Nwjv>V8`R{D z_Fwlu{dVi$KmM=kk^j>=^}k7$>YJU8!V=N;e- zUH;vw792!XTi+@C*Yqq4dHz#rYq+nAHx{~MP8>A!VFju6UApWuLWAO953fzspJmV&1jbNs#<;p#xy4zM` zB0%iv3D_)K{M`WTmemhJZy%0Z_RMz|mcDX}S-Rf@_E&Ai2p&rMlO7Z_oYYiDJdq$I zcW7^y^6ZmjPF6T$LHOki@2K6EFLD}7!ih&-@qm&K#U8VZ z7YNVHqutdrD<8MVNDTjAvL8{vZRxuL2(!dM$nw%NJ4$A$ zFhDhyf|;VqFv&Vs-Eq#;fJ*7 z&xSEktl9@KZWpTOc^&E$tOfP}XuaBB=*1+{t=t3_NfB-)a3{I{$!OhPp!0Qt2wIll z_asMfl1uH=qjuf(*q}Ajc%g-2tD%J!g+%0R=VDF{!1mtCrmK|fSz2;1KQZnO7BmScq&Z|K>?~hFyr_`Fi zhx4iW9iX7$wUYCrdF#8uEIl=HA>S~*+==Iz(BtcjDv4sIG#n3EWj7an{S&vIn`Nml z2|tK9XPgXTkNt1eErI4QGJ>?-u=LJFJ0ZKC_n&8%`>>W(4-ObF=}^S9M(|kj=oD~U z;a`Vh&xUKAA(<3TED7XaQM8!84lMCQ^@~x63wH?)aPKSA+Y2Kq6yL@`9N{FW*murk zFJA_iEn>9;7>wWa(v;3w?$zIUFy}hab&6+ayijCu_uMM8$9giUT>|W+(@p4C$+MtF zN{uC@u-?r}NsX670DeKz+`7+K#lMf$186#_JF zt?=mCmy0502wK59(Bx`20oS%J*i?w%T{QJJG;PnDMrG|pfWoZEVyf1kgp(A@_BTPX0<*U3(`N<|>RCr#`h3ncY8c24N`w?hqN zjVz6^7o;lbXU}h+7qKyt`}CAsT4GwP^P=C&oq+{1xy#wYzOD2tNA2ubuipwQF-%h+ ztF_glIjPC#m;R`|i)U4*at6Xfa$+Fu+aZm|kMGcakXLnPz!5WNWuKENRz7&ssFACa zwZ!norQ-e)Ksp5^*jP6+- zmUVypQLfC<9Xd7ua{8;SwCMg*3&6hXY@J?D(&HOEqsM8OjmoDQ6t#SgP@X903c#E| zojdFMmh$VB`tMY&z}sb^Y&-aQim{{o+U~4`)8Z}GE$0Y&+L>$4abBwqS|jqYMknK? zAk~b*CGs9#0|}+@T$8T_xfRlL=WB0nl4_mzEw-Pw4f@=863`J`$+tf)re8k60Cax` z6TP%I$7pfy77Xa-y6+d}2zW4)3{Cy9?F~xfk5(}IgRwe$xrGXl`OlLHwZ@ySfD$6C zdL)l!jyzj)HBZF~4jX9+W$}G=kKABm!q=2l((uc5LE*`=fy(yD28|qywUjk!GWZt6{yaV*x&S$+~1WUF^N71xuSAhLaeCeK~{{_N*+!5kRvFx|* zioM@u8qW}qK=2uKFPR3$5DHTQvH4PT;;mm$AbfRpah{=F~$11G-V4Z6&ZhoeeiI|OUqi$w=X+wYczP@TV|cP=2wbuJsGbAaqr916Zz zyj0xx@aWJZ%o*CCx;LmfKD`uqrb0v;MW#f(_-Bu!`SjVxt}`6|8jH!U;9x)OfL;{o zN-T%Gt$Tznyx#D(KaJ-rZPG=(mr1F%HTeD>xTcxh>BXl#!Y`ic)u5Catw~**I;0Mo zNV+Yjl!P2T$a=FZO;Ysw@mHI%g1B$ujx#P_q(%)3tYC9K9v6%og3rsctUgfyJ zPkVS^1hRVaEhR-VkFI>(i0y!nVq5c7RTp}}S+Xl=48_nwsNJ=Lx9S8GS7|Jr~b zG56PA05gj>AWZ9wD<0vT_sD{qt^Dmkm z=`?Eax3uiHNqAuAe=}Q5Uz^ugVI8;>B*GjQR*cz|b>k(V$=D0rljSHMr)OGE$^5OM zhiwa@uG$rp-0~N`%?tp!TW%k35t3d_oK07rl$k4m-JK68XOVtcFmSyqz|PlBA0&=g zeywdd==wo2>c%5drb|+Oj$=+IA%S8vp6(M#UnBA}Eo+T)4;?zn`8bdXMZ(=@toKnV zpJxhHvGwJ{)j9md8@{CIGgsZG12bcm)><`P$z!@TFIf3rIqy*Bu<|w~@q7>nG0Ql_ z!z&-;-nX;|&i}5Mu+-yrpDy|p+eKfNezUeE5cMQq->&GmWNjt>wNl6&$tSl`W-{W; z^T7tB?1T)SpHkIg_H{D%SoxxD;1GmhZ3~@ed8#b9y*_$4tLmQ2u2voek*&rf=`MQ} z{_!>+F78QB(<#s6v8nfOZ3~dE`cyDsEga4?N-sW{nod}#7#uW7xYvf;p%uh}wIc2R za!CY?@>$*RixSxyxskIGqM(YWVe%ITmYXvj?!pl0A@g;cNHZ$n1`Btym<4(bojw_DG{J(U6yq&5S z{q7t_qaiVwF+PfG=3p%1In}e_^U|Z<0+s(C| z3r9SQzUoy8`c5nJKW$;PaPFH7{@lot;IWY!GWn%w==QxQyLp8xS3Rp&+30xnx;%Tf9OL(Lkc8=A>jEfT8m8IDp%}sL zIHvTu5@s06+_=X|nWmBl9On7l;CnG%Rxe&ko&<@-TWfH>m0`$Hasi{AtI@lyPsAMO zLqMjcJTVY(B_Q(lzbW!=UhCzyd(LaaY{V$uNGTzC1mR7_6aq5e=G~0i26A)_AEw_i zenG}??bbETdvRCgHYD;8{=Lxn2oQt{LnJ^Ag0bm|9chi|PJZaP-ojYAp{$3VQi9-v zBPW*grVQVwCwS>}>gtx-gf=mCUOHPbRA5TSCtWZ9>Z=4M&IQ@Km;l-vaF?}zjs{rlVRZ@{wJ=onO)*_wt&bvi4sRJgaFDuovLKvhg z6eXQbN<=U8Dr)5Eq|PB)kxSWP>$# zz;-x5bryvwuY4|-tzpJapDo^E2EuUHlL3`2^Yv}YF;88$$F|XK?ttD;dJ_fqynGC5 zuK8Oii`s~FIOv8k2OkxuW{FLZs&G07$4=akGEj2a zK834k(llIj<@bDj9GT>H5~TbT8nhbbJyf^I+<3bi&iOzM*p2$Z){yfL^nJcYj#Y;^ zfz%G*E6q-}1s_c~b-xkxfV*1a^%b2#*-6FDOTULULY~WzblHG%Msft3SoDJF9$Vw!n->88d-LI( zvBojK*V~-lBahkcSAIC0M@4mg-WAZU8o1?dbNlgMY?JVq`Aj<_=W+a^mC|VP4Kfo% z5TnjA*#;Vf)96k3(^V2Ru79htS9(*Vnx>FkKOTMQt?B7%$Axzc_iHrBd|>V@#Q>);DNUb=4@6kKa-ibi#j~Lle}|t@j~u+>dTkD z?`0WD?20&Eu7#FI*#m5%DVS09(wL`CSM(+MyFArOvBE`N+&$&2^`L@FI7k7Z-7C>T z_bsWeAN)#xIGpMOJa3M5GaqzTy%jLBX}j5~1ZwIE3+?6Q)E$cnJ&2V4bolk)0q>nC z(0;J7#OEx{)B-3Lmx;OLGkhE=Thyrj3Hf;S};<$$i@VT>Rwv-V4(^Ru{VIy{}t^*fmay0oHi!h0pE?=VI@z zfL-0?P&3@vyQ_CQABM<&Co)-MPTlysqx^pmuYZ2RYCzJ(^yL#{K#ug@H{&;@AF{RU zi8r35IrI)(FFSe$)c1&KixyHX-=3#2nNy794$U=meD@|S{nojyTgR!wlQ6fQ)QbPD zh_cr&KU46`pC0V4a|=5!?A0AAYs3Pg5=NE}`h9<7<^CheOtc3sh#%hK^vP&?pWh;A zzNY$`l7Kz$={O}|HATFC%2Ku84_tKW)L@}$>Gw}tua#o2DS{9eQ_0g4i+!Py4s-8^ zi<0jnLp2>MO8)2Ds9XHHVF>coK5fTg_Kwj59DfN4tqh9HY zmgy}{3hl=eH)0KhqXrXDVAfI-xqDCDtEXjvq7+-)&`sWa{ryiS>qlK`Rjn6fm@w^Y7(2PxagdQ@JaS0A-eE zLFEZ?i-MW$Z*|ekfy(^HW50on)3|T+QGKAso&v++Y$zdI9*~zdkdrrjXTC3}BEKA> zybD?>&UW8s4y%=a%emBE$`;hp_>f1~c9^xodF?&mCN@4isTA>_DJSYv$Wu}AZMpEdJ8{>`uc zm`PtC6V1-3N^XtC%zCcQ>M>u-{ z2~1JzgBnNkyV+yd81`=Vb!2p52t-@C6> zX=Z9T`ByZ>XQ*bYK70Hbh&-So-#R(8S;9pJ8cP1^A+;}cG4bNi zi=-4ZC3(0w;3WGdK=jCCs$io>t3k_=aKN4zR`*;fZb90iXt$iK5(KU8tMun;GrlJ! zZ6{px_Jg%7ebw5yMrZAqRp1>HgUDy69Q#HNu&;Sn+j*-@1bniC|js=lDr~ z=9+tJU6`O1gxk0B5HrCS;;V6&+7zo2RAI+a)6vtl5s=at>dhJxn10OegKnWYE07Z?F%JFVn#bQG+2j8|mr`O9P z6`DbbqP(S}9{#K~2&U#3p)61sQiWdz>358iOOrd25fD%S?es7puiuT}n89P2LlEytRcG8$?II(O z$Jo2uN9y5OTF;M7B}&>|w*kC`JD_;*6Zg4u92(hW1^lt2hfj#tKHPfO;7^Qy6}WHn z5?P&3S|jv{R0Y?op1Vowc9W+vK<2l8^6*Y@jxH&!Gjr!V`AFO=I>UGFYKcc@yE^CE zW4W?4azmz@f|}tVUPg@UrKr=^8@kS_H)r6_`B#!rGQEFAF*kDOBIReh3UgIxsDNpQ z*%~Mkqp)$B?a+&QS_A+HTZw6(v5V7YH;ROYDX*()(K<^UeT`^Kuy&{8)YE#Hro;vs ztb_?=X*MT}Rm_4^&OThR?APn!48qLWTKEdkcTx!vCVua{(0IZ-avDR5VaJJ?kc-B* zylD&rZqzr3DrHScqaB5tLj}@TEz>T{*UkHy`9HovMsG`GJU!O+j zKogDGxJ%f*=|=k8&R|2g=7tT>U>30iV#~qSrC9aqYL_i|fJp?#t9sSvz(JD3N2xBz zKL6p5%Z9Q^uE-Pm-amYLlQwot?w%numwq2vu(YEQhD6dz^^+b)P zReZ0$-PEzBCey^gV^bQ=3d!?_D8*U(^=)x2V<)r|wURJddDU9@$aHA=|}yR68Qg3n(2uzMdSWlLKxwK3Csi6^XG+%o5sdE0kd!##Jq z4YtT|&)&P_ig=?Hp%z$5h)0d*HXrtTs~Bli@E&f`m8yy%+lcMe)9n$$7g}%J;<_n$ zw}F65mna-0A&f|sj9SEs?tQ*7jpsgKF!t~>=7T@}tdwbDm1Gg-X>2`xUQL2+`u%6* z>WNNs3$91Ymfz>3Y$Mm<%;z#xEc)OdJxu$Wo*M@Tvv@(Z&RN`>#9HRk(_iN;UmJr2 zyKHvfMz&|9#cH#*?q)OW-yL5rS+Xtoj4fLe(Z7nb7F(E6MOhB) z;#yQ%q&eZS)GbVcJLOaNVR{Z|^%mw6DHo8gbb9ZZv%J!`mn$HvHLK#55r`m5lUVCg z|FP|PiQF4or}nGkUkWNqfB10B$n!bseF~d|Cn-J>qv|w~Q*u`Km{Y&Dsei0(RaKlB zTnf^fSud?&lb$r$qfImXz%ZyKE1%Z8_xogus&Xq=UH@q_n^ttMR-arONWUmQu9r65 z$D{5kMW~gT@m`wJ(rv2VXk41!F(#vqZ1(B#=PlQ&M0H5G7SCN;j;(EmmhJRZzOd_t zi3{p2=NYW-#lq(z_F}@$!(K?=0%w%xK1_D83urzJAGOAoZfgId_43;Oh#(b-o4V%2z9^soMrcs zoYMO4+l<;aiO{diMhn^E&K7;!51li0GWsxU+D;3eTf>D7RciYDa6K;!b3;aYqPE77 zypzzh^=&e3^|g&+HK(1~?9*F2I%rBt5Juy8B#}JfQlOMPr`BG+>n@nPp)7_DD4X8W zMO8O!wDK~arQqXF8+IEO;if?5R`oBYwsvY7um!bWub#FnJ{$uFh0_O}mw1eTJvm*W z2a|dARh4x5gF2q)uJ;^UA!lF4l$}ZJds&o8B>q~56k@rhS0_8&0<|FV&|^F6P`kCO z?PZ~^(f&2fa_^SyTS>46mSVXdH==)SP2RSF&t*}ibD*aFkK5G_f$hF!5~h`}CLnxw zuSlM4zX1W_9KM20>c-jiD!cSX-pf4{d9>dXArbBjsW+@aUdh8DXDk@di# z2ed!0E$#H`LyC{aF-5E2F>no6M>?d(SS$(~%IH7RlWUvxD)U%|Aq=jmXiRP|q$j>L z4q9Xe%^eJ+4R%HM{P6kCv{OnsIolB(Qjco9Hog$9hZeRA>uTg|H7a;7eoye6TNuO) zNX#uQ7%y3u_)Bdu7;g?+<~2HxSkW{~7OOpWiqwbr!{%bRn7rnb6=)tMHg~A-kh11g z;L~W;T~LRd_CB3FsCgvD7KTa7zP|bZGtWU4d;Q~*?dQji@iyfhH^f6m znQk-Lxwwww$rz~VZ41m{o)ZVL4Iwq7iMHv8XVdMavxtFK*YBSm>EGo;S|y(;$oK#c*s^)SZ+7I_+`l5Sc-D=6Mu@ zL)$s`?GX`5uk^0Ph4h4nM_%`08ny*@qEI=eB44Ui8>Y+>jUn|MUv40MFYRt*!5 zD{3aLZ`-h0c{OhVM^{F8%*DsiV*FwFf){o*GEW5)&w*-b4Tqx*S3Vo>IY*A+2PAZ) zvd$=rv+Ztb=Svz?y?aq(XgV#uw_ayAfyYMpZjTY34_BRFYMOHOUTW09&+@jB>tMjGotVmg#8^4~X@Ks#OsxDu@CVfLk6aC%eUujHiYru{l4_)U?oDoWjXtboBbBfDUel+GZ|Rt9wY z?(TOVaj8QWTC@?G^TJ+)aL7iJe2`b1gn!tzAs@~~`8%O*U{@+sBzFeLkZ8$<9QW0FdEYny<$`z`vK}NsKGHa zi!GhAohx?}RjHEsVQ+ywab~ITDHDg8?ofy1bkSLtS(@2gf8J_Vier4yHHMaXFdc1I z33X3to-DUG9rA;D#f_O87(^msMAr(YzFZ8c@u)KBFb^`%%}D*cl4O}{xiNa%^x~M| z(@s9ArtdwFE1r=LvrY z+TQS#TG{-z$yFh1X6Kz#v+j{4suDaDHz~{A+B|xk$&qQC?HQ>Pgx#eeZIzK&D`e~7 z+VexbK+6xf`k)2~xF6O%q`5qxK_=u2*W7uO@{1 zGPzyd8Z*s9&U=$FpQg7dvxCKR(yzg=xwFpXMVd7-#Qq!0pK&E7i9-E)Ts^_;#8+Tn zJ5)fm>$Vhp!ZwmU$aJ+Edki){HUp)S2R z&8oQfOPXXcs;Sdzu;TKS7vHSMc!gH?xKn7-6jk)3S9B3S6om$jjwb3?=ZNxb(@6GfyRjSIi+xQhVyIu>T8UW z^NSlygog5^hPOj|m-`#(%yLh@PQQxkY31&nvNsIc<#)!cbX)`ex(8t~D-YPOOkE#T z(2eZc-!L28pJOsd@Y^*69!kw4PL$H~&kOAB$WOuT1`>^T7t(`kp3)R-cXFE07seQbRB)L$%R_MXTnmCq4<_0{vhhEkC0UX*os&|bM5m814rQT4vG`XgnU zEdPiEy8_PPJM4)uni%DgaD+1`#%xnDtzzxW6;IK9VYkKCM_xJ}IW7?4hkhNLjkHDkzJPP@v zbQ#SI0P%i01kPv>Cw!+hVr}C4kc0~ae^MhME>k4^xo2i(oQ_G7tNnPaW6m4W7}Z3( z;yV~G^=grDoA3eMzsx^@l;@u0!|570<+UNmnu3fQM~tk)MNqPMpB@m^#CwYlj z(~OIZus$JJI!oNJ&Zvm9Y0MWI%{n5{Vak#hb1R&!OuDH3;?2{dTfD5#VZ$R0gY+Ro zu;Z9;IxPHdIlfb4{>+F?sb|XFwhVQ$Td4Rmn5at>@&xqP+l}XfawXAQBQ}8_cbOl+ zvKn@o+*fIIZ3RkRSo{0X&`(ncYHAMWikehrRk`!gn5$7(qmjqeUnC!HZ3bQU5zGUEqN!`l?J&pqCZL4z{j*5)A++ct#Uz@GoAdR8> zmoH=N(=>Z*=x*jGX`}k6E{qCvw@?)Gy%$y2XVXU$qnfU1=*dv#l^#(|c>}+@F3Kg7&e_lq%=NGa>$@jJ z;ixi}c^wsP8h@r0_Y8BaBV+f`tV1-gaE;fCjk#1cx5mtT(8!uVbHo2=%bjC_;N)ZL zihC)v@67s_Vt7=L9*(IQ>+D?qQ5R&>X+8;c?Ugn$`B%HIYPfNKo_Jw5`$Z13HE&z} z=40@x;Susy<)ORe(tL!E%!qLNn&#b94NIV-xrU5pye~dtZgNT!4O8G@%0#%oeG3Z{ za4y%%yyAgYKQuk=j%NUD)n))&sUCpXk!xAUrB&`GiN&jFA9KZH+#A$=a^J87i%PCmPH*kSQ1BEz z)AO1gB=5s?9P?1(?i#gCtln6^K{>0b0CiZ!wi-6M7ON^tU&}owIk%><_^j0$(#T!d z*2CH5(e5NNvo}hkIDAP`)f` z#-rvkTUTYH1(zw!o{XaEF`5{MBg{X6B#u&JcBMhkXztwcz|2OvM(P}D z4|BjR%A!I6@<8pJV}lFc^BlFqM%^tn<}8(tQn!icyllF>cx@c`JC(pW$8Tv7?G>ZJ z&yP(a*SxkXLNl)eI>5JV@zuMbZK@-W>H?=CW33Ig=;1BEVT|mAcr^9msb6?L`WCX` zjG08XHoa5i6&jyz@ZL~21Es=i8oh8^yyXpYWX$Km7n4i(gl5&Qt$CnKwsEdjMPJK9 zIla>(u4iP}qgA|+g;6yFd)LMs^-*73$rI>u_`Bk^aCm?*s6flPWJYszOGSZ`XrI`E*YG{Y=H#n#ktDqypq<;_XI9x(@=T3z&a@OiJ0$3PMh$ERd>!vzzJX< zW=?2QR+sd>@2Mz#n3xy=A4trryvyJ|dd#)v&Iv(7$O>RPzG;dasNO8#G7cVta2(3> z+#Y5JNXHU#r(WYSt(i2gNEOL^l6nA!sJ_?@0t7~ddQ5KLMVZEZAdKPIclemDYtAuVmKRR8H=i2m#g9;|P-3m_b$=nP_PoL;Fz5d=p9E>v(@{ zVAO%mcd?qmFbM-1^EERJa5cd#6TR}~X|3{Xh<4&xX(N|v_uU24Z(K9dm>C(P0r;w( zGoz--RAGmxRBj~_S)k&STr*AbjPc`Vc&Fu7K)OjiD z3nD)eRb76Bq9O-cd$=-9k`sMY-18{1G4lz@);38!Gnc$|? z3Vg|EX?w{?!>W5ghLt{}+4!@Mfzw}nPI6#rxfXDSkoe+)`1zz&J0R6( zMBr|>9YKM{dFk$1V5I+$W^?p&%(~4Fi)tdx;!Y6na3v;&?k>@%J9Pukv&V z&taA>4}ktPpa%j^_$9jIU%8UbwcL>;>^bDuZH+`!aDp|B8c(56zS1QLgXhIVhLiW? zTGdqVF>a5`utE*}>0QCvH;TUEch9V@ua|b_AeD zwzSSnx(k9UmADe!=}-9EGflls;JrbUIqT(aNL~S9Mz2P^E3S4hJ<-mYc*G-j=?Igx zW$Q0ctt-U?2J9zgK0vF-`tw!gzXP8m^|<3|S#O>(0>1n(C{%;

8ufhR(8JuhJRQ z1UsGMfYw@ROJ17*{VK1WI-T0;06O+CaXi`qhUyHqk&cr`#S9S+ECf}j{&?rn>f`3= znRSu+cIqjMz4GoG4bUcA$T$aR8yvmHS-S)ow{vH3t)G-Ho&T4!Zy7PdakiqpU$+q; znFg!Cok*7kN7*g^mH~OhN(ua;^O*Ivk$_=;tC%``+!pTHlK=3m=&Ki8y5$3oof+)_ z`a0`^o~V3>Nja=i+RpH>c;)+ClyOHHzA+Yso|>MEwFxjL3plZo=!neND5Tk)@#W%L zNn^~|MRqqa&~rSA({bZ<-yUO0@Y>Drknq%dHrWtL(hMxM7*(^qDMjAaV09>i+q$>i zTGh7NT2La+>Xqoi`(B-u#I7JyFuEd_?GBl>xU!jGW0E%W zY^kkfdSKDb!GK4O0hq;GIR0rmQnB&?QnUJ}5I#t~LafSN4 z0bAC%cxNSQ_G|lXCa)_i9lDv^p6Ch7*2Ug12V2kWQ6Bu(pfSct^^qWHBR0FtNGV=j z)Kiom6<65Ft^W{wdRtYICP#!Yo95~wXr10t#W6aPH9)el$i;_1cS z2z$Y8>YIR_V!o{A?VQe75=?Ec#G}5fymmd9Nop#CJu#q(nc(iR(LjgE-waSqU86Sg z*nks)R!YV=;fc~cRa+yFnkdg8u_>bQZkflZr$Zb6@KG^;RKk{~28?Gnb=E}lcmUwT zq}Xff$5RgG8A`5y39+wa#?3e7Z*JExCxR$u$}^kYeA#Z!y5vBh#A4h9-!2UWANPvz zT~qzE6)4i!VU3xEQl}@nI$!InY}v@<%2PXn?)8o~T}`NgR+t_H&GLA3oMcM}p?_l} z=3@D>4&@5Fr)0@9=&ZMf5Pmefo6UHQc4`&;^qajgt{|SGu3Ech6V3N>t6N6}(=F3m z`ZH>sx*wXXtC>i7`ZBw%e^m$%;LVObnSOHrIS?$S=xf>(a9pUMcErd_loWot0C4%PN0%u;y6!K&kRR4f?lhRZIa~ zEt|RH`>gMzgG6Y(!g1lWu1R>9YWT>97|Uzzx0ziGz3SZ_s<8Fai=mB0UhO z9#56OegUBhziWw^1g^d=Jk~KEyea!ORtPY(2F-k&nzV6}f$=ZaKw5@&3L!T|Loo^S zZ@`9KCJ)J?E~L`e{&OFS>Nl`pc%wV}fdgE6cW%n50c$)i6VF@l?L+>&k^jH&lBa#q zO#`bSFd(|UT-cIXD_=wHI07)L>1FPTT_O|(Nx!ff4=rbZ8uj?~2VJI@64OPhsJG4X zPH@Mo;B1kf{YwKR*B8HT41NrrQ~!87h(S9jF|&=yV}9*}iiT5Bd9l;7BdFz+kZ zyb)~HYjCmBZ7oVGNi2}iqsZ6zriq!3u!ksg{ahT?3l9Hqvd@q`bcZX=su5HtZDOgJ zor!td#2W>e!;!u{?#K~+XMfPA?Q#j+X33t=KVn74@!VkOp`Y`ZQ@_;+ zd`u^MpjE6LKxKrp1INqD8$5a@I0nmSHFTR^)7y+1@dg5)PE5~!VYZv_jb+L^yVfnn z)*|CBDCi=;a03c)F?d|jaJVo~MH<7ZEQ%jgpo#Lg7|8&Jnb->bGe<(%Y(y-8|Afb% z^bQi9`@C(xW1xID309_+NekVIPB&Hm47Wlv@*$4JTUrrHFXY-+2JJw^in4mrosqQ_+w| z2a1gQi6LSHVl6eqgeVw;^6sq;a_syS(1F6CGSw|FK4yro>N&KJUHUFno$n8;j!<`s zzn1k(;DyZ!?LuF-a|}c(Kvec7d0Lu=Hf$HvSPVuKE|#mRNZsQunE&7^kABmB zkv~ak73eA367yfA($Cp~C>V zw8_f|U=X_m{QMxvN-Wr<8%_)uYHE0aY!d^!z9h?G%PRvvyZf(W!-9&+Ecc+I=Dt(n zukRMw@2|*|YyL(xr$-x@vFn&lJ_H@C(t|+=jdJ$w2#up8A7S zft2=v^8;@{>s9|=Wht>9q=dGMYyXg2Be~~py*&V~^u|_Lelo1TUiLgIu*WW#)%^%e z{urA4NesJ72cX`?Z>09EmY-msKm3%S0=P}C>-8_^1uI{S-}>HuS`R5;)FzZA)lV@Cx= zjt*blr(Lomq@b}M6SL=z+;RFX?SS)W`2Z%V@)bIV%fFU_Y~5jyaC@4#^R->QQ5pqv z51tptZJwYXk%cpX8MEyy{~MEGcM>^y6M7B>2|VtkhM!R@zP>#$`xv6e&MPACD0hd z3pg3uAOE9mRkXSng*_H)jL!E_cLJ4Ov+>`x07H#%+DwHLk0aLEUzhpBMm&H zWj=$eDFjL{7yNpH*K?>9lIKA61>QvLbqYRO{q#hgqGpQ80&{g;&q)8`1=nL`4SU zQeCoK(8~Xt{c`>#NwAFc9NZ@YUk#;Pd>LFir+eBgH@fZEKb}n77i6oz(qH0P-re{4 z-)qx5h=$5+Rg3VHUOx#ol;DTiznxs{T4wvr>)C+i)PeJ`tdj7a(`ne;FRw+=&|ME= zbZGyt{yiRXHE=xKz{J`-0}!V>>*bsKboQvAJK4Ue{l~(O*9CVw$iQ{hl#^f@*Kqq4 zx18u1#t$C&`+56*%ljnp{qN(`==G9d3rug0?a$sKX&?W`^Y;CYEP@u?J=$5?Uvb7P zS6vCZZ$gt+fyO(r3;!+e{lArT1I&=b`ap=+7(&-Cw8 zn*Ye?&-DLU{eM>fpUwZz=KtsH|8w^5Gcx{|et%5A|0l~|67~JeHMhF1}>|KAR?F8 z1S)hh0e(o%h$yepZ_I2LZz3QHyi+=mb8gLDzH>S-@%gD(W#D}L%xAEz!QAp#|BCGf zBvgY_tV4^WrLXt8}(3aBN&@D z#(NQfqVZ%yEc%}V09Tv6{7c>+DP{Z~*Gc<7_*m_?sp$2KykMfpk}#w_1k~JjRh2UW zZCyN1SI1e(m1R6pD#OR=fipb%%>K}C;DVni%6)(q(4CI>d+5KJnZLgh)C0;nIdkNf z==I;1{_~+p03_#S<=*E)MK1hrBG~uzS3n@Y$PE7VFUi&ccb;C^ zMt0vK`ro8VOb@$W`|iJ#$7_I%h{TOP|1TAb8VKaoOSWIX#ZQNEf{x0}Mih4Nzf`O% zV7sC?rubjV!LLKPTEhtpef!^yftT(X9BziRN8G zUWx11wQHY{<57lt`7#>KMOTy#4txtFx)7v@c-@n*?>&l5nOQjoHqcm2Vpe|H)2_Z* zo=t7@R4wPB*_M^3`mURyzSEPwOq}VZeZnJ+R)y^vHoCuw2$}H$6JXAb>FNF;uafLU zwm_#JS6*4Re6SRDl~LEa>Yl&n3Jl~j=G7mfJkG%f>*<6tfr=kc815?>bA9c3NvO1k|A#(qU!kpec}p_JX?#xpmqtvK9vFKwjidCBEAT=Wm3LkZUR+qqHeTW2 zR7=Uk3yKDsLrof|awYqjmLOxUw;49DbuEgF0uyCgCVhP^E4B_vu14Ga+1_)8HU$qV z(fzR)f%!g5Z(@=z(lsUA7I0^bIzKkt8{TKF{lf%uyaYz0ym@tu{Kw(Uw~X`X`xk$!HwLJz| z6K&d^eHwck6m?)mQKMpgreDfN9qwlypL z#I#8iPM|~7I2%x7bb*xd z2J)TU_$u_WyG$FROd_DM8UV^%o|8QoxSyene}8|BpyhFgV! zp0)$1c2`6!-;op5xuR;k1As=uzZpl8kI;YifB`!CoL^SgIa>z?{pNEGq?T%ctZyQT z@f7@t_gG6mAOhKKJ~uW78P94k31Y9mviVwyDP$|Jxs&qZAPdFKM3RnKo<$s#6~Kdez}C%FuaZTVT3jPb&SGPWZ~$}8~Bh$((RV5>3)oOTXCCk7o$ zm~g?OmGXWi1vkjYnDAH@-FDmx$V%|sS_Sk)%q^2`+9hJy5f&_SJXvfO*W=Rpoti*L zXvJE$2ygYyhqCoOR0}V(auca#mEX|1LY=}S>2f~~IxYryxZmudvv=Jhw?Ii2{`>Jk z>YW!E2@^hqMrJwR} zAM1MR z4^7Nvw2@uh@_K!jMPB2^*d0O<`!l9dY5DiUO+4R3e0mwC&WY)E)c|vEkU1e`pwkTU zAuI#8!_?E~>w+&xt+|#MwMlo`WfORHP0&6b$xDcq%K*sh2+kw6M~1etV_;!0=*!Lwl^Jw z)(ql~Omc%fs$#sbO(}Dc)d01;UO=NbEtuV{+O52z$zyA0F?KcaK6QO5Kf<+@&yO-& zNs7av3>;YFyl2j|_!I$#bJ4SbkI(0GxjtDzcKYK!oDpq>pK&*@A)&D7?G=l0FfSV1#?nb%FFM=IcO^loZ6+~^Y9 zgGrNU!lH@moa@8YtQIAMNm4ejb;_F1Ym4NY8GN{-0&)8@%IEcC1v}lkD0}25bI$Gc zbZE#{T%Gkh%?@gEHkx)>O&KXS?DbdH-rX`^WI-MKqb9${^Bl5Ihtn*EpXlDV2$6r@ zUOqe$HPCJmlHOoX?V8x0G4rm&I%aRUk>{C01Ha zvU0!H{wGfZ-`d3q4Jd1@7R$u;kDpw-?!GrwIKyYC|E~Eual&A-%AuITfyC;$CR~dEt-hc9NBI$WT^O2npwO@3}BU& zx!q1VrLRl_zWgJWX(hc|xK+H(&9yAVW?0U3*y;JW2jZoV=23A3AZHc~Whu4zI=~AwIM`Tn*=TrJf-HEv zEl(hBMRyz&Kw6&1xb>dM>v33ipKH-IPZ5?%39*jwfW}7pJlbOP!E;xZJDAjDQY$Jc z-6v1dW9oTX)ARHqhmNcn%1oWGkq*DH_x(eIK@xu3QK83Fx?mAE<2V!=o|+AJQA&zM ze(io!;yS$u>ZQ6YIn;Nc8^RkSk4bNP?MCVX;Zi~UIG@&Mpv*u(y{F`}%k}lO+0N@;6)IGsNXc&_CZ^bAM~9bq|I)Tl@B{HO zy%y<(0|839q0{pEl*4X6dJmfz_@R2wyD6xG?p3LfcPLz6S00StygTXeqn5jv&f(Xl z*JG>uuCA}GrYMCQ_X>?9ms2m0xN3X+C+W;@;FW3^S&MGbN3CGb8hn5YdvUgHDr+Y}!7Yz2#R_>O5l8x9OLmWGL&@raLr#Jk4ms=QrNuKAwpi0MbejpxdRDAO#TgHuCz?zFpD} z`e&*(`P^Q`6PSBEn9f(-X-X2Gi+|6UOI~#@OAKA{{;W_jQabwZ$ADmi_ zSbx4lV$0ak6z4p1#tGk|%Yu6ivZDoa^To-1ez3qkH0Aw9MJ{iuj!0iSIp(3Xd?H$_ zBmWJd6O;4Cw}IaJ{CgeGLRNU`gTTM`{6GHDII?9|yI;Bc!gD6ItHuyWdyHpOd|OWB zJ}2(o8j1UDw(Iy%rx&pKfkgafGL9>wbpDzh=wP*EivQ|m1qNWYS^Z6jv^D54d7X+& zNk3X7Me0CE;|ReuV9i3Ju>|7Qss{&71~`QqxfL$d9esVmdPy}-w0uPzLXUj+#aH3} z#fMXN(V(@)JJFRdC!NQD*XxiG;tsbDRip(7=XDps$~6l?U|fvpiRAUJzRrTIU0r76 zk{vs*1N(7;Efe#CV5=Tk7ox7vc`myJ^1>>XNsThs_U7g)BB?cAOk8V8yS5pxhhOY3 z3snQ&X)<-V>Y<;4!ekNkwWc?ydlgOli+QTmW%~TMn-dBBI)}43S-MCwzGaK}k#5`4 z+(F=9@V$~f4?tWe&}7hVxoUf|T%utiyI^|6fE)}7FR^laxnW{5vqJK7qS()p$}`m! znd`pG+Em%mzLSG&J47x|Nar;Lq-Wm!f`et0{7`cQFRuod+|g z9ou4mP(CP$Woy~fVB_&?rAaOHTEzS z>RmqHJzTT;8JxD1qS{YUtvV47?MjOag9}&sq$~St4o4{<=yr22JEll3rLJa;bpf{? z58O35ugP2uyRyosm1}$N@^I3+(U{B_9Y4pixsYqd!&`B@XqRqh>II#+;>kj3K<#s; zq?i1m)8kQSBEl!I`pWmonE!!JFd)HO3&E^>4Pu`*-wPBeJT?-QVVxOwU@=r_DXD!D zAlZga!=WwdDGjb%JB6&{JeQtjf<9?zlYU!>@{0+7mPoF2H4mecaa-B+kHmV-cMQ0M z7LEi6Eg2fQ2`fRkvs->8G;>~#+)553#-*+p`i3Hwc%kb~_{WH{ggFQEA0yt6Gk|&6 z`%Z=)Ly(iMV!yR7y5?0l?Y_szqDMkl(NeO|;AgG1OECscubvDR3~C&k-@UTBHr=dSx1gUOkdnQMH$>|BmHW-NxrL+h-;=my2|ZTqZ~3hYX~9NC$8z5gsU@aA28%|AHb z<(vGn2V7^xXT3A-Gc^JkRW|UWGbZXmwi$~@r=n;LvX3WLX~c{jP87{MvBj=r);2?o zg-hCw=Fl4b@ImRhj^oe(SFE+ozUIL>;?0?-INvRw*Y2F+c^B5-I>t3mhE!61TFIb8 zU2##=30(ct;>^1A;!3IVp7bO`rNb1P6Y)Fg%*VfvhRQx@Oc*-aXeg<7_#i*R7%(lfTbx zF4~!*;#k}>pV{0{%-UA6U|!zt+hw0zNQ!QQcu}=|_Sx&W5Wn^18g>Qu>rK)Wuesbd zHGlW);H&W-mV|lG=m~xM2fEiUu9OD!aW6^f!1+LvW9;Wzb;NyhMQ-;X85dYX7M#S8 z_sV_0H_2BrGCOPU7{t~G;LDY#;xAu+e`nxUQ9uiAof_w~>N?lvd6x$hFo9XPy3>v5 zN^&22_F4w9t-NSSk}y9IRtfK)xMAWLISzc%hQW6dct{fjn!4@#pC-m)=6*1>dTfV_z>@f$Yf^zp5You7_-Dz zfpm?|ZQJF!<;=6r5D!3}l0aJ`SAlkv4!R{Yil)5qr`Tk~mPqu=l=QKE)^Q%EnR(<~ z3cMaOCC0dQ%1~3$77e_LwI?mOZFoDfU)7|`Q!e*75=!UqOi{EoABuv#TG3!7Ymyq&kkxcTg}bzQ$1&l6D3Tz#T5b8DD^eE0Xy> zpWEnxxtn!6akcT(Di5L$Ek!+;tU|4BO@Qh`i=p_v^2(7Y?d8JE`mDODn%B|Bl*^Nn z%#xzT87Q-_mBaH11o+`6MR4jK<+m@v=BiINk#v2SWo%aqEuW>#H=6 zBpZ+~4{AXfDCTvU;i|XebM4OyNs=yKQ0%H^z|7v>K4_Jc{D7X~34P%+$$%>d!zNZIz#KC#QCB3_8Lq*5lyj>A+(%el648?6AvA z)U?PK;p1iH9dC6@K+dyJFDGH$+b&g~mM&=ryIikyC6UW9DP_uAZ*F`TO`;trmk-Wu z@=)XA!ioLx9jKgy&Fz11o(>s-oksNmg*On9f|EP{`M^k=A9nQfo8}{mWN0)D)QOe_ zQOFFrP_R*Tndo$VobISjO8v9~LeZyC%CWxw9ME^NzF#8{S0Wo8axpG*+Ahv}#i?Yz zGo|U(xwZ(`JUxrZtBLl`>UxUuadUwL<%}Jv1n%s5Ir5RTnzv>ZV}h2u?_r6|L1)Hp z65;J%usn{@)(@G6QWg%>UO0M+TmxlCA|yB&@2XjqWVT=|$q%1TxwaZ-zpe8cS$6N@ z!AOs_!OLHr(L)Ed8T*_lTN$ex?LeI7`njaUmFqY1{ADrk#PJ= zx`lyH9G1i~8z}>sU)5$Yy?FAT+VXtbwydnVP36i-of$ps7vl@_LVvvLRcsMpU}Blq zcX}c=iSK$aJsf@t18@61HNd(C?d>PKT!(1qRgHu3bxufQc881%d-bC zCJdMA6zW_1cf#}I5C8i!hfQJY{_H-jDEF_|_P_HFY%8#)941(<)6=E??aJvY3IC`U z?t2Rju`MMFyfNSX^S|$FMwVS?g_v4}`@)q80IR=!&O`>IL^c=d4PecFcjhztmq?IyE{y0bY-i1vW;2p%? zU?V1c=Ma4F3;*+OZ0zBcw;FGv{daeHd=tC_jdy{RrXQW2f35q5f8^vrSdcNOm^QpaFP)RM(ea^@U9=c7UcfZM8S041uKd^ue7*d44>2Uf@~R< zyY{j^9uKtI{K7+G2k7i{JgTo0(;EVz)-@|eP0h}2?ueQ%fLxbX zH>-*cn!2Uxa$j(p@%>Gk%LJ>w^p<*^hlU#%+V_aNHk`n#HzJXSyFX9p9lqtJgwWk(XVXR1+YrvRG$?8MQzBZJQI= z6-+!-rji#h@t`)H(=yUuWv>SQWg_*?vwz>iKMvyhKKJ=AeryJyX3S1c8UE%H*lEo^ z;`-V&@fNH8$8x6NyLIxlp}#dM)LM$rALy!Fu%rd7QuL6Ef8TMuD`Lgk%F}v)7o3*% z-|~Wkh_FJ-#p1z6JVnQmIgKKh?WLsEc)Dk z$&5Yj3kD~YNS0655NK3LHeaGQAcKI9_K4nBylI2I`F82!b&w@^QjYHdYA{~-zoZ7g zTL7P`;G027Qi@TbCIx(DFlg+ERQ`X=7psxd4QfINN8^1NOtNYP^$qxQ|6a1gr1XWB} za(b}{(rX@VNzp}y>kL-#doa=&s(-%Ro34^_GV+kld z-~eI6Q74>lXb1{+_z$4T88#S=ZaBIGl4qr2%j4P7WVx8C-B@T-97kO?yA$DDdvvf# zjW0NaM_y{t6iOUKi~Jrp+bqIwVdsCzZjiIBmnB7Kw(8ref__5OIK`5@<5=-{7Bb=o z2S_-!;>jXgvPL!YcY~frf4J|iM)Mr(n;)5X6@wj;qIvD+UmH%?5zzI|S+i7o8;%`; zi>JtVK|&1%>D^UtMeiyO>yI!vg;Rd~?MZGZZ}9unGfPrHVV!?Mx67>NQ24Pw5a^cc zgjtvUpQg{Op5BK_;}OuyB?e2r?e$Nz7yRzYwb={jn$^rfT6(XIgY-G87aKoi`e82w zUe{Yay}dsnMLv|FQ>8m(zx=mq6+LI!zgV;~MnaL4Q2nc&eVy1cjlu^CvDao{R$3B! zED2^+49b9Zp>1)e!$~l)_BLYY?|jEEVxt(5f+(2;o_Q@L__oWTxDx7F zJb*WI-mBoyAPIfk=)oShF8fT#v)N9D*7`(Bu=!NQf<-S$5h~Q%#q+Vz8&@hv5Bu|hMg^P3_yVYT@%!yvfL&dQY*d7x zglH&czGvk62x6qoLrV&<>eEAE8dV_Z!Ug45q2x`XrL&*J0MUg5-kBk#6X|uXEwz=i z;(V!5L_}K?fElwF;nfKM9ILRpaTsLaG`Wk{mdJs=u)bOsSMwc-WtBcN;Q`Q+f&%d~ z0XP_G3zee27b(2C^0IL-6XD2YAt`nN(ffi62SPrta0T*q5bbTTc=ZG&7@I#I3F9Q> zcztG@Mj@WGE9mzZGktesfuy|7p`kdZT{8RW+%z?A9U147c^PV~$s{iTkOeHi>_>*1 zNDvgzsYPSS(gLYTaEU*9t1f^lI!%=ow{wJ%TP0N!{^!0KXZ_iv%x4a9;o&)KC z{rX@5gRF$hM2GKWl+2u+?j0$fg%ZhWkPQu(BT)3(AaO2R3|XDTlm{{w*={_l|6?v~ zG#EJkL`-WS@j0pdXwca%Zz?{}Z*vX#^!|ISHoPoN)8!f9Y0Il(=_pA#^4Mv`#+A7B zmDk(OUAdf-+4@H7wG1g59nj}kK}A|g+-~h=PGDap6?Dd}lNLenGKsAoKjp%q(m-|& zVm?N)&I7d@xe%Fwdk48=%*O0EAOf{|S17Yk&c_j<1p9((=L;D5sGJ8a|LSAI% zn6LQIdZgiagpL^}6f<({SzD#}@k#f%Xq`Y+1n1ysLd2%5;0D)WPZB$g=;sF|rqto< zmDY@b&|Drim#>)OuybVpOfYeAESauSjZ3}U1H8#=LCnPz5DcCM7!C?|O&Smlc?027 zfO<5Y=rM88$eHIO7BNtnvpNK}H)?MLVZx<4w}Ir?J`>6~qu8(~TLpcR zXZd^YHb(#}9ufU~Xv9A<$}3m}?d7?zYSj=rx22i#^ifg5k>g5Ck=ZvLQLXsnPAD|q zWDGA)DN!{Q-~1Ss!TutPbjksuCpk?FUNFj&<2*8NBH(PM-lB9xG-%RmGINN(Omcp( zDv=Xau3i7@m5_&NQjO8S52TLBU+;VOB4C=}JD+{fFlN(0i64yV5v-B!zJ4i4mf)@#r$TJfqd=6z$+#zLjD~flWUvmLr7)Q>eH}LbK%{N@(d6-wT)kB(p>5VJeNc>kx$Rf$d$i<~^nlc| zXyKE@^3@5)z=;{P-fZTZ)+{7uKMmR8$Exn~LQ^9?;-90-AH-OM$kx_Hu0EUBJ0K^t zo9NnRqBu|zm;j7%0V5J-m9cUMUZr5wGGz^%ocRd zlT-$wZ$U(UqDFFOoADeUdjLPTBf6MUCO-n^-%}H??4Eny z)gQmYD2M5G!i}xm7l^&AEfwof^ko1>BeG9+s`2^cY;(Ty&I3+xkk5R_>jEj9ppc}s z=>qsh;U$=e0$tWr&T`l_OrZ)h)$K5sHHBJ;cqLYBYj>{)DJC$WtT0A+GeK{$5VFvR zoBAtR4aRZ%)|a2@Jd`-Hx?`})iE`aUJz}6@m^Hw^E8po@+ z=P^II!ZISB6N3|fPy+Xcw0wANQ!`IrJRluv?KSnDDKOxZY(Dc(8M&?c%CQSXf@F;* z4SqpZfBj1d_uhgp6FA-_XlGa-R zO!+Kvq2gAmb}xXxBLJcpprj|OK#HZ+Hu|DgCqXq0z)wzJUWK1#%&i;4GvHqZX?!n+ z?o3fZ->k)d(OO;sXbWfF*2vP$boNChY9F!>5Q`M;JyWAPN_&2nHz4&v_ggEg_H`Jk zqiTZzk148d-6tg^Z*A29`ue5Yw53W!Xm!)b1fYW-qnz7Mgq>Y*C;HlE4TE}O1yWOn^Y}g+)Xi8>7!44t@lX&Fu(pw^7+9?Pti1X~ z!;0n^w;0%*>KP-PqS1!JrMEe4k>}V`K9ScoaC@Kn5kZ~Mc!Pwywwv)>_Bj_>R7B;i zkI#o`DBXwKN{cYyc#Nm<3ps?_yR`j^Gr0bKs|7go3LR4sT*I%f{w~?WBoHXRw8c%0 zRK(3s9BfvXw=cNi5?fc>2N+6YZr_D|r_UGFSe7|VMZ3U->3J(V_v+zgg|OCjXB(Kf zud8JCTplJ3oazbnR+gBJ6DFpljz+_~Ce1^sU0eH%<3j92CXUyM6oWa9Iz#EocSL3& zbodlJrB*Lm?z7)B+Pi(Y+{eM^=NI3bg@#xh*L0e z@4s^yto`=&)S;;UfhQK-u>`aZ1GHddmc&w#0~&@|l_lAi(DuWl{c_UI@luW5)nEE|4QD%M)f`ss%Wu7Q zzV+8Q*<0OuF)}G$@N}(s&yc3lNdRjJ{xQ9HU9U-=_}XsR6EBA2R((ZItx^Pg%i0oA zM-$v!$#E>!%%3Ab(+Q4j3G!VeHl6l;qVqBk%e8VDjX%MEvUAblvDp{c;l3IWsD5VD zRoxrgpyKMQJmV$)Vjgk(e(q30Id}+1XJY?R9&%&|-Wtv&-x^JVIhY}zZa2fwxet1_ z8fX8R<^H3z)EWG4f!n4*wH=ZPvW`G3OxUzQayc-JsoN^AwC9`21L|xLEMq9lB27;E z+&$$z;fp%bVCtmjkq4&sKns6}%!@p)Tq7=(N z{=0Xk!E8&vaH!xZpZc(45YUilyTak8PD2mXc42%inGn=fu2=2R*W8njn5kEEhCnA> zQ9P))`d}b)+v|SpMZH@Pkjc1pScM;Sj~#re<$qto1~GxG6l)kD&eePHG_8o+rbS0L z7^M5Nw+T?dB~`XVB55&RzP_fqpm+fyc#K2gb?rM0+gM6||M$bmN2lCrJ7 z&Hr)W?_7%yX~n}&4YoIXt7Ww?MglWu{6pdVCs80XM4m*2_Ck1eO{1-=p%!Uc`a!63 z>duI#_;;a-HWY^3O(Wh2ZME3al;UP`774Db%_0C7-UvP--RCBeGs;Dh&xIZ- zFk#lD@#B;M*J}Ra{^5Ys=vcD}I8Tfz0JVIc zx6H#f=D}YhUF`H9@ysVk6+!9|vKjkq)VHRAuBpf&Z+bYN{pt9$t&w%xGjnzP)cjrh zuuQBif$~rnK>V#Gdrs!l{@&E8f2rqJ~Iy1fVZl`BN-H)wv9?BVu~DIz6n9 z$PnvNlOGbop`AToO$JM}S0)y`qOIuBJhizZaD0i|&R8ccn5-}9BJSa${|!E`@yrO{ zr7z%m7u3dKNSi7P6~?qG82hcxA-Q+pwP8TjpRybt%UXq<7zEV7U!~ejZ^?iStgQ(4 zy<$Z|!m1*-34L$1Y&iUdNT#3NY8-7g{RE}|M&_|!PGd2K(%D>LkCYKq-5_f-76`lTwS^?YLq!@5&n}$bguOzcuUi8YwNpRd0}!SGkQS4LBy=H+ueN z67e0!3%Wkv0ZhmJ)G06c->8=0>`M-)3Sl93>vs~jViP_gcIKfQR0bSoXT)|&X5@8V zgXG=uBaA)0s2!i4cGjqO3Q8J|(~$Og*Y#axyena-2yVBeu2R7(>)im+YDEz<|<^z6U_8wABqfVND)k>HTWkNU?TLvWx zR^S3Ss6lb4@wjRyJRe3<-x+x=gXzMi`z<`(4#g7#U_fJJcol*UQaLO~5Jyo2(45sqQh1_c(PnWTWT)hu1%T0BK8Brzo#v?~vT> zI6yBk)L4rYLZeykNZ37_fV$`X6RnpM&OBdRT?YPcy1uqx!`qQV;f9yy2&T^d(&3lQ z?=Q4u`0DUv^c0LGrwlZn+%3H8$)+J@<10T&2q_Vf$TxSe)3$a3?B_9cNUO}HD`Kei z5*nr3@x$&`>zxEZwLiul`@Cl9kPxmwtt zG8^qI12gK4luPCqGB-2r3Q}d&`%OH^6Ecj-(_Hr2UT1P+`a4riV|22zvs_V|c=hVu zPKehX(@H&ul4!VAp3q!%I^N@aYah7v0GN=J7_qdrOd;B+PD42>Jt=ktDTzTjk_YY` z6Ex|Xds>ax!_p9j|5X+t#h^@hl8;bYx_J9(ov)sgERm2p8J6tGF^W%q3vLmeU{;+vZireco$s`@Xi{Ypo-9Rb)Tk0X0ST=* zv)u;cZ|w>wNd(1T)jOjrcK5gA!S|ViX_Bkd&ia6u_RI2V=F5mSF%Z#2%b=q8V$22g zNw}*3!coOtvO^CFfQo2=1miagzI=My<31St(5%;vBiiWNn^&A}91iPX`9hIk<8nr7 zqe79r9Te#;cZ$D^J}_wq0j#m*D^gYGQv(MMNSAFc>d4-zNboY6Xy@2MSU+awn~&1J z`l?#RucFU~Lz`$7ZWJ(u_9sXzAZc*xE|$fRVLool1-W(8KDg;*Oj&o0GJEy1CA)0- z-9?}J)@T(pYOo=>y8|im46Jhn#6q^>U#`~oy*AVK0mkeW_wkWb%-m?gKpVS6LTOZ*LoywvSJ z5XDr+tM_ z{QE22>{T!>8A4Xh<8bKY0LTUjym2ZH?qV;Xs)UL^-rB9i4kdAWSEX{VVOr+cY`NDKTtCeF!6E(92JAgdoveSx7m~<2B}cv+Icn$z!P%6fNX*MB-diY1n& z>c_lafR4M)V5_GNlRbS!>+1_OWq?j>>^qYijG>~9-9LR4p?`-<4EAD;3W#Zita1=i z$K)I0^$Xc?tH%-}uO+*KaDW9s23iUM48{+&xN=orDLa@#s}PIrh4ej_eGnN$0ZUpu z8jC~P3I}EMyjFoTerby=;s^$&kP)azpQQu}<2w0}`zVM&ZUQI`EvHmqqj)613~Md?>Z2wnfp=Z6yuPBNI+?g6?dkw04ZQ-v0(0M$<1{3^N{oCz zVwhmJ=xc2?VfVFe1ofF*+f3!6HWs#ZikjZ<@)#1#vp5)S;-y6F2c!EksU#W)BT38$!rvqVtWcYw;> zUZlK^j2)@Gjx?mYU79bb{%IUvxPSh;Q?;;h&7aeA*@Llx)mA@$OxObeVRsWv8cDiS-mV#26uYv3=U3+=n=Cf{>$A}&KfOBVA)_zY7)^Nc#3!R*AV6?`RM?+k;IRvnj1|Gc zvOYpWb<#6bf33MD~V1VfW1nNm2Duy>(y8Bh^ls=YxyRFQ`!r4f6 ze)DdHJze(sMw!K6aoKFOV}+EZJ8cpG-26HqV7Sm1!A5!{HxW`JeZZx%Js)(bdHQ}3 z`i~OMr87!94bT8gHexK#?gY&Ht$Hh9FMJ80n4+{yt~|3EfK9g@C_lLGqmq3A-m_No z;punOxovJS*vmE=IzMT7j5wZy>`^*T0r)z9kU0tp%{gWj{*{ohU0xBb$mO_Qe>N+Z z#UhGR;AEtp(E`%p(SwUWp6vNtVBsmU`Lo`WMJT2mJ@4!QAmk)}d@`P(Ks|q6d3Cn3 zBxRp)!NYlQ(+(Fi^Sx-3s;UUkC-f7uczv`^pfotRgE@+4*+K^!EQ%Nx4IxDGop!k5 zF54zZoMzr4-2!=GVik8Y`WDmf5Tre@&4vK3P}OQuj3>K)j?a7Q_vr@fCnG>&e%^oe zyXA9e^4$a65&w~WQwLZg1^Oy!qZ^$>eA@P$yD$nWS3>lAWwfsyK@~3`tvT#Y`Rt6| zZ{r|qi=kJV5BT@Gzadh^+^6ypX;hd}LjKcJ{=&wB-M7cQF?I{% zE^hYKrMbX{7=d69FOkOBM2GZ27%Akz{hsqFT^)nn2TSYqkcVFFAX0AxlFqRN_ThE702X3klOJutlSiXAQcZ}m@s-LOb$LJ!PFARSZ$rH52GG+9J7s<>DM9cA##K6>kU7AtM+b%>F9A-R15*5sdf zQ+Tr{J1W2L-2P#fxmeky>@EXc@CedW8zq+ei8UWhj1V7*wvCliu+_4?3OJXitQciF zqiXtiOYK>Fg3H5(zjy%qOYsKzUo1xStZl>45^q}ffeTRd!qBf~7 zee{JaUwkEk9gObY`4@Zd+l~IuU33J#cJAl6zgW5N{V4~LUkwZ^K0xR9{`srlyF+9@ zy@IbD?f+gi@GpJ{%Zf;OIyp=Kw@dQOaR6Mmu==F`|KfA>kNOzC_UiU` zn|I$^_y1WTeMB_3vZjX)$MMbm&|l~4pRkwUYmcYC8>s(yB~=0uD=AaRMQW<|W#fdv(gZLk>5l6LyYihYf1mjN-DUXZQU5+{|FO&dK5TTG=I_JyA9m&M z!$xP0{`PGD;k*C#Y;?i%k33tvECZs&*X>fVQ>Tri2ow61pzT;NT@3)z@>us5awVgH zaNjPJdU>MjKbHC1vl(xX5JvH?VnQ38=kfPD6y|M+?U=Yy!MlqiWDYhXXT4nF^}+G% zhI@4)r7z{8`$>wl&exs!zte5(Z-4%VN*BaN4pC%t)J6wvdK0P5_L*$@@%*|?4Evx2 zL*0_q$V(T;|M(=TFc1`qr&Ao<`vK z)qg}Ve&hL(AJQ~2HQW+e4*Y=vfNu|UfY<@j@bYKo`K8%4N@QeQOgFW3UJlXH`y6)) z-wXOS1As!m7j8Vx2Hj9|7?%4u6OntpxkDJ{W={o1#wt4?H1j49K4_WFZPSxZjCQWA zCKUlHb)aIm(mh35uYfOznGJ??IR-+_H+fW^Y?oaLlW@h2edeAF_#)D0fDINKfiB)< z&<6}$*109s?mm&LI~ZF`0dTvoywc)qScLnF`xdot5(5@VapeVhI74(x@xUT!or|Ej zJRXXZJ7rh&Wn>yr;ajDxO8|c7b-+X{Rdi1|Xbzgkc1%OvW(mBc z7VsOKGi#GmRPXL`y%iKc+`TrJAuuq^W)g(-5ecN2{3!#w=|kqpMY8mhF~8mE`w%(U z@1fYQVl#Pcd`F)%4T3yFz;o9FBUSqTPWg)yd6`s^;++_|&Gl-$PVRuMC0E4MZ7v0= z$a&?ycM+g8lR^bdwW8Ak->x_Fq7<}_VFxLoU^UMm#R3<%5Do=l7K^Z8KOT-74Nu?q zG3)XDdy?A0TqFpf2zW};fgS+qYe$^f=9n6(q^zO1Rx3DX(2+^5Z zfF{bl@>q;RlQ6Dqq=?IcqKFBEU6C>WsYu23wajo%vqfIf+d1B1iatI!uNfvwv%Ze= za8tacunw@t%B_Bi$|A+H1JEkqy9Nz=L{$XQy_`+mVf1~x_CJpDzC>iX3MXSDzg@&F z+j2axnH)C0ATf$)35tHmUF-|HAf|vKtv}Xn}I^Dq{MnzSBxIRh9W^hHBHfTC^sLL&We!<`}3A_umaz&*F zrAi-g>14s98b-QL7FVm(*>K{_Yf$MgnXi(QS?S_vt+a0hC!4jUN#7n$x?rnH z3#`Gkib0=Dl z&4aK@ojTIqsh2k)L;$+ed@xu#cq{oPE|(=ToA|l;{61*eJ6_BM@`iGVmb%hWW55nL z-zz#>C;u@-e&W(NsoQzYYPlS=eVYj~@`s;UJ{r(Gi6h$OIITFW6WK_h1x7VRIT>5v zPYkZodP61Dm0b&xKc5rMbul_bo(Rxf5SAwHhiZwv7-|g>T^blTCz>%Y@y-X)b%duF zP0R0)YNfQu7rA};h1R=FD_F@o_rh;|t#YyBN}OVP(Na;er^|_ZKUSXk2|EoHBaadj z^WAjih0fP16~9h;yB_ER$s)VkyV3J{)*r3HjW5Lzy#s|UKsV&*eCS&9Ll9!hN0CBg z=NB$}Jkd#6O?6mVp{@(hlb!Q3TUtSaPMB6WFmv#8lz^PuIJ>Tim(R+$wS-RF&gK5Q z?W59MA7K%7xnWFv91g^Wj^=UgkfimRRvbKU=pS5%g(a%1#Sa5p+T*ZW@6}~z>DHAN z{b?M(AM#!Od;E1xoXNPb~95|vQUQRglK7fmQ(GU*KEt6Zc*y#xChZL zXpt5Yq7>pBT6|G?WfLLA7N5=tq=l?rsW5J#lBSm@{gSpF+RY;;*=pp4|0-ivwiDNI ztMG84lvSM|UMRKTQX!enRc-J{3%nt)T$e{YxE)D8E(H9uCIM5^~tTnKME0WaMP3*}?wx-w>)9-1oEeY{ZtAP7|_ zT(P6O03A9fEDfL+4mV#=3!Gc>0S;E?it{;yMjmjE)x^9;X0SfHu8wQ9-nQ45oCe*l zy0JTjQQIZ?(A__0&eW!85BflpTJ=bw!dn37SDL8HrgaM|*#^(N1Ccp)VDtpT)eq%$ znrA0FGQMKdckjQZEbYIGgR^+N!~&7wk^z3oKXgnpLU}eu7T=y;?6e8&trZgs4f?(H z>Rmgtq#tx(GePF`bh)pn|)PqBYZk?lTTwf3Cq!gJtj&2BDH*jg{ zXTWzk*YR50WI42Sav7lbCgy}oo%&Ke3TO-@_Fr^C>W@_3b zH2=vu4r37m4x6$p0*lkq)z^>jM$JJ>Qt<^rr%f^?Lw)0uZipHOL&2pjWIv6)z0suw z=`!46+!>^U(tqxmhKKW>{j)3~0)O0Yx#RSU=-px2vL~Y0(c6bLpZ)Rk(O2nYOewJ}E}xv7jxuVS zD^$9>yzGW9C1$iOPkEM3637{z?yl|6JJK7tRtW1K^{nHx$c2YaJmPuUm22P%Fia5E zVqaaRvf2nkkdQ58o{MT+)?1=DGpDBd_4GT~r zEGO?qN8rgh&4hawmS$@@&lO#MQ+f8`mLi_NSlr=5Q0FzC%hTU@5H+$M9Al2wCm9C97D7bEB zxKtMiQvnyoyu$Gk)e|GfDDFfLwtCgCDR395mt z9y=uYyy`Uu3#SQ*gAmP*IkhR$Dr<%Oc$SPM*<;};bFNZwO2jS+v~2&&15Nh>d15g zzaKY59zLnXy`IxG0@>ytZvX5w?C7^IOhBXIX?v+xD7);~$T9DgW;hjW#tXWh${p_) z#%$LgC`K77%uJmWTM25;E)z;$F|u1sOB?v|IyUIJK-}XwKJ@ss)6{{xS0;uAqW4-? zu3AveEw>tEcm)-CoG%iZISEI~dgr>wyq(2FWAv6nVwBtop4SHX4q{7BGj4U9A^G@~ zN;k-3PI)RXJ_JgRj*iaC=smtF+l;cvkeG2ppVjIp^V}9x-N+1(TRt|atsa5)c+|Ww z{)ku2){T$+ZStp51GLm|!!yG7HXgFaA@9aJvMr|8c{OdrN7nO-ew$svk=MAn9NOi* zW(j^pBI%_g7`^4<&5Tum+~u3-!rX&)x`fC&-s<7_k!bEOleM8M!uol3&+_i>0J7x8=` za90J2mH@0*T4@9y72Zqkbd4E1K5wtLO>sGX$6xHLN079NEdFBf>&8Vs;((nVj0^5p zR!;Mj9?@7M|A7G3WF{B(S*&mN)g*WPCK)xJqp;TD*E(jB)0C>04PtA1#Z3F+$6J9t zvFA+E;#`}6rO&ydKdZQ%XO4EH!P=}(*Ap$O&j?sP@3&)E$7BMb==Fh#LNw{6VyUOS zW~tUp(ri)YW_-=B(nJM8U(7JeH1KB+`v<@glrxk+jOCy4^oP3*B5FCA@_6JCJm`5x0u_Jjsv zmU{HU6+`D~(E$MGgnSgo{I+TKrGpx`hxTvslJb9%C)8>|D?@?o(6Z4~#vj=VTO*~S zx_O}Vjh2P}T%phMu9n~1)0<$e|8zTO{4^nXiAyV)xIUV&+hTsaV`#-+}U^K+SVTk zU+yZDRgaSrZe6L8esL~5{pwrKLggWPJ(q9%BlZzsazx%Z>oaeBP2V2wjYs-x*ohrL zzLxI!O!&Y1+TT~(xI=FI^!G~shYk6EaZet(fRzQlC?6quZ??4`E0shDOioVzWSFG$ z7wX#Q<6pcuh%)wgV$+ppltXD0)6c)EWiFHx?T>)Nwy6^7Pci3(zS5&%7F9vJxh9sC z=yi9$NhlvEV?%h_f<(wJb;KK|1(8viFOGzrp-V1j_Pcw1ikb$La$+C_kf#85J)oa^ zjiqM2hC+YoZ>;ALZ|smsZ?rtdp*~txB2gnQR=vQeSSP`YV0=f}L!v$k8tlDEJ5POM zrVuN0EL6q8dIVU}hY;XrnnAvCY@6a=lxa0h8DL1tePm8BxMDW9Ya(w4B&S_Kbid%I z|ESQivPDoANn+FZpT7hH;A4k`sQSwvD;H}%W&pYMeC-w&6U%*Z-hw-DFM75?E->hoA= z^v`XXrB@(qoMI3yUGUb{(NQIq`6Rq}@uHt;O7$;p_VB(x*LX*v?5nZPn?#Uamg-Po zHk5%MzoWH7f<8xG)953LDuf%`XI8SFr+b`l-N;$ZzCu#j(sKL-X)5jaLzjDpjUTB{ zox?n^be_n@4%WMhb>8QPcc{_~JqYPEzvscg0kUBciJuUjHlfB9zLe;ewpkqcqGJdnz-@HoXnIzx9W)7QS>+WN~Z`J)zpb=bu*WcHt zTlRnLjlb9b|Ni~QHG=5_GD9Gsy`>Pv7U&~Pne+8PMa2Tini2X4hjnyjyU&m75ZEe+ zMjeiI46LN9pq*OrsT)x~DrW#P)K*>s0upK?$l4 zruqYW+J4+}v^j=Yn@7S8l7&_M+nhuLw z`R$SNHt+ck>#dQx(aqmyFoDHW;YXyXezAM#i;6G&bBA>&-48$BI>TYJhG;P5bvc}q z^;;R_Q&Uw{4dRj(sS4$bW4vhqp#q|jg;dTFK_cz>`}+i{0J+bBC_V5mP69)2FM?t% z^I1MU6Z49vrWnETm(0`(Awo#1AV>6RI^u3DY6|OB^?SyG{s$@ixS!M#T6;6z(a)Ai4-4$de__bRrMITN>KCI5A^Cu za~kA@gP=nkg3x1GMGOntSAR2wAy8^nfG|ahS%EzSSD5$?p@{(0Z06Fd2o6lh0(T(VM0fZZ=G=X7x=Yy<6KalMT$P?MM80_4hW(ufE+ zLY#ytejSHffz|E~w=)3!!;nQPN$rgi!UVYa+by}i^8(nVL>Zfx3YPEN}YLCSKE zZXg3Xzmk@I`>b&7a}px#aIK6Jp`!_;KQ#YDVkPb1#5iEcH@Cf`SMbBC zZiy6ZEP+>p13fH~>J_RE8c2;Hu+ODIa{V!5cvvsw3GJXnH-L~RZ|#yh0{2~Vs4Qv) z+r5d2`$6wHH}^@1Xpb2d9ABbQ;(W6~&vqI(won<(C~04Q^5h8+jlDiX4?cF1eHE5o zH3gNHMM9y_;7qCS{~?Lzx)uMtnwVJ0h_*Rq?;0qlOQ{~Y}{rlravS5 ztPFJ3_&bhzoWXs09mfkN^S*F?xA^H$-Wa7Bgfk0TZx4(So^lg#2M?7-&if#PG>>W} zo^rTL0y>;L!gQTA{^hnhLz62H@ElFJ;b453uw)v+L#@hd7OeVxXd^2>TIBHddr0{L+^QDSLfR^D>~sewB1g2$2&kEzNNXV?vaM z+JRyE$y&5<=utbo!e%n?6@~qGa^^d z?;PN0rt6ybf4I{G%=+2r@#_Dty|;{uDs2OYcTp@9R8SNo6crQ!B?JXz3@juJx)h|O zgrU>XHE5-!EkII0z#(--kQh>8s8PT{LPi)m|JU(Zl{xFU@AJH0-q`)J{G6F{uKViy zN}0=V?*eN>wn`SX6d&;w9^%J7g(9^Do4n}myNtsi^7wcyqv#qy=&nD^7HQS5-km-Z zn?l?abfw*aVbbxeaxi!2kx^x+zQ{xWl5!a%eA11LQD{G{7pK8Mfclzq5LoOqljU~#^Z-;{nP~IQ zsiS#In5B5#4-r$HVQ5eawF71Y?i&Zhjm}e`L z{&#)Ap$pz#otMv*-{7{rJFJ}6q~k``3WQ>)Q3tRFS%m#QH<{Q=MWA@61qNn?X~cmN zcmerTgQgVC3>ffq3|5qNBc%bUIjy^q@HAJX$cy*aK`q$nfswZ%NHjm5z~&!Nj*{9J z$Q2&upo2`UGpm2R2^K3JG#(jLlK#y0xiwosA1*!-F|H`F_W2A-zKGv=YxU;! zu(+|xKzXIO$nl4C#rf2yI_hulf zjT_9S^fe|#yg{-V?JsO>pdq~!CXcZp{tHOjad2$3s(U(g9f&)Sgvn5Z8;JXp{9XLN z_g?NLUzQ}pkR~DH>Zr{^TF>tw3M$W$QdCvEih)ph=Hp?MuKa$7;19c;iavxTHC0}5Ycz0wy2%=|@xnR$uXJ8VX z^5cBTn(%#mpRW)zjX1PC;I#E|*m`1`ZvG3{QD*?1$@u2bzCE=CXU=e=TVuYnYXk<^ zb!9D+(@BtcVgIMJfhwHs27w$5_FMu~Es0cv!?X#M4dPU4_60_VOu(E8DVSyV5NdHW zJqbRSC&*xBBs&OGz_is?sW4kJ0|w`m!ZuzAV+(68Wa_OD7fBALTdad~123mnyWm+F ztEuqdbT}8S#T8IMJU32`7fDIGG2&na-dM^O%yV^HVBY0*nLkaFx}0} zNh=N?o@AW%>u*=mVSk zU`_+#7RC=R8#AKEtJhv`gNOTE3wAyqhp+PdeGh7r1KUH8y>8Wyu<9xR=Aa34UIfj3 zYDu-`ZTe|33^yE=dQIopQSdDw^%3%2@qGOw*yrmbU8Bf{O z?co+#fH-D2=fR5=&p~OOVX`LD5+d#{v=cGm50cTd^?y)5u^3)Fw??6l3HoI&D4L@p zT{~b0iO#m0&sWpM6^09NW&bkREEj{lzp*nDbzwyYtgzeKSNYMN_XhyHDxPqJY0l7k zcHot#5lu(F>x{2|oIVD!d2E&0X4<1I`V#ISpmyNet_CX{SyZUNh&Hr^I|7xg!ae=r zob-`64@Vf2-19^PGQZ~}Qc(kygOMI*FSdG78s1(6!0!z9E8trG`}z0|27-~6QzgnS z-h|B_I&T~INzzB+91v>2TH~}n!20Bh785P30?0_|^}8M$EkYYA(9{oc^0X!KXYye- z)AKK(sGiDInt;T+$%a<+kvNS+7D&&6ivZTsjn6mI!m5Hu#Ex?(D;Mz|4F;C3c()aP zx%|w12PW|_vkyX%v;=3%e5oLEhzBl{h(DZ|m?+TmG=e@!uD!HfwcV3t6vnb8c(T0f zjdTyAS_Xt6g11YpF@ly7n0rhG^R0sWtUK8e&(9QwXxvLL9i`<&8gQKLy?O{7y(=@*rCxktG^8WmK`~u``Q6(on)dOH7{;imtzA>sZ4IAXrsFbWZq}uxb0Q5$WZ12XX;>efq0^50e`K| zE&1HbC{EbJV6E&T24=9qE-(6^y*D%0!DDdGf(ZLVjnIoR^f@eZV`5U0H~6-tfPBO0 z(Y~kh`3}j)Ct?aKTHkabOM05eYtc4()fwL0^H`i>rQKp^QOpn1XZ}L8+Iz+H;7o)| z)SFvre}VB@fgpO)iR>FLJChYI=c%`Sfxno(iNVBuVGQ(i#v=Q-b1d8BXPCK=^vF#) zGqI|CctvOV8dO0Z?F(r*?(0VwCCo3cLq8X9OeZJ@s*)9kmJlc${Qcdwz!?Wt(hsNn z9X{k=Mj#Ooq*e}0<3W92{pf-69rtmt;soI#XI`#U{)z|{OAbU+7)9=Hx2p!6(5#X{+d z%3rwRg>Yw7&{dRV|KqPHKzC<;N#1|NI4uVq0Q5)wA@*PX${A{7s-^M2|3caRj0SHZ z#L~Mx>c9QfzhZ|X&%dIE64`%64TX@k|B4!|p8H=c+`m@sCrbSPf1-vnS{HuE-KE{G z`|XoMt?`y^5I#LI`iUskr0ZA+cXr~rSjVisrH7`!yx!#edW^Vq+H&sm9Rn=UURV{LeWX8fA z+b9?bc|ffrg1(Wige5`+7D_Q_r+sA4GgH_bmfTe5ncI=6iNrcP7iv7ap!C+eqM{u+uH%_W4D4I7H*6n*n-F7I@hUCIAufm>Y4 zoS!{tr=st2o)>cQXJWSS5GDm8B+a>#({i+sSZ~JMxb*RW7+G`KSo5j~2|;d;$ybvT zOd=)7?PorWYUt;0er$qU*046Nvh8vcZNbXaepXYr&#!F0bMaYoy7rY)n>r6bD$ zZq2@%-Lczydp@<}v4hXL9qR|$1BPqn#da!1g`1Z`{?c%4{BxGW$PjeeZD!STm2e-T z60;g4_@%Wd8gr=;HDtYr*`fS>R_zUV-5$q$KPwHCTJHD)5nITh6|5+-)R3ZRT1LTyFD$vA2wA!R3&p$h2X0 z|HX+@M{lVu4_MxmHwFpDQq9+%F=KvP?6K|Q{iTxwh5D3W_u(DI-dqmQQCt(t!ye^n z#lcadH(Bfh%TPo-90qM{`gif0u~J2 zFVqu!Dd9~Ki6mmlOxGl~}ZpB>C* zK0^xiD9ZtXd{Vq(WXmYT{P9?F{HqVp(_uu3cB^>SVqKihP$oE{w?3TvSzFpZlj^9^ zNZ3GjhtrxP$bDhF&B{-~W6CEbTBqH%jjJwu;Gh`^hM%s#v1~K|WcYbuo8$751HCb^ zdc_bIw|V=1i6QKSGIKSP^O(*u?5gGAj*-nYjdQLkEMiAmz#Qc8Z=sh#X1-;zOfKfB zeY&wBT&$Ij*5IMN=a=^m7%)phxxJV;UdB*J$1KH_L2H`MtPfMxUhB;81;-A3gGYXn z{t$jCnJ1C>wMk_6nNsWYN!=Xmu$U(gJAbs3n}cWZ9Lt@c+sq1Wk|gonNP`Bkkn@C} zKew!F{AZ|1k(nDR3D2hSeJbrER9 z_qXtZdQM>GdkCAOwj!m9|u1XfzA?z;k`Sg+QM`i7ydLkUAL(rYG z30rA-_AFO>nzLK(LiI4zCB*BxPg`&lFLc{WSSK|54BdjQj+^e$O?_X(5Rnk5WuFjg zQyyE+%Mlp$@Z5}b$+FenhW^q;E+$=SK0+2F(mav>YT8%eR8!haa3sOF~wbak`;M@hI6Q^^A`;O~S zkszdSgStm!SpsI}U94dPC6k$JRch`DRn-!f@rB)AqU>V!&88sjoAooj(bC)851DPx zKOr~#j`RpLTVG*>+?Ao-(J~Xc{4w4zXaB&)HR3!TB>`P!Cp-(gu_J!l-$p?Irwr-h zQ<9$Z)e)119T=Vlq{89|_4-}4QFSj+v8_eEQg9(enurUlenWlb<}UDdoW~l~1GXN$ z-56n!pJVyRH6RA*OV*mhA6GRpg7NHl%|yxO*eGq-h@h=X$(el@qK#_L$n-{H;=KoyjiPda(Ye?)7mF0FG^g_}HY4@XRCa27XKk>07 ze9mdyI((aZO53II6EmSV#`DrBrC57h&-UIQrH<{F@~^y}GFyNmgDvdyUCGz%3CsBv zBQ`DPvAfs=2I}np#80(rab&}QDKi<#d7>SzJnaqQy`(_3An`iPh-8)aG`XFkD^@!T z^FB(hGcwh?4%kz;3tg>)Wpl57`18eR7<*Z?V`t3RM+XtTx(QpJ>At!XZjSo8{^{`d=P`+=P>oqviW2{T|G?LGbn~=hc5hg;NF2;BKuDr%cQhc0&_d z1Ea%0lhAR}i2ZK|`U)uN6Q$0*{wFE?a#xl`m@o4QijGb%8fPJ5%ir*^$g#byk&+$A z@2ViZ2_?1e1_ji9+p5UzJss2=>Kd1(_(Kz4 zlsS^hNq${A^W;JAB~Y2I1t8u zZb7uoxJt<^3X3e6p)Bx^cg!Tew@ni{(7akuWY=f`vIJG%YLhB8WYncD`W_<3Emkw1 zlaCUTzxvEEu2yd2)gX=Da{6+jQ122mE@U3(3|)X3H521^dZMHQqhoUWbM2u?hA$>1 z?G==p1m}mueEwxY8?QemejNNNld56ljbGI!ekq2~!#w6vqY z{_IHo$ypbVfQd| z_7HO303F8;o^F~8lB9v^!H9zoEAo~Qc}9lKXkjnW#$_inxodg&y( za9&APC}(b5jo8chzg>Su8Ig))Czy=XeWPE+c4nOGAr$V_<>=-c={c#6374IZSMq}; z7<-LtVz^*1`W@IqD2+6{Kk)#6OS}KXfHM{ahzw z^Mc`;_tCqP7V+ZC%oP_@ z{8xQ-{af$$+!qvNj2t+u5tzP8JnXWjkThS@D{*Aor_b$a)9<)#>rOftDKQZ6-BbB`cO=Ucy+zpFHgDKKcqmULAD&7kFI-DLeHXvC(g-!BaFGn*j5eOUPC%Ua4-SQyDp=LAHl~fjRDKzahk&mg zS{jw8Q1Kf96|5sUH`Y~h{(!OD7|%talnut6SIgEsY?EyEYHZSyh-hrDz;9x=pnpW% z`VEOGoi0;BX0fF`>x>0Enyg-aq z%DmVmf6{1syCI&aRP z29JDy)mq+X7D%)1E7GCBLj|9N360L=e$Q+yv8elLJu+OIkf*g_F?+38D{vYYk_6K) zhDX=bl)MWg%_NM2 zom0$aTCGz7n*#A$lC21|@)L()w8fEKg*iB}#)NWXGsj>1KBkOUhU%mCJRIv!HLPh^ z9zU?oRJb*B|JxGA2+lw1PN1X)cWW&~56hxFTra5ZTzJuT|D{D65&=!OIQxJ$H*DFDMF2MO=%6SN;m@^L;ZB#I$7cskIw9z zmgTQzzICxB4p4AQBYd)A)<~HDyu!5;_SYVpH<+&*`7?3F0$ojaei%LIHd5mjzIxrn&bl(`qW;f1(~6^%7)89tfp3? zE=$mrJ3bH<650I_RaCf$L;^wpWPOs!(bVH{_y^nF(f#I$xez)jTCYTPXXEgj zk}mtxo-OVSR3%kDu9eR`^Rs4vZ;)foB7IG&_>ujZP-u0Q6Rl?^t>GvOif`xKfZV<3 z+caq3@(tB0!tk|^=lVWsCt#=}&d#Xj(Y2<>0CC4l#`-=2-|1P2iqPRZ+`?|&+F5(=P!eazjbmDHBb(yUcm$dnPHTr9A5JsQPzM1?FsmkCO;Pbx5=Udgb z*S4?qE<%T##gS6t8+)fuE&)ufuV~M>w#_+$t2i)SG0xL)6F_fkwyD84U zrq`2ax(P6Q%Vtk@I!K0=d@4#R*)jl_b?oU&6JVmib@}Y=KbI|2TX@P&k;8|fcoENA zX>g8~E#hR5U`^K0&Acl(@{v?uXWD*&@65LkQFGWa4(lQ4OEnp&qg@`Ff1(L0mCNX4-ziFd*T@210X_?$=drbC#nKu)W&r_dTstEZTXVsExo z%z4KD%p^wkEJGm7n~`Z_3A7k)fkoL?Nb^|eM;M~X{`xjc0L;as)Is75nFJdJv$uR0 z;}(VkJWHU7!=S6gtL}+H*k8+05}R@ZOEV8i+V;FfR(={la;7dpIaUgmu03+3bY>Ts ztXZQEjh$M>1{|m(f72Lohe3Qf|H$Y$v<=pV?a1b(rGrYr*LFkbX6Xv>oHZ1BflLjS zXx2HOYz;fo{loNJo~n^x72Rg&c-3fj&8f%%lBcIa`rDvgKudD~ z<<7|qApLsq%6-t9qNT8B< zO%hiwG^We^G97hvIX`+FV2 z8~hRqz)>fO(yP4v*6`4UG(2P^HKC@%cwdNn%0NK2T^yQ#O-kCPqx#!o_|x(-InY?5}c zfIy$93(;;G8~=JlI@CkJNveY=w~}V7N5Zd{C5rvkRd#NYJtME0i1*W8^$N zI8GjdP1Fw|wVurjz2mQ?pbr}6{l)sjq?jj%yZHiSM0f9ouKfvU$azwu7`}Hal+AP? zax@5(&yG38Q8}$6nhw3ZqK9BPXNwz^UdT*L%6NiO9KLS+61txi;1BMf_EV0Lzz#6DsHY6XE!3AK^x@1T#;4CZkv}(?~XNqlef+3 zHSG=acLrn|jfmC5gg!WWWOe7;pTnY(2MB(m-8P+aCJukdrE|v*qm&gEGsE|g};N)e_ko$qutH*39RMQl61|92ek^|<#HzV-eqR-awFVd?dO?S^-a zww#E4FXg4s&inh$b@Hn@b{zR_-IAqjHaOl(5|&I-3~Sb`Sw+~U(Ck2&RoakirFvGk zQMFNbBIQz(mUOWuLtX34X*baty zW;6QJzi@#Y13#=_Ua|7aF=#ciJG+J!M{!6{V29b|Qx)KIoZ<^XTmQeFiiZ&&)vD6A zS(|a>_UC^dN3$T#xELn`VDvua97i=nefz2rGP+ZNzuB6LfiTeA(D3cwzrnc~PFnL@ zP3iy?o;w!?x$u57!;8@YUtWPTmb*R-1TQ;pW8}Y|tM0HxIW8 znkSu?IqfJ?jl-7^R5@s0C4h8z*Bw+Fnga(nzc>ly|9%5_901NOlciX1Fs*jIJs3a> zOVw5ofCKLa8G?7$>Rj7N+(!G3Z;-Gd9?Dgr$dENm;x((X!q8M4K*CPKr_)e9Zi|S> zhLp&?C~Uhc&2HLxH!lY5bDlW`XFaVWjFP~`Pxu#xueAGr2Q6w>i|c)dy2-wWe-Y9mTV*8XRf1$o<2=6T4 z?(|BrPHyj7u57!#LgyovZ=OB+^BWd&rpGVe_EixUIBS#r+a(=ZO!7@1drvQ4r5UQ2 z&JPkkwzO{_3euNVj8_`(TnRN*8py2CU8gKFa?H-bj@d*18S%Okp>F04Q`jDk*&*~W zv_&A`3|3seL>?%f^Kt60OIRk^-b`X=lGNXH+haEF6=f{glsl3A(Z>Aty`bedOB>Il z;w(5b8UHBae^c9feIxk|aV5QrKj4{Hl3^@Z#iQ#1e|J$E zCEzQHi%OMDs+GPz(t@B1hsL+LhM?}OI;-s7ZHwWo-;%52qTN1BB^`TIcgJ7r;H95m zt^Ol#YP?Kh>bpZ)#_Xlb1ex2+pZV`8YnM}L3AAvN1!I!Ve=-2A_nHD;zTHJ2vSz7J zt!^$e)`Ee)eP{!*+ zZEGlbF{NTAIAbtLStQ!0L%W#*F5>~&B1rSu)T@ul24fXvT}1v^zvJV@wwfq*TKrQy zYvSWR2~Nw*vle*-rf&Is5$+9_tM?05MdgQP+aF~hSbm&9Rb*o>Zo^re#!4ufbMH%W zepng(b8GfhU%bU*_NT?i#EV912T_j`M#h&$m~3tzK&ckoQ>M$W$fv2rPf0`c%d%k0 z>Z;3I$;YSpXO!>a{ruhzCo@K1+qY={;{89-Eh-McZ<&r7?!UmwPd>7R_T{K-StOdvgwAv511z_xb zaUchEP58+R7XL7A5OjqR<=ON+SJY5;>;D;| zwrRaaQ4+VhFz1~%wI;*HZof^5L0eV!fax_Det3E?TT!Aj^MsIteiSpExc*lOy#ZRo zW5ptBBjSNcV^qq|6Y=;`iPNFfkyo5ieScTh+-9V{`e`Q_Ram}A&M~_{bQFkc^0eZO zvt8jf_^@+w!qv}E_=KeDKDGBDZR*|B+m3#+gVNu0!(vPQ6`YIJ;KkJ7Lj_UyP`0Bl zFOv;M%Y{vLUOY#wnr%nl*}e;S@KLZ4Tih?8B3=R^FGp0zCcikkD5wS*tVmIOpYkZr zVB$?x*{Q^h7c@W z+pV$;aQ%~T%Vqf84)a9Yo$#QT;J1vlr1*~MYZxzt5!-d1pcwHXT-eyNvE#CcAKq7i zr)wDmZU9O)=Or#fp+ppZ7btPzKoC4g`E(Bh?Z-bvA+7|0)GDnWMeDNwmrv_~nHXfX zpWVlHx+XsOFtF}w-3v<=ksMAda3A0*=SYe=1rOriVN17xPQ?HqT`#F_MvJ1jM1V{F zbCkO>#66tzY==-3`tj`wUND}wgp*KntAoz~T$k6VRzHRZ1+B;bz&T2O1rVF<6`3qf ziz1Z^0M|o@>Y@aQVan(pn4qQ5qSG2dyjJ)qd*ctJetp+z=s?uTytUip96achmk#RV zANURi=j&(TsU(2wth5QK0pX#vsF@$XSS0N5RGcV8sKOrjTv_ZKz#(@a`9;m6A!0Bc zoBH^eFzVwU7(9&(0qP>}M!86AssLAFbQYx#;UV>Ey1qGPGZK=nm6t%l6$olEEagGP zeI!ACZW}x8$BQty1DS(lgAGCXy5750-eIUp+G>Vvih>zLrfo4pUK$yB>n0KwVssh= zt_TjghQgaoR<@ec#f=WY-kT}3AJv^n&cWPcAT*vXk=7@!J280PM@Ujhzf@B)J+X`^ z_c=g6Jt+X&w3T5Um>jyY`%(wMj;ZWWM_GoqPcdg12$4dGB~O<-mL6(TZ9X;9|8dE1 zpJ$&>9*!{3BN6QrTJUUr?4cC%$)*hfP2K0i#@2Y&3_$Fpz@fB=?pcVyXfbPy{x?IK|SEX1U-jSJX`ok)jlKylyKP_~24N zDd_w_ah`+gQ*(6-`yyKWU<-g_FDD33)`LMVnt#Pydl|fRgxhrJp)lFa3tXB84MYpIu98y_Yc+D+-_C5Z?ZT3#GIOlpE#GS%hM=vrD?TO=AU zQ-EMKyK}?P;x@4D?gWN+72w5!8^o{qA=pl*S;5uA0a z;q#LkZ;z>CpU%+(?r3Iubek^YEj0!ncUHp}q9e>2>^Pa_5$skMyga8bI_~*or8?3r zy{s#UL^0>uL^T5wEHx9JcJ>5mtTD#v{qVlNUORacp)SAtCW8ba!HkBDjT+*`>jk+} z%Q}j!OB4nBGu%|&-(e&4Lx=QyQYFo9#@7^Q$nEYM@SJ+2HHcS~aOlkB2#{&KD8{4MtXE{gyI)(y>q&lNmr>tlg^j9R^NnL~8HgkW)_8Tf zx!F0%iSr8QQ%KLSLV9`jJM{8YB{o+1Oxj226b`;}X?N3i|1w1|ZytB-wIda^8M&sH zFh{C)-|svw6JBL?YC^xzjd%J)@Ry{|$$h$wEu)MfQU{+9O5 zkx!mkVs)Lco;nL{>%7|S4074r<|hwF?<#1^OLKM~m-J!L54~RE>1gRG6a8l)Uo)v7 zOK|+u2NL<xGSY`ObvkXlT+Kib(@j@y@Rge@i++vk@`?#lbeIpa z9xaJjcl1HovIvS>;vuOFC(D}6ClB=S)eL!&<{oVD<=$*sy_3`A1KFZ$xV6bWnR7S> z>$2=d6Ty7k#YUoN)IaT$)jA1fzv;-ENpha@`Z`m|br1RnqfNLPH;8D9dTes(IXYdR z%CBF`ncJZcZ7}yl521nmL1=HJuq(xbh}ujP&dT7-Ebh7Ura$SKg8BL{jg`y0L_GIy z)0FXJCQy<}c;dAGrQW!$CU9>MZsI~;*L8*J*A3VuO7iVc*+_*sacTsob8Hnv3qh2yT4=lT3FMq z*VQ%gpLymdWQT7{q^gXyH3WYQs(=2G>~hfP&BBMg`B$|gO4=6;%v?$ZkDqy1y;FW+ zc;T}bA*kcesda68l1lZTa7#3MpWrmBA60oj+b6!+rI9t&Q6jzkwLWVEwU*J9uF-7; z47Lk9Q_xw;rrmdYG1OdA7(;$!w!te>(F3`nkp?vZr&M{xt6jwl3I0ya$y$7Vo>50i zVy8Vw7kOVexA}lNh%(GK>~=nSBJ}5;1P%5jE3;$` z5#rW@3A$+-q)3|-#^HA$cyg3$;nIBZ0$-h9Bv(B(RmDKimrE0LASOvnNil6B&CT>G zub+P#d9eGAyB4lTM8A=ply51pS7v|hY>4?xcblYtXLFHR=5QZn@QRgesGLRs%UpNs z5(3Yxn)R%Us^FQZj!7Jw#-aU;VUYuEW(-ty57E(>bnb=?`9j=D-Q^~nHlH+Q9~~hQ zWqru%T@M$UWTi5|YgW`av`0~+y2)JsoKNwg0twxzQgPx`Fq8HSXMw;RwN(70b1|2; z9x-^39Bhgs#|IYwkS&z`$8~{w$DW|>aGKVICHrDxmJsx%3Iz4$0@cFD^*trl#?FT| zv2{P)|1=`APCZ)O`s&D42TFI%YDQd{YxRI*+8Yy6)2dlL+e%E-`0EFb0c*r#rwfZ- zjHlH#+{;xCdQu#+^NeJ(yICH!PM>ELt4Ud@lIfwzs+hOe%lVqyCeq%VQqXpNAdVMZ>LxKb2+s}d^&ailVifJM$gcARmtYJ zeKiEbpt%jEF=yU7(vg%)SN>*VAJ!+aB(-rC-X_DH?tvTk2MAGvW82JgqD<+oQ5#x=U`rU#K3N z)!4>kQ@h!G*#a~7rs0|gW-h}EXU_XZ4sbS)mErq}E&QTuW!i9L3zo3Q2SsBoWQQ&I zm=9oQFOI)w?4G6O6e95*HTPa!5>M}}TVm0@FiNJXMCedcgoFF}hzoN*uDAYdU?A{4 zaYH2sztd*v3N|F*vdKMDftC~ZCM*R>xFuA((9Oaciwij(>NxVo);A<|TpSF7K_fozB{pH=URDdm%+M8u-|Dp*!V~)+>s| z73x|20j~_@NrP3lDX~Yo2xE0juHCn?mquin6iCbRQ3fK;lRvuqjMKf9uWh*qYLnBq z=?02Jaeb?LWNX_seI}b`@(jx#s+~NLJeGEQz^0*aOk?~a-<7_1!rH1`cig279yQf| zFnw${v~uAcxCCY3gPT8-3HCaJxToXHf3YS)Tx|cMMbH;<2)3kNx5| z4@i5C@6*kIQJ~L8iD7{T$h3hKMKbz|7EPZd+r%2B3cRIL6$)i`@wad#y`_<>@oRrc7 zWe#g@g+hqqyWoKzlA<=W}xjhxUgY#6RBO6O3H# zW*+f)HrFihi)_I2o$CS$jC*?bRLyiYJCrmrolxF3q;T|3R&Uh&>mrS*7HVt|U@j~4 zwVs}jpgj`X{LKgGE8-5)UvPcMRC4dvB=nNQc~v zqPZxRS~N(RO*`$@qsV0gtm$;valjXYt^AXpR)s9qo-v5_e7D9Go!wr>=*?!zP0ZBd zSXIzr9MWP`+5eu6oDWw&@Z0a*yqA!tclQWh+TyI2Vna!{t9rAck&Dtsf8kcd+XAJy z@yS8BmF(M8>XBs9!Bo!B-DVN7XMbvGcg_B;c{Z}%+-P1$Y)Ae@y&ZaYcgjvAa9^HK zPGHZvNW@0U;uf zG%5OY9-cupZS6p6<}aNO5q|(z#6M(|Xx+I*e6a(G7dzhwLFqPc0l0CLq!Fn|M}f)1 zUOjqfkNX6iBu|N(qrJW0)M+K?t50un!MjhY|LfOFx*%}zU?!41w2z__@4zD+oP#tA%MYYBV0PkT}MkYN* zNWtG@6G#_>c=%#DXNnB!07(DHHU~nC36$%}u*y!*Wny`RiCva|MvdnW2HwN}p{QDq zkb-qY>eLUa(}EI=RK)hIQA6)_My8Cf%QvnOgDT4yuNYTa7W?rG+(Teu_QD(EsBV$d z0)J&)E?qjkZLdEjmBVK26t(m~_gZ?iz+ALKB;M~(G74L4r{A|gP@qnaet_~M&iGmbp-O4bj?EwYxz3tnwHtD7;?)o*9*NH>=QL$%>) zH?1EqEP4Y773Kir88cxMeN_pqmv-bj?jl;bT!c6*Y^Zj&8rMZ{s9wv!lbuG`g z!2-WCAf0caHW!Sf8YAny0i9X_q6TquIj2^Ro4)ytSE(oM2G|h1%)CbEv^a$1y2SA1!IWt8j|yP zjd=qE3Kd@4aoTw^*|GQN z(&MuC+%ldKFi8wWtNS*Q7FiRTOpg{v3hsUy3p4p=t7YJu6le@97?^Md3^qziF=z_4 z`_uCc)WD%Dh2=Bt7yp-@DEfGo4Hzg1itN5*rv?ncsLC7tL~SIfa+10%#-ymBHX>s; zHdV5|b7#e@?VGJ^_Fk*U5G8qRWMcuSUuLLM*{`7%G3$O@v|3BQ1)%p`i{=VPI0^O{ zE-v!$hb&_>i~EWr#1C5*K2j?#t(g?lngBjnBjp~Mi~jP5iKLBI`xPJ<_rkQOQ(yLW zcZ8xOIyfIab_Q-`Y#dRgmX(^{Bnqw*@dZ&42sfz6rqw5#X+kp0B3{SM!0#HR1_x~? z@s^IyBI*wFo~LbL}dqhtb0-@XkN#0@is$jd3&vHRIZt z?#M(ZCEvfB^_vH;V_^P`-Kfz$PA!g4(LS3<)GE)9tBcU_{q!VQ348wTyq89$%045i zD~)YTa|!y#JDpER9aJp3by`uK2|s)&ai&;NYZyiBD z5dIhRGa0^kAbtV@E)=sg{G#w1+)vaWscE6jKfYRcQ{IbOi#!wjYMs^U70p*2Ck%bK z`Cj{9=p(&Qo`_++@T^E8=&1R^>e58)A>(93BN!&ah6zI0ND?BE%Iqnx5y=S}VRhkB zMRt@q8?kHxQALJ7H+(ZM#cM~q5)u2R_Y*lLXtb8M5-qEr!}#@hh}b&5r(pK$y}nQ< zwocUQpu_biCk9{KZltxaonLaEuyD#$*eK>9^%88#jOwuTh^bMS1!-SoRZ>fN)v?N7 z&4#u|CKVWd5iF>)qR)(Lmhkx;{H@N4nHR6?O&6{~Y_(KN{#1cu{=>KapQrdpl4z#E z&cn5Ai0SXgDdZ80F&p521hoaW#S(n={c2M8z7lQ@hbTm0z~UpG>AXpcaaNsWZP$YT z5dv!XkDGSS$5QX0$G!A5yRj1ZP7l>pVc(W;Mf>Rgi`RO*|Hcp&^AQ>#} zA`LT*q>8gowvSmBf0&(gWM0+Oxbr@qUie zXi>JTuq*|Zkt(06kj^RpNH4-DNvu&Ra8?yl6#G7IZKsQCFL2CyjCveh-2F~1xu#9B zLFOWCSBlAiiIk~ZvrMyL&c2Fe$<;pKSpGP6$$lx`?HlhLuZt`0zTJG==L=aagLyGv zgZG3v7Io&P8?|lnvJhzeks>L%{bS%hT#p=7&*+`PfzI}$Rj-}Ta zlI>tEsBy`{ZH2Jey;-rPx~|*e)pF|sf?f0C<>c3Kr!4Yp74EHSro}YtEX!r9WlO0B zmH#qb!s|2Q!?D{(Zv&Ax4Oka?tg=necb8DUmwt`F#My=!Ok z;M=%fTp2Vt@LzaRLeq)veX;jomv&>So^V%yw&zY?L^{6_WFKN?!O=waz0%1_T%s2;2%r(^l3?ElHX$Y0>u=DF^9_E`xg=G8O| z;j6G$Ij`{Ga}oPsLt*XTw2#eMx-6m`ZG47RvkB_+*ok?CE zyL#hOc>!LZCW9*BXz=J+wi)@8Vr1f!R)LSHSiNOiF@?2iHfmvQj3>A!a=B_P1AX1?PwBj7BaG@QKI?AR&ANx^sO zSQbcAd-&VidzVpm;?xvg)jlV?U}NV9&v@9RabTm|Y$9}-o(0{5$Q*DlRV(?%S_Pa> zc~^ed_jm$x7{mz|910!U!zjtJ%Y345(rC7m)Lk@Q#0L}^Q%!SY=GHOn^!+HY9(A8O zkea~|z*Nsd&*I%f@2??M=YJNp`AiBEV8y6Hj{yW59M^dd$NwaS6S}T+)@^W`xKTCS zPi23o2i4cuw%OJ^ZvRr7RWdzPoxiH|(CP7e0$?@lgihO-ZIiWQXyKg)RO72QhR0V=6!WcxR$xA+qJ~mMA~xJys~i8&}AL| z99K_lu9+?Imdg^4l-CU@ao7tj$2;2Lf!&~3Gn)Wu6>sozzj9<V26Dn%ii;7XV1Q?#?bY zHaz7Z^O5GteegJZ%)Su76J^$K$9Fo@$7?veq@I$aVeT*zbPshdIxZiZopabbNi)g` zu-|vyx9-~Yu6k-;zKUC2>?(2aT>Iej<8*gW??_L}F?{W$3(IG3b;ZkL=f?9UcWtWu zWmjZ1_!z+K1oP0g#pDcUJ| zcocY|Ts}b|Hf&bcr$I2@D;5bBDWlZKFZWW%wqx^BFPC=>J|B!d*JE!d7M7b%8`qBg zgbw}oq_;^ zWgZ882ZCUu%(Z1K6cnK7A!!6CSZG2hI7kW_atlHe{YP37nilHSU->XlP~p~4u>Yu| z2zmbgBtY)pZT{`~Dk%&K9`X$na(jM;`S;rJWS?LCdm6?NQU)cWCMF{Td8(NL%*`EK ztQ=jLmoQ8q8Hi5OIxbL9xYWOIXc<+iUy%Oit<|+%wH4%fO&#r-jm;cQ%$YsyoqqQN z#qY@rN!pvc8k2e2+c~)KdJ0hdRf89j{+-Q2LH1V_S6cxJZ3SgAF-L$o85c7vGb@E4 z5*Zm8Kfug_S5;i{AI%}(1SqUrU7dJYSUfyDm_0a{9RZdsY&<+XEUfG-?CeaC8cZ%; z4z9+YOb#xT|JKRB_akoZVhXT!aZ*p+? z$Fv|5Wcgjf!p6+X@*jOen)3h7b4zdz6{kUzBl_WYfmN>bN#MTLSAhLRB%QTK#C z%7Jg45yuOQr_d;)m&TzBLXgG4c*4Oz&Zh`cg)O>yM{6K1?2VN`FK$> z>`2&)uz%JdP$UqBiU#J-DhtmbC56alDz zL`Nt@@mMIhkceV}``cy^~H^R3Zkl21> z4x}%tza!nwCH*v(I2#c4b*kh={e@Y2veJ6C=RF{lG#LelL;k$BjyU!*^Nw zUPT_Ob6lMcdAtuTY&Fl%dqSq2I@Q;LtI`MF$E0I_vp)-cVPqr&-*#RGGA{Uvs+NT= z#@~ZUTtyy#l?fFsB{;?~%$$7JS3T{1OZQ^q93m6;bv18FW<{kV_8EIDS){m`d2^mS zLNp%bc4?$P`+2)5No23l=oOun<;l<%yWOCOsW{5X6nPcN=ni-LSnTYL)TGSm-Glkf zh6{}ISf)){kKt13-r}sanoh%0Gxd+5*>#T%~ivtT~o7aAaZiV%Xi?-rCD(sRq1xb0!|QnG7XE z2M#wHobPkRZD-SS#Q4*8D>;cS@-`?<(tEB|W}u(Hs-fOxvU3-Ar+0^${Hd>B$Hb$`T!nu}QPN#a8sdcGH3JOW z{V`e`Xmd*Owf>szbdjnHWedN~HSe(}Wm&W$qx#xP@Qg>R9(!)^lkDq=qr@3EKGOKV zAqy4rCn`$e>+A+4O?v_JZwoUuDTQsI6;ZRbvkO(zpNa*(4e&0q7vX?+%%f&b*DDo^|l2_+d1UJ~DR0V`M^%exni8D=H*E{i+ z=B1ds-5M;6>2&E(caJ|;&L?_>#y6LyM7axrZNv^|d|VDI#u=ppx-GDWW2>AO@Ys=s z%!C)Jq&tG7+PuP0v4zY_W`Cpdq%$Ep-QhFNS)HIF-uZ2l`#prB*RwFEav1w-b_C57k7TKy2(mGcdKz)O`5 zRZjiT!+ptG(P`fk%$P%AcxvDWVZ_L5b=v{vJ4GF33ITwRW?4Z9_jncOvf^kuXSm-W zUZ=La11NX0Md)G6G>n?8@*AP%IJr_vn`XVGqNx*U*L}iw8f?iPO*aD+jry(-__*=Y%ge&EPwt(QaZH`4C!gCjOGXJJh4HcFy9duiqwZlY zF(;Qh%U%_062PGU^o9Kb`JoZM;A`CC7VaA5`vf7su2CeEHaPh?zYxE>CwD{5OskT z>9x*soMzDBimYc-vGhTH4s>(?J3oG58&X=)Gw$TB*GKCpTPr09om&R|{?(!R8Bj*Vc_E~d99asA;X76$N z@o3ef0j-oO-aOjX1gr{bAG1CRB^(x+Fg;K!qW8>*B^TBuR$6{Ws_ncyC}=J> z&Chw-=^^@27c}9xXY;H%k~kxgRXkX_d?n6f5LH-REwKA{Vgv;OUy_I1B79hAMZ>~< zm%<9zRdr&>$>ZJ*yhcj!PODm7V#xEq$s+I0hNupep8z~E<5?}TVd^n)zP4TvyJK~I zwwUg%D%&TV>U}&ek<Cd%ts3$Bum{+)D|+uMV5#W&ROjZinnQzKLq7#7v8)RUR|`WAYbAx z_Y7`yuYK2eJv+v=>5z6>H%qI_{=&&#wliT^PGH_S!+Cm@-^M;Nek~!;5*w5_gR(Eq zDF3ekHo6uJFcd0sa61P+04NYXH9BQOE_m8xU1W9gCMa~_DC4S{&7&M&A3jwA5lp#S z0$wCfTLIGVt`!UPl*2s-?DQ_zj~Ik%B&KC<$>cfk^ zagx(Ed)a(gGkbV$06dNx0bC|8=~0(w0l<1d&~m$Wk!NHAkw;$Q8p|VPTSHNz-i4uk zguBu6udLpK8OH#*MDRY&7Grha8+_U=u}?eGs5{kwy-z|ZMN0I+KXO9ZWfkEQ`^?}~ zK4t;J+qDKw`g_#N#G^_F0gUNDdZ*Yt>I|LX=g7NXg_ukU2U;V>tyLj>@-)!Xf(|}D z?S4MQmwazEcYU7@N*aRh;&}q1GcP>wCaAPZG=e>3zJF}e9lZC^8FZ5%EMUCSRl1*C zaK|J&-r_=%`ej75rBwNV(Vz3!U2oF)Qx=B;BUeQ_;N>C@{B+JGmL3$y(__j;x%Rv^ z)^IawvlE9i>M&|$#`_q)x8g#7O{S`5F0&x2gYB)*dk{pUf0Wj_KkaAHp5%r_)|I`6 zedwU!%urHxoBE}&coIW^sWeRJjYW z>RA6Z#1_^^EVP2g%-8A(6)MBmE+PKXeJf7lrHKVB@1Hr{={M*htVRdAwrkkLE?6U2 z&V_yCX;2>29V-fH;$FMcdDrPfHT75Ib&BO?&al~#Ar2NBn)nAA^)uPQrmX+{J zrMD|H)&zT^|BzTn2%l(#u6DMA8c)l6{EI60PQ`f`(~z+typpGN7c6U1kNAVTw_8Pi zoex_3Y(9C$1Qs>nPZYAhh;@5D7Zl-ugdZzQDx2L&pZja6^nMhCkT0|%Cd@he7^Jk! zAp&Px%H!=**5NmXbID>TUuRDiQG+CdaV8%Y0&7t4vd~Y%xoK%VTxHNTvSFnUTf6G( z<0ruJW{;76LZ}Ar!WNG5wSoFoCTy83(%OTkLug>KDw6NRi#}2UhwYR1--X$f2NQgy z2a_(7$e>!XlE^S`s=W&Mt4+kc6*gvK!=S92#>M!@pQm0Ajk^+w#ePAoPBG57Gptz# zN44VpPTO2(}Jp;{8LY-Wz0P7t*|8|0g+{H(jnw-xbd~3AP(C+uh6WExdIG<$PoZ z6&i}2=_SG9I1H2W=q`?+T*dX(Gd**R=nt;a>7*CDtDAf0)0M$fXNUf2Eps#o<69}8 z-&Dw{i96Q^z8@xz(n!#u(bv>uLwI^^8gnyjx`*PCJR+uB2=-aEaz2ghw5knKURFjN zuT>2d?y1*vHdP#!3yk@T=6&~7n-z%6>b)meJGe9N10{WjhVV>rugfxwNEnh)fQ)21 zTjJe?hSjA7UTqYglR!V;Kf!yQ9va1nwfiV*4UZ$2RC}F@n?Sey{DIZIcY+Mk{ndtE z35RikzJ?~fGtxb9)F5jS7YL6?d4=Lll{UP^h3&(wI2>2_LL#N zR+=k)aV%CDQO|t)t_yOVOjd<|iN*!@l$&+1?#oto;>_$-hS%TmL9lQVHkt8VB5!KP z@^pU*%Loyk0S?6wF0MdT+1BzJQQdGtINa{1D@uw;1k(L1MrrQCSVW0*ns?ur=m}g6)>oAVW@Zs=oz#_G)`Lj z(Q8yZ66ymhv>&HE@dDgM>lD#J$JqsgAo`ijM>Kk5{)nVAbg}|Y|BhKe=gDxS>^ezF zh(qCCYWkdEq>Y959)tPfhYKlF5A}XgKs=zRLQWGJ`9^kGilylbLp*;gd8nKURSA$f zCOGq@ugZ3nZv!d8vs;jJn@CK(U*D+4#AI_2jRkQkd)Ltr&|}lBj6T+G2q#?;Xm^S> zAlB+%?c?Y!#fHh;$)@$oWbnJuvnq?u;}?CO7l-$7Dn8xbqZIMpbRs~CGQHjW(1tF9 zR?+}zoswp?3)bj&7IYvf)p>uxljMKxv!Eh|kx>nNgA;EM2rkE+$J*x|rIRkrADJn5eeat(I2_hxj zEBM4KcJRPnamu2#0u%SQ>2LJ>zm1$2?Y;9VGz(fD-P4foa8$SBqvHNPNP`!GV&LXTFj@!O=@9D_UD0a()rTXSSPHQ5TB2A^{V|P8I>-+x>*#Gj2ai| zS6FF3(DYq5bPRM}-6(7JIw1CO7^bi?eJW|B-~5?7zp6;(HsM3_78;W!aNT?3Q5wDF zfT3~w5`vaeZ)Y)%pJ!3!e54D`10TFwJH8Er#(>TdIne$}u2e zz1ZD<*hG~~ir1FYlqij__EF46m#(DI^FzsF#dtQzec5IkXChU^qPd5PnJ6Re1^uS> zDdjZwt+p1ID%*8}Qx4g9Mq2enin3koj&&4m9XeUR@zv2`M@)D7tU=vQA%+X~R@Th9 z1zpBVW@#<&`B)x^!oGyuOaxyi|0LrQbdN}<3XOS{lXMk_?D3em8t?EV)>Gxz82`#` zxJrOAc~#ESaD(T)RHWRsmqQcdY*+2aW@Kkn6G2sofft+uK`dGum;`0<(Y9Izfjd1A zla1hF6;UG)Tmz2W+`;U`54_agx0^1}^f%>O2&nZuDK&ZUuihl55J?G6u$)wDxradf z4#<8Tmq4hf-4*X~S`{l{9-*O^+>^h`5A~{Y=sB~=s2niyxtG=9b5~;%{yu4q!#&UF zm=>J1#Fgq|%|uIC_VASGlBC&{o=9#_Z$A5+_g3(#Gu^2vB(;X zY*g9=nVQu8_O!;+u6Ne<2)I$&2vfN{v6Ux=VDFKIp-r{{ZmJ6WKsbvZPxO`9Q9Gj_ zQ|eyek!1#sMRixYLU@&Id=g7f#R9=yK0w#~IfE!%lo&mNNkj$c>4`2=(rAroDL>ir z&?DG0kWF3qt%;&_GN3H_G6HZjZ`7t6s;uH?6%@TZB&%#!6e3Y#hGSoOCfrdG`q;Fr zL^SJ7*HWR8`k-OUE|H>*kg!opzh;_64kbDu8Y62Eln&iXTsF^PBk!S4#KtgwVHtM( zezW`l_Wg+7M*GK{Vw1u+^*YrY)gIovBEV>fXT(OF(DcKZBDL#sC`m()XYL0b7SmO? z%HziArVTJew_5VmJC zu3=eaWF!rrWBExZX$+ATsGc}v6X)$pomMJt-?#;BHCU=mr^#jT^F0IFj1iuhXUe#)>ogEziLapBYPB9u_JBWRFFf z;gMCKJWGD`v+~$0v$Z`4qh$BKGT!la$&7I0;T5L6arFWjyQ;* z8Gh|+kD#|Cn>k(&T5{{G_YMuk-3+A25X~xXWf{XxbkH#Q)z~b7f~>1OO`%hhQxmkr z`WJ=2)ZZV2g#a%Vh-r>Gb@v_=vJ6+|)Am-v%H!HHTYNwd1k{(>vdjMVF>YAoJlDC(M|7Q+v?vaAQqhr3!*#0vN*%S6eo z>z|n@nKy};WaLQXUIZSsultDu_)n#3t9g8ZQyR>b)sAXsk3rNG)aiO)?Fza59fN4O z>PkdW;t+6VzsEiJv^_HYx?5azel@M_R3or4t^@+8*@Y1;YXdKnR__iPT{W2X5&`CN zl#VUTHV7Z$VuEzGHUX?Q!-HDr=IOMo-Fyg?#H~K&#aX+c zH;*lrYY@~-6B)x|4ECPyR3Tw;sbai43c-y07_gH)#4x7QN)s|@d>GC4ZUc8ZW_I5k zd_C7SQ^#J{ULm2cGQbfc9DHWcc2DnfvGgRZz2YNhq0_{meqhVWF6^{u}Kw<^iXZoS`MM9LD{;S-(xH1JtaL@`!S#xTKuepzR(}Dz ziMc5MtPGQ5TGCyx-l|kV^{fpR3nSTT={&ZKLCxMrp1*NPFQ7{&Le4VqBQT_EYju~3 zTIbGpn0EYeC@@v!b~YPjin52eo}-JPBCm;J?lj#WFZsBNfb}M2Hqo;dZxzy3p>HAJ*r5lY3H(x=;DE~-I@&p3%sKFZV{Hs_RFJd8eM;Pd zpRl4)+22IJOFrFE1AeC?fOJ6Ha}=FC?epw!2l{mnS0q|DKGY0+p(s0?>DGeAoGOq% z2t_owf9exbl^7%*>WY33@e1~bayKizJhvS2xv%2&<9p48Y-zy1)&lQ4ewk}9ck&^$CjlJ2vN?3{)T2$a%2)n37-XA7ojt{&RU^K`cz5H z7c~_JZ^ZbU#Xu;V+c)te(^E=>!{l~VN19+qXwEs9?cBU6g0qDf)Y6xO(sT!i1JQVZ z>tU;}=lpm>$Smq$OLB+HQMQ627yLfc-s>*pHe#ko&x2)sc7y>Ybq#%k5as@HZm%^(N-;w5QY|rZ=7~+8j4Jxud#f$==JoRb+Fn0aYS z^J7h6#03zUyuUikAQJWXxcZzE6A6e;LE}-9V=zgh6Lv&;h&28IvnKISlcC_=D7PV<~B>I%(KK=&4~Qe|0-H3dq58F&}ZcY>!7#DH@<49D9mRy z496uMxN?S7r_2V~mWKn1l5IvVZvxmskZO`Lb<$K~DDG&~b7KMKGBR?|v0)_kDFevoun>jqnn6~T0bG-rtJgmy&=wWUO z?NWxU>Mu@%;I4dEicE4)bpgWNYH5|yo{G%Ab?H+F1YQtB#qZtUFiW8v*&tHF-i(O= znApU5mdQBLPydH#(4ehtR1;LBi;lsd?v(vnTr(7b(iw(nq`11+Q$NV0=9#Dijv_;^ z-C%IK0V#p@p}RitD1YHZ-J zLNXB>ZV5o(HSB-8NkV-m+Jn3xs-aq?h)S1oTJ48rKr->9jMfFm&Mq*}W?{W+b zXB<1S4UjZ!D$y__fLp?nhB%oRJ?PmOlG+{iI8KSVp{G0Xz)N)`4Z5M3Q;vtuE%p^- zOVS6tIh5GY)4q#+WmP6^93$Iv5|8@7GAZ)ah&f2l#H6_BxA#C?kkc+aip^g*h|HA} z7Yjlg#e^(+Ut#9|$QDn+AT!EoF-miksg(wUds5am%Tbr1&F?hro%-_ISMvLHNgR-k zjJ&=%VOdUuYfNkvHOSDIlcyOnEiEVSCt=PdXWgeZl5$;dC}KF^V9Yz{F6Tp=LvVQV z*Q-U39+~(>A)7%?#yN`SkJLMgKTgUy*3C#bHkkzT^>9*VaVyVjZv|wT{12x~HNv+c z=kbK$f(LrjPC2$r@FHz5`FUoub82&TYwodtc>)Jb7c-fyF%Isyr+Z+pHjSj^RQ6D9 zb$z=7=ONrfB_E*WNHeWm(V2hjW}%pItO-zz%D}Lw6Dz@mS zF}@@QgyQ2l@Gt1CG=m)9GJm}#)UFB4lVFO|Gf>qV>#$d{GF+%dfB-zbhuyAZ20cQZ zYJIcABpw>qVOOu%lpUi(P+N@HoOV`w{dH&l0bEMPF;?!z?{ih#lXycv>0*c0Ti?Ti zTu19yJub?)&V<92Pm7)o>24EBos1WoTVC6B?2F@!Yc!Qq~jXd-s_J9nDE?~sxhPC~}GzKP8M zS(HzMgt%tOs`mWN7~hWqI%wHzKxT=ep+)%Efc?i&KM z><^9+^z*cWZK)kSZ!^@090;p+T$f+UK@V|8%DAa`F`fXpR6bb_)XZvMDlg6N3N(VJ znww-`hQ2G)N=&e2-xIls;3hx1kJBUre>N*!-T5~I`^3Lwpvv+-Iy(lIQ$_u+ZeDwO zI>@285Z*NT`~G~H7^qxl$S+-ZAApbk&qiAhP}Sxeg8bTj*+Qiu))7CPf-|MM27>VW zJkQ7=77_E(Y7KaYMCbyTt(kU^k@}!@xp;WNl+@lkG`RIQKsi!uy&i)M3!Y`lyAAWJ zDF3DsMU&6_mYE(QPq08eMa7sKsuTEc+Cz%yq9Gw{DQ*HhnN*@s)!0&%{AQOHjQ~EM z7J$%LA&s!6H}g34zxI&)74@|(3prm0bODY$k|+YTz3yt17_`dMEq{k9O~tR;4-ikd zPiWLv@7d>qbKjLg57u&+;fS@`W&RIAVo6Yts5Y5(idy8+JmFBoWjMAOK-q21gF54T zjw|nb$uiw*T^C?p6qJrL;r|e@Ck%QAiFq?OGKynXge5D_fkXtYEqbd@(aeq+>;Z>! zV4;&LKVbb2p?PFGn4h6C05wcfxKc37H#w;aKK{uZ0gp_B=N1XA*^u z4A$`fVQ#9Jkh#(A+W;8UYDU|Jt?jUm`Oj z}|NlGqf4NFz|GV=4l7;@4ZT^>Sev703Poxc*It)A-NlG$};%)hg zYGrz%O!8366v{tG@Y3>-SSPGx!6}9ROMDumTm5KnvRk^0tl14gbd<^9JNb3&68z5@ z9y1xDSO*I8L?@s2@&Z8MHkX|-CZiFdmq*GLTo&djK|L*Yi}7?($r0lavA_$8w>Fhx z|9IOfB!d5PD6;6EvI}PT?|wIOwq`5%-}*;!;#(dEgpn2tCqr#(s$+Zo z3R3@D!)C`dW}&CcQ2@3-BA~3d9R(~EQch!#d-->5`^Op_mlUNZb!FlcUM58otCx9ktQ4dyYnC; z!$FpsO)ceW^}Tpa-ItRNcEGmu;0ap6XiJF#P`?e}M3dDG##Pmd;esr>EB z`d!qX9Tnnu=Ojb6ZAoUuZMTs7QTki0mpBqW8{grr4w4tZ9*8N_v0I1T9E2^?vVD8D z^%`h;Kr-y-d^w_WC$SRTI(4z$t^71u^^C);|KaFjAUf}dhcPYj&3PArtdGTFA%$=* zubXUFNV5bgu^`ogpx;5`+1v4Swq$QyLx#nAi)5Gs0_|dX0vRB4&Z3`x(my+IE_8zM zsM;;uH9LO<^lXJt5fiWJE@RtHnqK2@0wTs2jWOJ%ErSj>pk=O?q)$wSOy1XX^Rew& zEgx&X_MNe+C0~x@i$1DES0Qp3CY?@gi^*(bMtt}~I>UEAztt7+-<}+WinG@AF{4*x^yLOy@g%Fz-l)Ldf+- z$7!)7H|t_X4%cOG@~mm68Tw0+*f3rZgj5cLK_q-%HoH&=*tJ*v_K17xFLoz@L7_-@ zJNxdNv!^f54@%9xXQ6C8f{(w%476a*={0?YmzwPvxOb;WoyM6c*>>6QT{imQynGJS zy)Gus{8tX=x;pruTz{Q*hm%xp@2_6if}1()@87gt&FR^ZdbauLX@ zNd+A1luR~|cZpxl8wHFG#S)qCCk<|1Wdi9nWS5$4Sz6ZoI|51sjs~OGKD~l3TuRmu zxE$${u02(_S-LNXq!WIAemJfF*z4OnhTfaIKexK(vF4{*F!bZR$LF-k!X@jU$pkXE z-}n)R#ims3V5up(v%w*!S+{m@;_hN^>?`zBlbh{)8D$Qy+Z>6h#q_(t(5qq6ip^GS zVmtEG3yOV1Bkf2g-A3itm-A~az25#?vD~t!f__Efk(j+v_i=eb0fv%qNQ-eR@NUmL z?SvbN*j>|&GjJ*&@$v$g{q8T%biTkbI0~TlHmL1Qsx}=Y&)FSclLkDJo37$Bx$Jsk zksQZ@U8V%4FH#LbOBdb`<&lT_H7?w%=jPtlo1V|9&VDAxE<%NIkk5i z+zvs=EUpOjt~8J>wdTC)cEIN{Gcu3DVEEwKiIiY23#`{d@p?J7{!!@ZyytV)k0z9W z%F>Ar=qL?*$X8nHhB01{D>tYpw%k}-C7Jx>vXO15#((>TrIygI+R&h81;B`R3qvo6&5Z2GhGH+j-d=2Ls}G9|6{l zs>rZt;g)laJWmS7#2-uVa94-pi1tR^b|G>TMQ(O9nI>}CB!Cr~-S8I4Ax{MIfiXi}Y<@%Xbefgg z-vlLjhu53k*T0HXJFHD84n&hq?pb_yydEC2gs>`${leIQUSLS{3F-m&+O_@ikpZGl z$mSFKi^mhn&2 z5ER55G2FfQ+U;pRj3FO55afBR+XREVO|HzS->6-0IpyG(^dOV{b+N&6=Q}9AHHx?w zSCxk)=|tjWp-ybU^KAXOUd>$nJn6tt6u45;b&Gc>bR0fA$ z*c*}~Pw?TVw>*H-g{BMrl{(4(1EeRfvq2zintyx9Aef0hcPVqW!hC<4x}5^rs~2{} z^O7j%-u=eG>w1wF`U#naa^Xg)bC(@_S8dQC*@kPdX@%oJoCjIdYFARP51!f5wjJ%q zo(Ku8EEbcQOgaq~vu?dWyfUcBu%(s&k=z=iwfW*7lAX63k4|h$Z7wt=)t-}R*IoN< zbpj;)ATt4Zu0U}HLrE``=}`{m}?qqUy3I+fNLCg)}QgPj!HozAG^X#CBHi)cJ$ zbfRfGudWltE7Od4yz*6lpK>KviI~kg)8WDMl+j}Q){Ri=5BmIBEFmL@vV2%?u*0(#6)rLyH0K-a8su3;c7~?O-lpgS9^^Fn}_nNPZwsWUG zUth2@<*&IAM0Wqqhs{i2sQP4dt3iE&;x^UNS2&XlcJnv$pDkzeH{(Hl$knc+ls=qyZ@MORp7gTrUlmCRlnpq_N3COm3(M_47i$Im6@)ubt=B|y{RaSEVbmk4yV4}?#~ z`9vudH)5(mg0i%y%~<$afDTzaG|-^YdcM0$y~a=s0yFWyJ+t&YQuK$RYRsW9yow{I zOxLzFddp4p>DSeD;io;oTmc_mLCYLi@PU$s3y#by#X@#b z3^LPM$ICHh;XaD;F2L|HHU~B{N(bFdo1*AVX4B!@EprF~(Fpiyw>|R=VMmDh+@*u> zKQV*IX?LgcNNI!Lfsxz2EUT;_WZCL)J=w%}JU#7s;bKgciYGCzI$1`w2#pCUhFWa4 z=j(6hR>*wceLoiqL8UT=R%?^aaXuKVka)nSu&d?LM9L~LRuhftfK$I7{+1l|GF7-( z>jTZT{q!dSB4lLgi0~XkZ<*DAm##pE^~L!DDKu(+Z;v*_LkInU6#=v<0>ixkVM~(~ z5$I_GMmT9pF8=@5w~`#O?5gR~RWl1cQ1J zrr645&F@Ag9_aHrb~dEdqjn^iNY*E)l+EiL+o!qiqi+dS()6PsBPCGC;!MV6(tZ8b1#-F#KEOTx9;gM)p7tauR0*>U zg)?OE&U#evsZ;ffpkQ%ywTWa$!J^KlF?=lkWQH-Y zPQza7WJ6%wz=vR%LXM9}36pl7A^#m{bz*u#0HNgfkGUnC&6a7=8XXo7hC+10-qfi< zpkp;;A*j8KRYCGRra-?wJ`Dwjn1JsQ z9EMU<)$YLO?u+wH6M_#&o+L}UUrzWa6~U$73yPG#^g%zlf}8++57Tlvg_8|aHWh=W z%!jbjtqcw?eaJ9)9lSS{hKywMl{%CH?H_2Qa8EQz+c z{Wi#8Ca>ftGG!4^%uJc^mHeL!eI}fw>;(cMF z&b#80U)+(4#q%!9W7M|L=SDc(Z%Ys@iOcN*bgjg)6a#JgH8p5v9TIL0f8GD|t zv%U(fbI$8;S@~@>36uanpsn%__r(KK-a>wpjLf1n*E4>$H4K*@p6r$yV4avkCTxPio1fsI|(ltQd~<(`+oPv;|)@m5(# z;cNF-hea+WK$s;l{Q>jL4~Z5%tgBKCLi9IUl|Nm?mOlGG)&7Pg%Wpq^*qcW5vpU@` z$xCxs@kv*B@C$RvRo<&#WYMpHC@p;wWs?}XO5VZnOGsqYJ+5Z!b;`ojTr!PPxzCe` zPfN^`5|=%y%~?g&&jcRNZ)6#K9*SSThsjzw7JysZi#*SR-Iyy~tLPS@vFGaRz;R7b zZFY;Q`%ecI{$e9(Oj+YbwaWEoqnkj|NkyNXC>)3MD!Q_W4vRcU)NW>v!I{8o;7=_> zucF0Jss{oFXw0?!2)?M0HOtXY5=mXsNBI9Y1`)0&Ls!6H&$O3#WtfCXHeaPz0)9M3 z#Mhe0Z1Rn+xi$4@(?u6qgxCrXAQR`>g{r~-!`NGgRoQjh!+?Zz2`C|;gtU^NfEY}v8)ea|)5m}87N&2-Eg zQ50oT3#iAj;zXo0zPWP2v`A#q_0%&aN&6zKk}0Y1F*w&F2KEcwz$-FrqfL<7ddJth zj<+`kjz9B+%U!g(?bmJkC^mb#(fyc9L~=0LT))mP5b;odh){napo1u>22JMm87z5Q zOKmxlnWw8$%bQGeyQcq&MMgDXf=v(ius=cfW}oe(HctFlZ3w-BMMto#_Ix@gtv3Lh zvpWzJ2H;dVQ||CHKU(Psy)dnrQV z&s^TT&ja_>oW8L4)$}GMdhSeEt_&@Dp#^^FgKhBQD?@H-hUH`QG74Ydft8HsDo&4TJIo`C+jspDAr;2}en-zjWoi~I;~P(v1=3g=heb7~4qbcip03q-42!+P zw}`^wqxs`)leDXy&7LTUC8>$Tm$W|DM-sXdGaMG{ztjDjy&4bI8swI)`{TIM_!O%0 zOGr7F=pPR$un{n-Nz$tpTkfNEwmA0aUvB*fzZv|9V0!`+%92vd>NS8riuA&q;-uJ0 zdu{hC4)*gw%v!9bUjr2v1EY4m*b?WQ%=$hftxGhM#Xhl>rY`Yox0THAVI0c`K}l$H zh6AkCN322nM%1KYT36u$*Y8wH)R|n7r?s0`Fa7P7j7YDw*E$9qgizvz|3=#Z5cM`$ zi2YNWX(g_e%v&j6F+M8o>$-d7K4R4SaD_1J>H2Q{(5LtLN_1_0Na(dXqje6OhF6tl ze!*+hdhi*W3{4_BpIXT$qQ*oZy)g`p$(^dmD<&`~%VUvD7PfXw#!MBD5g$85*`FQr z%W2qspqhN30rqj?tKr?4mZ@W-sb^tTOoQkQn0I@o{pb%H=c6^{JQ4*AvX>*z0?EBg z$&U@;pFrGjf78WbJme`gyxK^z(UQ{UL4?Gr>h4*o3F!7ZEq(>btcj?M+kLGYw~Z;k z*eT_4lU^IL8=$;=S9F*(KO|@zc{iaqQ%lFaU1)TBFoQ+=qxVP5%_q}}P;Q4!GbGv* z*W5G<(m5*?#o#{wKn%>hI#;xa;a!(f;hj0H46M2Ni9&)G?+`79wq0`_rt`?wB%TR{ zJr>XcJmvmmV-&@n>WfZZi^<}c{rP(2TWTZIsFk6dW}VhnU`wXL&~9Z2LLfT4exSe2WtKd711fiMIUF&!(@ zX+q_ml+5icWwi--xm&CjU7=}m?u>g3+9sva$P!CiFVSdOY0k$Pgy|Q%%R0q0KtO-{ z<=4rQMWLB0n}gXqz!7HU0T-(rF`IGWT$WC5C9T@DoTr7pFPsI7$^NQMV^9=LQo}!7 z;vXN0Q{chBimWgD6win#d0p0Q*n_A3L+i#(7U!W!K3DF^dLL0G+5(|R{ zw*E)+@%$d?6dviT(`|nhJB=xHjbTN&XKN?DNV>VG#o8nVYP`6Co6}`ZHfgOZ19A&*|TjXsl}8%+P-3*fHs2Z`mNicqZd7hW{`u--pMJi zo?+PW_!OQjd*fI?+j_ee{(hDeCoB~Payuft`D z00zsw)|ad)TC&fIpRZ^HM6S>Yy{TBVHu$8xGRl!}QB))m>Mg3?IJc_8pJ|XjXjIer z9G7BG1Z^;C3LRqWcA?eeu0i>8fT@h+d5*!!#$b%FKQc0Dr-RF0y^CMHRtT+NL$1GE zjp?vrBBur6?>kqMc17P$)D-Q)7WQA;EST_jpfwFHeHBAjnvZx;gQ1XprNKPxx5B== z^Eu&_mcv@GMu#1)<0Dd1Kx-9{7{at7o+%rww16gm6y0xs7ZxRhD#ItX^9H4KIA;$uA$YPdqHQ*C+C3Bee>?FEEe1FTchF zXb!9~3&|z$sV}%1R0`(eoP*Mw1qq$NzL22A)E&K=^%RQ>J&}KnNNe#jg%GgH6KlyR|9NVJdRH{S=e*dl# zi7DX-kK)I?O&<;dCs*TLb2$yyD8gL@o^Hy`Pl zS9Eu#Lmrz>JFLCbZ>>9{)aY7TXr5%?H-bz^?>`%;)=S`4_MsN|EusQS)^GQUfA1|a^~m~)Y3WjFlRD4c#mm>nHOstiWweQkg5&nN^?dSL z=+6GJn&CjAG8VbOBZ@IaUv`rRf`91TimV^sA$Gj$r9rMRq!iluNpTy<5s*}jaXd%J zQid~;;l{S-N3x?&NnA#BvNp(sGQKj`87_!b`bd;J^9h>?cc;2=eG#bLfCH4e4(xoDu!En&EwO`hUOO%S+ zttfjPRj?-are_SXEZDCJi>pei(hr(v3mAPYG%7r22a;+cj0cin(C726StjxlakB?D z7ee>a!U)}cLsi3~od5OB`C`nt_PnpSada0y52zAz@+mh1+2ZEq@Pgo`CEcig2jM_Z zgul=!W`0>~*``@FO7D#!$JBh-E=?=xYMsL8Hex&eWl^CZCTlj3{x*?$`Fgdhg{~(5 zah(qSO5HN~h)qk1!X`HpZA?y(jkEW22jd~A1Fo4Be%WdO1{pC0k9uGH?9mE}@%jP1 zN$SKIev2U5qZhe|CnW2_XUXUrZzifHk*&F&?V=vd7JA`HMb-19(uG~Nmu*5kqmg+2cXyWW5uK+Z!(~lm7T&RdORcS+E%yPBsUm9i{DbyK4Ud5nj3O2p^h9&X=B4}Q-r<` zvg7Z_kGBS-^<$-aqGqFU6hZ^RMN}Lq!h5hUMx8T9yMyb^|l2$)({(_K|1z63DlG z9sQ1bl?xtBb%^>_h9j{oEv+N5ao;R(g=-4VBTBj!>hRJ4str=3b_l%Q$K07HdE_sauQv>Z;q?x_1(J_U z*l9iv*a~|5w%+xdO*1zog-)`jCw}AQT+V?-K!Nn>cky>;(el|#{I66(xfgdY7w!wx>_i({%FXN3Z?fU#n;|I83G$LeR~lOC;V zcKp&OL2zydcl&mYH3)K#R>H^lPLGU=JmhQJco? zWTVQ2mIPjr=mBRU%N?Sx9`fI-TsTxJ0|cIQg}6ASz<5iMlTciPMJ=vS`r~8KF>urNNi@EAX#pkOLujZXW10O1aH7K}2B8&h2Z@9cYgrE-!mqq5??9oh z9^2B;XwR=9u*BOc-33@;J!)5p>GESx5t8b5mZ!0$UN_&m2Y$uBZEQlPJebwJLaT!h zL@UFia4I$-_gO*Ro^J>jm4DXP*+=8L-JZDQJspx@x{-qjkJoZX#G<~#ZJfK$eNuj$ ze5`b~LqoWjbJM^z!>r~-TVIP?jFibNP@~z60dr#sykUtZSzyv^#&Pwsl^UjB9TPbD z1A0Va!51uj(Gf-$eMnc+@+4B~AnJauOX)V7@#}gz1esdmB8@XtrpbGL=0bGQ?4#xH z@2$t*QCu{kTy1vx4KV31e754b(ygCxEK&eo?*S!dp?W9hTrTryyJVYi``eFjX7Z)= zo?dIYaIrlKVAnsi(hQmZOKchOif(Fcm;Fvvhb**rr7E-vCW^A`R%te@ zyVF27@#?UR1JFaBehcgERXWG}r2gid^^+T8^pI)4QO(KrC-~@tzjXM@iiY=UJ^~t- zxX%fnwF51vg3je&JCrExa0It7wUGwq(37Y00wJ?1lwSF16yPob4NT* zU>eO`!?_MD-S@`zxS}&yoct(6GEIPzd0Ad?&&4x)iZ^u8LZ#*$y1KmI1=`9;9NM=k zvb&yoXu0ieSqyxgsh0Ci&eB1y)a=YggfDMN+{9UEqWR?G`hDfbyCa3KiVEmNP3H?y zax9mD@INcEUD5>LebO#4uUV&G5fQ%Ba=oi-gW7-pR-#ki;U}7D6oPy~{`brP_^%H) znv`{4!r_t_5xWEEk=2tpt+Z(o+GEOHqK9M48t8wmDA)1!nfJLn!Dj~BAq!h>6sk8n zn+zsXwgqCI+$V=G8igx8uAxqA8wi#sIcZ303OwqjD@7KJ<0a?YLm@Qp_CK58nvpl#ucVWa*fWPtU z8T^jsj^UPeX|3M*Dr)%7bH(K&(hw`KPeo%mrR* zoSZhXOL?7U3X~c~%nYTZjDHImDhGs#D#e@@g2)vdkUypy)BOzy_iQGfIkX*Q3cy@Y-izaQ5$|13GGP=T}#UT9@$S?YZLeR6C00qC#TjzJgiKj) zN3&<@{_-!dgV=$Rusm)YIWd}~3?se?_$ehA`Dm|hcOp&_QL@IlsOx1o5sS_mea5VA zdHICPOaRIIFa9|(RqMctlQUSR#%Xoco>xnO#jN!Rg805miU?ciXPXmux|n@}v)GpANr> z5f$p`Ftn4lk=#Mqb?V~pSuYRgpSLGNkatpeo2Vd@B`&1zYf%abqmSGJzL%5{QXGvS6pm2j^H8@Z?qoBbH)>cx7~6-P zUrbne!A>Wb*HAoSm-%eTr<6N_9PyP()ip)C-%C)U-T z7vaa6Y1#B7Amv;cw`mk&bKZR{+|QDO*y?$mgpW8$75OL_-0n1B&e*tgVx}K3NPh@3 zCYz^SsdL&N>lx;^4v*8tDt$d!h0lmR5e)dik@_GB?Z(FsT&A~2vd|}@H&>6A0tY`> z?nO6j{^eQP^D=spNcWy*ugsPeRI4gJ`HA;-jS@|s12k`>Uvp)_DW-2|$EaQ4M+z8R zdEd<2IL-%u=y~h=$zpnQXMFS)9IoUd7EPO}ae>ht_v-3^2hRxupdV9=``va`g>n)kz!T1N5&v z^sz;=CvA)t-aOh5`ja%O%#%8_1U0M7^R(N^0XfHa`13)S(@-+E!NYu8ZAkPXMq34& z;>YLl%H*G_mY=_Ib^q9zR|54cS#*H9Puze5V&(bV6|)-7b7)y5gTM?Ayj@x*uR2R%%b(;*7 z9fOWm5h#CPMM;VT99w+i`7r9NW$jpmwZRnLam^Yh1ADSUz*fFq>+tJZ;HHJh6_6aTvcVM_;Mk=^WU z5z5}6eX27cpjhQl{jJ=d34&KwvZ;B$9^zNu3%H56qh|q8ed>%CO}AH)bPio)lqn>i zVRS^JwiTxGvN22Z8Ac2q)y|7O^)9!5pYLrSR%B{QmFClmFxJoN@GJ&n#oAqSm@s_w zY%lk7=R#~ftK6^fmdz0>YA@R#d_#*k+TlV>n*_>|wwkwA-Ogttt4tAF#?A8C^`IQM zAn(_8aRJ{KB+9~6X1;6jKTFMH-Yy(*TyNaqR-bm+no_uD<}KJ#dpm;3c~(!azh-l= z58_LM3QQjK$m06&CZZO%kmM2R7530|p0Cpj&FH?AL1k7en)H~hE@GAa98_ALQ1z6n zhCw->ssy^f+LO|(9+>vuE}8%OB|;0;758yd^xNGd-TOZGJn~%EmRPSYisIAC7-r*N z{Ca0Q98|z8@e&6eE=NS60Kx$VTDs~G?Y>`Wl$1lryxsYn z%B$aQoAAoZT}WKbice9U9LDjzl;($8nLa(1hS{oQdUp8x zZ*6Lq14;+EOa?8Vu)5j`Y10-EdI+n%QfX`f1^3iq<>mWDwh0ZmvIUJA^Q@{z5_OV@ z$`H3wObf@x4=d61f>*hX8I1D=%dCTt6Pd{xSLp1(I`tKyxh3noYXlLbZr4#~txMB4 znZqG_nR$L8$KGW=Yi=&A!X&WCN2|lU@VdKg=1Mw_DUQ$W*fjie6!$yz?!h#o$9-6Y zXC=)$jE8{^#jZ!9i^)2l%w|%Q^i`utUmn@D}hhIBD_RB9QE;p8_ zv?6~%Tya}n#c54MA({e%PVKrX7y?{7@gC7~cK&0a{U8u#ENV$ONjlK^4;OIF%NsZ* z-F$?SoQVq4(K?-L8cGWTK3Bc>o88El=i7I2J&w+^hwatC*4^f(Yi!aOwQ7Z8bK@)J zSR^`DrkARG82>Sv<>(pC*V4yQ)2?TW?x}r>zKC$N!YqkLZoBAYG#7XC9wlY9`uiv_ zNBnQuvPsOqX>ZLg46i898jS>t=46@M2uoGDsQacN6yRfgmxxZ-uNo_IbHg^i0Dz%1 z5cCk&0+VpV>+q}>=XQj1EvCyqPw=zvDA(S3yX{qZo*h zuNQ6RqfPJc*?B-Pz@n-9JQlNko|xOba%~`KGLmG0ru_-y2oFY-`50<*bjbEibxJ!@i^x;wl~-}|^|&_h_O<1?pJx?4{FdfRbeGtM zbOs>;wF~MhHkW)B6PEX+$Yi!(Y|_80chXeRw!rX*-QiTvb*_I)(DupI9tCiCRYqzz zp6nzp^j+c(;j#Elr8(W8V1y(x$jrMS=@6rR@Pi z>XR>QupzxGxB70uG*@hwQ>wq3wqbpbjl)7}vUq;CqY_rT0JK_&3*!PprrYt!<`Bu# zS8u|f61=>7N29Swxp8^%_8%f_kZ)b*w9FI1_*dlqXDrD)turALM|~>3jvDP=7AsVA z+B~hjbc)@s{xvp>0yD;k$Zmkws_NQJ_%F$ErXuv-1p!r`e&;*(3@^um-)6y+PAxY= zmpZ4s$4N&k3?$hL+~W0*i-={r?FPkaazs@FZVsEh--RDk?X||N7W5Wv#i;7!@$Ykt z4*1!DLLC8uS+jO}jNI&av~D54xWB+OBv9Z|faX$!Pb-T>?>;l@I8)Q`t0ES1blev} z(8$3uGb?u@cg|Ol%ByqJ3~FV*TQvd+h(-gtjRm>rd{~#3Gvs|El4Onrc^DY0V&`=? z@1j_-!8Y@(K&2#>l>1jj$OOmM8r?HO6}h98O=uIZ<&NN4WGWY70Tz|Chy}dLzHy* z@CAFOT9#zGY?T2x06%#c*P0psIqUjk^cxC1%6qMI&2<_uZd`IShP5j0tD&!OS$_U# zy0_b<=0h{5D;IM(Qj-_qXR!!P4{2_0Z(vpuV!d%KnhT|BSp6xy63_#5Mxu8LQDu5< zF#FT3Vc+NHa}MG5H5)b@V`3e4Z3xi`BB5s{6DL#S1>y_0c{w_IQoz zAQcA$)V;Wr5Ogi*h;pXt_ z>@U^sxgxHwEz_+FEYRV%9VQAC4YDz_;fnU6#qE&w4KZn%*Ov)XSu6sjhRcgKCq|N? zy4|rLAf{W}J%Q!N7bxfRZHx^>oXpQ{^3(}oT~g)$0_N|~&2RI+u&l)U#7m}2T#p^f zE5&qUnRF?E+kmry;K-y9L`~e=`(_7Z>?e4`HtR-xu~G-Bx|knI&CiIb?KdBGOLXQd zGi2qs54R;YeqE_wL|%RvktG$ws$*UTZ8e+S_aj&rAxNLCu`y})t4?j}85!Sa=Bz2l z(XO{lp#A7vM<2MzG4Uu2?s6jue=V&1Ha2>KQ*=Jyq1!zK%KvPSc};KskKWbDmmf_Z zei=4>KJ$fH6W+cjlG;yj%n5b>>r!>M^cBGNN_?e5S+(~5Xf+Bz`3gW^Z@m7tZ@i2< zAl?NeQ?!-m)1#H!Y=~tibBeD;@aN$7rz<3GZ_df-lyXbg`V&Tv9?6LWj3R_IrN1NG z(Xi&b>K=oMeN7v>}-w<{bzb*$G14*ePgNBi-xcO?w*PtGwJq~ucnRed; z0Urn;5rQ14a3>EzRCUr<*#c?Ef}3h_6I5e9z4UnQQ*J7~fPR(vc;()&8DteMC?Z#W zFwhQ7`o2AvSSzCsM_zkw5O2Ti+G4-{xQP9OkdOLHA8#QCTTEV$K`r^DvM~S&eFcpCxAi7`f>&Rt&=i6oqBn6)7w3PPf;e2v5Bw8 zxl4`*z|t@7&3{tBZaF0h7u}rqWiXHdo-tyAqn8a6?cJ-^FM{FT) z;A-j3;4^M`(81##4T;Li`Pup-V`f=32u)@f!!)ZczZuIW#W!@Cj2aJ&X_;@w<;)JN zfAqkmcy0&F$EP^rHC)crUw5LqCG~;pd)=# zQDjl8#(jHk zo4P{kCv9Qp4worTX@qY_-M5nP2yTZ{LQ~fQw=z71HuVeCtxvsQa^SfCg}h32x#qO2 zJKh6k^{|04%&su994-jAwvH)4ZA_dg7Bv0L_>{)-Gv*G(3(VvE`taoS?En{(1U~0~ zh145CBf2Wn;a|Rlr4&4#Vy;IM#SQ!JbpUlE%s6WNW=EIv^3d=th0yF^{fiqnR5|x5 zR`O z5}5nF0#B@Ej`8cj$&!mqQneN4`A?uUOkiz-?k0l9Lw4`$*L!w`JgDfPiePO=kN!CM ziAZOQ0tt<)TLa94>Z92v{yR! zX1EFBN&p8dr5hcU1#(JKtL*E1Gx;ll!!q`_+HM*_OI%>?x zCGp1#hpi>yJiw7#Ug2$U{UX-7uT}YAouKUssfBv4Cm1fz0k*@T(yj5ucT9m2^YYWCUp zF9G-Ozian=-g_u%?*O!!xNThYow>xT6Q+G>uslQbCyGCOhX0RVp-e=CG8_zpVdL6D z7EO4(pPc`aZ|n_G&b>Iy$09s?kCFWr7kzGwYL(}6<_^8m86Q*dB?3;M{g-SMO(+@B z%sXLM5lX{$Y2UeOs{(cv z6}XjkS(Wkw1{A+_C%Cz%{8`aIvLCaVZ4y)V&+FSD|VOMKwn7_Tonx zuRJY0-eypjR;yb^OyUa~%^K@a6^A#xrGDF^H6_)uHLq)PeUUcNdPQ){+85N%!<;{o ztV>1L%4W-?WaFH`Zs7TsK$bd?#C<68QXoZ@slD0oXL@->tX@-iQfWmO{XG*M)=~zbTq-S-5H}F`uRW- zml;#tfcu43xnsf+M#V*H={A?4?^ z){PJ8-G^NoShL}fN_pms&(G+TViirJ6uK45E8j&*Dm}}fiXoI{C=yYW>WM5rfN4CQ zeR&7t_TId0IUj6t*)KdFOqq1!t3Pk>8FKSJ2r*l57%U6C^qhQWn{N?jsoPYX44=ub zKAYKUw=NZvrL?V>(e`40p=$Q*W)u4oQqr=kC$LB>6aPY$!*a_Z&HB_@RpWBI$r3KF zPvg`>VVyoEE2B^Tu2vYlLpQb{W38=kn(ECH`!EZg!`$2#f)Z3V4(^B%8f;{k-$zqi zE^heDvD<;WzPn?+4`%r#^=?#N+VD8@t-#$EQNg5{;6@o7e%U6Ewr$L_O_RN&eKH)# z5CZXv$K7yJk>N}Dwd>0hK#!%C=ES>Ll|UOE32)pMVURXmxV+8n>k#4$?i}{g$x*jZ zkF%YGpPF|A$+v?TX?KJ>bv%Z}VGoyXP|$hAPH2b^uvYc^W#zU;U{K?lT6q;$S=MIeo9n!t^f+xXcX-(Y0o^PjIv`dASjQuxCC z`v(phJSKWod;6*6_-xL&Q;O2<=aQkR_tU*K)2>L8VxWuFw0Dy7k6U^krLK^W}z8!d5)_f{tXGEZgJ@ zgct_ZSEJ;GFq0I9*LRdlCm1xofKEzd)TsTv(AfxK+jAdkDo#)Pu?`Lqj=ML!cY;00 z5m2g>(XxCr! zJHyVb^}kMfAw{HLFnVxNMZ>SHK0xUubD7)LrVc+Fd${9=8mP$NJC=S>#igWA%`rm| zk~Z-?3qJEIl=voNtO(-Meb7EbV(R0L9HD`IBU;~Fd{7s3rjMy)vMI1vcd>IZnF;8k z!GR#=^DjY1vjz)`Jv?KsqN+n0WIMC5AHa$y7KhTIJXgg{28*cz^L1|+C z2KK|Zcivw7)zbt%EjXv=!D(Cz@z2h7CTntFUh?MQlpd4>2H4bnUg1Od{mx4Ci9?dM$_Qpa5K}mNCQ6U z4V>G@%^%?cu~Nn998Ku(nKfVT&f0%D9{5js|9*dxa0FFzNPND-&0Zl>L$(OTNR{w&xUwR$CkL`;k6*$Vj#m z#PIG&ti~EUk-K@EwMfbxC1M6^Z~7MW3)F8ABuDIi;~&ceEzI_iq8e%oHI0;<%W0DU zB!0gjtdG3j*RGdi$~K$itwO;rB;7GEFP!VQ_Dl4FMT4mlXafOgG@r)FNrt^cU(2u*;iS!aBOPul7Xd(T_us- zinu?W)c?OT^k2CehXz59KnRQUqSo_#uLjjLyX7QoEZ@n@Z*PI*`bOOGJ9lLAcgdCX#jMu3Dd-@4lHW6Vrf87V zqKkY1%c^e5xm_t!AEj{~zbS6fy0Qy8`0ljUy=gSjMcxoTj+BC8U0D$4TXOmBLd*4C zLd@xv))r3o0zVl7zozEsnkVyao!L=wOJVZzmB8^)7dg_IwEaz%VHYot)X4@@f^*BJf&dR;bsNE~FTHkNrr6u;<@&fHw zTZw|lB)T;+P|l(@6CH;YtC?B_9%l?bc0+sXEt`E!pGm2m76-7^)hh&IzYPfr} zwjMY6*0xEAq>?LY@PN~0Kl%H97C+Q+AJU+u>qDgNsPJ9dW0%)%<&)>h*`#qZzX>*d zxPPOH$ZOHq`JFryRRQ`DZ?WE1?WI4Yuv)JQ zOc^B07wiKLW5ovUr3R?h=w+XcvzJ#Ud;It%*?phX)_F4TLF0ROzSB}M35h6;&4o?`Py7Y>bpnqh4{uB)eu+{-X2VoBTMv-AF(`2Ox#Pe`Ht-OagMrTixO_Wq7l zqS~;}qF_At`_u3zH!(FiEvq}!?#p-U_vK+@GE z8u~uU#iE>6Q>8lP#y#|aO~K5kHDJw;%g;Hidzi{rmlnKq5YhPjEY6Tbi~k9y)dJO3 zl~?~+RqFhilUAYWs}m0Gsk5pg-9;pHLYW23TNf2~FBL_l9-P#|rnl9W)6Zb%d-yla zIW3aRJMPH9lMw|7D(Wq6vS0c37KkG<6wJ(n*B`smMFZD#CnYhi_}|{Sir(Q!+-Wlc zt}5F3Ca3MaF-WT7XTSBxT@DtQ05Ux z9&XzdcWYT;an8)`eO+r9-pfoa9m~E)r(GX?={^Jm|F1LAsopaIU>-qY^>)Pw=dH`G z;G~xSuwu65lgSf$6O1zxu7hvnieueka#%)i+l7e%-+UT89S6I96c3f%G8XVtgJB#N z-lC#dlfssju zeli>FeRtB#0{H`)Y|{$CC3sKZy5#^k)O&M2pY+}8cEdr&mV)G&qVJHnn1BlL=ldj! z^9ErVPbdKQt(r1*860aNy|mHa4pnfxN_ZcT)A+v+O2C@MLD~a>$PP>${}mQ}|+}c)fI?@x^!(WbntLo~ir7u|}p@6W8qJ zqB1ggcL6wj6tfoy2n9dN-aMSEr=Xh}YeW*akPW(XvyIc8?mt_bk zya3U+6Gk)C`>!a}dB4;HlQ(cr7KQ?6DF0u1asOLp6L|9(5|ayF&%;(3H@j0)zz#-e z*}vtOj3`JlTx|C8p3PeR5fBmGO}ONMJ3SOP@z*cweT>QDC4Ona8(tHVth;6?@ zx+W0?pMCy!V;u$=kIeB}Pn7l9%A0fo@Xa)Q_QUR96j2AB+6KGC7YaB(Nq7DuaLrgi z;6gi}++ww`=rX_0mie~m4IBT#)DcV+*JnN%TTpEN0!*WbVN@@7-8G>uN4n4wgPvqL z{q;7>OhWhHbF*Xk$C^L3fUW9rVrS?&5JsFzD*k>~z+KC{563HfxejPYM@LU~D9QR- zUX)_Ghbrjkl{Nob;`OuIMJg@&a(~S1drT_8FZ3=L2u)60E{vM3~ z1A_nchmZZw!1L5o+4sc${L|lGNI`}Oq8L6w^M6$2e_oZpB1RoNkF75%JLQiB{rND{ zAM6>{h}D&qHNf9S@_RVik|TiP=kWrJ{L;+G$l$B~ z+}0b+()cGqC=Tcl-4D{@q@^dWDK0Nzj|XmUBNg475v7f{L?A zsaT79%@*WIA4H}9hmovHBS zjs4|%9POP*@_&vmoLB@sA|dG3u;|Wsfk`QlDRjAQmwb0;s-y+(t{sM*n0U@twuXOD z>o$8D^Ec@}q=;g{C z!Nq2ia=Tgvtlb=;du`T^=062n1TG@044m03TKQDQzBm@Hf^dFlyq0|rwR0TI3o=nu z?sj5)FRVv{xmLilO=Z*@ZFf+E4)me8d!r$^G6Q^3zycQ4a(AoAX*EN2pFX}4Fi2e< zukS7IpSL4)kLJh&grW($p2+MEmxS50z^FE(f$JDBDaT1y;@raK=hl{K-n(=^j|PY3 z-|3>+D5m>!bwHD%&zRJyu};}?y2nIiWo5@hf_L4Zx2m7Re6rYTV_?jpy{jvUr%4- z#el96DbQFlFIu{DgoO5}H1PPZ zgDW5juG;)Hai^J3o^ZU2*+^#4oZDu~)8!;K$+2ZEs{^UcI!qGIXwbVLrKA+?QE}1; z-J5Nwf&9`14Drr)$|RTjCamqMy!71I1U8diVD^@Yf35cmG2COy0bD~15d};Q4%=~G z+x9QG#^>LK{rlflnlCeg`FyWhA)w1s_90|0$H8RBjo6(>T5(TbU%#JiYq}!G^J+V% z++kC0b3OAzs~@ZFk`SF%ZRzwvfhr4rsypdvOANS*Z!3%kJoofT{!`5O3L)cn+XC7G zi;PDJ3`}M^gG>@({;D*6nA4gFeKBS~?=+d96EeeVJD#s>JPXR9XW$^==)2PQ7u##i z`IsKyfJw~$Qg{j2ZjIfa?%25(0h<#fgAUqwzxR{j*GgJ$>A{Kgs>}4d8#q-GQ@!pR z&OrlZ;@*sd-B_-IaRc|O8~z_IhyqD zK|A=6iPxsJxvgmdF*EoI9&$WniJVsSE?~G|lWh4eU}~M-!QO-tC+K9)@H&7X+L#&C zvjTdKW7{qdXcf_jO*)@A@J@>jNiZ+~k5ILyc9(eL3f&3w3Bc?sMEWPNuig|8Z z;$BEbGnTrELE&UNCPD5sc6vNYsS7)UY(7O(E~&AYWFB=;2xJ<6ceor#J~43I&o&gl z;Lnq6o+jYc&j~vQpWb&rsf;+H`M8$>Brrm7RYdu$EW${+`{{UgcflBvz3pt5Tqs_Z zc$)&|+X|B*W_((?%A_bGlLwMb-M;V-GQq~%hXA9yN4f2?NJa5k^+NqeZVF6vmj9HO zh1$^!yWx)KT^3{R37y;POCvCuaAVo@d(Lud35EQod!=v|)}ls}yOTp0CLTw`=m%Ed zYJZA-1qLC~D2+Y!;K3*u)XeSp>&w4T#^k9AdCEV7A#AQf$^vSOD4=#HGJz1O-!{wR zf1V?oWLzCeE~o=6?dt-f9unp(Js{mkH8}6}JMWE~27Valw20qkyFN#Bsn6YN+DXW0bgg*8zg2G~cevyLy6$rP1?o5D(dkB~08m$fzVw7v02 zbx6W`RquMF&o-AAVA=c?*`G6hG&P)uC^I0NM=&EG`QFoTuW@aR0b6e3p`5B?w+flL zaxk0k*h>XbHIp)jH&^DPV6LFpX5iTIFLai8J&h;}lLy@%2TiI#*)}&J=r6~luCfAE zobv&#ujBjDKf?6y55+Qt0x&45h*rTEu{r(+TvjuN2vr|ae-CgiGS)1(7jTau2Z8o^ z&}YGO$v2Pe&Ld_47+d~92jmFiEi-<0p)rbK)nPsDJ&xVvF!#CB?NK9eFwnfNf?o!a zYq;T9s8v_aTRCQs0-uS6ThLa{6AZP~D%1ZwI~$JnU; zgKnUyNCNTFGnLhH>Lr`ckCVq9so;9*d<8vD(cn-4rQ71ciH4n>-SKZx>;$iWpM%D3 zAm<+MRtzN?Ve)~Ne3K1-;DyWNZnmDU--l#5!zF0(k_hnxRywJUR0+Xtk9~OZckK0d z=+VuG@PyuXY+1_b;rqQCwbBp5_&jgK#ot<57NYK+mTh~Jyrh9Xwu;C-d13xxL)%eJ ziA+T4AZdy;!da&msQ&SKnoT8H5HP;W`C#<>D;}O1uPJG>)4oQwK zX}-z_{m|oHTIMJbJyp+r9R=|S|3s~SN57;9PiTC{xN&pjQs}{X$u{l-wm~LfIrp=t zp1RCDS8OZ$@D-DSW6NVZD^6x`~0%tj6#1k)}N61W|*qhBcen%g{I^oauvwMjxFZug6H-&>o?V)q5} z9;zzMMmwk3WB)VeekMe*i||*xS4w0+1^Dg(7Vv}s4d%m!WaYyB_{}-TQCa8l#-SuG zc`(D)A{Mw?X^F9BE^(c3`TuEM9C&u9d!q9soSz2_`Xiv6cA zTH?TY)CW3a1`?4SXPzEJ62cqW??#dcnM)Ra%pvr8!}F;a`U#B137YOi|Ig^4lkgz~ zPO+^896E^<3Y$)r;K2U*)B)u9S4|jBTS^CtKi*&tr+ypM(@YW0SbzZFZyOls-i(|A z^u%bOV0vg-gA=3NdY;E@x;(2c+hG$BV1~WXbmeBFG@Hiwh6{FGWFxh92H|^y1WnmG znth-KeE~3q?LKGUJv0T0K53n6!S(saF5uuc>i9}<531cyp=0>$A$zkmCEPAxO*Et& z48?JoGt+R#z(*4U4!h~T+C``Ret=k$xY>bcaBrcQpT8>9`GxlUaz)S?bYI95wtla!aB>y^m8DOU#{?+U8lo4@0mYwPW1gp&)gMts z*YtGr`QP*SAGOw}Kp`>Yh}IFHJG7?8sdQmJID630agToMPDiA(04+)PL1rNjV1!6eRA_+`G!sC;5x{ld z*LuhQAA4^d7iIdrkJEyrq9UL$w6s!64^i->@fv~+{S zFi1DQd)#$*-@Cf|`ThTWz5D|Zo_X#%_c_;fopU%oYX18|IuV6%Qcba45Pd7+gB<4C7sdin1r7z!x|3zxRDwEiFSayJT$+|_M2{d3Rwf5hQ0ObE| zz+cSc|J#5+KPmq|HlUv*TD1*QPqW7Hx#dKui7jaEVT!$xgacM}~-u%kUOQ%5F zFx#pfjN3mFQf3Zi#iB|eFu0@$wOins{KgT$v3w#+Nxmz_+umOD1PZw24>$pmCmJK zY_T>=3>spH{x#mdIO3~!?v#!6>!Ie{=O)SYRNBp_xGKLG)BoBi={#Uzlv?gk{o+$_ z*?@)o5?KFzEEhPyH#5X>i+^KBejg{a27vL|g8a9?BgVK)z}DEhQ4C=J{L!>xz*b&N zp|$#MbEGT5dz3EUx$yH}CfNX2{c@!L%kS^;Uts()FzfMpedFg)4}-9wn2OC3MdqJx z$+maE7L)JKJaqa#eNm_}jKf)fwRQ?VLBx=$edjPUBr-9qW3#KZ)BfZ|uTt?7k>$y{ z%>HLa-yb7?1H1wrwZMI;pI*5>JePyM0zbC3eM%Q_>R)rjGOtideH>SefN=R!mw?dx z6HxCnX_gv>0|ZYFBx5Q+l~h1o-+d3jw4D@Glm7h5Hze{2B7pE3u8FwTyFNR`kP?={ zlqIA+xgHr225MHGGwe;5ECm2huMy!=dIqX&tGH5?weFU_Y!S7>(kT#LZ~-__IqR0e zM`?hrH0Qc~Uq4(h9CCQzub_Kq1U4;~cSw9)6I4DlH{wPRf+1duW*&ekhJZaP1=Y8_ z_foiwWZ#{Tn=zpqO1WtbTt>&L0}E3xsqrhPM2V5a4n33b(o|5c`JyX9z&%Vk1m3|> zPEFIb^}V?L{im(~GB-kuRxHMW@JtSXu36IIwD!mQb|_H!7)0v!pgIYS_jX4c5o#ak zV!!A2)&Wf5fy)On=~o^Np(ekABH?-%7s#MPl>32S-NTx;JC+d$=%PeB*x zI*szxi#fuCHiPa;N{)=h?S1*8p;>7e&to+@U;vZSOFL&M<>@v6yqWjB-UHsZvX6YZ z4qh_jiMK(Io~Hl8EI@OxX<59>9Yh(k_A)%s+VMCL)w?GhoQ+WrL=HX_0BEgm+r9jV z_8=L>nQ~Z3KsK@8-vS7c!Cu_e=g*gCzL8)cw(h_$|9qQ6A$P$(Kl81shbVIqtkxnM zSV2xZm-;n9=K`S7U^*zF;a5DMg7qFL~R#8Kmu+{ z)L-G$(?L~B2kgat+fX9x{NZ5`&*+ZTt-g5!CME_z3DTf4w@^2~!(s@kcM7V;0?Hi* zaI-7`L9@UUQI!cC3S7`~5t9HwCx5XEHm6dJqgk$MeoPdbX5ZXs0qO+KKuE074PSZR z`rKgqCi7R6jraMxDxjkn$t~VRADvRe=klo{6Yix&)r%C>ODV93ZRVr(TI4)v?;vlh z0P209BJ=cN$18-a02X&5B@w6^Ga@{3+goRMYhdqwvoT_l8cn9}{t$#x#?EA{YMsJ< z1=bpXEs#&(Y4=Ombw5f0dH|4eH{6-GmCz%+mo(Dgg4BcM9MuERzpp@(8!(Dsm7#ZV z{glzjZ#*I>=e%|;7xU*Q7V-$S?(*#<1we2r^JzT%N^gS&@;xX~*bcICx)=%3ko9|d zfX-|b{(w9JxgDIM#~Z#Q#lpB1F0YSxkSFau+EvAp#gip9u`g}%jt`(S*89`$uRKl+uu zY&w6}5RKeHLS}hV$gJ5T`{OnEi=xMgM2&9XaPDz`*7LF&Ef24A-KweLCv#r=LNiMF zP!5H87E2OhRhYtaj>@Yth`jR9Q;1UYjG6-ovs;Y-o}KA_uxXswV2YL}mXngdgaUEv zd&r?HQibY(Bk4K?h_fun&szY&B#Mpb4*dwUfcsEbLQorLK34X8L~=k<%T^)42A7aKnMZk`~^JkZ*M zE<0}^KdvWMIihm8E|8Q_{$~Bz+H(N{a{zv!8VcE;3vy1y@uOfgC;uJHS?5BI;wuGe z4RSetRpeIB(8SvS3`A;MtiGpNXdIW(iz8_hjhrnxk%Rfjbq{ATWY*rmCdkiBObK&N zEp}PrT^-D40{sFu?y!l7=z$8Jbbxf@aS&VKLfyW&WIl@Lep{;dEn#lITB=Eu(HniN z;fugF3oF*YB_P>c?AE+e6Yx}^dxrGD2kue1ez10K zJOdNRW!Oeiwk}MNe*_tRHfaJx5$Ri;9NLwg1jTtr`mPI?zq1kp*ZU`S(BP>353+=I5S)wh0rhVJG- zKVZWTlPo#gK8Q<>Z9VLfDVz**V>juY^g^|Z!lUIi97u1DH}8?SF3ZcuH-r_@?SR1! zm<|Q4O3P)Dc|dJ#PQs8VqFE@w!-;xYYl93bvNNDeC6T|vuXT@7z^#XRxh~sbgdEzi z@g864t?lC_>oOsy6&2DK=12v^f($C;doKwYK+hDwT3Nnos{i(?67jG03-kA@?J}>s zPQyW*Sw6>V5?r7zZ};i3N54NJvT@8{_qFQ&SHB@De~LN;r~zSFxkbM|SwBXQzaqr< zdDE(Df)SME8p#$W z0=&whchxW)5M>`*T4Z`sgzxX?)Snl0Ub_*i=avgD)A+4e4qcZ1?EBmurx?=uk7u5f zGG*FKHLM?kbTisV9*)3!NWXgx+zgM|NI1|lFJhmkz(n91=;a0cFMaaE^Nv@9Ji(Ag zZuB0o@dgb%fr$*|U$SzO5D1egHWHjN0Gvve*V*Y}rE_9;Yt9xIj)%=j31y|3N2PC~KJNrI-IA-O8K z5%uLgE*R3OY?gP?d}mY=ioCJMOMChZK!4?(tx~{ zgmJ3@Jw3tmJfCS$UfKv;6voz4!p?1Q8skO|ur|7&QBF}Xsten4Z$==B-!~Q(5t;Oh z?Ol-47}63g03J3}^syy?MEBvmjGT&#cqB3jJ>vRm z@M`qu(@r9WK`!7;@OtB+C@BSWh0~vu6@auTAxQ7sO+qFzHjU}Y7@#pBy#f565A}#q zi(;p9aFikd$R>gV5-Uxgx*qTQ&lq<^vzk1+4-zfVlzKGZ+NPnpDb#%B0OHF_gm-#C zg8*E=gKK~iAuRzLkX#X>gV{zPEff8V&=j2x{ur~(7N1(xVWP$fr8w>YburyN z>l~jBC0f_WtPB;dI-CKLnGvAId$^YoJ`^I8_8si$G_Tl49X5A{^~n$=rolL|0_FKc za{_=EF4J6k(HYGetLfZ*o!@y)<9TRkL!>blKHC|_)VIHHbKy|U0E|wSbs3;eq z1)QbaSR!t@-;5WCEOb(^c7A~gNndD#qZ{4{2&Hc_i?iIgNH#0Q+D>*l;2 z)uPM6ml6XM5XwDo2I7qSUvtt@i_;~_QAyn(jA26I)k;~i2Lf!8W96|~L-%01=7KNC zIIRO>?)OUaqsT2>QV=!XbR|*2M8$4D*`!jCW^DKjm55X)lWzd(CIjk4G_FV?(}Z6r zXOzZAUHFup|PVwJ=LcT;GrSoCUPA=`v_nKc`(R1ya@yBh89M6! zq2~eetL)vH`}0HO?M;l1Ax(Y5QXDlOfM>*l$1iF2EB$ndNTjL3qqprAIle#aF$#5wzE!G4YJJMz*VlHCL1z`mlX0c8ij~FeE6^r*^5qI zj6QJn=j%X%E8zn_2c)%~5icqEqzmOZ0a%l8Q9NKK(2oW6>ESnC&CI>`7i|Mgxiame zS?tFU2)dH^a=c$WPud0byrbRq=)I}L$8KWTu+?gs@6(k{_IWbQWnw}S1wJjaqy1#3 zeqS;r3CKKpCZD)O8wfhuhS;@nX_e=4?Fql{!n@c!PucX-p7EGF63!T;YoV^SpUyuP zCkbH8HU<}@e?H-VembrRn0i}JfdRr_4C(h@^&wyc_(T)c)xqyO{Lcsc{VPZk3OzYk zR=oWmAI%j9_B9UdkqX(5PsY9H1A=tTM$dX66qnju?4k@+%~bf=0GH{(%P4#v{{xk7 zYr_a6rj7x&HI5Nn8uw5YJ$sWt2EeCMqYiq&GI4(sndC-#M?o=`ZxJH!9 zO&^kK#Bl0QRtGO!!Y$CQQUJyE*g+T?HB_j5uC5Q&@ePy!RPV}J=_K+&TeOFgNvadB6}4C>W68up(!gy2L(Md5X( z2y27t0j#80tK9f1AOK|qT}o~Tjsq~LFXtiM-VC+JcDOqzO0({yj~}b+9Pfx2Row*7 zdb9`BZAL&jf#N@xLE+_RCzgL-OJMhag$P+&l3V>@_k1qlo5C}FBG?-+zJnV;+sF>W z`e;y|W>lhu9J<&M`{2bT<|l3vr@+Ct2fZEk>?oeRyn5^X_PB$MAx%4m*#+n*Ro)@n zPQ00|nH-8fG?9Qc2!PBdW#8{m*pKaidK<1(ut^qSi{*cuVCjf=fTA^BbSY;#I1fRH zAYDw*MnL#wHd$AF1PAWWCqF#WyUlX!;I=K+@z@zOj*p$k%LLL0aA(Kgu}i;a1oApq zi|cn2*2b!OERo~YWja8AMb%0Ib+di*cR>|28>qZH9mA4v{%~xY@W0lD3N&Wy+VOw-OeY8cxVBV)yVn)$RpyW zzkvqE3X1+f+am)s5*ICp2|?y*GRSWY#M?D1{s3x4wt*&1k&mW81j`EKtl6l7^?19> zIE48?z9;C84z?0fzAjOBAfu;)F z1o+nF2bs2JHpu$2uY(^LH zrj+7lDCO;LsufSK8GkbQFZoLir-!RlGid>zwA8J%^VJIFA^BtA+%Yz!6zXl4v{G&1 z8art#rRMi*NN8L6BBISjMM1K%ISlA?in`z+o=fbB&^(y>Kc2L{hws2~29ju0$l%7V z=eC?>Kl=f%-?vNcp06xod5H~_N@)OLJ+X1*?ri@FP)~E$uWgTNQMrAk0aaUzG>6C# zs;`?9Ms4$e@^D?x6W}b7D8+~Ys58ZE@G&GD7|QCN3jAO)&KPoTk0cSGYf@795Zd#D75ZIqPm*Bl74ST9_U@@wQD2&^WJfpcHoU zVM->~fyS2s81^Ut$)PlR@?r8wG%o(0K?)1g1a@t{UbrUA)|~SLsA-UhCRmTr2Hb2l zk;AWa2Cr!LD~9zfVh~_vqo@B)N&9pHCL*3cRj}}PWZ%c};s#M!c~v?NA4QbeNR3l| zEmP{AVvIm}_U>_idYTp}m3)6cdzC_9S%i?1*AFx&juNcvr}7Z^kbfmv`CH9u5qHO7 zy6~{b$+q(M7>{qvq1(gT;xWKfQG&9vWl;Gt90Udl3sE?55V?~fs-J@1*W7y~P>U_4gC`KvOsihaj9ZlwhYhOpEUN`3exEDS>Kwdq$2o)Ce_s3zWBj zJ}FTzwWcWTRgB>JTM6s8GdO$vAUe;NkLPNsp9DDJGH9j*JBfTCa?6uq+T1%&vf036 z2vn#6#a9mBh7J0IAS%&Y)mMVO-J^)ld%(g}o62?m0;%H)_n@Md??^cTWJd(_H0SYo z3lffb?hM@=@=WQH8vZ}esV&g|y)i>uygpP1G^RkhM`4Gfr6nxvjDi5ODK=3OsEi?j z;a5b&d6Jma$z%^<<7QzZ>=Z)gXv_IRK;~#{Ej{s?CSg)LcxdlAQ_4-BWE{8Aqu!z0 zAS=4sCyXqaTgg{)X*}F5j@x^i$OK`OBt^mF78vK2w3`G(bQO1&;s>190r)aL91!l- z`McQ1_>LxsPM2I&IJHw;7s>ncLAj^^RQ}<)q}INaId_*K{x3^;OM;lvg4_99H8n}2 z=$U&v$*TgfIo+6MzN$+i7}BqCI{tcNpxg>W5#YFW?sb~|K)5n9yuoX&%b4WfvY8YD z4b_S?lX=V{$n})fEvH{Mhnd^lMs7}dowdVhBsz@+3G#^~^O}9kdsE;I?`bApqbK56 zX|0juk2c?z5F%VFcS*yE@1FFl6sekUPK-bLoOIksMj5(%v*a}3(ICmgvGn?#@^xTY z_|8UF$DM|C`^wFfYgaBnoqp>EN91!1h zd5%Rs#8eaP$siiei#aTE&{K%J*>vp)02Xo}kytpu#EB?AUn~jH>k4f1^MJ_i8N=ku zrA`W;90s=vOE?;VZUzO0ET`X-0rvu|#T=>O<^QuJFA|Vn24asn{(jlt{ZZU-Fi#-= zAwNF9r&j`J~tcHl*9TIFq6L41!KsZ3&>OqG%w z73F}}wD5wp=w?$^vfM)n0m9X!795jyLI}8eP2C^@#ktMlD;p&%nPRVYiOTD*CJRFl zI>FrzPN9<5W7OoprE@nha!36mP*edc&ec4)B3ynaP`qMG2&89BF+vB^BrEhNj#uiE ziADBb@tA&wg5n3uRL-gra@TiNI)F!OxH6Dytf|klKR6i!3O|Me5$M}0roHMFY+y4L zKoWtoet-2NOzDZmYf?k5A-Y2(pnWSfZ~kbcvV^j>qvyTr#;VAy=Ft^+m4MC$z#xob zcJAn>UVw@GUo99oZNx$w-a1Z$s(9;b1jQ&@jmi4~ukwrHXQCx@OdhW#3maiX#cN3z zm3faOrTId4@|a1S$+~;;qDN0KV2-MmxnNB29%d50dC}dIVqo-u{bcZ7Pf5#2 z5qN3`APKvQ=7rRSds9p5QyTTFVWzn>!@6h zIzJG_q6%lOjh2~&37u^B8&`wL$Zk#9Yw9X)Y71HFo0 z3@O7L*Fi)>zzPEl;};3}9_i#W#nr5x@_L4eb66UmNuB~1jjFrdwa5+M>tpv=s-R2v z_UynLRag^91>5@0P|z5U9Pn4Km3E9fn2llr2bP#h$h2-}9}s?@@Hy)qt(){Pd6!?T z`y&|o5wh@usGobu;q~B;A1Gij<3T{>OKS}N!n|F9fsM}YellumoA)w=LwRb2ET9#y zT@`2mIT;RwoV^9Zz)c+T2mYGTe`zElDs(t*_k}v0|&H}e3quxmnkV( zQM@qV1xB~!2VM#UW?U~)9R}4xDuls3?w#W^2E@0f0Rn?Fri0Qjw}!LRBR76jIu`*s z*9SI1ec-$?0W8_crY|KF1TrqgzYDTg^=t<7qD^rvf^n*WzrZcgX--*A<%R_A(Q_iJ zyq1wIuIe6MP{9IO;kc|6&u5jukx=v1wq#U7rP=tph#KY?@I)!Ng{3595xpyH&p}YQ z1~di>`Na)fuPe;@rL?N75e)0CDcV0AX*Ykj$vh z?*PwZW_Sde5@n`XFIb6jtBw@mT0A;l>Cy#&KJVZ{oKl(qZ{5AUSk`Llom)RwZj!`4 zDV8v?juZyIOXKRwF3?hUfFv6Fd!g6Xn^6ULra`KG8%U0rSTaM40~HNOD@R^Zyfar^ zzFzK{TKrqAQGbwBkG=C0S$#PS01Fgaqv?A?RunJHdo573qEe-$CQQ0C#o`TmW?4deK&mF7X=7@zcSHJd;FH5UdZ~b#++!U22fhu#Kq*P5 zY5K5!T+{kKpvOTRjYvhns9-T5xA9nxKu4%}{(Z+lB4$*6eVBn`BaS77u^Sm7wN3TH z6>frThtvT5RFBP`(SRBu#UWNxufjZfxiFViU@slf5&^2DcDuqRt1r%k=twY z=|Zb5bzsbiNx!UkE(s+$f7SF_8bM&e)t>!BR!S=eklxZ1ro!KKq&~P;KI=INq`o5J z%o9G~S?l*^F99V=ANEr!!N_7*R9VE{#eX?yS{sI&13kKDAV1+EMXp^)_i~OD1=fnr z%Z5c!`IkrgwE5CYE8OQVC5&3o?^Ta(k-~+p9=`~k|_;(xssG>ZQX_)c&j52>yCM|w7DyTcDqc*qp@>y{r^E;R4_H4%4I zhcVNlkz8daGoZ=H(@PEh89;2v2Cn6how}SK*D{2}-UpQx$sUrJ8m~J-ywq(!vpL-dF zTcPM@M%XmZAK<2R?mJZBjChljaNwUM$Xy1SnDx3X1)yJ1ljZC>_%YVMBDxnq<~2Dw zaX8~21biCF9ZHm^0|ppZ}*>*sQ59EpA8QDtSt!m#^m2} zADaB}w?F^Q_bLzx9JscDNk=8A1Hp2Ot4-{t>!?37=iqmI{~x&FA5Vce;2Gwi^^pq+ zP%EEa8@!LJ34u8+8UIH<4S?~JvAOP|WmZEq&Vk14 zdPCGO{oRy=RQe$Ck)mih{1*DRZe=xX(bAU6`KzgFawss%!RHf46*5V`687(};Rg-CgIH;Q zn$M@f-ul=vvR`PdEK)6gI$o}~OFd>uj2Dcy3GyC6yPV+71C!M1)dh!UMt(b%3^GQd2{Yb`ji8pFj@kK(W3)N3Poa+3u8RuTxDXR`pY6z^xj4Av!o? zLDst*pb00eg8ckJk8w6R&*O*IW)o5z_1k^YrWbz`hW>IhO5cSvK zqkyyTUWXW}wBO%&tXwr_-Ka|iv-F<-6y1?g1hVrY(jJJi18{G^(j-oam`d&64-;1o zIPol^Z@(2cu-G&Tcj-7yzZ2{G7Akl=IRmnYxIkY@AkZNTU`pOUq_5umgx?%&e`{kcU5qf^Dr&Ah-5I7hSVDTu1EG^ri4sFDC^Mh} z==!-kx(5KzGeqcn$;1?Bb}5!<>LNjS8Zi~i8OvqV(I(kT7Vp5KQg8#%91m<8tUptw zt`6&7B^n-b1(M25fR@VU_GO{S50RdJzJe22q2>6ShoG+}1Yp>=oB`SGOnnxcZ{4cn z#HN!OG=iM`*65!s=<=!ix*)xPfR_1C-a`G@g6+&PNP77MDo!$e>B0F|yW}%KihG1+ zzZej>us`C9r*+K~cc>KGLT2gE;9^qb5T(fBhQzQ=C}-SQo$yKWt0m#2?ZdkOx_-fr z%r9=dK)CSaNloI;3}9LcwIeBp!mz_ref@JRM{_dHFnjhQ4Fq zOOWLkWz%@@(K3~LPu%9=l1x~2(MdBg{@tZfowueX_W&cl>@>{Bw`H}97}f{fLT81d zzY{3VJ{-GfXv6|Ccg0lxv~GX<%17l2?id=EUU$b3X;~I@m!fp0EwyxZ+7h(FJP+Ag zV55J@>Kwk=($NvlZIS6d=^PXsB6!pP>@j2&gvwMwU3efllVgcft_(G>dOpi)&<8bo5#Wx3;`dMf5y$ z>(!f{VH-`>aW3RCrSgn5Cf(Kt^*Lrl76D~w@01a+zT;wC#|kiD$KqoBMm>QE*T+}K z!%VtjUKHsi{jKca->0*j6t@G-9+}%x+I3kZMZha<$)H{5ekN3fPSeS@!Sc{1w|9dG zQp_@?M-kPi>70BhzMG_F8rmLR5u~$rohY#L4!&XaMh*_{G^VE$!$q_DUcLiJ07uHXo$ zFNHVCc;Brhrzqilx_=&*uEOKYfUyz)pMxGKbMIUpruD4 zr~sNiK8Zneph_MP?*!e-??(Hqj|K_>rhejX4v3#SM@U6`UBK~8Y(!TgU-i&f;!bzb z9eitT>8pA`UCUDMw)6c4sV@>{Yi-z$AQy0+ zJT4v|)BL5W{{A1*ls<3HL(YV26)Ic0opoD$C)j(e3F z91&G#YS2|@E0OU>J5})Sxx4E;bHHEBG3)M1J&C|NQgV>kqAa>yk2Y3WubM)&0?Sd- z-*W(*#mqy4CvI&V!*u~bQpy(yT0!0&tvWk{E5JxbsUr9?`!PjNztXwR_=hhh^%l{{ z7dOtlACCYP9v1Y6-9x$(_-^I%eI2-Lg64XE?jr!5ixUjig10a6};_Av0}4pnHSdQZycR*zhkgNb_FNMob$%YVcG|8qb2@La?NmwD%b zSC?%*Ou-}7lzU4m`qtyw7&=M@uc6>9#nUy$r$QI1xO*Ms7HcL6IuhtCPVa`@??x}Q zHa82n4_fZ58f^zR^@zEGxS_g1Q`w<|Nk`)4q$f2ix3X)g)H1^%ck0mSdIo*IkmQ%1k)RfEF_J`d%rDZr!!rJ4&=s zh<;AW7`G!C>=gy%ZSf1hGycS@ew(YKyJi)Kl0sm~d%VOTaC~%EoLCBR@}*|SA3mrv z?ZpXDqX-(`bMd?&2Rz7qZ-Si5dQGFua>>=P8@Yd&*}kq9SLxaP$R#4b>g#279^1)) ze=y5`n=MqzPxa21u+r7};ft|Ga-X|8Vi;nRUb3^>X_mcRq#LLCW-sv7!9m8AIWa#u z>O~RdHh&Ymn zq(nsDcSdUfn7f64AYV_S__Dm2YyW+&Cm*&J6;05Crl`gUHI~Vk@1;*+im8o2OT58f`9pn1%S%=bsC^bv%gM#p$ zDiL-`huCNg*IAwV-B27$t6c|G!Zgiia%D zp&bBf(bBtqmcaiZpr~rXvsUO}UYY7OICG+BYuvpl2~9D?y3L;elHPL78dC~T57+Z{ zE(~9T1LCJRe)Zv!d)-#IpwYWI%$D^%s!HB3Fo$dZz-9jG+(Y}Y-!pobs}}1_b3Ol* z_V`KNgyEz^drPU)o>!^sng6R2wf5EfXw|1*Y0Da=*MqZ6Cv`5SI@Pwi(rVIoEX!{8 zPj!rs^|N>%16lU`h)K$=z2&p78R-&XjB2xUa|;bHWHf-N;%6i)$kH4X?v9Q1b{Fph zf}mp#lZw05Tq6!uiHv={eu>H)MlObJ{pb#68B; zuTp(g_tKZmk5?AI{3w@amr{(j8Jp_mOn7qmhTnQOsTvhrggMly1NUZeayu{IWNv%e zrZzCM{-jd7%eK_{sum2N1c?!+~(u)0cOwbYEZ&~eB(<-w%*C%UTk-A?bCrlBJMm&r>6tMjCG8` zS2%cPvICO3fkM82)1URJ+zQE?CLDM-|K-590Rh4ehan;4Tj^hH2Q({kE+gfo`Qm)bbFKis+M1JD3fD! zKE7i2hSAN|!&F3GYi%Ri=6f+s`o>F}tnq39?*@jjA-u^KC&66DZP^HPce%l= zSNFl++_m0(WA97GiKMR_VV`kVO7f#GY6zMU(BFo;YUYGk2x3!zkX`)=R5f9XW>MdL zJKI_`Bdh=Papnl$VaqLhU@>58RjjCbSfHj=EejaC+xxcgo{oYr(HKxt4&Hui38aExi9NxV>m+8sf)#tpJ&myS36n7WZhnDe9j6+;+q}J5a!#^|e9X@&D2s16Rli%3$X+JyYikSA@M&*? zq+Y0&9<`1ZZEkLM%<7f*@HlZ)O;A4V1ck{Fh|8?R3$TO3uXgAB{r&m*o^Q&d)4Pn< zxJJrnv)p22VDOif?YKcpD?Y&gYHe*Tvu0F_C46#fFf+X_3CQ~CK5mNYE$0lHM<2eV z9L~+I(aI&elFaDaPgx?LgPfTBf$R9Xy1G$bE13q7aWGR;#e!?|p?-c? z=GF(-J-Zpb=e>6n-4gD=!k7A1cU1K3LW8ZTAE48xUU#MC46CV4W!>92uUO&6Oh`a* z!;0I#6k%nhqT{X>GGjZu(&c@yWv$6crWW2E!o>&z`xv(H0WSe=aOMnW09Kmuuu~x@Uc% z8g$|!;s`S|dhS5E(2%lj{i&<#g6e~O@`Vz2D>JijwHtbu?z>+xc=9COph}6)nELWm za;mzbVote3lXaEc7LT&;rM{X`Qyz*>d=%i6ohaSNb*`}iE~;hor*NcgWwySlR z^DW6{>Nz-p$C#2>Dx+R?LgZ_94c{0)CHu9DsK2?_J$@|d!wt7C^m*JRg-J=NfqtK_fezq4$+A!KB zug~t(5kh)+2tUsa>ti0UR@aY(zMOHSVf|R>A#xk*E?T?yHE6@t`o&9kyDvelUkE_Q zo)DJHSLnQbaNjF~N}IL*(7tEc#g-7F9&lGCEz4(?msw#>(dUnC-+-DyR?SZQf1ZbT zXS6rR(CjTnI$X;RAD$ArUY=K0j?mF18P-QbLpwW5HFk^rQBiL#`CQzkmMi|8&%A@? z2{0nUGoO)nVk~wxLqpHgLd4qnmu`q%B9ZLG<9-!{`|LUWLoVs=SCBe^3Kix4F>XO_ z!7{;G*o!cPO77W8QA)AGg!XcGF67pw7=){K4AMh;_=ft&+0w^b=JonqJrzpzAGnon zz%+YC*ZHgUV)Dzi!%otRO%C?#M;dGjb)q=x2X1ISu&zljG7(6jN52U9?Vpe7g&V3a zmECSLZQ687A0`Kn=pu-@Y5w^C?_UH7`P8W|hPr2WhGR*4V@X5J%a0V4zuXkOllK zEZEn)^FPm{X9mxcd6DQJj)s>>gHb{Y#c<`3ls*qP`J%OXK2p_Lo0D*(7DV~S!1OB{A1=AH0-uZV~z#? zI~G5A@G@;}abUH*v7XVAuwu}&P~N`~fnlf^hDiqo_{Ya7de3u1|9l?kKWY{T9$DT$ zRHu9q;*-fhB8Nf0E~G_EkKLB(QKUif=bvV3VDyqeK!O%4wbxb}3Y@X7TV!O0S3P>M z(EQ>x2gYuhYxCf3*(P^?rC~y;4QuDqdI^9t)4SR)+Syke_-|TMi@0eJUFWB7IZx)W zIZK3>X@oJwd7`jOJ^_*XmA8J7@_EW ziTFLJm4QCNqpv{2^C>x)z{XIk&3j>hG33XSR;{JZH4bJ{$6o#~Z8*(BpgdS@UJuS# z*=u-u>Bo31nbg(aGO8+{cytw)dh9tfCp8A?I4ul%BAv#HtTtOy8)X(l;upFTk)WS9 zKj$?;J9)K2ZRXY6#gSHmRkFR}E!$|W(VOZri}LZ2W#$){k2<|fGDqZII_ed!HbPWc zRfDA)dOHm#XKg^`VN$Wn;WQpNxlSFzVl9N1mSdwkjMlav3dj~$o?M%`ndEZxIo!9e z$c8d`n45SwY{W#ABy7H>(riqMegD<5c5$O_sd0OPj_Tv;3ye1(x$95#4Ao>+4tPv2 z<1SGpuZbKUVjgVd?*YF7gX>NI=dYLE>&QSpVL9haSv2NOSv3Wm&tjGRMyrk$5{kzc z9K$(a#}bpf=FV+Lo7;h}^6<#Tbi&vPQ*wd#yOHs^iJIAw+4X0A$3+{A?h+vc>VBDM zOcY)A*V`^5W_-wuVNEh=UfFUQ(}qR8FcWKs$w|RyFx|dYH}j zpOP|M9AB*JwClguu^HVlACPYoapi&V>TNxHU2op*X&Fo-y6t%fgZ^%L zgMr)fHpwK7I2XM<+EDhyJ;w_g>9pH0yH}Su6zOODa)qSCr~ISrk1j!!W#vjza$mk9 z?zr+P-{t|)VP%T@hFPv=hV#398}~aB4Z7PEp~`2y0rp2PT?D>G)(E|R6m}iVQ8sypTSdTUc^t+3^h zBBjc^)tNbZpN-zh7KUAXPDCa03OTb*QIToe@V?aighg|I%S9lSm4lOJLTfK7n4{*# zS9b&UCt&)f4xh$c6ZULU4NYA3`jki7L-XEAwJ6pk)eI4Oar2v<5gz^puDO=@`INEs zNFbm1D)jyWq^F(#V6(Od+gigSZ;8cZSBGYpiJej7xPvzSc!;&T@U;`VeQhZu^<+75 zRQzbLsbASq)K4l4ZCPk^oW_Tq;mv8W6W7^mSM(0Q+Q-LK;$Qncy>;|9>>I!BtsQ9# z5U)?`xZuNObW@Zs42ObQ-8r&xZkeX}ZC2@V>0hIf7x2!_U&(4g#PEJ854eCWE%8kI z#|;Q%|rJ!(F@!%Ymy0 zMpm^&l%LIlGL_GsFuQLoz}zMj26C71J>17%*6$r$J8+z2s;NoVb`G~^=x9|Ml*p3< zb4OYuHdgawL#~-Yf88CA0q@A|4u;_u|Ew9m>EpiX&~CIlikVL6n@gfGpZwwtc9g}? zxm@*#js&I13flW|*mw`IHU!f;K6fA9UbMPB&Ou0JaqW$wyf}BHH%Tu$6i2>*gHhFW z_b7NO?VzYLQgQHU^7m~6A;4gk@lHDK;$XOIJov;gCkB2A(){#JoZp|js*e`jTr*Vy zLp#fSLfztJ#R)X}A9@H5fD-1x=$=K!gz1oSQT6&89S47Xw|S-ag9fz?J*$VpI$IB2 zzpmeN=c+26vY#mI`}#avWLUXR%$yW5^X#o}X@P(65ZIMbucQ&u+0k^uL|g1H|`}Ay$iC=z|=yVRUWF7 zpN!(BHVA;$Y|Njw4zDNdeHw2+7tesYl%Xt)@II_I8GYnMgA3#@P?y|g(GPXMnV;Vr z7VZ;YGGN8Y&BkLPT5NA{l)e7h~0z^s3^5go;$ zCsk9vvfllXU$5awd`RLgE$T2Nx6I%I^+?eNIX^D-sGZt?h4uPc!_--4yMW+|4z;(X zI%S>}MPA?Dw=5_*HIj%8Tj?>`rfKEM8#QUYtPEC}M^}GxE{e6py?RrI-$-?(;dS(? zTH6M*grmp!P}pJSA@@nWS?ToagG1X6NcIxF!XlY~4s-&!LJ1uNT_D`IZ+MX_ng7C#ay6)02TdtnX~w0i4GX_EVlS{49_M`Xcw@3@c2Gze4-a0uyB2X0xVtPc z-;=Dr$>OZHW6R>|$)vMr%Y3d#+r>H>Xp`iacXXm}Xo;U5AqyTMWL!=V_P4DjZU~-E zavTw@MV6VI^`Btr&}DQxe@RdA&1fan^Cd;9HwYadGTpoy^X7JSwRZ%)Hs@uS)iU2+ zQa*VwDRdw-Msf0}v83K zP`u9N4iVp@!j}8mx0hW=IK1(fIMXLHSTi3rh{=iaGpy&eEmpXG{}9a`%Hz&W-8M+QxJK6bo-pG z@7tw!R3(j=>!qEyv%L=)=O0etxIne%l7(I!=Cf&TC|v0;B17zbO8&TdCytN!BR1=y z(|}p*3g)-^<|+c6q8m!@?Sd_1sqt{yh^Lkd1*_T=c0Ae(Qz+f@n`R?zL?ehB-Sma; zVS|2+1X(BbhyDgD{MyC)Hsf_-)sK2uBnNL}Aj^jZde%>QqHOBAIxR%MG@wuM3Z>#< z7bNSBEKubhy;EMl(S2()vjeUmU>zyYHJ@BJidcSU8!MX6RO5we%L2=y4Pk;cDd6<^R*Lw#UmY+X zW3na`#^to-U%7nq?Qp3Dw+EiZ`eTH!*WT0&+z!lwuucn17RpCaT7-(>Y*1UIi4$G0nNUOEg3{cO-tBO<5 zEMK)|h@ZI0WtYijg@^P|!Fja#`73A3y}&uQ2LrROJtihyf>lUT9(OGe=?%p&c5|}E zn&D#+e5}DNc%N`wT>WM5QLASCAV1b&27g4g1bgW?IFxFDagsYzJ z48?2ftI&1fnm`dLO0mv>>B~0=X#<In=o&YxoAk(B<}b}(KZk6b zL(la@u#aA5?K>oe?5$7H%|%-%1?{YRH*M*waSTU_ikHCs(YUQYUZo~`!-zb$?j}vu zaMb(s8SN0uiTMl}V?xgrQaY`Ckq-8G_S1!X@!w7@Qjq4!M=L8k_qy&9rxFxm*7e&C zzije)Bc-X4Kg1em)0t60MK&IYM{-dwo>%XI`>mxlgoT93XrSkwgqcIFXwDII{4QnW zt%7I~^{LLihNrDbn{de?Pn&wJjg40ym`N;CIit;W_a6SdSj_wRJ%y2Ix9P2Km3#C08Z%@7BDz3F- znwH^Wc^c7ULmU}+Qdpr&IOf5nW7WJu^aS$kWb9n)OkJb&(&f*hji>88!ZPnx4?lCz zc`))mE`6U!T~8x=a+sm+SY5g4bm#&<5;U(e(c^V(kuNCWZo11k&YIG+*XTankhzDf zKk;;(ojf~8LJF)g1d@7A(QjMrBoA<_JxJeZ|19tnk(|4E(uZ_R?XOTJJ{h~vs40E{ z5}7Bohg2NL!IsXyRSlv@D8>bPcm$TTR~6xK!J80*OE;i6>CF~@MiEd9A|F$H_?sy2 zoS^vSIG<4Tw>D%Rh^VRT$AY(LKLX!;D8`4js$tiYIX__YW$Wvc2 zCIS&LQ}Qv3^w+%S`yPQpTIK;l;vftwAEYjT2;`9Oo{Ls}vS6>8nOwSPcTOY1iJT&~ zXraGw{xIKq1bA!FRL+L2oe!N5y>Da@Tx}g2YIqk1HB45U-VnB#I_U=+f{k zDyfwn5v>nCdEv^pBHRaEf4j^fn9HX9tt>?S{c{=E{gyoQX@N#6@A9#0!xI?vI9k1G zj9wbUvrGCkPBy9w0rzXR`-Y=;*e{yjIIS&WL=IJdHx#L>~zw zh-|%T?K*HgC{C_T+8BVOvGv=Pv6b`^Salhfqj*URV!F2G8KC0F@r_SYt~_+0%>aErTey^Ctx!+%h)g|3CNPZZVi0UmQ|j;$w)7Y+MM$1{t>oa5l5l*Jt@qP& z7kY?Z3Vf_SlN1fv!$Lf3KbJpLIMDkjHx$N)Ze_%X={>chK9R#DIt@er_8u30^;N4O zzQ*MQ7c7j1l286m&snT|2(mF|*B>B63Ks~6T@z$ujbadKAZx+}hqHQ_*nC1sTT@dP zfF8+$uUowOQ+@AC8cn3!GLX_Gd+W}VrasoNG8vrMeD{|3*AaE$vPIZ)5z6=EE54qC zZ|*(Li5$b=8rZEm!Y*e@xqPJi@ix^G$;P$NH4!zN9lV{^4g4KSn?9J81mgc=>?@$E zYP$DHDUp&ExB?PV0wSFvAgO@lr9q@ix!TVR|`v=aXT3q+HrDT2DooQg)9(rGHB73Ip zw&HKYH;P2V4O%8_pf=ewE&E7)>t#Sw*XG)R_kBI;FB(KfDC2Vef_%G!O=+SMVjjcZ z?~*Z`C<;#dKAuus#2ra$r^Ea{W8!>n=*^qNT#!*OlVY3oHo64sEb6lVf)SQ$^Zx6G zu3KgP5t#wkHcwuiSJvwtCLZ#RgTa;Bh8LMDA?LcE)k2@P#({mNYl%Z%ON{KZT}kDE z*L&yuNLIx9FNVF(;YF8uq>sQWeY=TduuzOc>TuR8Xd1Q~&4c^=KKNxIeSHwI`YS>P z7YhVIl}N!TJ2hJ(u4gF%{XU#mo^!HLwP;*f^WXP=dOP;b{>ZzsaUP;#5au2F%3 zLwWr*`8xH@>N=@BX6Ov>SblE55U8!Yp@DanDfu~1cEnbDGw#eibSY|NE6kel;lC&cZJs%dYGycMzXZLDXUAFxCsY@Q*&~Em5Kqg79J@aCIN~3W6 z*_CyxzE@Wwc-~A~SEEjLM@<&5A&Yn$GA%TRX;tl8JuSeuonxuqaD{E*b*ER*IIsJP zE0j4sML%w0?Sr{vJ>4nr5x`a|rix-2PO<~kKuZJtF0+bs1 zUusLA#dEFk^t=mr=#5N!B-d+5mL}#n+Fyd{7}#EZp9zJ&eWbD1gsJiwkp^y}xamkw zQJ}WZ)xetbGcik>BV!y>$aEjq(79KOEZ)FmdPV9tyB5oki{m_z4J;F1Ql<%sns})G z!s2YFU^tTaiLW4yeTsKdo6j96>lC~87V_4%m77^?n5`Uzj877PE=;-5XWpnOzr~gJ z(dRW>f3zBpE#=cL7|=*QKrA`j-&^}xBVr*wara`wyhK#d)~@dCLF(1mNp(HfmfIv- zoLgJW{Y!y%p1O83jBR=l=fx#j@#!R(w#d+6MK) z@{rmHjQQ5*s`+yvOXH?%-3)myACHF<9NOp${>tG8xm$ zNT)>}UjD~-nj?_4(cFCqyU4z~mwIcnt&KDu>Yl*Pl@`h)A{UpbNydz~PAdoPIQ22} z`81>e5y*QT*y`a`&#RVgt(YyBz-OGiw;8g9jE$Yz@Kex6tXB`jy5~DjuuqMXt|mVup|zm{tk{ zRluh)^YaJZEh)|4M*Ii5XM1mVp=p2iqK*}= zg9TPYJKjMPCVqE5^W*Mo8dc?v1Ez<$Qs(w;Y~!=*P>_T!@;@)Q=4Ilei#H&Q+}`uK z!YBm)^>xTr<>p?J{ccXm*GKpHtgKH_wS6RMa7mLpQ8t&=W`$CpEZ(C$EZ?|MgkMRUgyFbe(5Q(Y*nrmkXd1Rn`b|(jlF*}m#)v|38-~3iv`&(1Q{Ut+M&5FSJ3s9C zy)S{NUQh^DQaJqbH6dh{$oY|IKzn_Y9Y6Ft4vySG1*WyZg+u|4yOa0DybfL;T?KWW z?cfym4LkE8ANAy5j4a^>uex_SC1YtP{VtxcuH!aLOE3Jae`+X;@; zqgJ1UQp55^iZ25VUPLqfEqh2UPUvQM6B1DYd|$5(I9X(2yqZ-*Vo1>(=x?;1!Mj2@ zwu$VdQEd=8rB||n)i(|w(Q?|pqf~MEaevDu1nVi%fCU?)AYSzge|QyTQR71`A!5d$ zI455@k!pqmY+KDq&6=S5CFn9i?`0x36))B9)d3)<~S6*Ky=w{pP z_DUIU)B>{d1N$ut9NEg8`F_%_r}*PVA%ePwQ#Z+w2}!DLBg|$ZPuq2IBo{-%Aj^|6k&V*_woF!RZ)GJFWff|5xfDFV396nUM;No~c z8SLVPF;-0WxpQ7%Mzu|A8uJK%A;V1&%IOcElbgN}ha#EH-K4{ujB#erGY#t%q!}SX z`snJ8Q;IEQ5RaBpLh|4ltUO)ywzlR@)9#n6T|leLyij|`t{s!A<*;kT{Ft0Ut9l_( z*bbHG=^afpcAfiJPP2Yy4og;uiCWH>)$B((5UXA?4zWIPA*xwEoqk?!OTPJ-$PmI# zi*|clh(;GBL($_x>CTqTF^Xky7`im`NuV~=}>k>M%s`rVPQZ{;<&3#~qp=7@f1 zVnY?U_P9t6XT9Jfd|nA!!I&byNoso2a=fLWD;TD&JHAz|3s0=Hib7-&0uto1$uln%lNU@QSjeETHG5*p64 z{+P=M_Xe_s5BwS|bq)NwnJ=UjS#uL#?P6?>-q9{RQ1%I+9Ll2JW_}zljI>_4(&AW* zwEN{`pG559O0K+s5$CFsd>e(;TUbI)I^GtS^4`+N^y5zgw$=tiMI2*o0eu3_E}AvV z0g+z@cs4V58P^X-H_0!^9{IzigJ?MJZ7uaH)7VUwK5)yeSi#>Ezwg<4$Qb9wu2(AG z`RSY0B?7$CaYWKZWgMFN2( z3rdS5UIq)+u9gZnpTHAfWk&V}>5rCZQtC9!uHUEf|fC~atb2a+j| zH)jV{yJagnQ`NsQnv3a^iF$_W5{+0OQMh{UeUje0h}|)-dVz%-U^LtCdidp6M?wSK znK~U&ntYfTN`~F=rdR*Wu~AB$KA7L8HT&NLDm%QPf$%PlCOGs?4brwtgWs%a>jTyq zf%^p#&F+rshY9v|_PAj@db2GgC$!9BX*cL*;<*f>vGT`mFBi!^auH8>G&K`tFx5c< z**b(1e(1F+9?L^Dg~JWE+qU+mqk;=hq$bqLD*HZ*EmKsr>7p3tY}qvR+1|ueAJT2v z4%s{m#BGxCUToWaM{rb^TR?nluY)dOSw^CiEN+u!3&yE0P)8H>t;M2CmMg9 zxTKM8-O!I*|L|CTYMTueD>Bs!URr1?j1^u>jYJCGbFbRqI614n zbEF<&8#g`B9r8)wVFy=qz4dJN1$ZLz?k7B0qz#GZaz>jEH=1f)}&8Mj1=obQG z_8uoS)jf}#PAW&;b5JtQSx@0x?`Bz&B&x&${%ViyM+ zK767p(R80#tX4a+3xV(8lcQXR(6w>qI=n}UA8FU5{#ivJmT)t23cY*Ure3AEbZzwA zQLTmU820vE+a~nmWHRHf)8Jz!(#VU}gX63oztj~u1Q?_9mM=C{*DkCgU9;-h{_ZU!!*V|57$H_we!I8R z70Kijr_F~8vW@Y&>xNs`^Zd2+h+4o_x`C@9N`L(fYruEt*4<``0wlBTVUpJky|`d% zsoz1N4|vPbbSXiKYfxaZLH%aB&Hj^~aI1l}Hlz;SEfJa3&0sP_AD~#)ezyKdA^CNA z<8RVlga}xa8`vW=kh=uCRff#CqgH$K&_=SUZlDNX=u;`x?O&;x^jD@h5$w+}|<_VD*Z65`wMkf~H4F zPO7Qrz@pI~tmADSv)`0+ShR)*yI*D(LS7f=O6Oel(m4+ab+yVU(t3Aj`pNkdu++mB zPEGRzDk!(hzpd^VPbKBnTEE3md>g_IEjR|Y&2y1xn78>B`zf&tjnB7>y|P)4ncfZT zd{IWF&>T0eH$nq=0A z!m&V`e)YLLo2@&sR-aMz<5+7e^BrUAH9Jv3}{hsF3FV1j@|_YN`=5pumBfuZduFmXxU7UA;tl3Z`QzUAI8 z*H)`S3U>E-u;1V0{7mkPb)mZ(_F;EdLCp(K@3DdEmp+bt_pE2}o#%ItzXvb&-gYQ# z^lN0@$kaslLn<&|$vx!#Qbb{3xf3j6@#*W^^@v$g#FS)V(6}%-pVapgwrdVbcM_m2*G&p1y%U^kmwkHb(I8FPOJ(jCB{<=!4x$Ra zo#HwV2g?Gt7OJKQOABM7uDL1pWz<7=r+Ur?20r#|1@}|9h?I)Y-5J~Bwz@F;(;M)M zZ_{4{c^=X}YPR7;tEWNVCsuBH@TwOCIU%w1%)MoBFK>it>$IRq`GIN$;lD#7CkTC* zf`#5qFWrxV*m8gT3}O3fT!(xTd+UxgWlgkbKGJY4KG^6=neEKhNy?PT`Nd+uA}(>%Eil~FxNt+&SR`(@(zv58Hg zesi9Ms-$>Tr-UzFpc0@KJ!!*Qi9g_NrT~G0b{YeH6hju3A2H-61N()^YpuQm;xIJS zVh+*q*)HLCO>O~wGeKXNK8Litr^Cq9f!$LinnYR3F>6ELaB6)qHy``*L}(SCv@XTF ze->>W{rEfJKN@^-eAkyMRy|pR`y;2zz zWZLAOs4KE_1-lAv33l5m1U7Um@NO8t=HQK-=l1Z5)<%qb#x|-F|2VE_Qcydu$V_9) z1+{_wHHNQf*ejG)+B=Egzc=a=hHH}YfFg*b2|TDpw~N3BLf}1;J%WN zhuHd&*O$@v1*1?h)NyuiAof=J6i~$1&MhB)gGr15!!hRJPq-(N0kb^~$qes$V#POo z^0!+bHWd>?RV{YU-j6M{G@A^Np33y!r~xO1=@f5p$Gt!c@^5*56?#)&hezYdS&dzo zh!ftcHlC&43YMkU2@$flmL-V4%zr_3)5nMFXgQK<=(wO`zS4R5dduncw*nm1^m zt0=kOnbt);`2705AF|ffW(gm!?f5a}QmBbA*|qlv*?Qj3+u5sdlrdeXu9VkBsue0> zs7GQ}9|7W!UQktbzBAcotFBm{8mR3?6-Pg-2>UBRBN4!a;k3IZ>?mM@DwwcO_j@ryZ zRY89Yl$i`eHi@8Mh6$7~JMC8%VH19LyP!&WruzgYPV9UR=MsDjAW zM=~2Ri0fiH@yF5c9^4;b+UV#z;L*tXn0%QV1!|UHJgknAhm62$<@47gpFc2C68T;( zCKRZxT1|NVe6Gun2QF`m6L~Q=8+*lhWJhpL^lApo_LD+589HfaYOY7s_RQ@Plm{iV z3x1SSbk6-kDUKy@t%EPNxEl8h4W3EfJJ?5MJR07buWX$ucT7K^nwE5%P}<@Zp)jw|tG+Rf$w%xJ5ISaDDY-07ej6946=D`8dIB*X_?ClnVh< zD;KAzBc|;m@4JlAfWi^}>ye!h_LMH)$fr#&!XkexVSV5*3$Q$Ed$bE72(BQ(IrC$QiWjq$Qj&Le% ze27J$H|SKEy`%4{93Er4hGs-qi($d69-n`=D+2BSeI&+EX=0PTMg=sBima~V(vfx;;aoyA=j$E z8%+(vjya*oglR&opNdrm?m|uL{DpVvBU$vF1&SB-K}i7<#{?qKZ_s-EBV7U61z{CK zih=zS@HqH$%H;nJtHdEB=-q6Bl}ze3vo|itFaseb#h1oUofBn(P@UEBF$g~DlLTO0 zC8Px~oSI;qr%me?@7((an{9m83D_MLsqbtn zE<)$d_jj5U1zUt!0zA>Qt0%Go%Bbn;5{yqLYvqNf*XZPF{3k@lDcDr>g;bN8l)<}yo(<2!fA4xra87wEKb4a83qX$0G#52{c zvcTCnKXi~OlTg?sdmlg}_)hpSsY>`4qXl^nqa@aI&tU!$cFa$nt>`>+&S=^`cP-)< zgwP5vqvj1x&66DVTO39nE8Mx`cYOge&+i`>q8}p2*9mvu{Qfxkieu-gLp27#sb;y{ z4|!w)dHinP!B`+MPfWClik&wMF{lQZExxO~=u3wZ#TOmP(>zc4u13M~AzFu1uEk43sQC89wH2H;Dz%*EtMHY;~WzX^_2=CUicj61MLRtoe(E z=wRC+?nVJMcsNJSOz7S7Q_-bApea=lp54DiLb(h48Y#gNl3zLb+(<;N^suR-9Eiy+ zw5%wr)MJp7}N3BzX$38+`e^7e$Yvn z^w*3Y^`VBkPx()iefE^sWSUDWu-WvfbzXz1;T4hF5u%3SV{*=q&6i5qPvbgIJoGpU zdocydQb|8%;oT!Uwjm1*(0*vdW{{2dk_9Sb2pNY>#Yt7~+T*&eG;zB{;#u4!e~-MZ z&ZP1f2p>r9B~{6DI_??1uxJ_Ket#4=!Fk>=Zv5%xXck`sdTO0@qc(LtoWSaE$zk`b zrPqmcA#Qx?#ZiJnWsc!qMR6M;-WZdwgyEFIr_NC>NzF#u(2f09MjeDq zN*X#JRY{EYNe70%hTgJycQ=UannM(NeqWWy(H7kuz6+VHuH`rKvClTdmUgJ0UpO9e z?A3mFS&@o|2?-nFzQ&1-;@D%DS^gr`YBIPU1^xJ)0BaD$ua$7nD>V`Wt;{Xr?sL}Z zvt^4qo*N(mtE>Kz${FU{Fm;=(H5bc8se~QEpiU;S zdw{WKv{hNgHngkreLnxV{6($~9;R4{;)ZBZ70HC<#(|EzQ;(p7=|*GctfKx=RT0&jUX;RedX++N} zHRdiCblBvlECN8t39>kiWS$}gced^|yJK0jzj+|n@#OO*EVJerSLlW3mFq>ipxJ&rNVVyxVMSW-)an`L z`*XpoVhRC<_B0^T&`ugL2wu(Wl5amGm_ecM|5D>; z8~FUiKItIIQ$CtPpH)m0oB;9axcbd{!7-VbKxgBw?X6S(7q&*wTZz7&Ah%W1QePKj zRB&bY+S11qZhdcCRZYr;2H!*}jf^%bO9|w(@yg`s=QGgWXs2*XepCiueU$t{ZgWFS z=vz01F|mf-?aOr5<5wi?E96}|n37u!@T2aFHu$YB6aMFdCwn_s``W$vu=1#+mglALk!n#nkTuH%k?=;7b0r5Z75~o>0XGFBbxC&kZNfmo4BY) z8lK*$g;j{@=qdVely}}$@cH*hFFpHQ=f3LKl^bs+&h=q>?Q+15U)CQtQ=1UDiyg&kNq!kFkJ*hg280D?S20TsI9rcv0m0RL2JDcmJdzJttx z%oQ~qyu>RKWltW9W*9HV^dt1Om-}E1wg~2Uu?+NX66dZ$^z8^NHpuyFtSuq*?$0iq z_x^4VngU4U>8om7u0L3QL;PL|jx1u0G0QB7>-JciKqws=I_o;Dv)w1e03aG#unlqe zWFfiwq8}R~jv-BeGmG?x_?XLx-D+fbyPgOPzyvMgtk?TGf3eB4B0upO1qCLKT788e z{9;7H`{&P(BT%i~^Q|~HZ#w%i=+=e|4W4ou6oiVSJO&ui9*P!rB&miihZ8u>6`EYB zub_fZ*{o*+7#*W5e4@*QH-90*2FP_he;4U z_Nj07b1%IQI=fkpZt>mk`f1lq&egLV!j=ax+ z8^uGZ*4I!4<4~G`i&pZ0s(1?89|tEu!0Xv%~%1P;!Y)R?6r*3=M`wk$s==(X$2hqIzA}FgQlF16mL!u#4GVLe*AG(i~w;U z&+kq=F=Dti(B1%4H7{~)_OG*ds4Mr8xggZKzjc%F4jL_+Sb|5*znz);3C%%#%O$|L z^;()~iDi9sGAjH9p(rDPkz;=MTI0b_=la)Y5CuhX43Q%M=4*L}ZfyU$s(037{@^72 zxxM0f9qo9>*puzw^2L@2l!kJvS?kvX`TZgT3f{HK)9FkZoNnt>8vIPbSKxHWXeF$n zMw!8LEaB%_3&;~9aC9&)F_!nY^JIU|i%2v?NPxV=be(`3Woer(+vKv8TYPpQbeU1L z-a*zow9KbK?{Mhd&~kr*IJR+mh4G^jvfy72A4Ghb;wCo&R{F0WnMLs1tdAHF2DEPe zzH7Z1FWmhZTpY3VLb~*LnM1lE_d_ULGZib6#5ruxOch_C^`6P3I>Cs*JRUL0HK46YAc5&KnW3#c&*SM-}cE znq#{bttKs7lE`Gy3HFNOkL*>r)U56wN%q=>| zz1>*Z=Rb0eypFO2gcOA-kY(%sd z;A4H+?HroS_^N}hocukALE$xu@uKD`diV47Yf)HB<=IBkK9-YdFU|n{ZVezC&s2gn zK6bHs!`KHHD`jF>bLBjhsNb+g|L?c;FJ$pw|0?tPUcV`J?QH#>63bZ)TrYLe9-Zs- zMiZ1fd!UqG1{BY=7Ix-+S>N*Di!I1Sm@sxA>0E zTZ1As4hga%7`{_G7bmOq)}cKldW({AlifK!*fxnQ z)ef56=+EnK{b10SV(s+fQl|{zIx%C=cGFH2yI(%Dh1F7PA^x% zykl`G$K+nqKF9!ywaTT2nJ#8{G$O1PYQE0`1mZk5dMtgt?t$U$ER2GP?E_IL!u36-C0TTUew0WGE9E-~{6)*L}$p-f-1W9mj z&S@08jus$~+h7m>kwN>pZ2sp=2RC!$#9k3X2CuP1VNNcmdx|J<&A%5?W(F1ZScv`u z_R1NL;jr4dHtEnPKw0!)E{=bARmApl+5LPZwkKifpK#R{Bu=S9vPT}E@0#fMm!LAT5C@bJUb}EWb2CPhd(>4P!d9pJ}Lawhw z&e!Ph`VeXwQ7+RRqHM22$+@xH2iZBA3Lf;jydDW&ZaQ0cO!&8w&)=u@@7K!AzSkMW z(x}unzpD#)zmt?P@!?(jBBWentKTO*>;%qeldwZ2fg&tB@om*epx5^>oLV>!T})*_ zok3y9f<3`V+oxSC6fiofW_MhG_8Na_-JvQiaSNm1ayuYT6FJwDYEsdkTmZ(ASqc;^oIHxg^@tTK*+Xcre~HW{V?9+KjFN%e`45&< z1_25uo0#=X^<&=qfJIk0aq)QTQYM--~`==$CE*&1Tfb;N^$Qa#Q}mj+VxR=h4=IP{P}W*0Jo1KEe4s_%=)zG@f3R7dH!YI4yvH?4@^cCD2?*=%|UE}EPB-if8N*B2m)|N0-$L+} zqp2pD{_Qh>gZ$sN)q9zel@_Qhq;R z{ZyQ)u*%=qRPs4xtz^WlW%+t?L6~NVgGmk@B97 z3E^cxw$p6i!=gdd<^rV$klNRm3%eghDv6#*=Bec~0Cu?D8WA9e;VNC2i`Cbu9wi6$ zM)uor?mgTp;5F^pX*$nJZz0@oI2Qe;t>^8!EA&rhIbe%WL0O7MUx0>7;jHdiF=iY^ zPiEf#bT)WfLMzXa(fh(R_d{d7-s!>CMw9~(r>!~3qCB)SWCaJrB(6RW1WaXp4aXxf zK*Y8iD2B7nx*v=@Rx5-uA8w2f!);h@ma66sZD;J2+sB`-rdkl*5}S%|gl`LS*^13* z#Uu+h(K}uoi^92%|KybYKJSz{edF*UO&X4pFTE-RAKq~;&=fOQ?*;2-%V8kph;GAzWETOQbPrHM%3DNeZ<>$i*5%=`$??bU) z`+SoNURZTd`v%5wCJuJT)wgpS^FaUV?M6`{fWWMWB(*ADl{Fu{>T~#gS^nudH$+Sx zGg9nyywRH;WmV4CsxhA^A@Qjc-!tM6Xr=rXF`cNtS6fxws? zurJGiHh-^!G*#}{diJ0JFw=@>4a9xLd{KSz-6*0L>?Gwud`~wumeUR?sGPS_z4JV# z1T1*nup+rlKSlzA;PvlB42`rvmabtF)}&{@+Rp~8Ub_9jX{8Vx%EGLY6&jAZyX%iP z=gbN@*K}X+KKq@1<4-$l$oi`_n9ss*9*Yk?l+oe|j zh0Mu_ijsg?X%Sto_SrC@=7%LlGk7b`DMddio7Tr%N=1pQ$r)o&^-FK$k`DgCdIQn( zEC>*!sy(%<%x{H|UNYeceSc>kJT={O4itc*DQ&8CX(A|uwaiDVJ8GUfd1+KX(sg+s zCIUTJG_?8><-9E2jY%mkvd2LRN?V>C9mC*`$Z`yVL z7SJ|85qCJRb$oO4{*@Y_oY4bx?ft5-j&n-lX6j5MqLdem0G$<)yb2)wTTM-zkrGlL2FLoOjr>}`S} z7HD>RSFUV;d{~Q|k9^p1kNe-T(7$)(wDWd=>wuwuo1S zh`hoWIO(r|EG5N{szMKUtO~2xmhwGVizq0mrNpye>9`fqzGbq?Vv-tKR4l5 zbMBxS>iXOz#&wj#>3$TP5YFaG;N#t{)Y*D@^Q{!V=JpK-~r zctvav!C&ODsmb+^1|UNK0UhYP-Fx}F(f;E#v5=h&eFI!)z1uj|TEh1nBCL(ZHL3vgOJ^MiFyh zJs}Dp+5gA*{rXjpG-URo!8=v1apCW2BgRV99nGl6svhC^e=NTsaRkg*@>t{6Ut=0X zjJT0`O9StZgDk_3n9)gdbl1yTI%>OwBf19S5(cu06X4L@0*LBG7Bcpw_ zUyu0DH4Bjd?U2HxFZ;{e^&OD`y*IafGDq}B%ODvGzGiLDWc#lsN2VcO%;2Z4-an7> z2Lw>YI-$w**HbgDf~KiR36{qEcfbF-gD(e~)~Re!!v6CHV%R%1{7VG>_?bu)gylgF zYrp;T&DbL*Idn;r{g2)G7cOc&UApq~dmIsyCOi)PPpkNUEKFL29az%fV*K@j|MNnI z1++dZI%dW5XVb{QjhDz_5C8L>{K76FVF)C)lLl$-=RSo-3nnW*mG1ws*1my184AH3 z__Yr_1HCzc{IM?}n<5L^p3_d2`q#P|LY(d}%PDou|Km90-$Y@S@PU@7Ww=luiaG~u zCrtkO0yG3k+@rX^G2dVP`E}7ui@%SubkISYc$`m>O7!)_=ZVALK(=Hum|r<`Pm%xl z^$54M9O*=$y~|V9HR`#&Hu>x6-p*Z7r?YC~`tJ)R6oBD(*#2u~?91qw;J=0!Qizxd zV_Heae|9#48S#lwmelhH@&x%Ad5YzCW(HYc$*&b;J%sWPq?3wWmmi!?bt-uG6wTHx zcfU?ooO$E~T=82SuXNeb_g3+4kuUyyxe18$fxAbbFsMDKR=zGS3p zypV>qpGR|$oY9;dGHb$lB_9rU@tL+R+>%?KZ@Is6r@$)r&8-aiugV6QxIBXZr&tDD z_HPu{FFV5$mw?o>a-J$P^W(IDC^i)-Y~tJ3&0|7;o_>5N1>VP-_fN(DJe=m3^mRyB zZ%|jLV@K=ynWXdGa-}i0)74GiNEi2P-Y_!Vk171%_9<0lRf4}eiN8#>VdZvD3Y#`l zk3_gTv?e(D&Mts!@{3WjtUkYM6w<6J%24udIpx;(!{@lz9}oqO>&u*F8be2qv@ZKu zkK4UJ?4V2=VnuxETrK>w-H1aol<<+9t@C!#P}}4yJX#p@C~&tT$#vHu8JM1Gy7Ym@ zY;g@(U?mGV9mD~N6YlrVf@>RrNb1+=s?^QdDy3D2o?Edp(YK#OEgL;VNK#l%l!&Vp zYOygYrHqWTsOCUs>l~wJY8)8zpn|)>M2sc}af4hoa~|aUhSjPC8iS2V1@Ka6l`(o- zE5eFGt^i{f+9G8T{pV%di3NfxEXCxxImRX{xb*sLl)^cllD@q4T!{x@TQ0pJaDA2G z2&gK*UQO{-<1*=8QmOFA!0U|!%H@+EmQT-s77A;F+tIh+w{iYJ_grq4F?C3@JpqZl z&r$BG!w*u%e`ct~g0uGhww|C<9pLo>aVKlujG)PViYpmbjc?w0?GZ`Gj8+)O)BK+4h|K(8r zx)3wQYEMG?+Su?3{veBkq^6?0+sb5C-DtxF#E?^`1QmYTPc*2robs~Cz!@DPeCm*4gRp%m{!+HlG zQEA0IR#TF)(X6@0IK;Oz_CoqBfF2A&4~+TIJD=<9P>m9X#ixJ4Ut}w# z-n99ckh$3JwV`0j*1eiyacg7L?e&1rdHLOEk3@BKD{p-P;8uoxrtDrDUPy*>s>tp_ z0@2~d=v%kLl)*r&=?Zm=$3<_ts6AE9XO!}uk@@9 z8YMY$C1d9%1Kl;*WX6;dCA)uFc!(@`i&9vuWq*uMeO2WlPtm)Zj)LX=zq=@&tE&Zs z*~l`gFA)GWo=C*9x=`7cYr`T3N=eux-9X^n7>m)h`R-z8L~Mk}sRm@q^K38>d2x!= z`(#=D>)DXp=?JC?k7lmng9e)L?kZ(Xjz$sB+Dd9@ol|muwnk~%8#?K04SM@P+7qBYX7)4#CZD1 z3bAUjBNg*)f6yJJAzs=6c^TTDUz!!#8y%mSlGTFHRBtWW z9PjUs!>I+IvcIS(RNa-WfnsUDzQ)mT@PYMmnRLs`aip6-+!U;DC!m)W91d&r6s*a1 zvO@IF6uY93?hAJ1g6rd9XxA8K7K^Qe!>@EQ_{Z21)WcrG0cqJv0#HXP>yC*fpSyMIwQK^73N?glgW?|J86 zvk-CNtEz<9RU*7E)xXiahx#7ui7kh69pt}VZOMKc&ciLI={Og#L(2Zfs4F6|t)x;t zhJ&#q`iXu<84-T5dW(jnEv5Qcl5|K_&|Edi*x&;sS2tnd`EG zW{7J7&7&A#lDmN#;+6`@HmNSemP(iAk#sxGbqRy(Of-M=y@C(}FQfW(cA0VXQf1eC zeDR`hsaJyBqkjkHEq1gyn|Q#n0!z zyC1(BrUE98+B+>g99Fr7V-IUMUO#{K%7dvHGZLT;ukDPw*12ZAfeJc9SmNE$?7*wk z85n1__@8RY)hn5@4ce~k0YLFYLwrF992^8@S!@X5db{+CUY?c7rwD19-nE|L8?c$m zc=*Cy>oc7sz)^(Y3noG^|2xW@{@*6ijm~@<>@VAh9}5@d?IHj13R(V4gp{bP_)Ip{1UjUGhJmht(M)^u#hr~ zd_4J19QD}D^Tutu0eKg|s`S%y`nQW_4g_}mxQ;jWMr>6KHEG2{I;d;F5K6dzo47wn zj+x>4*C~ZN-9bF0*^2Rm&l`Z6JWFA!P5NTnCuY`5{50mho8EL{hO=OQ5}a49*Vi^> zh<4Y|@VRR>231T6Eeq&KNC3i6kwUhY=Wlpz=3E??uzuJS-!+6s=~5X?00EjtY!w%~ zLONL0G{r!cRd@9S_-BL~3bp9nyf6=ym4Vda#rv!Q9n0RA=h=mfy9&}SN0X+@2^K|z z@b5(2EcZbqMbeGh+ zX7(<}`_=iAz2bSO$y*P%P8w}CP4!yfjwH!R*pGhD0t8tdqj;b8fA)9glevw&S1L^t z4G?Y@wOt@cwb$&A_tkMK?0z~PGml9+-;`e74+0r+fnjvHC~FXCcFJl&`UG{k7Hp>?zC)IPI#c;o&i zWxfzInRscseWrDtC{TmSabkftqvG)$iVI9*mui+hwV!ny|5AR^w>UXY|kiW)bm(ebNM$M5A zB<5uOUxpo=d}#}OXkzhFbnI0gd`abWs+*wgusKr@)d=~d8TD9>l1Jt%aV7J{D-bEH z$+e9j8AjiZMvVK@^$!lK>?da-113kCI7Le-1={MP%-f9$LO)Ja`=F&E3cVI;Ub2X_ z_I|5bO&KPx)^=sdQDN-YscWLZCFhbX?hD!g`JoZDP$y`?O&|*`>6vFbkP`0mEX31# z_j5)SdN&Z{=mjRklKm^&nA7H9df=Ql&cjTC7s6eg4hn3#EQMmI1++77Uu} zm{AOI0^-ksn^#TuVL@Qe0*IjLrW1DQs)f@@hmXX(!M_!VOZoDdKtNx2#wws8|DPrS z!iU1iA;zx3@HSYCiMK`&d?3@wNZc(RkXl$Q+)^6lZT@MU~%yhrPn?X_>E0{*?Tb-Gk1 zR`xbuDs$CSkk%f{2D-jQ<5{iZJnp9gMH*>rq;_*oZRYJFRT`$* zRe)k6PB#TptNhvf!kehUnK?Aj!nWw!ti+qiEd*_l=5cI3%o0 z#fr&kvkCD-onbV^S5`#E{H84{uBgVa#>UCHS&SvM`)d0H=&P@KJ37`MZB6wGAJ3#8 zZ;1llm>SM>X{>b%jH`tA%%1UN9z*co^mYPFgSvxa7$+?dOo4?IshAo zOPtGJOHJ~}=$6TcBGnl85FTzNuB)PKtKIxI>oje(E*RIr@4e6-?82^<96~J^k&C5N zVKF|Y9y+n=q;Ag0jY40~18O-s8<#dIOAio&hrl9r@<$}oczqWaQH5={1>(Vzcrm~x z7za951lpz2skaF{6oUYo5jLsilo80rY`2=4#F`wUF z&%X_?-rEZ&pVO>H-x#XMr?{?N#N8}5TQ*P`wYS{cvmC3(PIfl+!6bwtNSl7A;j&Ss z`<*Xp25^GmDisi-C%44H6?EH73N*R z;UMRj{M_}#q=8}iVMP`l83gdMfSDP!QNA6Xx#WwAVd9fF43h2d7ms#eN=0=?S`87R zg9VfUqZ^|FkHF{-9f#~eaw@$`{Vmnm4MK=nZmSI7F)UF0<)0iNAUmPycFag7D(fjw zx8ulfJMW`HUd`~L8>3Ggt=c3|dsM%TE<%X*c+R~z+#0QWqqs>o;hxoc{0jm|snk-? z{`Sf&f#CDCcj!`}-5I4IU)lq9^Q5)zbTMC)(@PN19oPtXqhvG*h^sQ$`k)F=4q-%h{fM2#8|Vx&8i`fnJ~(pT$_>UT1+O*2?1y83MLzF-JLg zV^Zc*1vMnI@=_&|GY8{(r{7*uS_7_!(}z2C=rT#0qjeGb`UBVg75FU_5CWUCA*aDl zD;5;sh#nw9wB2+m;@Yy@%a-71F_@O=5HaunLH_&^V|DrqZLKSRxhMz((WSFwgxgx8 zG{pd+s%9eKcJNHI#y*o|`SfUuaz{W>EC>|p4IGY1HdDNcYkn@PaL4W9%&lKZXg6R6 z_zeuNR!LB@G-EkIJxLdhH*2cLUT_gAni6JMr732?vI~f}J?HvRxPbD4A(^Yh(!)PR zTuq1}l>9`|=+vG&-==Qz2G1KVO%uxzDJ}qWXlWo*EP|ChcDh}<`F)p2F#$kpD<5xm zgpfo7G$7y&Ye6+awpG)nF%#oDaFo8jmHw)nnPFa$xA$>aNl?v8grJ|Mnb0ndq9EWf z0IMXgKqo)uY{%O%WBaYr*I|t|0t@~rwx7qd*cQ`O}WG5Kp$~QdA8sCc! z_GdWT09FjAjWLDd<2VjIk>#|;CZ)kReKcgism}^|tXLfy83St8|M&j(|Ju9mu%?rz z9}vz8h@vPRISbMRq_?PmNEf6xY0`UdA)E>#U8G10N|P?VgM}tlKnOijLq|dlC3zRn zQ#pV4|NA`0A3Q1F?99&0?#_H>cGs1VlM$NJ@22SvJ3)SmU46unC;lGm^Be9W=TJ8x zCC(dP$v=iNwq0ZizIF869424*$i)!b(VJNVMIKS$GOiS*WLtd|{0T;5hm~H=zG|yj zqkHV?xr&FP-e@1W^!Ci`!jL!1>|adoie0)wU1u3U$F=mpEk9oUL0bAM4TELf?_+N~ zGW|?aceC(uk%_xg?wiOX#iBRvy|}y2@L#*=r<5YWt9MQrZC z!o^32%}LB$SsEi)qE65WtE2hA`4t*9u&QCd-oqX3EHq*;Z9E+(@)a|b*P=(3QaMHX zj2Vb7n3Zg-_|orOg!(o&ri}{!688R-1(6EfEz$sR;{YzAZE*p4CP(|vq!X|U{7WqF zgp7!4h``~$HDSB^0e0a$x!rqGHXbx=ezN6pmzBHpp6EiUbT&XF+FZx#gShO+rNC8U z{EK9uNN59G`1wrGX-2BZyxUQ8{PA^3$HHvd66>KEb%powf?3BwL11R{4Z$bj+$L?$ zK@54tWo|W&Iv^Ed*7I0gpH|3uw?NYZnQKcfW>|m1L~aqB`2N9o{4KZ?mIS(EoQq}dYwS`ge~bX$;nVsc6o4Ry!~m3VGy&t;Im0^@LZ~+oGpqU z8SW;^N{YKj2=HWwiHBsO*CdY5Jha_hF?+WY$8UFY@p1&jKmUXNBgYf}3rT)=`Ux`u z*M>RwgFnHf9!MlHxtAGFj|KitW6>hGFB-U-eZlZ2ag6VaOgnC#1(Bjm6#JP{s9!e| zp?EpC>dZ9Y_PS;#@W7sf7{@*5vcFRjK+G1@Rc2b+@K|pT7eXr)6+FRqn$b;CpP1z* zaDf$Mp;9w*mr@s3SDXpanY8P58Z^i3YHJA??Re`L{W_Z@(^^i-DihU_zvHx*B96fK z`7Nx948NUlTb!s`7ByiT7Fj>xf!OJD$!>5*RjkX8j1>=9Q;WE-T%l*r?%G(*^%hwh zazSC1e1%dzv5VN4?R@k_cfrhPn}K61>L%#GqIaX2&c?l4*gnqEVEU;MxREH_W(HF0(MW z<$6{-QZcr9ApEYC=IeV0$iv@OlAnaOQLj7So$Y8i5eVSSx;7#FmCc13?+VvTWH)vh zotJ?^`l>fSbp6cuw;oI#AtY=J{v?wSw%4N;CIW(S;lI?_4)zlc@gZepfX}^+M|T|E zZ3mi7OcYvlR#o&jPmUfv!VrK=(-hw$l5vRvo<)`N*DrG0C+|oFq?a~rPI7Tiq7EG3 zhByyym*4R@2l#Bm9sLB`lfb8^a7g|cnzY}vdD2uBbeA>Y;l84vr@%FAG{0$);aUl3 zvh0k5$X*Yo#KAlH&wVk{-z4+1lBL0SS8rVP-IEc;U7+7u-R?_!ocu6_-QN|RISK9Q zQJdbQop|f`5e6a0bvM`FJh?0mg$OA0s_c^!^acGfTnSJ6^Vjxv+xe70L=-xo&L@0) zk5N+-z>ISbBi%oZ5e_|k@+8z5E{}P#$H0AEpa^tCrTd=7_L%=$5RTeF^bPYu3i5mX zHD?D(639FD8-Y^DgZ`GXcQfquLQw?#Zk07+U$?(Jo>*`M^jAi~;_^PD4?&+uOsyGz z)1{BZld&(X;s>G2zhUif9#6i02AYr#efpawel*H(6Edy*|ritCo-jf5m<&h>P{|%#mH_8BCIsb3pLlez`NoL%=`s9C5 z*_Q`Fa{Kr16D0{v$j)mgJv$?Fu$NQXgty6rb4LFV6TsGRViMAqzSNeCK0Hsa=BX#b zp>6AfHT*CfAcB3G-4T)^FQ3Ff&u=&DvNEXl|oF?2SJDczN-tV71q5h$eaA+BRR9mM3qB8D|^%W^FOcnCg|3#6mFB>0M**E7Bx# zQz#p8Ud5x^oI`vIeP(&E+?)=ZX5;>-oV0I)O|S@zJ!O}g`qKw=uL9;6RRTLYiVkbS zMt_Y^{<$18yT+cOB$s0hEQ9QovnbAmGPAxK@7s8`Nb;MiQonZc^HY4D2CZ)fHnn*?5*0LTD~>WC5(Js339yU&j+u1WD~-|v z5es*i7?dF|co~gS>~om*^=8fnCa|J6nD27`CU2it#|xt%Tmne0M-SsBUx+ zTzEw}5Y8$Rb29(Wk%)bEqN4zJZt1z!`^^4rJ&8vMi;gjDnIxUZhXt8u8Er|oOBlG~ zhp{O|#~6u2BUZ$zbFfB4M(Y|DP*wH%IVJ{~lB0|=r&hgorjkMozJn9C*8chk@P;rWt-Y)8q)Y2U(pUqZn{N-P=avx4-#ALAxJX8Dunbhq zi&ZbJk}RV|*DIF|3tD++ZLPk(-IGtECg`*IovR0zlBq1h`HOH_T+s>8L!Qk?3XOz~ zFEyfFYk31C5M@Ug{BWDC8zyH(c`2c(x3krb2yB>$1;tvIo8>sNmrsrM-v6MXKcqd> z8_bcT0>RqxzOvt3neG5+gY%$!h~%DVsleJu?csX+Z#jQ^5v}F3MgdJV$yM1Mmjeot zkC6(lZtig&=vlkZ#WLauV-|XX7YlByV)V5lc+Zr&m>Ke$V9$*pT`9g=vi)nP3`ZTv zo?r}78})pzfd3lQM(_9)J_Rb~lMHEh=#*fNl3iafsrjzICU zHz=->Lu#{<4!D2p3+`E)*KygoBriPjsPfqsz3Ut0z~M{@2)1gzIN)Qr-cy1@q~y?^ zHKt6*T`PK>4+g36C*VPH{^>TGl2N7lz-RwO|2Ru>Sr^nEH4wC6% zU}BL%BS0_yLW`wLH4I)KO=qo&%^a7~AIkgt(Zl$~oV&Z#8Vmy1hNmk3!5jKyv>JiY zvC|E*?r9gseSM6zZb<=;`?G_0$Hqtc+Ry>rARm+-S9PiO1QP>GI&*~A1J$)Wo+}ka zn**nyqWD3FrP^?X+OE@xU;zH#23bYJd8eL_H9KM+IsiivuUtjoYxA4gC|Pn!4Jt8B zpU(+7YlCeljMXbC9Ce%2mY=4o`G#FZ>I2>Wyd)oYQie58JgcZD%Al188CTUSrQA@x zG8&Ng>HTr^gy%}f?Y?E%K)aCO0C0>vkNfIE1S&RFJk~4Ih-e&Smd~~eFU!ihVJ9}O zu?UH5x%V~tO+@NdYinmL)8jX8x3u)Ygr}2FGX*`{Sa2x`vcj!5e3THwW7Q3Vc$$!D z@s8~qml1(W3PB;1x~`0f{A`!p;U#a2T-xPUKD{K1s{N^Z6->~)xp6o$+qVQ>&6i`3 zGa$TiWu>z@6$VA!ssT1Ihh4VWj)ee8KUv* zHD)$E92N4eq?)Q>=l(}^ud*B!Hj#*(0xeztF&FiW8RL?*M2FK*d4#Blua2v}w#Ph= z+*56{ln8@H4HLA!(T8wQ6ksDPXstb0y+xPjd3KoOy#0d@U0B>iR7lgI77%*XUZm6; z9Nz{N|I~hT&gw~HX5#OkG_wbQ?Kt%*eVYM?SLUhP#qgd<7M-z7!5emSdFX_o_f_Uz;6l>xW96HZ z@tKg88D2S;z^rky%$82FZC(l(WsvBkLiGx4d!lgc?(xbTSIJU4uspLznxK}~!OY$U9FX*NC@g~Zxd;x;Yp zy5#sGsJ+|iap!hJ-Wm?#P{h_Cdb9?=V?)=JU4z@?#HM^)n$<(S&@1_@BvY4DF;91^ zU5uj>r>bQ|3vhA$L4YJ+MW$ahO9lq6_Gsm5TQkFDC)lf2IyucclcgAkL1`E{^Hjyw zLPgU$-O?D7VLR(1R;z5{P&GX#l@qk?uw?rhOhm3YLNv2(<$TvzYDZG@L{Rngr0|9( zQ0&<2q~MkS+VG%9vIAfYpUpISY1-e}_$etw^b$&;z3>BBF-KIGq;zV>3k8wYd)w0r z-YvP<&L|v*q>i0L(wpmIBZv2-`}!rA%a|8X^zK*Wh2}qdM*6M~#}>g#Ao=OxOb4c{ zx2!(FXQ8C{o#$7Ap2WqTRDx(EDQutCfVge8Dvu@8v(s7_5sa6jMW5XD-fU0HutM3u zM0+&c-ZeH?n@PtNj&Zs5Au>Ldm6mmqhl0uktvEqbMP2(3cj41-lPxnkQqQJ>h@{48L`b-&PeG)t2^l;hBtI)S;G-;g=iMiwAh) zpR(2L%=0g|Fk)ewcaJg19R9W@lE~N?&U{X{`+DQ>WYPuY=#AKlg!$l_73)z--8=7sS^(SqZ`EN=HyVYJ(`=YHB|zEU20J;Qp;6$?2srh z>(%qWoUoxL9JQ06!?pFkgR-X7J*#{sBb#>-g~z$bMt{90yu8BAiP~PSlV-_|8(Od1 zJ}#C$v|+$2w{^U)B{qSgeNZAH0 zyW}t(9%dQcvDVcoG#4T>DyLrQ+hI9iVIee?>(yH_eo4T^IQbP>Q^tZnWHfEGIc9Wh zRa!Z%O|*$qNA1{x5yhE~E5H1Xi;U{w zH`R(^<1S+>+-+CrOK$BsKIUwS0T2wp^{#l^p=-nC+h7eMbS1;~GU2In#ajz`TD-?^ zIt+-cZ;Qs#j%;5_1Nd7c@x$A-lGIj%Ty6P&*4HZi%jI0_ge#kGWw3h}%35vUU}z7nOU)Yw2QC@xA1+gW7mUET{zOQ&LM# z*XU|&?BOLavJga!4%X;;a>!RNP4Lg(Zmy4EaonP~$Wv7mY0Q^BAI=m(6lzBCZViRk zg(*|*l!BC=m(pAO8V(axQ@hka8(Sj-7IK;{)ng2N{jOuBU;aX%8>n#nYrQ^8Td19! zJGL6-4?a&sHN4TMIER&kuwG=1607NpBJJVoth+n?)=pF(-7p6k-K@9CUCMTVMlXu&#!~>5S!CNQ`0-UT8OH)R{X)Hc)nq;^`X+`V4)_tjp_D38u~4A zbzlhR&OjoNle23XhrYpS=mh#1U$ZQ>P&$wWl)bxkfgO1&5^ z9yzPwOqbm46|nl#oxUvFxE`f$;BUDz)%?l=nUkW`41S6ebLasT4BAo!T*;_DkGbkt zNIt94!8ONJK9Pwibf-l7lHOKc8CowFec?>dUldT@G_}WuAtnUlclau4(iST%vm%H? z&4|W7o6*<(b-V?c+9?*z$sM^ce370&Aam}cMql&9-=oD1zq8(;??>!L~g0ATPK#_VCi5#zNtR zPvpRTrNgsmY(%FTWE)Yb5*W!mMPN3@I4UVGZ(~w6rrDbtG+CT8XQ)Ec=f(>1z1M2; z#U_$eJv}ZG7=0l3jG*xR5X2{$t6MNh!cGjYSggKH;|7lZvliQ$D*y|<9=#qIA%^1| z>^An*BmLp6#GzpSabO4E(BOD=r;pd#un?U`rO1Ut5D2aJ9q}9Y<`8`=nF9~H-XtW@ z@2=(Eal)5H6nH!H3RB7KJgE@9*3J(}Hk z*+=sjkh-?OmXcBo@yp#HDTZ@pdwDd$W5NIWg{7w~xmOWF4qv~NE>?RiuTQ%QqHL+R z8ky`m?_8er>y)Yo`D;1hJ5wHVUXM%Erhe9KD9D6fgcgZ1$v zqzU6lPIE(4J_OTeNi@!buqSC0$>(8E)3EoEGNyOg3E*@^p26g2ZcnkDRl5V(i-ZXd zJqS`N#YSqy#@{T|CnmwaRiA~}mrX>53{cCC^?ViR#6@a(vh40%=KuQk;V2wdAjwk* z)`YN-ip63r-CAeVmhN16b54gzQFjv)OIxd?YBKW(fK@8TM*|E&Ods~XrNVowqK`iB zPF`>yg~(u41cVl=*8SsQ*Dct_eM4}udU!$h>Wx?1pR7tycS*0v_@L_hR_4v( z(S0Q)D0dc6X|}j+Yev;`9m5#}m(_|{@Emze*|u(i5381S96fq@+>e7+RQNcD+LIMj zOM!3P`Sl00!Y+%$z}a@R!)cb6tOy_agXWZ$O@Z9BEzX>zQIckOA935m8Ftkz&jO(P zXdM&)Y`jJBDE_r_%CVLq)hBo@vmPqH?hA6pWR+`m=kh&Po2}>1vm9lh&LMDXD?``w z)s(qeNbm}(%|f_TobiXqcq@XtKzMDCM(Z6d);?_#M-DhIETVu0m(JyTnj;-s5qJzz z-6%|=)7nkQ=q=n+vj=$T4+|{TP&GE#gu*UcBC{BFUgEHCD2Of*n0o0v2JP}XB&qq# z77mdKpA_4gK95~mAxPddK1LG`=nq^os*0K;bGN76{>@N^T+rKnMpm;-N{NtfH;(-*?M*KYC_hZ z@Hnuy*b>*;iV-`uwlE}=Q?;;(x$@XIgv)DlW!uV3uwW&Xj$oYp_BOwsTE<90@{X@E zA~noUZ{s~BMn>}(11MU2Q_4ZT6Dp}P?7THU5f(C?>Z||2fnc0etXCA&$zglVXS2uB z#C9}v6{Z_%{ZAW4#hV0e_X1#NbjngEW3sp~M@5E-H>P5kb5GHVBtDvlLoX*d+FQPP z_lF$a>LN&IrN#4F%r_`O1STe;3RWqpy~ENz29c1`cz%WVPFA3TmfM9mc9DZuppe}T zhrLCu-Qmi&lf$+nFFJEs>|?cMq3MaHRB43)5Wmx+hMX(v`HU7}VXX$C#ktuvuwGKpPgNe!_oJVDsekOI-?tzX>o8Z)UTrs}?-zkcPl0gl zEMY)NXIrii_PH{KJp4H88)!1b?hEH_G=ZTY2=v@~U;5SVtfLSi)|Hp2CGx<|_X*`1 zFm^}X+%Cu2dJcLab+EYVzQ%xRFS08k{hsSXE@P3gHo-4%wTE~tR)}>9hVEOnBF7$x zh3XK(+4@yZ`_aN&J!iGF3Y)Isx0lg1TV0Ebg{h7pIjyNfE!a9^`^jf#nXAjR;i!Vh z874{X9&_3P1n^>tb_3`MKjP4WSyzQ$fil4~5G)z4d29iE)Ppa$g|Km12~vi+xzxhK zJzBms{B)XIQ}31il0SX4xny{hvL;cMwbjbKB-l|N`a zZH2eLqMEIwn81kpT7aE;+xada-zj{C7Rp}qS*h>2dG7eTA^T>wsKdS~=sQej*f+54 zW6KD<=d@yg@*DZ+Ym8d!c4&+f^O3m@!@Ou=Y)a+a^^DODyRjG&2Aj$e-*eBh=~enW ztEM-bIp`zk-36#SI$ZEO7&NO+SAj{p)QF+`TIZ$j1JuX;Xki+JtElYy#PoVijhEZb zq=3dYR>AwJLz{q54Jf7!%WKJR=Jk;IFxweOs$fhoz6kShDL_V&;^u9@Nnu@h&OP+b z4P2iZBC^&Ja+Ep-nj)bRRk1sOiq%FSM%W%MQCcn^E*-Yl;KyRL* zVQ$rWFgTavm1F6)yKZr+5mkD0&;4@8jjx!c&bD}$;qz&6o=Q097A8X(zvUvTu9zU^ z+6voV3A?$sK1;oZcvgghP{n+;M{?0iD*2S`GBSkyBF9yGcuSI2H5BBcv!admm6OFjU#J&Bwcqqg2yJ?GpZ zF|lq_v*V0w=m2zKQ0Mg_-M`z*VlF>^Q+(r08!J(U8nUy$TzdvA}niXjf5dO;gD(i~|L8BJ>@-Nw-7PiywDTPLm~a7%RW6+U(EF+ZdG* zKV~E24b3j3L+)k7fOlG00>M1Cl-n)2xMHKb=>;3VE9T#=s>SAwz>z(JA=5aBva9Q7 z@{qb7QRj0iF;CBVjRj%1c8d=-SH<2`7Gq*9^Yh+U_1Gm?ejwqH_;Ya+{^$w4&y zpIQ70!u@QKy(TFCTkHsm4{NjM^>mF#GR%X$)`qg?O!D*9TAOkfrkXNDO@)}V${_ji z!Z8i|IT~8.&@ql@LUIYG1eJP|Tlo3FY?Wmw6<{w2q0#cfk`JT(Xob{duCMFnuH zxed+8WC*v{k_mt%CJeXcYrLzi9kFj|oQXmmAoei_P_H8(VZ42^5M+_UD4@6t#~Ica z&(Ep~z-5ie&S7P>Kf82iL=ACPRIR3+g%&T2vF@Wf_Y%(%7{$bR`q5h=#NK~QJMlEv zYu-YR?s7JZ*G%FK>{6^vSy2bY!t{MX?~XV6VGk&yy<|qlK=8<+m05N>N!hG?18i|% zLr|>(M9#vIJ-gNO(~ZNo5pzz~#Y&JDsZRJdRV|+K)r`!Xz(UfMj4Jm!V#@8x4gs5A zr3)ZVCdEvMeM@qQVN0@03^WJnFrp5^sJ^n2B-B@bxwiIJpIoDf6N{*dSNZiPG+eBo zTCXFE5fHA~@rRPav|cquE0;}|jVrjt+^DTQ5t3>+CKi0>A@{oSzQYYYISJ-BZpCK0}yi$aTEgvW&|&Y}n8ATQ{aGaG_im+PN% zM;1R9Qyue?&f=I?>vI=RDHoc}gya{jRXXoRTF@fmeh-Mo{F-V(Ww^XBV|_4fY)Ji_ z_ZOdTR!xmx7j95TaO$=5UPeIEs){@`8*|SyUxzsKj9Afei>ue{$Dfq$y1@Ve56sM| zPEB=Uj@vU83Jn0B77u#?G}<6nWWB{k6w{bwux#U%X+>NXaKM_Tz7lqmGN6f`5jMfJ zSd}{p(;cohQ)D@uvQPN_*}?F8iDMwcDV;g~lIqTo;C&m~w%lE>V)vxLR6P ze!L_XEVS>$|1cXzIs#zxa~8Y*_!Q*!+jfM24~^rWr)rB#P9^OkdRP*RoHEt9GNf)^ zkEVr+Dm?Q?6MLSx&--I7%@9mJs(n*SLdy=RJSzC0bD+a!qgFKlBwd=u{`_Vs zaOfS7*?;!+AJr_TvA|5Ntd}?0nHbPcWUmqXg1eFhK7ONl@DK4Cu0JfprQ#bW$$`f9K@y zw)!t9nnBz?M}&{IE67^NoLQbr_?Gy0Na)rJcuE{vq^NS~Aj3cWHs}y>Lfkg07ys-i z?E?xUs-2C1hnuxC&0aYRszq6f5Dgg}tq4vbX!o&|Z^?IY5l%_L=`Mke>z_G!GD~ThPn?mc;*C)IYyaR0A5< zDO1_c8~^;xkCqa90WpL1+@60cWOc0}R1jO>T)MkHAXJ4+LRlwL%vyS*T zVpoa*vEH3brvvi+Mf5XQLD2$BNz=a(qtF7x=5XDDg#Xf#({9~agqHEYJVNvoR7kKo z "${RESOURCE_GROUP}.json" -// echo "Creating resource group named ${RESOURCE_GROUP}" -// if ! az group create --name "${RESOURCE_GROUP}" --location "${LOCATION}"; then -// echo STACK_NAME=$RESOURCE_GROUP -// echo "Failed to create necessary resource group ${RESOURCE_GROUP}" -// exit 1 -// fi -// echo "Creating deployment" -// az group deployment create \ -// --template-uri "$TEMPLATE_URL" \ -// --parameters @./${RESOURCE_GROUP}.json \ -// --resource-group "${RESOURCE_GROUP}" \ -// --name "${DEPLOYMENT}" -// if [ $? -ne 0 ] ; then -// echo STACK_NAME=$RESOURCE_GROUP -// echo "Stack deploy failed" -// exit 1 -// fi -// # JSON Path to server response where the IP address is. -// ADDR_FIELD=".[].virtualMachine.network.publicIpAddresses[0].ipAddress" -// IP_ADDRESS=$(az vm list-ip-addresses --resource-group "${RESOURCE_GROUP}" | jq -r "$ADDR_FIELD" | head -n 1) -// echo STACK_NAME=$RESOURCE_GROUP -// echo NEO4J_URI=bolt+routing://$IP_ADDRESS:7687 -// -- -// -// As a result, a new resource group is created with all the assets, and you get a URI of a bolt endpoint you can use. -// Alternatively, go to `https://:7473/` to access Neo4j Browser for your new clustered instance. - - -== Deploying Neo4j Enterprise Standalone - -To deploy Neo4j Enterprise Standalone, create a simple VM and configure its firewall/security rules. -It will not have high-availability failover capabilities, but it is a very fast way to get started. - -Neo4j provides the VM through an Azure marketplace offer. -To refer to the right VM image, you need to know the publisher (that’s Neo4j), the “offer” (Neo4j version series), and SKU (the particular Neo4j version). -Because you are not using ARM for this deployment, the script polls and waits until the VM service comes up, and then changes the Neo4j default password. -At the top, you can choose a different password for the `neo4j` user as for a system administrator. -Make sure to customize the `SUBSCRIPTION` variable to make this work. - -[source, shell] --- -#!/bin/bash -export LOCATION=eastus -export SUBSCRIPTION=My-Subscription-Name -export RG=neo4j-standalone-RG -export NAME=neo4j-standalone -export ADMIN_USERNAME=graph-hacker -export ADMIN_PASSWORD=ch00se:A@PASSw0rd -export NEO4J_PASSWORD=ch00se:A@PASSw0rd -export NETWORK_SECURITY_GROUP=neo4j-nsg -# Options: https://azure.microsoft.com/en-us/pricing/details/virtual-machines/ -export VM_SIZE=Standard_D2_v3 -# Can change this to static if desired -export ADDRESS_ALLOCATION=dynamic -# Configuration bits of what you're launching -# Publisher:Offer:Sku:Version -export PUBLISHER=neo4j -export OFFER=neo4j-enterprise-3_5 -export SKU=neo4j_3_5_5_apoc -export VERSION=latest -export IMAGE=$PUBLISHER:$OFFER:$SKU:$VERSION -echo "Creating resource group named $RG" -az group create --location $LOCATION \ - --name $RG \ - --subscription $SUBSCRIPTION -echo "Creating Network Security Group named $NETWORK_SECURITY_GROUP" -az network nsg create \ - --resource-group $RG \ - --location $LOCATION \ - --name $NETWORK_SECURITY_GROUP -echo "Assigning NSG rules to allow inbound traffic on Neo4j ports..." -prio=1000 -for port in 7473 7474 7687; do - az network nsg rule create \ - --resource-group $RG \ - --nsg-name "$NETWORK_SECURITY_GROUP" \ - --name neo4j-allow-$port \ - --protocol tcp \ - --priority $prio \ - --destination-port-range $port - prio=$(($prio+1)) -done -echo "Creating Neo4j VM named $NAME" -az vm create --name $NAME \ - --resource-group $RG \ - --image $IMAGE \ - --vnet-name $NAME-vnet \ - --subnet $NAME-subnet \ - --admin-username "$ADMIN_USERNAME" \ - --admin-password "$ADMIN_PASSWORD" \ - --public-ip-address-allocation $ADDRESS_ALLOCATION \ - --size $VM_SIZE -if [ $? -ne 0 ] ; then - echo "VM creation failed" - exit 1 -fi -echo "Updating NIC to have your NSG" -# Uses default assigned NIC name -az network nic update \ - --resource-group "$RG" \ - --name "${NAME}VMNic" \ - --network-security-group "$NETWORK_SECURITY_GROUP" -# Get the IP address of our instance -IP_ADDRESS=$(az vm list-ip-addresses -g "$RG" -n "$NAME" | jq -r '.[0].virtualMachine.network.publicIpAddresses[0].ipAddress') -export NEO4J_URI=bolt://$IP_ADDRESS -# Change password -echo "Checking if Neo4j is up and changing password...." -while true; do - if curl -s -I http://$IP_ADDRESS:7474 | grep "200 OK"; then - echo "Neo4j is up; changing default password" 2>&1 - curl -v -H "Content-Type: application/json" \ - -XPOST -d '{"password":"'$NEO4J_PASSWORD'"}' \ - -u neo4j:neo4j \ - http://$IP_ADDRESS:7474/user/neo4j/password 2>&1 - echo "Password reset, signaling success" 2>&1 - break - fi - echo "Waiting for neo4j to come up" 2>&1 - sleep 1 -done -echo NEO4J_URI=$NEO4J_URI -exit 0 --- - - -== Cleaning up and removing your deployment - -When you are done with your deployment, you can delete the entire resource group by using the following script: - -[source, shell] --- -#!/bin/bash -if [ -z $1 ] ; then - echo "Usage: call me with deployment name" - exit 1 -fi -STACK_NAME=$1 -if [ -f "$STACK_NAME.json" ] ; then - rm -f "$STACK_NAME.json" -fi -az group delete -n "$STACK_NAME" --no-wait --yes -exit $? --- diff --git a/modules/ROOT/pages/cloud-deployments/neo4j-azure/cluster-azure.adoc b/modules/ROOT/pages/cloud-deployments/neo4j-azure/cluster-azure.adoc deleted file mode 100644 index 6b8c02b5a..000000000 --- a/modules/ROOT/pages/cloud-deployments/neo4j-azure/cluster-azure.adoc +++ /dev/null @@ -1,62 +0,0 @@ -:description: This chapter describes how to deploy and run a Neo4j cluster on Azure. -[[cluster-azure]] -= Clusters (VM-based) - -The following page describes how to deploy and run a Neo4j cluster on Azure. - -== Prerequisites - -* You have a Neo4j Enterprise or https://neo4j.com/lp/enterprise-cloud/?utm_content=azure-marketplace[a trial license for Azure^]. -* You are familiar with the xref:clustering/index.adoc[Cluster architecture]. -* You know how to access cloud-hosted Neo4j from your application. See the https://neo4j.com/docs/driver-manual/4.0/[Driver Manual^]. - - -== Deploy Neo4j from the Azure Marketplace - -Deploy a Neo4j Enterprise cluster from the https://azuremarketplace.microsoft.com/en-us/marketplace/apps/neo4j.neo4j-ee?tab=Overview[Azure Marketplace^] following the interactive prompts. -Create a new resource group to hold the artifacts of your deployment, as the admin account name is used for SSH access to the machines in your cluster. - -Once the deploy finishes, save the URL, username, and password. - -[NOTE] -At the end of the deployment process, Azure runs a validation. -If the validation fails, it might be because you have chosen VMs that are too large and exceed your Azure quota. -Choose smaller VMs or increase your VM quota. - - -== Start using Neo4j Browser - -Use your browser to access the cloud-based database URL, and log in with the initial username and password provided. -You may see an SSL warning screen because the out-of-the-box deployment uses an unsigned SSL certificate. - -To verify that the cluster has formed correctly, run the following Cypher statement: - -[source, cypher] --- -CALL dbms.cluster.overview(). --- - - -== Access your instance via SSH - -You can SSH into any of the machines using the configured hostname and admin credentials. - -== Your cluster default configuration -The following notes are provided on your default cluster configuration. - -* Ports `7687` (bolt) and `7473` (HTTPS access) are the only ports exposed to the entire internet. -Consider narrowing the access to these ports to only your needed networks. -External unencrypted HTTP access is disabled by default. -* Ports `5000`, `6000`, and `7000` are enabled only for internal network access (`10.0.0.8`), between the cluster nodes. - - -== What’s next - -* Visit xref:clustering/index.adoc[Clustering] for more information on how to configure your cluster. -* Add users and change passwords as necessary. -* Consider creating DNS entries with Google to be able to address your cluster with client applications under a single hostname. - - -== Terminating the deployment - -You can remove the infrastructure by deleting the entire resource group you created as part of the deployment. diff --git a/modules/ROOT/pages/cloud-deployments/neo4j-azure/index.adoc b/modules/ROOT/pages/cloud-deployments/neo4j-azure/index.adoc deleted file mode 100644 index 5716845f9..000000000 --- a/modules/ROOT/pages/cloud-deployments/neo4j-azure/index.adoc +++ /dev/null @@ -1,10 +0,0 @@ -[[azure]] -= Neo4j on Microsoft Azure -:description: This chapter describes the different options for deploying and running Neo4j on Microsoft Azure. - -There are several options for running Neo4j on Azure, depending on what you want to do. - -* xref:cloud-deployments/neo4j-azure/single-instance-azure.adoc[Single instances (VM-based)] -- Deploying Neo4j single instances on Azure. -* xref:cloud-deployments/neo4j-azure/cluster-azure.adoc[Clusters (VM-Based)] -- Deploying Neo4j Causal cluster on Azure. -* xref:cloud-deployments/neo4j-azure/automation-azure.adoc[Neo4j deployments automation on Azure] – Automating Neo4j deployments on Azure. - diff --git a/modules/ROOT/pages/cloud-deployments/neo4j-azure/single-instance-azure.adoc b/modules/ROOT/pages/cloud-deployments/neo4j-azure/single-instance-azure.adoc deleted file mode 100644 index 3f48f03cb..000000000 --- a/modules/ROOT/pages/cloud-deployments/neo4j-azure/single-instance-azure.adoc +++ /dev/null @@ -1,61 +0,0 @@ -:description: This chapter describes how to launch a single instance from an image on Azure. -[[single-instance-azure]] -= Neo4j standalone instance (VM-based) - -You can deploy a Neo4j standalone instance using an image from the Azure Marketplace. - -== Prerequisites - -* You know how to run and operate Neo4j locally. -* You have a Neo4j Enterprise or https://neo4j.com/lp/enterprise-cloud/?utm_content=azure-marketplace[a trial license for Azure^]. -* You know how to access cloud-hosted Neo4j from your application. See the https://neo4j.com/docs/driver-manual/4.0/[Driver Manual^]. -* You have https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest[installed and set up Azure Command Line Interface^]. - - -== Deploy Neo4j via the Azure Marketplace - -Deploy Neo4j Enterprise VM from the https://azuremarketplace.microsoft.com/en-us/marketplace/apps/neo4j.neo4j-ee?tab=Overview[Azure Marketplace^] following the interactive prompts. - -[TIP] -The most important setting to consider are `Size`, which controls the available CPU and memory, and optionally `Disks`, where you configure high-speed SSDs and larger disk capacity sizes. -It is recommended to create a new resource group to hold the artifacts of your deployment. - -Once the deploy finishes, save the URL, username, and password. - - -== Access your new instance - -Navigate to `https://[MY_Azure_IP]:7473` and log in with the username `neo4j` and password `neo4j`. -You will be prompted to change the password immediately. - -Because you do not have a hostname or a valid SSL certificate configured by default, your browser will warn you that the certificate is not trusted. -You can configure the certificate later. - - -== Access your instance via SSH - -You can use any SSH client as normal to connect to the public IP of your instance. -Use the administrative user credentials (password or SSH key) configured during the launch. -This user has `sudo` access on the machine. - -Inside the VM, you can check the status of the `neo4j` service: - -[source, shell] --- -$ sudo systemctl status neo4j -neo4j.service - Neo4j Graph Database - Loaded: loaded (/etc/systemd/system/neo4j.service; enabled; vendor preset: enabled) - Active: active (running) since Wed 2018-03-14 11:19:56 UTC; 15min ago - Main PID: 1290 (pre-neo4j.sh) - Tasks: 46 - Memory: 325.7M - CPU: 20.690s - CGroup: /system.slice/neo4j.service - ├─1290 /bin/bash /etc/neo4j/pre-neo4j.sh - └─1430 /usr/bin/java -cp /var/lib/neo4j/plugins:/etc/neo4j:/usr/share/neo4j/lib/*:/var/lib/neo4j/plugins/* -server -XX:+UseG1GC --- - -== Deleting the instance - -You can remove the infrastructure by deleting the entire resource group you created as part of the deployment. -If you deployed into an existing resource group, you have to individually delete the resources that are part of the deployment. From 77b7479a86d3734208fe6b9d5a68b659be922ff7 Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Fri, 23 Dec 2022 14:00:16 +0100 Subject: [PATCH 055/876] Fix the link to the download page (#266) (#290) Co-authored-by: Reneta Popova Co-authored-by: Reneta Popova --- modules/ROOT/pages/tools/cypher-shell.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/tools/cypher-shell.adoc b/modules/ROOT/pages/tools/cypher-shell.adoc index 8752e3747..e680c9b57 100644 --- a/modules/ROOT/pages/tools/cypher-shell.adoc +++ b/modules/ROOT/pages/tools/cypher-shell.adoc @@ -6,7 +6,7 @@ == About Cypher Shell CLI Cypher Shell is a command-line tool that comes with the Neo4j distribution. -It can also be downloaded from {neo4j-download-center-uri}/#cyphershell[Neo4j Download Center] and installed separately. +It can also be downloaded from link:https://neo4j.com/download-center/#cypher-shell[Neo4j Download Center] and installed separately. Cypher Shell CLI is used to run queries and perform administrative tasks against a Neo4j instance. By default, the shell is interactive, but you can also use it for scripting, by passing cypher directly on the command line or by piping a file with cypher statements (requires @@ -226,7 +226,7 @@ The _cypher-shell_ files are available in the same DEB/RPM Linux repositories as The TAR distribution contains only the _cypher-shell_ files, so you must install the JDK manually. ==== -. Download Cypher Shell from {neo4j-download-center-uri}/#cyphershell[Neo4j Download Center]. +. Download Cypher Shell from link:https://neo4j.com/download-center/#cypher-shell[Neo4j Download Center]. . Connect to a Neo4j DBMS by running the `cypher-shell` command providing the Neo4j address, a username, and a password: + [source, shell] From d0469ca376db3396869388d5bf9f74145eeee335 Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Fri, 23 Dec 2022 14:13:16 +0100 Subject: [PATCH 056/876] Fix a broken link (#286) (#291) --- modules/ROOT/pages/backup-restore/planning.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/backup-restore/planning.adoc b/modules/ROOT/pages/backup-restore/planning.adoc index 2e61f4251..103bc5cd0 100644 --- a/modules/ROOT/pages/backup-restore/planning.adoc +++ b/modules/ROOT/pages/backup-restore/planning.adoc @@ -92,7 +92,7 @@ See xref:clustering/monitoring/show-databases-monitoring.adoc#show-databases-mon However, _restoring_ a database in a cluster is different since it is not known in advance how a database is going to be allocated to the servers in a cluster. This method relies on the seed already existing on one of the servers. -The recommended way to restore a database in a cluster is to <>. +The recommended way to restore a database in a cluster is to xref:clustering/databases.adoc#cluster-seed-uri[seed from URI]. [NOTE] ==== From 01b6a019c3f978c9bc63d8e887d29c1a949c1f06 Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Thu, 29 Dec 2022 09:09:46 +0100 Subject: [PATCH 057/876] Add a label of Neo4j v5.3 (#295) --- modules/ROOT/pages/configuration/set-initial-password.adoc | 3 +++ modules/ROOT/partials/neo4j-config/all-settings.adoc | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/configuration/set-initial-password.adoc b/modules/ROOT/pages/configuration/set-initial-password.adoc index 19451295c..55717e859 100644 --- a/modules/ROOT/pages/configuration/set-initial-password.adoc +++ b/modules/ROOT/pages/configuration/set-initial-password.adoc @@ -7,8 +7,11 @@ This must be performed before starting up the database for the first time. [NOTE] ==== +label:Neo4j-5.3[] + The default minimum password length is 8 characters. Use the `dbms.security.auth_minimum_password_length` configuration to change it. +The requirement has been introduced in *Neo4j 5.3*. ==== *Syntax:* diff --git a/modules/ROOT/partials/neo4j-config/all-settings.adoc b/modules/ROOT/partials/neo4j-config/all-settings.adoc index d78b22ecd..0742f783a 100644 --- a/modules/ROOT/partials/neo4j-config/all-settings.adoc +++ b/modules/ROOT/partials/neo4j-config/all-settings.adoc @@ -147,7 +147,7 @@ When configured, this allows requests to be forwarded from one cluster member to |<>|label:enterprise-edition[Enterprise only]The time to live (TTL) for cached authentication and authorization info when using external auth providers (LDAP or plugin). |<>|label:enterprise-edition[Enterprise only]Enable time-based eviction of the authentication and authorization info cache for external auth providers (LDAP or plugin). |<>|Enable auth requirement to access Neo4j. -|<>|The minimum number of characters required in a password. +|<>|label:version-number[Neo4j 5.3]The minimum number of characters required in a password. |<>|The amount of time user account should be locked after a configured number of unsuccessful authentication attempts. |<>|The maximum number of unsuccessful authentication attempts before imposing a user lock for the configured amount of time, as defined by `dbms.security.auth_lock_time`.The locked out user will not be able to log in until the lock period expires, even if correct credentials are provided. |<>|label:enterprise-edition[Enterprise only]A list of security authentication providers containing the users and roles. @@ -2155,7 +2155,7 @@ m|true [cols="<1s,<4"] |=== |Description -a|The minimum number of characters required in a password. +a|label:version-number[Neo4j v5.3]The minimum number of characters required in a password. |Valid values a|dbms.security.auth_minimum_password_length, an integer |Default value From 680cbb7e2bd96989c5bce9f5919d60a65341cc9e Mon Sep 17 00:00:00 2001 From: Therese Magnusson Date: Wed, 4 Jan 2023 13:49:06 +0100 Subject: [PATCH 058/876] Document relationship key and uniqueness constraints commands (#175) --- .../ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc index 94085c579..e6bc6554c 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc @@ -506,7 +506,7 @@ The import command is run with the option `--stage=build`. ** _merge_ stage: + During this stage, the import tool merges the new with the existing data in the database. -It also updates the affected indexes and upholds the affected uniqueness constraints and property existence constraints. +It also updates the affected indexes and upholds the affected property uniqueness constraints and property existence constraints. The import command is run with the option `--stage=merge` and the database must be stopped. .Incremental import in a single command @@ -793,7 +793,7 @@ The header contains information for each field, with the format `:` is used for properties and node IDs. In all other cases, the `` part of the field is ignored. -When using incremental import, you will need to have node uniqueness constraints in place for the property key and label combinations that form the primary key, or the uniquely identifiable nodes. +When using incremental import, you will need to have node property uniqueness constraints in place for the property key and label combinations that form the primary key, or the uniquely identifiable nodes. For example, importing nodes with a `Person` label that are uniquely identified with a `uuid` property key, the format of the header should be `uuid:ID{label:Person}`. This is also true when working with multiple groups. @@ -802,7 +802,7 @@ For example, you can use `uuid:ID(Person){label:Person}`, where the relationship [NOTE] ==== * For more information on constraints, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/constraints[Cypher Manual -> Constraints]. -* For examples of creating unique constraints, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/constraints/examples/#administration-constraints-unique-nodes[Cypher Manual -> Unique node property constraints]. +* For examples of creating property uniqueness constraints, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/constraints/examples/#constraints-examples-node-uniqueness[Cypher Manual -> Node property uniqueness constraints]. ==== [[import-tool-header-format-nodes]] From d24d6ddf5edf321bca6d3f5d2d2d2ff41642b9c5 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 4 Jan 2023 16:04:55 +0000 Subject: [PATCH 059/876] Add an example of how to configure an ssl policy for intra-cluster communication (#264) [Trello card](https://trello.com/c/MejasNWo/4228-s3comcast-microservices-add-an-example-of-how-to-use-the-cluster-ssl-policy-with-helm) --- modules/ROOT/images/cluster-sysinfo.png | Bin 0 -> 286471 bytes .../ROOT/pages/kubernetes/configuration.adoc | 484 +++++++++++++++++- 2 files changed, 467 insertions(+), 17 deletions(-) create mode 100644 modules/ROOT/images/cluster-sysinfo.png diff --git a/modules/ROOT/images/cluster-sysinfo.png b/modules/ROOT/images/cluster-sysinfo.png new file mode 100644 index 0000000000000000000000000000000000000000..d453d86effbf030681ba50c734a7f076832161b3 GIT binary patch literal 286471 zcmeFZ1yGe;+b<4CBO$4DD4-}I(y4%Scb9Z`w{F+ro@&sDZC2bXDxvj1bAH?!6yDET(%EEcW@JHPF9=nRvA$nee-d z{?XJ?UFAXjdCF05qSNAAMB%kZ;&!w} z0vlU2!r1qtjs11{-50Lik8}5W&(1AL`F#aR5N@N+I_n8?;m$TA{EX9y{)&L`K9(z8 zi~5bxi2vK0^ypi(cY9*zr0&Ya&z(L@f6h(Z(v85FW6wP+gP<}_BhLageS$sc8AhRaLQBuiWZ8W*Vwxf3ZQGUKWbR75X6cxhITz~O zs(-+u{*bU4lQZtVgGP#T&u7~TCwg&-V$2qwrrm7w5DuC%>Yor8&C|P@Z$67w3R!;Z zHfu~mqzFlMPsum$5wUWk{?8B-hs z?NE!geGO}j?x(3BkbKmk>ct~!x&3XYC9H&JhHcw>bDkRivoK!9H4N)zgNNTx1Iz1< z1>Ns#U?7rHqbB;}k`s1)4|%2;g-1E}_{Jdtt>8B*N)pDE`JgA?{3uN4#nE2VtUQQ~ z_=ea^-E-{*HHn_|vk%Xk``$Dte?vdJk$R1cWFZ+V`OEqAj>xLp3yeew6uMilB-F{a zZ=(_fg&4Nry?+@Oz!nAQr_3SBRU&)2E^nY8q|Qr~Pr+%!7h{T5=wm!FAOue;vh ziyXYh>xyaBpjAwu#9vdD)}c16@P%7bkVip$Gs<1WO-&2pokg0Zm&LMOhjjL6nUC}{ zeb}ckltfJwXL=az=CU=-u*2=iR!A!m!t#OG*|8@9(}^uLZ^3lsksrcOFH3v-%@H?d z7$E{0|ID1#o{0yFu%R7r>5qI2u6G4sr$k|GA_!6=AP3pw zVdD#9CZL!02CnE_{}h;LK*@+`V!)$ujnlu|fNTV1KQJhRk{r#f!NdO6mmspAlsW>s zKT(#@HX6*3A4{MUy`wn}!7vIPp<_nBwj~l6EpZ!1^6`(?GNK_8uM@v{f4r_4YAsw& zJNOL|%IJt%8RAUs_F7zmWt;TqxluM|ZZPRPwI#;bfQNnPj}TM+P2Vejr*%fGBGi4U z_Ri}&@9uTaTeShM?^(VhUN`7Sz%hNrV{kn@Sj;#_1C_qb)HqXvM=f~JC}LAkznQmK zaFtH3#e$o{&7X<;x_nFJA)z;C9rCpQM$^isDU9?CeWShpMmDlYpg?1C1AX|NXZWA+ zrO@Y}Q#_}8?zE}-i?)UiKa^M0>OF%uv2w_0%dM6>EfFm~E&VMxvjnpUp`t$+Mq|7s z`)=dp_^Uk8k{=V{6|0i^MeC!Wr1ntJQ4v#7N)`Ve5mOw~ni_A8vucj^GP`D~wd6j% zc#H>h8EOJugFf9RawIuo7Yj0y-O9YJP;z&NafPug)+zQRmaC(q!?Z)MqqqZUzOrK_ z_JB!W!S^FfQB1j2E;#d{p4j^m6_czEi#Wb}cG)VqL>&G}QV%kiGu4!Pm8g`2vVW*h zsE+3H5Ax&^<+|jmtLo=Q58fY4up}6KHPA7LlcTG+qRfz|ol`o%^Q&}_X&@?hT8Zj= zh6T5ks1?-We&0xegW?DAn2#2jxAGzVIvJI+JNXL)q)*wiip_P#yvJO}c(me)6+5-U z3gQY>Kb5KH$>!;6E04?aNqQx@2Jd66$x+C(OT8?J$t#sv%;=F#m9KhQC8JxnZZxSi znOC*3_jCzmX=_hvZ-066`^iW7VcenKKK*z4Mdu9&T%XxPI1(&BLw=?_o<=XYAxQU? zPD-4d++i4x;|qH@dy3)L?$3kv4c|r>2PB?-nOe$MOfQaf@OLQRvYd-)tEGQLAVd%V zv5Zls?_C~qrWc5>i=2|#;Np0M%^sIv%VEQQYHe!s)?CfHymvK#r!~be&9H8)22wNK z)M6CgDicN;R{i#w^b3=>^IDz6od;?|Y7jN7f?oxm`Fr`JLt;Z5LkBk5oM)WM*16V& zT#U+4ZjVAB~U$M zn7n9CkE&Ln2CD|w^L&2pXUtsbc$V3hJ@d1rwGZisNk@*}700f}eWyQQ<%cfE$;VEx zJQx*P0@@~$E3z}YP2y;mKv#T#T)=DtUBHIsRK8|@|6>gWa|H_p?a!w6Mw>5wzN9gw zNu=SRIeoYOj{S-J%NtF!O={04jmU~CS1n!rzM388Z!Vz6g&c-p--x1Hqiv0jF#gUq zW2_cYNo8{DPIzt-o-fpBOZi zJogIa41Lq`>2}%2Ey+R2jhLV}>hx}r6dbNYBb|3q?*_)cP*Ji}`V~14;LtcX6uv^b zAz1ee){QYl@JaS7cb|dLdJ93!0KEe}g%sV#J6UUTCrzOXDh{YWMwjE3Pj!gh9vq;s z_*WzicOJ|aLEX#_P4l~!AiLc8fdi3IF1p`i6r49#|Wbr8#;eB63tmf}d_>^bZO(t|^~>3hY|Fj^0l zC3OwOLqp3S10wy8K4D~)$yFrRxqG@PO7z*WZ{C`?CCe^r){}f>PV6)^H2Q6IcU0D? zYw>Hq6+65 z=muIc4jaxOWjVi&$8*<@UvP4g^@jD+Ri{T^|M>3k2xhMQL4GdUII`W9l1o6(;mJu$ zNla`EmK;vnJzfrbE$6BYnT13K*_fpDR0^+sPbX`q@yZYj&v;Lc=gAbg zcx~yYYJ99<1wG?6;{tAu8#Pth?gu-yl?NCH(p1?(jDF^apMT+w3+=mjI;Xi4?q=^f zz~;QSNdGZ9hHl?y0b~OGY(9rL61pIymxKMmxo=7JMjJ?k#mTaO&}ke4WT2nZ>`V3a8>-ZIZSAT@Km_H0#jgq_lXP zvk1sRiV*a4=az)(WJB+wA7bB(x50WdauP@=UYTe}n##%|+ymF>2*`+}2q@qR5&Q}w zlKuPoDIy~R$UDI2NC*foEfA3Z{*D~@3;%fye&Nsj_4nGF7YJzJKYZ}(o`LkQZ)4GC zT>IDcwJC59;jyxaq$K#OZ0u-aV(VmX=S(d#xB))Eu$RzuLO>wC1OG*oRJy$h+8?%1 z(Qwv~mEkqEvtc%TW@lu=>~3QZZwGZY0Ii0s0=0;pqX{)9Gb=MItso{fH8sEEGgDqA(Wieu4*nCMHFtKl=Vf7Wb8};M zV`sK=G-F}o;o)IneaQ0g;REoE2TmTg&W7#}Y@O)-YUE$-h?+PVJ6hN~TiDrB!`n49 zvU713prwU(^zWa)#%bbi@n1dJI{iH@FhLgh9TqlbR+fLa4Ibr(f6A+1;cjBBDQaN@ zWCr>WPIV|MlcUZjML)`RIS#`u$N=Clf~zI~&lav*3T}>+gsE z^XA_V^0UCF{vV?FOU@Uc0znI6^0WL~X@Z!PzC9g4kK`7j@+#mjKpFf85sn4Mzy5-2 z#5XmpA}$692*L=GqK{SF5mzTLUhBG~vTW)XNow#Sz7a-3{?>%gj)#1mEd=Y8vK*VJ zXrp2_q7~)$Uow9F?G$I0fhFaJk z0TBrq9q)1%2IiQnV`Y5h*3*TtQiua$;yL!XE8n11UZH;>?{41M$6iQ!f7{3 zYFATvH%Xb5=d?&5Wg>C@?2zrA05K=l(CI4!R&ka6srDDX&SwqYzMyR(CL7lqPo0O zzOAw%z3C%YT^;?CIIshr$9sF{8O z6^X8Woq?n7S``HU@)j42;SDQd?roDp>~j9t0a?bA>$&*?TEril%u=Tp1X)D933m8Y>}bnXnlDFIjZQs0_iElBYDJ4bmV?Ms{KMe1Ff1EI!$smVdPT1E+<}# z8q+^sztD|e33oaRts(3HnDE)Tv2Ukv^eSeQev&-t6ZX!Ryp zlDNS)OlaSlA^mc^G^nMH*7M}K9%(NX`fr-(8tcOxqol%0kYi#*~O}KG*UPN?mM(I_qr^IrWp?i|W9$tV$0YJ1NQbt_WW|(sSdK zIOtb=`|8JJa12vDu2}FUN=)aW{9BGo({2DhCbY5t%NGDPU72K0ql&yPCZWDqddI%}2Tfs_`Qekda-Fy3sgYX;5Y0xR~lF`+rv0 zzmPfbQ5ciVZ_kR$)M;G(``3pJDY=V!yP-P=w~PuQt?R~0Cz#Y5c{WtKmboGU9rlh% zXQ9gU?dPY{=cV7{(CJA!?CdY^0y0>T;@-^_HbFdCx%Ng?z4Y61Tg`U%G8^`=^=s=o z@9r-oGV42+t|OndpC1cpWU%k>g%SZPH)DoNU7f8d63HzFjvPv9-wZ* zQauyeQ@Yg4mwJ*Nyh11{FK&Xsqpv+bHQc0wW`%QfytC1Kj7>Ic#Wkhl&aKJn@wpDM zjpp)viz-TuYZ6Hz;2CAV{UwK?MZMnDnDc33AjBhhiU0W+Ny|j8(8j(=ilyKxo;;( z(n|!B(PDOfdI+fdO{EL`T0fbt?4@mn1VU2XnmI17DFr7af#8QbxedUx;K99%(+=0W zGc0H$bRbA!8>2QiMOOu=pz?g$$?gh-9z^|GU6eBS-N0k&!etsT`#6HyrNEuJS*+fo z8r6=SGv9N*mofEcWkqU};;fawT2TLGl9zD)`{L9n>~JCLslJ*_cc{@$M$)gGIWOBd zht<+^#Rfu7PtO)-pwAf+YKGOnVPD=tFNniZQMeVVH9_P=dwIlxs7k>MDG=gPZum+1 z^7I4dnn4UgB`XK@uF%W78z3s-R19?b;n5d~%$HX+m`;EeA)ZWOt1cVE)r8_gPo1D+ zMrK-ddBDP_14PMMN$l2|asE9(}%OJflD*$5?+^7UDx4}f}}sU`4T z0U8;RC`!T}6YtP47;v{Kaokxw29xbtwYA+u#{&x3s%+dJag=Z5Um+xdV>AxMb$yJ& ziqkp*JGr7Av02+_HTzmF|NC_&6jc5MSVza6W*IbeZtVFRrp#1=D-Zy>iY|3<3`uPr zjnW|07>7!8Z|nLdLjWQ!J&R_s;EGR2H0QQ_SI?DDhbnE*Xte>=j1qW~=JL6#pF0o| zlw))MDs~c(i-k_Fp8B;D5jm#%nM2G~EILCE@IcroPb1W5B0}ma6rykk!2Vw2{`Ud{ zM_l2g%X=>Xk6+TjKod^!WtiJ0v#(^^s`!9N@U3wtG3gHwJ|-Iz(tx&IT#&O|eFzS2W&i;Of|5nV9tTHSUu4t#BEl ztgXV9vt*c_4qVM3gE2uq(#(>e6JD)&plq=BYmm)yAlux+Vzf7{M(*;25-SU*1PY=H zN;simHS0-nUn?7aUslFp+M7nvPT@A;yQ?;-UST&)X*HA|>asG_I#i%N=YI_+BnXF> zu`Pm(q`SL&kV0qUQW}Jlv_S}b@TFUUkk+qcW$8$FU#A2@j@V2(V!!?j#MQF8gj2MlFZGW{Gp{vxHTU)DH+*8(6_v@+plwRrae~*ik%jFthLNiUDUdg zIP%_py2FMv3(#%d9G%sr<29!3L(t3+tdmC!moW+ zKNSW+$T)4ok63ES?P~YbDmp=JrP#Q=<>Oo=1gUdUF#DY?@>^zI(q6$6>yx_3h!}Z6 z9xZKcE6a6U!9xT7g9)e66nfbt!VSOk6XUJ~w$Z(|{S9l(`&sEKYdi&wk1vmg>-qi$ z+YO%k;J(Fj;fLuQw%u!|CauZmxi^E@})w?{v$pJ;JSV zpUVlEXw{UNNZJ~fir!;qO*R$=}J6^~!JF=S9>)j(?ER;Iw7u+@*(ZoeWL}a_!(z|+6`Nr$jnLcD@-ofF4 zzBac73F>w>s6d_UuN7Mk=5lW~Tq~`dciNY{G#F8z{EQTzirgqWcXpEzs$yfdDoXSI z^}KDJGAHMxj8dj2?@p0k6*Z-YwO&`(zQj`GqL|EY^b} z-@QDIDrXDMMeogLoUW@Q+&f+D#y>tv9@(T{8Y>yoNCGG^JCQ4yo{kUDVwm#o=(}|f z-dbCg_bDe-jahk^Py>xqpNq>ZG9_bke5NfUf=h`APwK4ZUz3M#S^*!53 zZ>KsxY+sFjw6Ts2(!H)}zjp4kHFZ$O)x*1z zpH%Q5wo&+7u2RsM&r7w)kZVINxzt^=vr&=xB-eMdT z`XNg2p(RfOzui>L;a-tnYB$$8hu8ip_snyG?M_M|<<{B7G%sc^W>wxa9w*a}y()cf z{hwqte{!Ovr~4i+OQ?n^4?=Ohe_qqwKlv_#YZ4czJoi!vHp9L4rN7FXc~V9-$*yw# zZGP{gAyswVL6Zz#lq|dY(|w5dI+yR2R=Q zR$tSdOy;msBc@-^eK0BQ>o(yaz6#jG>vlJbYJ%M3#YgpoGJeo#aU(zjnkUOy>6D8p zPI9j6B$ssxcuP^j`auwja4j5$VJTJ~l*k>rR3SiR`46|t^y}_zTS7d%^f-9R=G*fV z*-QFi?DhJ2>3|315~THYiNoUWuh|Ry^uIP1^hvhZu(=IXR`tY=V%>5X-S`zYAwCC_ zBv>TO6UM|o7_sXUmF%`v%bz4>rVX24w35_q2AkX1On#_`83DrEs-8Y&#v;qwv{7$= zMZ`2)SiRnnL@$$omwvXJRqc7dy5bq+O}>&-7599s@@(%pthd^mQx&J~WWBny+&Gel zp1JODmN{LTOZku!C35<7-OcT!tB&++hU)B{PZ8HM#N{&;nVu6lqGaWU>YXjS^L@Lm zlj(E8>ePk9=qT@xJ9MKim;v>NvtblAcO_~~yOUOVgVS*V*+!Pbpn!hDLkSob;=O#% zR_f2Jh$rN*Cw;_!oJ~6Q3TSHZtG3t8zG9mF8H78P$HH~#Oj+0t`IrEVs-V^1v9A$I zR=-tncr05174`D&;dOdC;kS_@u$~!KW4Wz|eeUxikJZVom)ND=HVA@YJz6qfYz|?f zh_i8OAsk74=wU?exZyP_ONNDkYndsP|TwemEij`Y-pxnU}@@6`IO^ZNGBmFa0tVz5qg=l_zvi zi@S2kU^@Xrxr9YY@APZQti!yA+jM!&5AZfvT}!Xl`LSEkK+9`_F5sPow}2BoO}IVft|}E zpLM77u)YuCZaN2x(2Dv~8~)>^52JZhr%U3-$Ggj3E~Q=v>xcUl^%TitsmdrnRdOn; zKf7s-%ljSo=SL}ic-m?LVg?)4#ah%~a}fdP^!k3Mdy|n>zNg1u*UHCB_P6HR+wa8d z{8%fE!#*LCIRn&1v9nOCTz(qP-V=iBvm_EXx#5tOD|ZgGV(eN3qJYB6g(QJ7-Aj~r z{{myc6y~ZOD-Ttc8d8TCT8x?BuhOk=6CP}Ms*yXtITE{`%K`n@JO!oCK-}j{Ou*(S^ zLE(YO$%MM6VRsUT!^v8O*#@Q8YOzC~7|Gh8yvh8}et98*9-hUN+BAsW$4$rFrW)h+ z$W=9MZS9)#(~YRPD4{z2mF|(C%ce_JWG3By52MK$xp?h#Ss2_KheYli~9- zrmgO4Eqc`cXxRBvLq(dkHDuK2c5HjPJILRAzWYOt0b0%JaaR z8oW?q^!Pi?-hYwGfQfs&H@zJ0G}wR9HJbn5N44;pqDj&jnL3%ir}Vv#3j=DNsoq2!R;- zH9_`>rQ}u~n6P?0^Wt_pzT0mEV!gRw68%>otjjEGd;THn)m&ui>(t?uB2XM%EpDGp zG)oJunD+H5G9h;vP;^*GG;8}P8MAM>@~ds4(rIqyB~?$7;C^vbYx?PE`r6irO~oYf z%6Oha6e-8O!mqQh1jeeWCE^m4)8UR{CHm8+PYL`UjwvofnrxoCOSNNOULW!sp?1DI z$p%y13rR9(U;C#o$n|_7&r>{bdyxz zc9Fz6YA&Ys7tu*IefY5g*A)cW~DT|cZ15V!6%i4k$<4Djo_;Y??>RD%okoU3chb+jqliAE z#GLG`ZQ)$jr8^U6o3ipm>?NbD>!PYEC)ey znl|U;1^bHw%zC&5UX+!)>cr37R(-BlZmr3Gy4%m@cLs~Rlj_iRYwI1ZPxf3@bqtTw zLJJ5K-v%cXfe6t2)GmD*w!o$7vamY^ya}aoTljKe80AJ5^7UH!%~n|zu3KX9uFv=G)3;1)DMh5j3MQnaEDCI?SWh0y ziOnd>r4fI4T0V$=-XK4hla=-g1Qq99ymG3cMSxu?^XS#yy=U zpOS4~J(A;Pu3jyHms|wBWE+R-&rj;3cGtJssi@$oL#ePMCVdthvymWkSTBvLd-UlQ z#BI_=eZK=NCY$ZlKXcUA>rH!L#mW=hp{&49QEJ-#s9CbTDD=&fHv?wysfYO-h&(O&7jC+>%y`wnlmBAt(QOci68Fm|zAejKO!Hhg81+zAR!-TQy5&{F zu0fKcw0RAeACIMWSLsXUk!-qPhT(LF%g5JSpIkpUf0SwmD9*87--e}mt%u%`ek^bqg9J-v;NQ)lsIxue2a-ADs6(t*mri8$0ZAtBa}SHEId5uBqEs9x~VlMndeg zP_t7(_TvBwIBS)&REyu~u%C%@R;sI(_hB>DI@5>6OTS?drdKF1*xvm>HdmtA z?Eo_M$8m+N1{Yy^VfDf<0dgf5=x+bf8AvfXDHHiv*6YpWx{@?y_FbYv_qX4#-=nu1 zt>Q>Knxq?R&CzIOoLD0<>4Uk0DM))K0-i!$-BM z-z#+P4Nn5cjYp)JD{r?&QPsECt}`orKP0I?6suVj*a!sy_^0Z2qsBm#t(bJ!Z7cb~ zkow(B78f$>f>kI84@HLjs@%>%DG#^= zrSr)IJW0BLm_iA61m3d*=}Y^g>!cl|GIA@YeNn!IVZ;wQ-lp9*>l!)1jU`-%rvM-W zlr!8Wq!e1p2&$TMOuw`nSXIs-ZG_g_;@;MuI#X^@l>Vr(WGcc{Hu5qm<=1 z-@vhqiN3zl*QaK4R=U{dB+{A%R0(H6o){s5dyB|wxb_y4T7Ecy7BvnPAN||e~nLs7QE4CE2d-RZx+lpLuuO&1!j$L0|-OMokG1E3XW1P{-cd?U!$d9qsT{B@1}DmcNZ8 zOO@laowy0A&&$qSvyEs};ef4}$X1%LSSIpLzs^ODujo}p-{Z)t{4{sGQq(J0eH^#o zwbRXICJUhp{^sTMQ9#ZsH4;>3IC?-4W~!#Vo!ufmW*$&Y>B)xgLA5cw3J79-v$)Uk z544HlArHu2?pVn;&J!BAUOt39!@T~CwKDr2B+jY`0RLAe)_W&vp5W;I=)lgS==IEd zkh=-|D_yr7&TE~vKP8>#SHFTtK0$6dQFk^n$X0vAS#Clpz&3U0)Ez{X7%h`MN!8bbxyf3rJ zNJ(e0^bemD-P^LAt`mRiwOA)8blex!w!7SauqUCS<~X$&luBAuy2(x}~~W>si}(&pV(XD)sl2q_iX z8->>%JC@fJ1$gY1$hG7SP-4{cd%XcmK6J|+TO_l~2X*&Q{|n0Zzdqi2Qy|pcCe~Ajoz!TW9vx;y&!Ws*1Bp z<90Ao%i;2&52_<)so8wO4?=#5B9KABGj+Z~FQ+#PaYzFoKCo1qtk~fL)ez0SX%$&+ zRfP5Bo4JipXbDLF4-fp#4yD(ykj(x&r*kn9FbTA_tCO7>2Tongk^ zNnB%0Fv^?#@@d4N{;DgWwNy*Qr1mT>8J_i@Cbfg2tMS@c*{D3`38nXDBby`i8@ymq zq|07HWhhv)D#}^hC|f=ybIV==xOW3IFy;4ZK?Kr_Tbd{Q(vw zPIZRGe^HOurKB5gE&^^(4c%M-x5{d`5T0Hd!E1vdhj1UHEVk&WS6zAOwE+R|?tf1= zaLj!JE0EvNe>`ZJ7*CU+^B~!BpD95{c9M6+3uNzGp!8=}diE1d=;nq;uh%bYl&h@1 z*cHzJZ>|X?>a5kAx>Y3$bt()TGuwWqV$tKKxyVNCE`5k47SVMzyOAXVy&f z%XW~j6WiF>aIlHTTwxtWF3V=u58bUyzp1G;;XQ>rm5$qiVBvp|n_jNLHpmu?Pa@Ye zGpDaT4Zq3X%1f~fN?f4QrRLn_3p?D}Dvt8GkHfe6InwJ2n-~J#(b(@tXjki)*Q!Vs zrqui;y!d+w{O;ECH<#i5S&i)o1Rmj#7>0Hbfnog#8;{6OL3`x!w2l5qb2bT_cLe8~XYYqh;SUN*TSq1?{b&A&Nd%1FLXbGUgPW zfgaNMO9x|k)T}MYN{k-eFA9ncclNmr+@-@QTpI8Q7+ott>r-{cW;J!L%4!^yBbm2S zuh6Wp0VC!|OUN9K0Hc<6(u>(`EbSeCw3vP=CGMl{?s22eatfr5V4H$~OQ(>aa}jB3 zlsDqntwI&ia0sNB4Oa5Nay0{r7nd(aTv%gxn@qXJm5BkV15=_u&}g^Xcfh?=fHcrRUj zy#N9sBUlMcUH9%P8bn5q6$3-O&u2k#DPsKhh%muwWoEqT?^k=OgBA?&ZR(dR?#@Gj zuR#j2GrxS81`i)hZh#?n%4wlp#k3IukicqBtQM|ES9_`i9i2YjgrVSy>u>`AhEZn8 zuCPc7pj}uKtkUc(i5a@WY9YA6{4ukC0O*gI{l=Vs%U$|1iMmj0AO{^4;0{**)hQEH(6Q+52O$Nf`v{70$bPu20C=JKbw z|C@h7|5M!mr$qiP?!Wb>D5@*ThBAHOM?!w_rlGH0hFq!>+wTQ#&RV$!67s%CLp|00 zwcb1szTA9<=x2)i@aqf+={{2-opnv&@)!NS2{?$Bb>QrzH6w%cqXKy4^W+G7N*nQA z`IMALBtn2E-c8H%mp{^H_BIP1iGxE_9)s2`4N1BJ0K3%^Y?`@lr0|Qu&vL;7*AG?$ zdH!kT;ABU9(88&aKJi!w4R{q2>2v?|-nPPcOQ=X*hxszs5E909wg9p7^x7SS^!Hy+ z4mG}KhayRd6DlgMW*CVPdJTuP6^06g78`y>Fhb;L%l3G{wvSI_)e?y9)%t=_gOyk~ zd<2W0w7Ytm!^^h%d~#}SYHG@R!Q-c^8Tb)oKcDXE@ikkZ63Rcb)qaUjW~(X2P>ts= zY=ra$cXx|Goz&JJ0ojqxzq`$JQSHc`6`A^V0s<#la_ZL~_ScZ95fIUZ5s>h}cP=h7 z8j-Cj>djeADdVppK8NrKFGfQ!s4b;?!uhBX0v6~DtUwo2-Y(IEj}ef%#r*dX8%3Q4 zC6ulqqJI%XNRH^X&GWU#M#3{^MjElUcK!R-fA#=63&H>F0;82eN>`)vXRRER`XaUy zlwBZ(_15}v!$YKUSH|L*x2n!1ScvGi>4i`H4QL%QXHe0FsktuNw2g~G6G1=<#V{x> z9t~x}=K8I5FcngnhM}!6RO1B)9z5ZMlxxnEiQx@kd$vCN&Sb?z@>|UpjRVhi(XkQH z9}yrHiHw%2+p+iZ?>tie@lYCzlb`*I=yfn3Jj5}yd!Js+e=S2jVx2C=NnTL#VARqhaS06bbCQDlO< zY7FlK5s)9!!!c>5(;7mFgeMVwfk`75+I#=NBYfJz^vKp^_1}H`Vu(R4!))C*8f}jeQ|}~d zQ+k7bT=6FqAL)Ty!-|5d({sp=5y6E8^ zQK-ak&4X{=!vAaoqZNr2oqUFjN6)1h@H&MWQPk!!WeVVoR(bBNo5l6CIm5$=|I2Az%!Bgwt1%?9TcL`y63E z!n3>IH__+eefIaap^&oviV~M}{|Q{)@E)S2#AxvWL}-vdkB+RqPBF}~&}yhpze@NQ^lkkWtu7@&xnwS z@je%bgko1@D8-0f$Q#~+(qE`~^!$R1UcYJ+0YX!`=pjetHf_LvQ}#0nxU#P+;=9D$ z5KfqQhVsNQ5E-uw#ls#I5uGskLQw9-D@-{T^1fj6zftq+4qV;C+AqIS0R)p@Ov#}v zf&r-TH*Hwb8H^u_*~EU$3jyjTDIT~l#r~c%3^O_ZNdpp6xeH)(Vin60bhx}PdiV=9 z0WU5LflR5-9UV{uCcFo}xL2aLe`_Ah@Hz%ib~KIDd)tSAc#`vlCFEWMQl-Z20XK~Z zE(FEm>T_rBLf+p6sT0iqLXB|kg}Oag@D6~-h`4ZqT!rOZxBolG*uXg^I|AR0C>p4n z_HB}w#nS;(MZ*|XbPeH#a=_XXfl{)>0J19R@E#=oLd|!)3qugOM~VxiuXJG}S$~=R zzg+6S$b<&2?1!R~1F}yM3>{;L&>46TBoQ_I+vAkpwVMhY1V z@Tzb%~@t}!uez1X=wE;383y9(%tVL(OH&ee}>#czE6F@fwqq`>BBDM z4e#OqlC!YH`r|BqqrpGU0+`zWubqW(w5Sc(RbO@l_6u~y>-$;|>pCm;zY{?#{r&_C zg}p_y8AE{?TfFDmINUNzBsgm#jOKtVM+oS`fRp{Vnm1()*T9xmrk$h3bZ|`eVN(}4 z4(k&*p=u#Z=+puW8h)QJ;)12W@Jf5q7_h^=+4#b-{1naayl@lFJ&aFtUUxhK3@R5y z>+tMp#;BMLIQ)i{fI-lF%6-m--EDpN1`gO2o1tl$li8K=I7p`6m+5KYTr_sTqfV2t zFBS`6D<#ug(@YkRH>zK9I?l@rqi-}`G}MifsU=(;`u$uA$XG!4S$ zv`6WbOz*Rv0q3P?JI%+bKYf$wsTSIbHjQ^dAu-AY2qhF&1!Zcv4)~hI z=rSqXeeQn!dL3vu1D~}eEui>r^7p3$3^w&p$aR&%R+PRG`M zJ&dqF$qI)RY$6kH5z1-zSUerAIo%%*7~dZ?OXsxlrM8b_h}UrpP2_day1k2pb>HA= zlpw_XiOd}a#67Un_ZIr6leS0-f=x0W$JlBt|LL9V50Q@qy!Lm!H2q*;lYAwW_9=Ch z^D;hDvMaR#n*?`%12i(84=wXKUQ6+OE6HfjbZe#9EW52{E6+vsTCl(QMjeTWpxhRy|a z_q3Z%JG7_vv}}gv5Ffv$NlvgSAEh7U4!y6BWXUcFPInTf9iVq!8G7(@F;&N9aB!iO zM1NOqa(b;|x+k%Qm-}bCqyxwkc8W*!BJOe#&*>KJ=3)4cTbGt;g2UqOp>(f$zHvLd zkH6I}lx71CY9R_aRvSW)TwT{iwRGCIQT6^cL~aL+XR6F0 z-?9xX@IgE}D#KYb(f*khBc{yf6da9W6dTW7ak5^YZQ0889OAHRc@X0+L;J9vjMF-y zx+7*bsPR}5nT*cNzt!$xQuDRC&FZ$U%jhX^0{aM8&0R3hZM^Kx zQEML|IW?+#|DH-^@y!j-vU;E6UAF3V-T`N@0dq`S2`e6&DpdCJnD$A+YEUE1KQp2L z;tTAD5z~#nq5;@P#nkH-$w(Bnc~8q$A_~E89Qw5Y4uf)9diOG6s@6;Vy>J5gW2HFp zxATD^`MI>z3UPnqn&p5kU!n<$M&!^{V*0Ae1RVLL?#IGiPw+B`(!^NGyp}tL4~hehV?)HJr`mtVZ2uZv?%6HUyYf zOuEW?YAZh%PnaNV{ccM8dGu(+`Z>f#O`7>E%3qC0EJ4O)lc2$L(YUnsAtM|(^4ocA zdy}r?-Pdn^7lPQhyp-MU(LZQ5q6LG$hQjh&lJMXnaVBOGEa^uDQKL=6jM5o$lH>qA zDLAYw2$VX^Xbo;ZoHG9qArnP8IT=?ecn-t*@B)4^&LgLVuF&VhoXvDkQ*MqL-86JW zR#m0ceA`*Q(Zi~oRfjJjo+Xz`CWuZcfxr-a2kwIst=%i548`#2(;eCppT3`Ul*`*r zw{P0|1Sn)a@aq|R%y>)8q0yVD*e`cOx3rwDt%=kHhH@J^R=cjrOxO8bbJ?uksAG3p z^qsf9A=K`Dx;GqPH3cEH$~WAf@?rrz`5YOXv_ej&eQR+c*-o&()J)ziaPf!f+0l67 zXsKB;*OYs+H}EYEjoszrwpN^@&*ny~x>rM4D-)#`Uw$!!8z4x=&h0+jQc6%sfX#-* zbf0YW;@tKLCQ@USW~p^Dp7K|fsHq{_DU+p5!c4;X}wLfLO@9+-k7Ut~S4x@Tf) zc7|cEIc-G~CQ!+lf6Fe-Z@`1-FA~Mk5%++zEJVV8yiEs;vmBfdF?53<%3jdhj|`!t z3Dc(=5se)0#x17rfROB*W`aq0sD`JpCqBdk;R-U+x&nnZs`P!hF|WjS0~wr^{2yRs zY=VLVLWbeT{SjG>5o=o;mX8?ia5mG(*b>OkhI#mXlu0qLHJ1V{vCC!QE?#1F<#($8U8)+pd494ES% zL%_~Pk=(OxCL7VR(FF}U^gC-+D+(+LeTUJmjNa#` zepN9jdY%?it435+hGm0l>|i6j{PI*j?zZouctVN`1_3A){bzI%0K3Sug&dT=GlIm6 zOe|?}KooA{4o{d(ET?@ATu?>TA0!JE9A?JVH`(SDls`(gDc5Y^voS0Yt#;JfdVrM` zH~YoJg@bB)7g2Fp)BIhqlB^V6$DKjs;ai$&Js{-E^dCeuEwpmtN_# zm?TE5d0T0AG4;S~2OMOF20IuvqbfcAm4^be6sX*4OP)|YJUsxLiJNRaVZLE3bziG3 zOQu=8$<4S(bnG9qyRIe(e+Q?&B(l`Q9{zM2P!zAqQ$^)xN(o8)kyL&Hys%N{`?rg* z&zQe-=x{8D-+bj4RLVV7)dHuAOx>0&;LV?vudXdTo_UM<(dU~wYqUzjs%n3Za#kWZ z(4d9y!RdO{N}*}03+mgRao+Ei_4r&XcFgyyY*y+VhY8bXAx(nMMsbOPz@b@5AT*?X z%~5N%TDeFm=T+s|Amshfc7l6nKw17}t?Z9-?zQbr{Me7(QnWH^BVV2mYrZXNf2ZnO zJbE;?>bSSm#eV)XWONEwXMLz3`4;DDg1`O)2FbG*r6qJy6;l?E3g7!02*^2nThEP3 zd+PP>;5M7mNz7YWrL$eicZY92vauLCs%`Mke$SsT{6f?SY_x2&EVA|6+bQS%?jC5V znQ`9eV>Al$FI668g_L}83w-rcWv!w<=ax3wWlhiK70U&%`E+oLzCM(!p6p{Ez$I?} zXv`fUr9a`c3G(~@M2kWsywoty{d3wARDCM+63bO0AEDD1e_z$ys5;UzO@yH;PrD+U z;im;pf>6c`1ZQ!d-IjHNA{bI1jZxgZ@4<_or*WagDC*-lu7o z)sepY6%&qkiV&|ICxh*_<<9Fuhv0w>aL}5JV>yR!@8sBFGp>*$3rlee{wJ>k+ox3X zLwa5|ABcW-@c6t2k)JkFJfE|<9p^OcB@y>x*U@*GltX`y`M8`y16d@20#RaDQhRT} z*3ZP;>7*k5A_ z@c>RP1?Ho`EAL2M+{#=Ht66;zF{{Ces3Y;e*n7*kDF5vXR1pJF5fD(25DBGKQqlrx z6&V^tI%Pl@8c|RY0g-M65n<@=Aw@!zmTu{ep}G4Rf9IZa{J*|$?&rMJ(I>voH}+m@ z?X^PyQEM>H9$s@j;j-FN*91V7M~D0xG#j;%!?Al#qA4Q=r2Qz`e?v)h0$7+-(}qrZxAR^T)#e}7boFHL7J}` z_V9@LMOHyasLAhhu=hON6X8!!BLqee_H(ui17*7!+%7xd9U+pxt8vX~Szg*I$&1+e zW%R6Voj-kFK=kg`n(wUjhkOObyW&Y?iOVaZYouaV^1UvK&KJILDT)-VWemXVbZR{* z!sfh5+H+g)p0F-cDX+~n`N80S%r-`lo!KX1I(u+!uD6Su)UDKYIyvdBWxLjsG9B~5 zyoN`}@h2e_%{0hJQ?~{H@3)MAjQ3d8@KnL!jnROB*)LZe7p0BC{wpBu%ruR1$1HZFd~C|55*WYQeddYFlK1hEsGGKR=Kt=&>fT)MJq$D!6Qg2@&beiWPT>1nbZu zBC}m?i;g0*w$F!0V28E;{$8Hv+~P_ce>S5tEbYjn4B?X=r7opV<{qgi*eyK5xPDI~ z+O{Ft-))D>CfQ?u&p4xO{lvzma`vSF=iXGgD#JWhSi#R*79c(udVQrQqB*8S*gna( z8&35U-L#Ux@fnkW<8_dcSUD734}KWlhZ?;51Kcu;udQEcnWIb2_(U=l8P4Ef_A3zT z##{16_X-7me{dLrFxa6EwYL;d5ZzxmfbKo-H#PaBTsh9@`&T-$^h?%3kF-WbembL3iV??jg&Rc#k!xoyd96vp2Lx}LJ9c-6Y*nBbl;IE|4D zB|~sv^jX14yHLK*>KJk^g zrdMq|VUc4&@4GbJu7l~fn#b+CFXXQFf>YHs*Np}FiQyN{v%v!k7H$*xq+3p5iYkM8 zC6`kcGSC>2ZatFMVVdTb+cE~<%oljqQfoDNxJ(st>t}z(#5#`1VrF#=SSg;)h&~%Q zbmU~u&t2|2?O$(*myX0MBHIza!^+MIZ=sWFFLwR@t~DA-b7KS_OIgyjd|9m(KPvfG zz}A8A5b>HkUYrsTuhsHahcqM2|$)9H4#EJC_EK0o|`@7%ceR-zw>02BA zqVrEB9aLSa!HmsP@Ykc=yNh)UE`5_P%3HfbgQVmbHz3w4`}GLTSjB4jlOuw52fRCG zh=@|bQ1M%|^K`OjAy`7uuYe8U_io#T>SrDsw+|(P)8exg&t#R22OSd{A--YH>KHw$ z$j$dJNd@7&%#WU5ca1O`&~kzM6NCF1=I)P+j8{h`cn6kySHW9h{L2oeMe8z0gyj*92yCRobpgdi`WN zdlr$;mVNbRf8&pzH(^!i%*SeGE&B<5J{n7d$%YuFq&MGuS&=m6l`svV+I^sYnik zm))0e-L%lMUh5K(ps=ltgiG|e5&UgRWl4IS z%fCuwMU%i}j$!`j4vcZdii1b5c@k|unV(jo-tHJ!E2@eIF3p#)hu1NXDpmZf35R9K z!`#ytFGeijC&)SPrhpDOXBP=hxh~(~I7w|&XJ6_EmxX)lIzLL1TgGR^3;y4;`BE}p zk@lcz$z1-mg8p@k$<3|=Pnl%pFFsST@@@V*y9)&}d--er7d*QQ(L(tm%?bEGa7^iq zc*a1Ln~ZaT+^w%XBWyn3z2ixT`YSKn@#w8Y#2C-;fl|?8*5~s!Vn9Ud2tPU}NeTc#l|jgDX?C`|{AUIL!Os zqRN2{{f!>v9)xH@^XucCHHF=Huq$Wfi}+FE4jweZL2nWaj<5A3I}bo#w&V=^S}L`| zpf}>Ue0SFL5N&OzQ-U)}jrSyYUd87aGz=KA*BFLKENt!o_4c3K!526hfts)#DIWnQO1t!G z4o595mpQe5cE$cMnMn~R)l1SFFJ5ik&HGA=Ey2=Rgk+oRlpzZh@!n7+$=@-XZZkPI zG5RxuxwoX&?N}I}QzLhQP3;*DN*pO^&;kTpb`Yb6p&FN7`H6P!!tvsvaY40DTp!2P zQ0pQsz?{wHRqtf8y4>`{;h*?ldFzS-*0?_ZWkGNNmOe%lW80ImaIva6pI8sQ6ueS0 z8IKD`oTzP_M*WV``LMBMmhElP5q0q&G+LbulDpYcac6=B=x5ZUlBKV7Sn5lc6e+e& z(O+-ZC`<6&{7$h!|Ci`5=<5v%b5zFVd=x;MUiJSj4G^4veY zYb7unPF?vIDAD5C>_(lys0pW|FBzn5z%l(TN zcVEik(Ph{Fy>4RKYHAm2q|%f=$J`f7^5L20ZH~BBx014@#yK>fdF$z#(OS2F2&>p- zHlD}bT5}c5qC=SRo@8nKt-Sb1VsHJVkRfnzGyPREzrxjU%SR6T{f!Hw$_|A15i7Cw zai=(oZ;^?&>!k7XJW6O3;yHN-PdEx1JK}P^>Zg^(H->Hn)@^v#oAm|?drq@OS&qC3 z5nw~ro3Yc(MUG(16Zngiv9#>y=@t5?KRu_3FWoR{?W5OUcr(!>dpoFql-R51 zB;tqm6s4P9?)UIq^2wkI_4NByW4VJ)ZywB3krvh;0_Z2NTej};NJ`tr5=Pizv+^6O zVpE5;t9#hXn3RbaJ+l_WxkjE6u4VrrWs|-v%U)O{Gwue9dI6Md79rzmdTwbcOL#a~ z8)wV6d3WxI`nL^@-wC}_l7Q#RGm`y^&b1gr(#h^CSAAEVoF-`gYa%}bQW2pF!)Wj{ zuYf8X2@VOl-0|%GHIg89h44r7Wd(Bqm6{<6j5e!FdRl67O=kv-TlK;GvpTxKVI_IQ|Xp)F1$ z*cYE_e%sKDG-zdHay(*i_8)XOcFZ8WDi$yWqr--piH)1O57DX{w$C$I1QgC_ zEkDGpv~p$5!l^Z!D>>+_o2W;^)}HRVT%R=W@FkISU-Vu{vcsL;yDsy4+l+iL&B8F# zd(+i%D6g4bj1zl#x{|hDVXwADR7a-h@9>0vtMs+N%jnLNJ+>)`JMgclMw3I@SAb=6|`O3g;_m!H(E*{S~-ty z(3NtI#$}jgr(+{%qCHL=68|z4yjuRPQ7K4{at$Q+M$<|2#(5p!A|yDO|1-D^{Q^3a~unv;N1dzlLcCaD$h3Qr>;#r*dv@a6g8TB!&K2{@`96iK|&Ra;DfXye7YRF@7v=chX;RXzQMzpV(-9rZ2mQ~$9R!Nm-TOKM)@17i#-KT7Um=4^Q-JMKK<~G0>#gN9WiT! za8FmaPwzZJ8>^sDpC2+ZM9PMzR<~vzya77P^=ScQnd8jHgX55x}fyj>@ipY-Y2r|Ib30| zBq{ta>y1YfvuUY#$@Fmh6oAj%*8T2%OMi=tQV7WuPp!YaI`yQO zQ*7G6@fSV1hWxWy2CL4K?xQ}GhFW6mSse@R7)L3o&lc0y{LftzTrQXhP##`w0`EcY z$M|;1E)I(=t_%E}YKXwD5-0Tnpt|n7cy;Ds zNFv0BaNsL{-EHp>kvrPWpqqECrAymR5%b>98o>sd1iG{>a;wS*({fwo<{g6vmE9bD zHg=R2P9vD(Aol5b6Wl1JH(;nn!(o-7|XBw{kPV&pF1e>;Jd#bC>{L%{R;Rs{cf*QXCC0?mt6G5Z1IZAxs=?)9Zw@h~_9EI#to=nom#Z&7ZGE zAQEkbwlg!aY8^ODdudJ)Q~OZiu!rHUof;-0jHbp%<23;*&>4PEvEsoFD0e~$Mbv&I z>O%|1yI6~vTZKpNK}#R9gaAo>46Nom68^h86QZxBm-hbU1t1zfwpM+kzvC5j%21xK zV_k?pLdhDx>~$vABM+w$BH#BaJ2Sj6jbAR4D@%UkP~^OZZ9VJv3=g;PoQ7(m#7oP+ z)#Z*IjX(rm2v5`#pnn|m^_p__i8E$JhyblvRfBj$h+x@*7r z69zMVdpR5`p6w~o6`BZ}#s>s<%<=X>Phb(o@S`_jV9CytCzQ5vunwDse7i+c7X($VjJ(GNO{q|Xg z6IL|tzzR4gCFPa8NP^X#hpuvIHE8F-prS?}7T< zr3Cyj-1he;?sE#a-*&zNcuJ(IRDS1%jtfu8yog`OmmhSoLzF`3dw5fmgNiTlr0wm$ zWh>Zk#7<05tKEZ8*k-8?usYqxGDyzUF>G(& zeP@FcwGtf{=kwv)1kT=p`iN6iNyjd7_B6pGF)X&#!zn-d)|-(r(_&e2Z)5bW!}PMY zi2gD-xsDxsy6s#khl?zA>oy7tYc4yac&w|&=11ap&N&D6=qI~#({wK#-W@LqhzVJ% z7Im7Udr>an=r)ntMx%6S;;$t+eF0gL;;DrN>d2DBmZr*E0XM!yD#gjv2bc)Cex{^C zUzSAponlk);*|Erpihkw>`mr|S`Vzq=BzM!^S25| zB(_XX?%h#)_HZ>pChojCw+0q;96>@GG)h1I#j`A)%2=cF@gN$q?}pXb-Lur}JsovqZf7}!&^L+lpp{GN zT_Y0Ga^`~^j$g{XYKw|lOPwPmjQzkTHT&=v)UCD@Q+=8+8Mk&uQ3nO4$!~!P%vict z1+UAeK1VTQmn`nkrYWd2*Y+pKaz!?c6cq+IjeAuV%ZzBJeHhb=(8V52R(x2(xzCF` zk#2r{&~+sggW^iBH@*!z^X*RA&6)gdiVaay}o z=SMeTX|$Ug*4LWB7T~28%BhpO#N@ktx8yqqUIL|*%6d9;(w0sOlKZ!i z2c*Q%UNxl58GcC@2{4+lOpSI{Ri+(r{Nu@Cu#`DxhdGm?P@3Q(~Vwr$@?lFhz z6%xm_fdx#YSQczS!KJPFD!MhYUiCc}rX}|`(Me}&v%WEtmT)e(EIHwNHb+WV_GV*3 z-2+7Dg-zlyy;X+YWz}T+R#UNyH`Lp)Gs8L`;3P9HNg&yZEFHmE&2c2#Y&CyaIO(3G zx|>&w(~g{4k$hqBSDb2g8j(kzG_JXS0*O=aD|LR(29j<3xc>SqKE`S+=`4x6aZ~s? zjd7-V37=1^A054^+_e*>hJh{{MSaz@E*fuw2%ZA}?Y&;~yBnPOX5)fIwv1JIatSDl zw|1ISzr84xPH4AMqczFnqk}S?`wHm}g}JOv8zCIxL7b*?D@T~KSN%BZen-9?q>qk| z-f3)FO8e(6Pn0_%I@GB8mulNrxRgpYrd|Zdi7FijoQWNjWW^`<9D zspe7Cx9u~x((EY2EDQ|Sg*LBYPE%{+A!f>XzLO!Z&r>*b^O~FUy{Br{0v}ox?azO4 zhyOTt^Fv2iUW3*z0lDz=1rN|7fkk1`J|{a)ZL4W?)_l0uEL@iRTwA+8RCpYc&Bb_< z9l1qlz?Hif4ea;97Na3HC3C0>fpCx+vMFNSTdz)WyKSWBU!7b~!`54bjL9&%wVP(k z|MK>(*Y`}WB4gZhNuaWC6!9sl5-s28O%~h!2%VCWavn_7+-=RfZqt>%6vTYdQ)T%} z;=c|J*LZiS=l^# zlUDkbCDH!SoQ2#@75gYUV+98r3I~LD=hppPnyB=#|d(vZVlU2jd<2_|JH6M98_&e_KO^oVg+!c(9 zF<_~5WI-wo5FJGxV>N^Gq`n;>f=3%5tT|{5R_Vt!yp>r_ypyU}*m=&2^AM<`@HX#g zT6`m=sj7}8eWlYUL+9;7Ns@F~L1L+f+!&mUJ;$P-wtmUx#B+X-u#S1!I$0qenTZC0 zP1sH_e(~t_wBy{BcgmC=ljpT9l&+*lKor{|CkBnfk~il|hEk-5C-~*UT>)_o57UjL zaNN;#nKRnL>s=h8kvJ#nkeXAw_Uho1ee-YVktl!=3$d+-t(Rj=OSG4kOXNmmJkQ#T>u;tLmbtyTKVI-&wC(|`~CXe;FTQXvI(Wv?-U=pbce2x1~n?u3h%CFDM{LS zX1CNRIxNA)zJ80*b@9SAFciMqLngL(z@%hq10QgAh*qri5}CN*oFKMuTivma*dr8J zu*U_~o4Y$B4PuR5ai38lP(Egn)7X&!V4tkRtGkWC=ODdlO;+8>lIQ`5w%uhfd5JI1B&QR4l&y=@t@5q4jj1^{W1X_j^&PDVj zETN=t@ZR=Nb35ixuR(SsOYqrH0yJnF< zraf8pVPCUfmwB53;E8m-lr;+2D1+R|1_%m`aXO=8LWI2^a)HMfx1M*F|EYgvLQBA9I0R~~fS=*H$Z!9qb_ z(x`_((hx^{+=$EtGF9w~2Jc;@pM=P5{!+HkTi4 zG&iP=WkXL_+V1z6los6!nOYE``>XR5GAn6T8IoMdwRim$W8ca6xNXv#Q;nK}P5y&+ zI(^ES3>uFjy(_J6q65U1O>eKBFPFi7yIeX58@4OtDaD+ZHsf@r5)!Jul5paCpXeo! zDA}T`4AX)M$YIy$9-V}1At)Q4911(lcGTvR!_DnX1#>P7pG)%#GNRF|v)va3uUiQW z=2-|K5>d>Z!F&`4ikO0_&%UdFzOza{%VXmpdcBTU0i}IW`t6Cq-|6n@sy`cxgqMQ! z!lO+jSM$1buR#-t+Q3gwO6CNOgA@gQHo{iIfvdLzn)5af%<@WW4JVpbt^lr{R9m$F zIXg{_tRcO9XW84XlQe7-8s!Xl)K=}EDV@mgRX<#BJ02VInZD)Ph~+BiZJU4zJRRjF z9H^@vo=Vs8+w{aFkXx@69N+r=T53OafMPo>yMZH+DN+mrn@LUj`~uneu248~Ja$IA zn^|Hs_Ims1D{?8-#d)jo^v~Sr%5;T~+A7 zY^7_KCyEYIt6@uSW06sGSk=~?S{WJr8@Sd)fa|-ybW8k_K!|?VlSU=odx44kF5%Ky z!t=@~wBCeImGRXAZr}5+#@*RAY}b2o58SI|rpn0M#`-h^4&0DrK-Uv{$zz+NeZYt} zof5TNz`r?P=QE$*XG@v`-@HV>(d`(X*dXv2J=w{}=H4>6pzwq=)!rTb-8xOP9FQou zXJps;T?zvQ6OCT9WjY)RuRkb891Ft;8#tj)B)wSqgH%(~rBkHA{I2mKiv(H1#d{spT^wE;&9y^6s@(qaANM) zyldtVQj9)T`!&9ZANlR64#RA+^NkB z=vWoXVc|qu=?tFuv;y)`aHZwetq?}nL5CNM(Y2VSJQP$j1b#o zr4Nn9#WdtFrj$a6;}f`UxKv9c1n7?TqgN3RMhs5Dr&n63I7E3!&2Ugzbguoud9yGX zYAcksXtF|H$0-yAGM_z(%>EOJ>I40?-E3BMgLu`Na@eJSW~;R)>FZe3U{`;g`n zzLzjEv->?zDdokOO(+ta0tFY1l2Y^)S9TT>>) zu^mauj4LyGjMR(r+n>nC-`@`3f$gstTUMLqRnTo56_J*2?jkT#D*Rc8r$#N7AQH+N z<_I*Gd|69^3Dt9V!dJU)z89E(l?1a#^mGmH#&PX0Hp?wCj3OfmS>*cG-n|XF1JFz| zhC6UOEIkPjQ!g~pJ2_5#jkqKi(fvJ1=t%M)(tdG!ka6bNs}ka!9d;yx9D6bF*q7Uw z#X0u6eM*ksRN~&y{1S-SMlIFK^dGS*>ileIfMD2!$u+^N9t2mu7ZqH^7H4%FHj5C+ zB9Z$rWtuKMb;Jfc)dhu9losiBJ+E93Q)(QC9$jvwh!Bd1N+}4>fBBw6qT6;YQ5Uq? z%%JkFM{{BkLe@Wx@$~CP(fcm0J!S??Fr{amig0@l91HG~deKxttl^{tkSYfx02pfjSP7pcNjy01xcWV}$%0pT4h+l<*h18qq}>_%ma@~I}KQU{rvH!y~5lF$vrtB zP%d$^UWjBHMO2@VcGFR_1<(mKi>hbyV`lKSYL1;OXMQAd zE1*iz_MDJe8uMZT%v%01?T}eEbmRa}+^>zKqG1ApAFdGnFw##dEetvq1X#YZ@$aUH zfwcJywq7%ZLOq;&U_Y%Zo)tz{E3)q&Fb z4&jW1^=mGt+C+A<63T+!IzYIrL7?heI61Q}A6Z_^c$fGuAm%2r%O5j}Yolg^Iqpqb zK$YDIlG(x=-w@qYg8%hwW^*}Bp8Z~@&p{veHS6XFsfiagU=?@TSI$!MA{ z*=L@m7x@unz;eaW@a8{4PnhIpjo)*cw+ue)s3FH!5^R|!oGc&I%oh^m!Hxe4%5s&y&7N>ky>76JltmhG(%T4G8VylcPa1cQB z8q+m*oR)!~Kob-)s4f@pEOUZDzLM%o-owF>6b(6Sl?$)u-=1?L!enoHS*;HoS}8t#?n(8| zXii0Ugtl^=yMA#gZqUqiYAi^mL>CZZJGM=o5!`I*>R`utx7GVuqsr);RhfL7u+<1a zt%nv<^P=Hg?r8qvb@WWjDrs%VpH6sBfNy}dW zBjyWE5XJP;{(k!CZ~QZs+*Ef@)NQlP2?rEJaSgn)$ZzpvHty_N5B%JqV9SJAi`=5*C;3I` zVAQyRO85@KG9jQ@+{1}cZ6Uj+D>5Z>+C$In;&;sM$SeL{EP!!zuwqEX7=%-b2vj`Fr05CgY?#+ zn&!zByVsLHE4DQB_B3}au&|uFGIBd-GTwKqOumlds{GGc%<$f!DnrSb-=d%0)Y-aj z`cNJ!crrN9&ER}nXX-(eZ6CT$hAkaLne|ygI=Ox;2!Z@K8zv+)j1&yhad2X>qI)9t z%Mz+P4tjKOuN76#MG|@UCYNr16zYE(WY8FU;*%bGwwrUtBy8(rkzy>R<$xqIFWkwF ziB!0N&e2AV2RcNlHg2o4>Sr&l%+jk`_%qV{AewM1^0=#^AUm>xxMtYN%hNnVv}?Y=(>|akzVu@xvv{RkamQ} z3N)h9*zKg4@`_u+e>nxbBSPY$2U5~!4kK|9(_tfvs{q`5uDp}h9MA6^dns(RSZew}xj%~ZeAdWcNnDY1TK+HZlon8nJYqGnU$ z0X=soKc#)#z4_?yFNa>MCbp=ZOGl7(GZG;ai?-^ ze*iyacZYc3Fv&!)vQ=$Zjgbyd$Zf+B)+>#(-8mQQJ5%B{iQ-CF)ENJP z^n+YaltAU&cTlF%U$XSk$Nw@QYs2l+9`r~%;*gwUn^VZJ;8{Uoc& zyyxnyGzBSd=ewO}(&+WqPUF}4z3aCM?O<6IGM4X{(eZu2+@{%kWO19gre;UAAKG|lX(N=+COsuJ-L2>}w-F7!qeBB4-Iv8b^ z0|7hf5aTr$HpO~+>ps;fQ3VB~k>}DTV87Scqit@Q8SUq`O(@gU{dJN}6H4sLN(*tq z2!ocCnyO$1r1rxD_`&^W7g40?C#HDMx-l*M%6d_v*$DFTbL8eu`n`D;Cb`)+9Xm1* zqH$zkXg$1G2J3cN7u=6-*U&|I9y(fl-|X}Xl%NVOl+m22ovz*mcJN84#^(ag)U7(n z0o#I-6QmO?w%4b>3{3~+xgNt%j_xFp-GL6M?}46qgA|PoTdyRO>4OF$a%I@8xa4t! z0SNmI*m|yR`PBLBxfz@++2iZ=ZlVXdn^Yv#E*rbG`mgjF#H&=ZE=ynb^q&l zgStq8uJc33{dW_2M4>=2shBfmW0!Tkouib(wLW%tl<~=REe0HUmdSv)er4FiVCMqh zJr=PpJca$AB@F!-#EVz2B&KcKD>9ZEcNhWHgE^8$qM~H%U%_g`o&at1buH$^8SjKS@ zt{aPYX<3-bJfzkKtI<}(rM9y`_-+@ZJGV8YNAw&;H_L^m7LHnav1OQ18Scti3RrZy z00Vtln)B+{BBUDk1TFt18?)uHu)dgkHQBTv_J8&IE?0U?LkZ&+pot}vXR-AvTKZMk zuP*vI9Ee5@vME?EzBdNOXF_ff5|}rA4IOdP$AZ>oxn}QD6RD>0a|}lenjLmljBOip zR{YR;Hjpi&-*tsMki>JZo*r$WI*qji8MHA-6zxa1AWYD?kn5n*vMv2fRyawgddC{N zz0X^7X!`Ulusqh)_oj-Gc*2|XV>|hN6pg>isNpMmhcDOk6ASiH1&kRTiq&%ot=Rl~ zqiA{2AUqrqYWQ-9mX3$liYn)Xxg4b07}>;H5EG1}n|CzrVbg^E1VA{tQ*#+2M&n4pWF^EGJLTHIh5 zAnqV!kzQoXaw?50!K$Ih76P=K?nf`yu>0KQr z8n9iFmidZtPYZw1wFfq0?n>usjx2LD1AM)Py<<{xH5wAJ5@>)_qt=?UnfOH$%sSTuCZ&k{p@y%X>XMiD5A@u_Ypb`6@W57WWe17f(s&zfZl8NGK_0{cakandQBbAh8DO7BnHa!bs-*xBRjqgbOVORWWS<+OT zGdgQV+;>rL%LL>_L&jqEArpJbW~3aTI11(cL;m=hZk_#;*|31I2;u(D{01w~kNVe19E2 zDFpe3fWomhS|p8<7Rk5df#T-hH#$>{N9zKFl*QK`-XRad1mHQdej*?QQf~Kya~WF* zVEf0{xCwGPt4hWGB~$~8kX_dctT-Mw*t zIKI$old1uiG|(ohNN@+)Wk_79@N{?Kzog2#^9Jg$aLp^h_d%yp%`tD&=41}#C1x|LqeCLMZ|^iZnN~GGQ3qX7DOBf#!=_lwIJK5F zu)v}K9nIekHpX0{q}F1zZx1|JnSpt+(ZB%ES{c=0hhiDVS1h@7VvaULqv14hc+Os) zbj>-%x{zpz=9Bcrz9q-Cg=e8<@>?&Kkm%d=(8U||NvuOR2AJuKed;fX)gWJYZwF|@HphO7k z@AqD|sCy@;M9BeC#px1vA)BEdr9n3#oZ6JSR;N4{)R(?}y{o$K46-ydhPUN-sJ^~! z5!Fo8N5+)(iLIF@ulomzgExPA)=)=QK(wzV&1T|wBZn&>w}-IpQ?dEpx)z+F#&Bo% zALb)Unj|PE^PW&dN~Q$K#IiGZ5hvuS5(9U@Kbz&u2T&G}{Zly=Z;-s5SILQ!G5*HjoaIcu<~ zpnrj_Bn&E4$Q#7{^;&k29o=%b|GZsOCV)Gw%^VZkvpJa5-9?$`kQlk;<_z~xubOOJ zNFUVh&MPqNv=clpK7b3xtDFz@&p`OVxB2eYDF=*BD!)>^&ifjr5>sy-YJ|@#T{V9z zA4J_7X*1&8kx?@PtZ$s?{20CqO+7^_`NHlmdM^)AW5iQS_o*l#Y77nQ&QHal#?YVC z3>kt$#BNVq7w!EVDOEdh?rP25GoJ%4g+!0Iu6N63X;s&e1X0Buab|QHyN~Jk8W6)h zRE^~|wFePUDV!CBz2Q@0%^k}Z#CRCeIKh2Ddxxa+iMq)HLaOR;y|yeM1x~PK5@5&}C<~`S~5mX-!p&{DcMyEu-SM zHdfnyoDES4_ZxZlK~d{IfW)2iOC;>kXUT6dV)_<;kvTUM^psv!`Fu7_Yz(t@EQl&# zqy*~S`wOdYqIJ}8@mdAe^PQP)+v_1}si2tkO*9iTLrgCWFDsx}RrWP+vaNNDqJo3n zLM!B~-VirYT-}bz&t()ynbT2iZ>~o{aM2cX`lHY5NYi1FIie4k6F4mYQsTL-kFZ7M zIzg3FpX+AZyksc-Y=22X$(=lpUJH-2`+!*9e?ou(DD<=I;?Fg7$;-F=tL{4SewCrP zq?PFV5UCFN8Kh`eA>E@`5zw?Nk;f8zR!O;Y?{OLD-Ny`ySI*7U9aaY=pdadL=mDPj ze(4|<0UqiJ{!q{tjK=go_*{EDSl}fq`5>s+jrjF5-@8C1X4c zatDxl7Tt2+ErPs0jL!G6T3k<_#l*UPM?lA~N)BwQWqSsa zfnF!|eHDQK&uYvVR~ZC6*)}ups^@K8+7mm&gY3qTuGvTiPa62_$(Evg+c;wM+yuHd zC)e^sKYR|j^#F6qZ$8C*#x(shDip9Flr?=*ey_ZL6 zr?J!e>PVPVc2G~LS$*vJ=&V+!7PGZj9S|)zE{>^{sV%9Yi0R8uObf7bUp8kn{_gxk zF-$F%LYWIn$g?=7Hx|;KrmlXE5$)PdBFoggqJ;gP*s%vm^=EUn4#v|eiTyZMi$s3g zG7+$Z0#_2#hiN}$Y|?B}F-O;YS>=8XW?C8~?zxqjy`@Yyr*iCWkxPd;iGY5bUTw#h zK|Jbhp;q#AYWi0tPx@|p{>jA&ftlsI3E!8Kgs`K=mj+XpLsd(ES&CXZ2&}PNh(1uH zeeboYKRZpC#JC&5x!1u%H;px?8s*U`en=m(6;CnXwzI_EY#8p{pRX_%!PfI>ICtbr zPos#P1b<|7f_w2uMxt_BIj&1mt%v{qgXeXcJ${9yp!KH2M?3Gda^Rg?-%XUk{j3~N z4jlEOxUGzV@NZ%(O%{+ckM&&LAFJfw6XaiKib}nL&A`Q4IIm7l?aah}Yc{IoB;8J^ z@0E1LhtK&JJ)Qj7;*>Ns>Hg$y!!_SkR>ecZe+9>{k5EdOD`*j(md_W8@860AUS30aKbJ)7iO$YQLsh^+EvnanNnC|D&=XZ~>uE$m;5 z=>v1e4obvU^}d_c=7q7oBD?QUo?zzTxsecM)2#?i?piXF<;4C|Caa0W^oADnb zP^}o2zsUsnkq`MMRhtu~_FxBP-Jfmc6Mezl!sjsyCA`Q!QbkwuQe_R9;SXg9cBb|M ztP<@|HTF2xdD<+&`O~Pf0n1WMlc;_$q?u}c<|U5!Hv5aJHMn2cMu`Ct2(6(pZY&TE@glSoLbb2#kiFr0$Ta> zBZm`wNm1nF2Vpdb5Yz_N<-Kv1WO(d!!Y#%$4>}2hhv;j9#pai)(`UiDIE3&Ai^F5X zf4u=*g@fSMdzj*R?lBOaa6fpL7J2fvRhnk@7%7p%pOs&b6B}efcv8fdwBF(*2ELjT zIkKo%Qe4D9%5qnU;MS{aQF!R@L1Ox;ju-{;hw>;l20=}x*wo7G8}PYRy?y%tSa?eP zS=XcwMPxbPu{jCmszoR%hEuSx2#bR~g^w8Kl`X;acH+8GMte$jM<=Tsr;7{h3Hr>HTr|ymEwF{4-~K z2+pTI949NKY zbVj5I#^OC;fd`g$+8l*3qajS7jN&>w!bC$1V#o4cf+zgn9(jHQ5Yu34IadtUPjisO zk95RZ_0DZ#c;Vx>2@|$dDkKQJmx+of2-eJh=FI<=#Q&DWf2(z1ZvAgbKof=kof7{$ zCH@^3{BKG8Z%O=r95_|Q=f4p;jZ8VIgU6oEv@|w>p4~Xs>Gx$Ra|>l=!BPi@K9YkF zem+~TY_?_Zf`4}ff(`)BK0)-88FWCf_s?JdwV!)3lV=+3#NRc#sX2r6w~%n}i@5?3 z&bdQu;Iz&JN!(Lt7Ett%mjNQ2GvQD*>PZ^#31Z?-hy%6M#tb3Oyu^3V(&3-K{wvVr zy6~uR!<)5MR*)V7+2kXNicDPQTE^${<1D6$E+S1)qKGYfpC6(dFt#585Bvk36od{h zi47G8AsJgG#A%;1KCzsJ+Ylm8`4G=T|2JR`A{Y(G`g$4~NkJrdFm~gj|cGLrS*Z+>v@{#LTb=u}% z89Wwb#kEE>e(t`O=W$;oWTN_GPOp|qfy7fxLxc#bGL8sZ2%INm5omMH%MfQmfM&UO z{Qrh$-<1%a%9xj|HH-m5@u@79&nJ#CnKvHbxQ_&6f1>>#;Ew`%$%jXTX#Y%V!+Y&x z>V*C@`CDYqnr^`lNC5a;RpUMM==tx5rzSjn6?48|Y4CXnm+$y< z`HXbk)5nnz9{QJ%AP?y|LTClytD+@)nV1PlR#(*iPhff4)PWG=yEwfoUxn;cDS-6~ zjQ@Qt7=IYrZ_xSxx_&rXtNJ0`fewRX0Q4Ssq#8PQ6H;mDMU>y+alnuPen75ILwKkE ze)7|qgzhWU)LD5N(&3g?Ei@NLU-!JZuY`QLFJO0wT;6`|`8{OXA&&iv$U~laMacG} zd*tLGCnS7cqQ8a&CPfY>pxS*4r?xk% zDRUT`%|b(jBIFBcdxw}-kRRasC4_hS_jy2giD%vfSR?aw+V`tfh8Di%XV1yBqu$yw zhrs0t?_NNVI`MJ|l z?V$%B#zO}N+lx?SML`#F;HW zw3P7nzGG<>O3tRGwOad4I6nVzFl91aKIPBlb#=;^08BYR7#PAsf_@wMj7jz|>CahYR7}^GncSwpbSj!b{&B-IXdH6l0|hJOG|+wJI`q@&OQ9u$eCN0{ zA)~5H;i~t3)%%Sc^*|l^j)~sJ^DYlnw~!V5m}Rnr~DA|z?V)DKB;hCNHDAqn5BXqhyNNLSRTgg zh{Q1`?C6wy0A#nT>J%zRAiFg>5ON8!vA#c;#007XY3_B8kI?JrILb(thd7ncVo7WF zsMPNZ@B>`mf$)CFTm1XU4;&;#AOL-Ra;+#Muli1Ew<}luzoeZVzs&)cpZ;@sH8tL2 z&^t;B86;xlA*IlSPg=i zLtk#g2{Hzj$^c-96{LK90k?WiXa;mYlSAJ2!Xp7>WO}D14_qaK9}paXl<-df{p82g zkq$Scq`tp;xGpN>=TG_uqHkN(USfX$mwzbpC*3S|zHtdzlSm7l4dfx;+#-BZB`elM z7;TuP-}T@G_^%;><iuL zKbP<5Aias0A|r`%CGwE}Ki=j&g^9o?`wFA`#z%y+QY>*;Ayh){U$>t=Lvx;B?-+p` zFU%_8w+9}=bP`fUzYFJsZvx)wu<76Vr?=Etk6aH-Cuzdr*z#@bYYr@;Ey8qN>tLFP z#ZD^=#>q{_gCIBg4a#Rusz72|aIU!q>O04JUf0DW$ruCU=4g%O0dR+G0`Y_P^$8|M zB7_JBuNIr3VW2AuG_3MEh}`pHqusZr;2)F87sNS^kfgs$8oOV6gBJa8>Fo1=w$o|m z)ANjZRNcz%%allGgdA{#ZF+a%Rui)?S1W2UGD9(vzh2v8_hjNWXwvDgK^<|T-KmB@ zjopC#{*F{ZY2+B!9+@2|i#o?|`fh3vhl}vo+cc;iia6I0@;`X! zNH_>qg`$WzAMY+V@_zRs!G}X-NiTVhhvDA#;DRC|b44o6NJ9pPlapeNLHic;fQVqB zq4Tt*)rsL~N3coJQ*cgAHwONS2UEnlYXy60{Y@5?EExH^$CWu65I9(bzGp%}F4{jw zSlbtY8UP=E!8UOr;!)Mh>o*wSL;NPdYC=!uSd8GGLia(@i0|cVD3Tz?laI84O8b7{ z)%o+_+Zye*9!FF)hWM6v)w@fHoR_z`28A2H;j0`IbA!rResFn|s>tXJg2I3!UiILn z9QtoHz?`hUa6 zGqT4)LiPwnGD0MgGLJ1}ugJ;>*?VX22pOS}J<1-DkZiK|&fcT{bL#v3U%%h)dtI)& z&gVKlo%4Q;=Xvh?e(vXs*@WYDB%Ky4W}5ejG{}oT!`uW5ckieo%tg}FO3Ps`+sFBw z;DZ={y#a`pBxp&311w@X9bucVep(lkC|6(>BV90f;gi^b znH<#Mx|4cOaEkyp8{|Hkjkk+pRTYHz8IYnY*~(~!J1{=PrvBnY|NZ>=?^i)mt4=FM zve*@IxrfVteduX|xku-kZexZbAxnss>+vmznL+QOU}6&|QzLeX34JT)$7?Vh3{m_R z?wbw21ut|Hdh~$57$(KX<`_*JO+ZOuXD6Q8*22&ZA&#~}xYbeX)iJmmuc612sOS2W zg-}aIfg=}8x*ojNkz0)p%)1+YHzp@#>tE>c$;SM?ANeuF3`jkP$FFIH9r9S62MrOd z8sRq)N=7eA@N1ycugCpx;+3Jzq5J!IbzXqo^$i|Rj+RXcdL6aU%g$6-Y${99J{4A6 zL$T<5AmFjQ@dYHYywD})u~JJ;Y;o?U`rs8P`~_01O6^!R2ddQR@2!WjAnACFvX6oG zmwk%TYD9;B?;F%glO=1OKkfo@D)!knLJ;#BYJyga((XGgNCZCxTswqw)-CHzY}6qd z%x@_a!-cx-%>lrC=OJCAKtd0}o)#5O?$!Ky+yz_k7lii?E2q!I?WCnd;17T@$aoxz z1GfA!zv;mED&P(8Gg&KP=ybnVw%z7uTy%XKDWL`%O{Nd2`7gT@yM@_&p7oeQcK{gq zC^0qCih7tKvIrEt;GdJ>NRF7BN`EfSyMgni!qMNvZJwXUM7dDsZO)*+^e5GXl;ner zv6Me&OAk!j!l+D}{c#t;koDB>4LH_++XIvN`5^Ak{!IIRTT?0iWgaJIM+&<@vLwS) zj&x95)rW{^&(4Fmsd;a?m)X9Mj(8;=IQ+XyZ>AD5d#Cn*KsGAJdo?sW*(bq4qo&34 znF_jGcdR(%{ICdlf7P|KnnBhj|IE@&4`vzaVI+(E0XP3zZ)rMsSU}jJlHJTzaVP^C zQIkX;5OHbg5PlPe0EGCPM~HvC*>UD|@B>4^V%B4>=yEo$bnK*Z)MPeuo;Uix}%R2Zrqb}i6Vm>dEC>wQR^sXRzlCR#K#8ex=FI%XZL_;hSD*5)_D+Mfq zV4k{*rp~LAJu6XadJ{1Z)!trd|2h2iIxhS^{IF1+~qzXWx%nAFs7_#IilxGSH7iX6UVz z^*BX02Tbr0?;m}8U^&G3w8ZHBXAaRTj%!1M<4!faFBd6FO}nr0oiaz3$9#|HNEy>% z^fAD+?P=^>n`x1XqbNwR`N1G$KYnxJdwe|lWjxHW37%Aedv{I^DbO`D9!{fVo-$3o zmkWDm)sqOC)=&1=2yJ{DI^OVkb$oqI!2$uym-zJY>#Ol9?`35wtw!A=2qXRS)eCv& z>=(XYhaSTq3wn@#@cA#5wApdVUYs2hDq1`aUy?KD1Cp+!^yQL5%iIJVxcyTPmcZ{Z z1>lkM?%plbskRlbXaSRtPLOf2Jo!i+exUKQ`Zu~tfhLbks&GaB3q!Ih_hb8(PhQ3e zxkg_@OW_hn^P-)W;nJ^nckQ>sH5^R1rTy&Bg-6?zr%bwN-K}J|^Q?aP#AU|4XT4&G-UDjdCIcWO~Y-FKkuFT8W zarc*!S=JOJ18Bd5F#hgOF%#0_!$@D;HRyuoc>0<5(;r{afvp)EyxPydFhp+I{3@5( z_kzCS%rr*m&B}k*y%bu{-~ zA8p{JGHNiKL^Wl_a*>AHSUFZ}plTMm`2q5#MY|aL>v1Op z4wJBnsXH{VwKL^sb;;J3fX%hinYx-q>?xVdZ<%v4nK56HM%KVLeSERpo3#Ud1vpso zjaQd?(iP9?iWdjhzJxDZkDnH!RWEJV5Nr^%H`OQ!qHT~dYNVa5RuQMs6R;o%G1-w3 zfm&g+mhbXzg>ob&N}|)TOji(Hx30#f7P|cgQ<^~>^T-`Xo;#Z1+jt13v^Qo<@FnX? zx0LWm);iby1IDROx?{nltUYP>rR3Z5Z)ckKvj!d&22T=Hw@Q5yoTQ}TRxEA>TLFR5 zfDW1c3>?KjwtXq0t96G|vKE>VAR@bU<)x>>TxZN~l4mXZf zaru~^!%82XXzQ9caamFQNoZto8}zEqGzYYmkKhlewV!AnTo(;)X&cH@Zb6=aWa`<^ zcY(`$c0huxAsgsQPl`^IN45>|+?1BdEUjI^jFB1kjr;EbF~HTic~4qs%Ske$e$FSPSnp6vB3jFcD)=l1}^{qafu zcMRe?5yRL{%t(cR93g=^SyK8apWD z4hA&RVCKJv$606MWjJb`&`G9uGi(_|kj!WhRg0O#QZ^<{rTn;E`mz-XBBQmt1i&AL zHru2lX3^;#`KeTvn9KQl<)rmUg1M}aOPJY5(qZ0_PUJV^62VOuM|Az+h~3eaVZ3^! z6;(^Wl6J-K1A5e9B+NM=Zr{qrifmDD3cD)4ER4g7Y-@LSAE*i(_@MeB@{8Ani!1|a zaUk^gNxD=$eyf{Au&KHwjlZdR@i3YxU`~F;st12YYNgL^GCrE<_H!tIE6l>HprC^r zPK`P|F{zoPT0=6zy_56u_g_W&`U~4fb%&BE+gm$B4PFlx0y@LartoTa4NvTyX?H0Y z$^)WkR8!Xs_LCqBDt^t!P}~&cW%;w&WPFLb|LWHrL+V`Z%yN_q(k|c zOS6n3LAh2qMcXe_v2Fdh_1%gj9+)lvH2j|Rj-R-;x~c!&69$YD{1e1hOuHC53;ZCS zVy>Svdp$Jvc;dAEF*b?JFK|m+6@PfIUO{fpi#sdaaVXHBdA?PII`un(&<^59ta8@m z>sL3NKN+jDIX{+sumfI&p@~vbBWvpI+KK9hJExnG(M?!dAMw_c`8}P4IaZ9 z`_E2wXR8AFN4~ag-K~GQ#ASJPn+-`6M`4ZL;IY0jzSQ_<|6}{Pn2^H`kk)Vmv zAGrr-E_TT=`sA_w-Is2#D|+s4)tVD0RXT1?YNkI&Hidq;zmcJw)z&r;Ews@q^CdNk z*h}H^yLJ<{n_>8pmon9yueP_(`d-Gr*<_Y{$GmHTVF)#ZB>99gTESO^udD^{@BVam za#MnnEzzhgD;Y^=?5PuwSM7HAJ7;)Wtl1>^*2&(=8nbAi*%v(Wo9xP*{wa|C#CNC6 zVR;V}YPTcqiM+Gu=R!)dw7y3iiP>Ii+ME3<=N=I$aunq;tXnZy-sN>>r*id{7K=0M ziZ>c7B4qVar0>?9f`DwqJAvmv#pKgLrraL?)9~>3gm8^T{t-LvizYoUNV*eP<>^$u zhJ}P|lgJ*WG#UIJcfnFc#=G-RW4Oa~8giTQqNEpe7+C8~H<1dV#v@;;@?PDV^fADh zoq}`>w-!BulILLr{ez59|1VP1H}z_(KlV7bm9J15WIrAlfd*sI?|!^a-b;_1l?Koz z%X{k)wsp=C+G9(oabT{izoES1*z|Rs+F9t7OA&~~ee{i;BgeVQ)wI0oULAcRYLknh z&&W4kxbL$e!7V&$r~0^s7~cc4eJc&WNcm&IZr<6$m|zEDOYsDHM9rQ zK;%FhFYbYZ%Yu~jVudVimqoeS*K_G)pZZLX>V)KYcS*x<9#U}n&8oYrm<`(C7e#!X za~RuqYiqlGEKmL{p(Ez{>*TL9(AP5fG;aEM)T~B&vexAZ%_Kz_-Thx?Sa{Apb#oD< zk`0U1tL;|f)xFR0?aoVO<8NL&j}o@<+6!Q?t;A=R*iQ<(ATs^Z=T}l{*24wOe3_#f zrNpz%VK}LAyX82abfDqP5038 z+zsQ5;n8q|$A-sLHYuyI7>1`RTUDi8KuKDF6?qx?Yg8 zYI{*IV60LPZ%_LX=QZVK%%3l3g@~rbG@&&x^C+E+luX43ISix{9q%lt9%3gkj%+@# z94$_}-g!&%nD-?3=YGlC1XPr0^|tGk@ot`9E*Q@Hd=oD=E9a&QBdjMDT9G5WdCTZJ zR9@1Jv~Uz3k|C?JzU!ctJ4)nltz}h&AA4RQ=H5yp;vB5VTYD^Kl1SQgk@0OR=)mAv z7Pk;3W6nJi%}T2`sPrNpvquKzmqjEJ8eM?e5jR0S<5_JO5lQ*zZ)<_A(G4_z;-f~( zh6ctYZ(DT6C~hi0Zj{AwJn9Q_ZA1RTLcPU_gef5@w^IbPdYhi%JT$dU5 zOEi~)Ufpq)DZ|QlzOs#=Y2?Tt+R_=yA6|1+EqHjzT})Ejzp?dNTllG1!K?{ei8ueB z3cVmirPm)cS}9!glwAZ->%Q2{NMU5GWE@Eb}D4avf^+PjM$`ToYjw=sLQ)FST^6rctd zLCLQ7%;y_*|2<1azsX2BQi$D9^|Bgl(ljPxPvd^t1W|n)6dEJj}`S3i(!E|YKybaHkP@Mh|c5o-P;EQa*LDDiugCQc? z-!(-(7JRN_!es=r+;{QLbu5dAU*$E=gKO1?H*9-6y{{h8_g$<1bKz!uHU4f-4`h{s zW10N=Dg|Skf`XfD3<5#RB$pse`mc15>Bd{wa zS|-knERcXA89F-LR^=;b!2T}-?Wj9!?Po?E4?~9k=kR!xpB|!s{?1$)p9pKqOJ3i) z&9yyk3@0={SI2MB%t3(q=-Pbb)v9}F9C!t1#Iey^d2i5>lGnsmjCe*^-zeeW#KEn= z6*%4#O3HP-%?W_C`jjoq$ywJhb8E+{Ho38=JoC!fZ_j|$UuI)VDN*qnB5rf4L0^iB zu0mV3!s5wb<@tpK3+85|NT2MBhI1z$wml`^;Yoe}=0F$bluH2}(YjvB`mUkBGV4QK zd|0M$pzEzE^#!_pblEk6BStFj-4pZ^lPpB6TNicW7<&Jq8QE7^jqwJ;sRcjW;GQYL zLemS}=E0&Tz^K~`YR@2~7WmfWhfNqMxHKR&7e-~1Q1Gk9pPo+Qo#eQ1+*6=ou|i7|3DN7p8QyB@3?Ud8Qc00h5%Jh1VDenb8DmZXSs zueZ0=@}k797!q&M2pWimMG8vaLWRp|cPBe65%h=17wLMmX*k3*ci)BLkcc6>yq%l% z%g2(Ed~$+>^C{|NVp*x0_X`)V=g6n16MC~h-62}I(S4JYkMG>(+1Jo`$ZXaar`awMzX1l_q?8Z_6Wx4DA z>Z-Gke@BRiKpThc70KyWmuuG_#^v81IjKQ9KM2eDeAhH$5=|2q4*(zGA^((aO!wjU$@i1=Fn$SaoOH_tWus;;Y`!!;{q5P z3|vBY=8@E0o3`ODIIs7grr1nItTzZkRdRB4k$@nV=<+C64PxevDxGg zU2GG+-ttWN@#Tr=g>%eg9Nv^m!4?zi?#I-zq*;t=R;ppA~te_l_c_-O-`lEoOOHzS>4}B6njlKOKs(*trq0aIjRZ>(qBx6 z?80R2IOq{?yT|ea`!;`jWIA`>aMB72!K^0rzT}^VaEGt?3*lF}oAPr0Th;v5Op8kG z(MBH(Z)-SS$Nd|&Mn*S$uCg*)LmC#yR%)*Kgi$poEHLO39j|HEsqcqQ$7Q&r42137 zyq7VK8Rn06dt$$viUk{{=FpsC!ZSjkqZROvr1NhX;4u2$uRXEQPz6&Ce*5_+XjtD3 zQcbBd2en^xSWQhJW-iiu9GfrZgb-Y4ll2UELm4n0aa-h0bIY|fD&dj)a<{cB$F~eF z!WAOeB6!Hc;svK@e)HK%;m5|#Qr?Z!eQO8Si_%$=goTfl_HmVkS{HC&W+!iYxF}UP zA@Xa%E~E8Gafa+&0!Dm)EaxC|VuZNyC8FBJ_#3KP3=d1Ng4GOCAgCFHtFLXCdnPWQ`T~TgRD=_sjgt`Zxq@)+Nf?z#X9g8lh5ZJ&)Iv4K1PhqJ+O3?XgbJ7bTMj z>~1{D5!S@ckWb=nO3HYatDwSH4YZ--Vx^vt<7zoi@OijMY^lTNTuZ%C!KJctvAOGAb z^62n)(VGaIE@|VhqTdF8v2HZa`?l451p}bTFK*InZ~#b1X-p%Yqe^jy{l{K2H!NOX z2rrVycqjhn0K6aSw!97pfZ$)2#S+MW2rn6YT1nq^JK21rq6agjD7{Nk`XV{>+d+lHM29_$L(0eRGppD@577BkTY zXPPdMfx-HhLyS<_=9L212iZ`bNV)LkYga`u`g@77UDjQ7V+OR&H*y(~E%{P<-Ho#5 zelcEbQ#aSu0I3_nH_>rpw+-p~AGBc9#Yzbe;C?TZU@$D5z~?^jxgT^%3ftMyuieD0 z*z;W_UaZ&23L6X&ed%`aZcKq`<=wsOs#sl2mm(Xt#0oLe$cD^=Nr)qz)terJ!*E#S zneILpFJxrKZQkUIPMrz2!puYS-;52BBQ>m3`?UYF^Xm%lZ@12UzxSqsz$x#u*#7k~2!?<4(N?l~rsW9?yRLvD@cUO2Hl)^}^Uc>mEO zkFEkeg46JLyJqMb_Zm@a&Q_NNc~$10<6o8&m>!gvr)BtQF*7`)H%71($vM>3Km$k> zKbX!v>gk?4ck;SSl=^%jpLk zQuAulkciz!*K4=iaCO30H%X_?mEXKKGhp)8{CiaPLJ)lK5hoPu%$2LP%3H1V$bGEq zdcYTnWh1t}^r zgHe04hOkNWOgxIfu#|t=7+++(Ib|LkuLyf*h)rpi-G_)>gd^lgrE$>mfA*Toj)}Er zqYheA?+fDf=6S&5^FE|iG*UW|J1sW{REy)%3b(o-1G`-hCzM5r&DJ?(4>p6L=5FeND!wpL z?d#ThiquA_?aagDgR$eq-&=wDRWEd3j(ssoWu@EJLg7)3+wehvRL@&!jn46_OV7AZ zv$iMJx!9dTz5lkm%l8f1R;^!E>&S@aAh9j!qFSDk-mh|V}*6#$3fHE?q5SF$Xjs3L^rhmKwCP1XSQUX$zwu+{-D@ z`K$tDj^)c5h142MK0Qr8T}p6xB&50Dcd*j0QK#|qR2cW3;@hK^Bp(=`EPl<8xHoMb z&BMUifACz&&DE$%;`5X(7Xcn*@_9Xty8sm6Pf9VsC{L9L;DLs=i=OvpT6kAc&6r)@ z6ag!kER_kI*p1Ck#mt@>^PP#q%NUDFe#?os^AQ_`z zf)4V=Zx}^3_*Xd_KN>@9V6+cVdV)Q&IaEl$U(&M05+u$ftYc}&i%AKzaBnU}{&IU5 z!EU@^%jDkLn_HT_mV+O!Q#$w+19|vH#3l6e>n8(-lGiw@=}-69ZYLRvVgF0ylbq}V z8^m!jun4&C(`r9P|DuDdYxLbwY_!nlv~W{#Cfl#(>e<5tibHvFUT8)d1mF8J9=~2xsdII#FsBH9 zXcC6jJj87=;O6TiCp`Vi0aC{SPA*}tq`Y3>jCwP_^4jQ)b1EzFu^V0*vMh2G42Zwm z5X=2E5npcakcdu%B}KqG4#EpwL`Dm=xHE@e;~z+o`9iSoS@vgA%n*W(`3?1gq?^NW zH&ma2Ov{wYZ?NV~Zz(A<$;#`{{}rG0m?-0W+4xeL>z;pxZX)R*kKy@tOQGEAT>d?= zulO#aW^MY3A@9i?vn0VVJf}0J?*T3VjLSpBlW>?d;Bk3tT%^)_bhP)0UkUvoLE|pCQ=y9C)47#WUKo2HOrbql2au2mbxYYw4Xs| zg*o}bHvo!^tO5`e+{t0rozq;0Db!-RDaJ;HsyqgN$q#kg+eN_sN*pZz+p^^obd7q=m6{lj5?g{Iw@55B z`wQuNH)d4`(!8roEQ|3iL$BPhaz=WpKl^-@E|$mnvY#dcyV$q58?ie&&na*i0V?G{ z7QNc~M4X{4i(Mntutq>^gvd5nxnhtzGpd0d>@p)yh>n-tl&}^Bk}CdpY}UWZg=KGT zWa2!sFtk^p!Duh5qV;N?Cl;mLoOAgET7b4LobAVw2xPj*F&j}~t^07EvV;qoKZAG> z0NWiPy~+Y)W}j&DrIuKrv~!LhVjhHG+;zJX4yxB&&bE)z;vSqklrk=ln$Y#%wBTj_ z{O}(;F$76_7Vr=892!)5FB*7@aQPlNpo9>W4{Er#h%mO+XHdqqrnw>fSu?k&F!B)V z=eZVxA7vrmdXjv8lp#Vrh?cpRK9OPtP$O;nM72B4o6|#j10s7#8vk|#12dd{=boQs zW{UBFUOy|}d3`Wb@?NsQ`MGh+$++eBZ{3i6j9PI{R!@i zIo)@~EY^P@@~kK2uuvfZ3J=-tWd3gJI&_lH`=0qv%L0!lnUlCjMSu2* zQi`V=11;-r8dFkV1L;OGP=0!5@qvWYZEK0M!Ubs!WE{v!H#GspG=Gj4YkVU&CPKsQ zXsTQ`tg|czZ?>K9+ty}|U@vA`-?1D*E&%*V$0Zr%%?#NSZ3#E84i4P+T>MS;D51?| zG*1NnhM%Si_Y%)vs+1IG>loxLEaj>R(QxD6MEhlRC~)sXK*tfK|4Q#nA*S!Val5BR zntO$m$%JGf{VUU+w2e8Er%O#cpl=e$Y2#$6n$jCj$}B6-mP`DRTrkukpX7eL^XxiK z>%KNd4)a$>HWthiB?qA9j6=Jsx>~d@`G& zZMk}hnUUnDe!kjl@^<7RnqE~<(7dnJ>Sb{qjBpC?X+-3+36yQ!C`Pwik9_b+phpK# zzZSW-f0lewZ#b0?z0pO4E#YHb7RwIvHse_(XfMIKg_P8>r)hyinydVVX7Rgnn<<6+ zbIMouNIW5tjx=arJ^m9eh?OsTdB^lyRMQsgi2SXR@Jr$(BHC#Wy!5PdWnv}&;*3{e zIwipZ`P1u^f8N#>c)&c%z@>!^;n$IQ9bxl$|3oI5WPe2_u^VL_V)G$O*+i5KcRbH9 z>prC2Th|Dacw5j#c<6wNR1d7!Jf zml}5QW3MZd1r=M`xrXNSI4%e4PpO0*k~*mTcD7O;z3wU@Hl02JhM`L&PipVJBT%-L z#J?nfHK9lwuE}3OX@y{}wW!_DD-Fcc+j_Ml$e@WvD+4W-h^dM^samssMm0nGsrqww zQxWs=>S$8)EZUXI!pKy$PJ?}_Wf8#WQf@H4;t*)t9$&1eB6Qa9gn7CiSfPz+3U7}} zgo4T6esS`6@}h2E{fPr!EXE*1zcfPxfT?zz)mH-{+7PwK8b-qbB1L-Bw>~^&NHF+0 z4(A6jx3Ej;#O|VxG-IFH$u#!=2TUbpoy%GSUhYgmHImrI*(=*`e~xID@vin~`+!J| zXQ>*uw@dKpr@=2GD{FukRXN8^;stm%qTXWxAzT6EtS|fJnSw@p9_< zji4r=q0EZye!q{wpGFOH;JEu4q5=)jGBIeUg{Yp1Ygt(pL~b?7SiL)}NstTXfqk&a ztn_^FWBj&AHJOLd@N*WFLcCwwbfEas7J?X(P#-0NffpGIQGc7<0 z(QLpLdPF?eHhM>e)jfLo%Zae+d)a59#Evux%Ysg;1InQkw_iwR-8LboTf-b+ZjA$( znhHiJSn+<0#XN7n#{W_7quPfjQ$`bC(!;5!E_nM(RH|Okx=j0Ecij!n?qw^*ev3`# zxLIHGX*+GMw6(RB@;vo!)6MT;o_ssvjrhbr4!lKiu`DIt;@b3m@e1F1(P#8?kX}hU352)x;q{3Yl**;vyVrrb6 zK4SOVucP4gzX?b3+E<=NCXo9PQuAL)k)b06fo1TZUkTLwzxIPk?8<6K@M&fBx}*c& zbQCa3MXbl%dqu~eLV(4n`FXfVUlCP5^W6*RV8#0sB_;;-33h8sYaHt(iO8V6-WF^% zWjqS5w|$TQ74{5Gm`CDa0wPV}LHA;SrRV?0(ywCuc+Kp?&it39XA9t_@|_1f>ZF{> zIjke`cF}gmtsus@n+2GUw~R9VV%r}&3;V+#r6J+x{F6a?bvAOwCu0_EcdCW`Q@E+< z^QPQiR-ZxQ@g>*-*M~d@`$rN_mSSxR;b{=lT9DIeT=vo3kjPR6w0-}RKA&b2d0#m} z%&jJ3y^jj%qFJI54=J4iD^BTO`XUslN{5Q2)Mx7l?-XeNG@Bsp2ziR0?1dP^MqA<; z?I5Gs(ZmqB)J#@Sgb0L zNfOFUWo`F8?!zjT&8=JyTJ$v-+$D<}Q7Gy2PHBS9+cjxb~qnC_;vA;an4bN}JzbASW_L z&2Pc-YU0V*wL+{NkAqPMKB5N0ZEf`+(3$M>WZE6W1cnY^`g{)#_bRd?F)tJ*eb@kE zcUm9GC`;}ny&lS8xC7Ta<|Y~XWw!@MFv&Phiq8DmZ{MkNDAJzH8uIOUaR4u+-fUuJ zYf_id zO=*7$>~Ct&<|eXJn>xIC;8lMt%C2U(6LVcIPSDl^S?8bUHo|QK_~SIp7|lNnRYxl| zHP%)Cq%&GvcB|{DW0a&}X*^OwA#bhP!TRx+p1oYCtTJkUXs&g0 z>DiOAYVR7;8htL*uEG`VYLti~x=dIkG;~7{@-nLib=?=7``AjBZ&MskgC4++F7^>r zpe^tfhcD)&eudSNR|kvvQqi-yHV+2G^LODedB>8U(7yP5JiFhtrfPKByb2o#qi+qS z-CA#WjIq?a4Pc9rPQvTt_x=s0tj3q=8-aDETM(zx`^9jjHv?22i$SO2ev?0Yzwc_> zJ0pkK8ef`$RHF37#EG-7C31$ampJFN&GjzkxFDr%mIR1f32o{(_Hw4KV}17iyg%m_ z%StS>@yjkVcVp}oWpjX#{n?QnAN{1Uk(RB<>xQFQxzTE#AN^UnNnx=d5I$JaWr*xJ zc{sCe1wu&Cw4!J%W#!NI3uNwY>ivt}YM?$tdxJ(zYVkEWr6O8g z?o{e=oDf0z69Y6H6`#krkv#7(qnOl~_oY!`TVUX5_Awc6VCidNJX&3LTlkTxjT`Bx zHB|8QGT%K-3@lqCvC-cXZpfmq(p7k|CE-*IpebHr<_c_|Lx~%~>X`*bPs?zR`4Oob z^3HN|U|}U#Pkb3%5)t-_W_lbZpd$ysRAE-kGxLV2w+g=EMlQRH%6cii4PRC#gep|k z)9;=Mv~JIIT-#{8X4_zBN|A47mHHd_4XM|8Yw)pe+#Yh(=j2I|1X0AmCS(39J?B?# z>l(t1H9G(`7Glw9o~|sv&a6YR>x8a9H*TpJ^8P5Zonhi<#`z?J4HAwfG`+%J0q&H@ z3hU`ZVk=Qok}u%N&d>W&=5L|Qf{22Q3vHX5=RK~{KtdmX<8CaJFxUTE!jvwRpn^HW zTim}T%-t%*1ke>WCjR$)lul@Gf)*NqbOchV@M+x-hn1bMZIY@yQk+|mF?Q(zGGd(E zbr19%)5bia*VZmIk%<0WF`yW$G~Z219#YF?Gr_fa>xWIeJvtbkOZuw#@$goUF2W;M0DKc6xgoT2er?5khQ?;FcK3{r?$_tSK=3 z8ocx2xm&eY;iNRi#v1G2G|j1nkH^KpMltQIAMsgF8QnPeC*ujuu^Mw}MVCc7dESd);wP0-r+G;b%GiY|{Rr6=x3vddmIN~H>2x@E5{0>kyGWMuAq+_3 zJCMmTW%6Ebk=G8WraLF$jHWN6G`QyIY+;HLbf9=1G0ZKuRnWw)zM@FG=j_zfVxbZM z_jK$>f*EHTk=^a}wyA~AKa_qfHYCA*+uCE@W%R?CxA097K1x)l(^X-P`Z(&!Rd=yZ zFqf$tU%tpgYj1MdN})dIecS%~46mW^XQGhZtp94zyUnW>_a17u^88G1I>p*E`)Q;2 zZ5=uy<|@8NuK7+=V+?H*;W(zL4d-qy@R?ok)@JK(;6K!)krktzt0MbF;K`iT&EhB~ zWJrNfsvr2^hhG!>1wNukIbrdixyab>bOuVyzpE_CYY#4Fwd@vLRMKGM+|bA7gr-bL zD!f}*;LHA3e%i{fd^HKSO#oEB2vOgVD;DS?w}4o{B>4+=ZbxTn6itd&q}g+er^t+pKTf5RK9_aWLP75fIw`8x7ks0Tp2p9R87w6pAHteXn=}j&OR(C+S z+O+{*^=gn=TfIoUr7bDH5fbTrRA+oY;mwV|*e9F986%|9O7wF3GwH4$%XV5ZdZdIK znfvmKoSvWy(^6Pb0djVDDOTtutIOgWu0^4(8LVf;iZHC(o_hz0?E}p=9e|U*uWjD{ zJ<%EOffGQ3(i76+X)K~xy#M);7Dh*r;tuo9*|uzAhW6FNQSF^l$|>#Cmu{zHW`_Oi za#0@gb`b)tRfnW^4>lfaOrhO&BfOMR_)Dxfk+RklMgar-u>jbt?a|As9};gqk;S!V z)X^(5m9I6IoOwbu8BYRgSUDnkQ7gJErHqHD#)5ba8s~3ME3H27U}p1;Y=E2)c<39L_qNq%QRTbutZKFgl37UU*?CH(en?K1E=Kgii#k$zmpR24pfl=nX3HHoQqm|z_cJ4_Bar{NW8!>JnP3O-Ar@Yp6dpj0 zEyYbk*KloBPy9Kcw=-jt3n{_P*&2qZ1#0U&nA`q#jCWf?yi zC&x;EZsJ>^m$IL9gs$66)~b{kJ*M{wyw0H^)2NEcAbWDWP&jV9!}mz3O0dnlVG z;*u>Je{b;004`edlAl{sYo+zrfWx->57;1>PM!7MMI!(80??-vb@vA?R~Pcrll+86 z<{TnFthyOy&9&hon;1prPd(6;cEs#m>9I8}?$r^o{p6!sG;pS^a$}!g=0am{`}0F7 z!i-s$4v=@b=4il2oUbHQEC?c|kAZ(w7EqG8)J{4ylBG|&HSs}OIO4spI^XQ7f6%J< zNE-QTS87%OwFgtLG|vN+9vecMIW3&n-lFzR z8rz>4(5j_U>ud)VEd;6rxQYhC{Hm|frS2|tnzbEk+c6{C>W@75jN6tSJPYmef`moRMQhmM1l(PYcAu`Tef|8sa)Y^`yf zH&S;i-glP0XMr47HAb|DHtv#s4%XvV0(d{kqee^G@2w-Yr|ouXyVg|`tfM+GNoP0aZ49=OpZ(~(HkhNn!Fi#e@H9jxN!T$&@qY{9)sp35yPEEA0D)T z4x4(Raj7Jo8UgEJJGQ-Zr6r;}bpLKi|d0iDPr!e*3e^fHr@ z7n6f=yuath49su^e;^vO_l(@$=Kv zAK^}Tb{qO$snM?~{v?2>b)dOd{KWDpN3N2NkA1ucI1OuNfhUtn!iW%|L_tjSc&Z@r}=MsTQ zCLNY{tBGwP0=2qPNYrhI3?n>bOSA6J2?wTkvLq1R8hTv_h&$fePyALRKM~}Ej`Kaz zq`{`>2qy7yyl6UfkqQWjUDdZ=M2(Epl>(+N8~h3ycH|=ICawe9z&JC#+f--3bltxr zmeqp^LMqSN9 zl4eMTZGQgv&hYi3?nJl~>qV-`O)*KCE%3|a4DC>F68rCSLlUu^WN{y_%3uA+eGI)6 zydqw09t9$92X7ns))zVx=O!u;Yz=2SaxrX*Y0lGMFpF!QSN~&F9@eFzB zncK7QVzhJ+#^#b;SAZ_UFFb|rFVpu7sNF?dN8cF~#DG0FH8lq!eNCzSxw6kI4XEbi zT9uOuI&57EaU11Ul6Z_w{#;=60dE6t`)*xKjroVwcJz50KwRX%A=(-rnmO8@<8|Gm zyp9MA0+o$^zl=r5(nSav8-Ze}*)!O|r9gnHBEtxv@@qIhNU1%XeC|kdiX;s7XIp}v z5!G}2acxKkcD7|dIfcFR`b(x^KH+#R3qkWeK%nMjS>@)trT=+?|HsqJ3`RxVN6LfS zD!!<47>9v1m(!;;_?JrMyvRKiFy6}cFT_+oFyzfs2i2cer4jsI1@G4Vme(o}A8}2Y)!9btXi^1%Gno zajs#b@>IPC&HXBngdu?sDLimnh)+aCszn}n3o99$r`3xw4L}Pk&RZ_=zC8`3eo?&1 z<#yQi9p!vGd(Yvyjk6jT`EAAQM?X5iBj>gGW8ME&1C!BStuAg*npp5}t4 z5CHR3XH#`P+si`%#diep|EHd**9(@co+n4QL{mGl7s8 zO~q&W9d7sem%oP!wdLN+l6%Zni=+3-UJ{t?77WVov>aSDY|*wSZFhXI%(^qGYcu|j& z?;vt|4{gXhBgTca#NiI}64fx|D%Yk?aPQ#s4hi z-#nbek^CF}j+}S1NyGCb1kv9cBxt7$6)9N^uK#D#gGQM+8}RQtb`Kw&f!)H9Gm9fL zGLYRA)dXnLp>jQphxqwZR4aG)eleda}>Wg8gETAqS|=#d^95;OtvLov7s$v6LSbdNGF}0 ztkuO;H$WRf+h@zK_lTGnE~G^L!6l^wWD12t%-et40BJ+^J9z;=ctimd=dbl;i{9F6 z|L@Ac1q=m))8{6a;pOwxTb22?F z$6_~RptCi|%7sTaOT~Q9LF3ETzA|#Y5jOw}V)m=N#{?4U#Tx*zFzJ4A;Hd)kyccNz z3l4`*$1wyD(S(#2Uph7yoYoGK&wwHfoc>KG;XM4)M$`>Go%r`PMpuCL65OV$F`P6Glj z^eF#QqJOO+{wW~gL?O0*oxaZda92-S302cWPI*IyfhV&vj#IGbFGQ#CpM0eX+WrPU zFvCud>CI|qxAB=y5q7+}GFewM4inYzUU3`l^u6yiIanVx9TdCkccTmNV@?Qi@vzOQ zX2R%KjRCa?{x}aB3`@ zp{n#M&g4$T%=B%nb=frm1&*&cc1utL)mAbPXhpSQ8u{u^Aly-L7x72;U?2M8vH^tr zKE+Y6c^-1Yq)O+5bs^brA0i2hilGT#IR&yu4Wm7PwNiT6TAN}^uRgyx7_&hs!gF#x zyU-D2WOH--`t&Jsq{U>K4W53;RN*J141025I$_bnRO7S}1G0~zSw;aa&0>RE5#iZ> zMYjA4ykF*Uw>p&1^%ZiD+L_6*Ug|kYS>%dcWrFKOwetyk4G&hQ74{B z21I(1$EYM~OqDPVrNQ}s$^}F;s<32Y;s^;)KtQcP<{y4fmjgY7q(V2JcSi*E_UVNG z95mR#D1{AN_BTNI#1q{zMpyfr5k&09p}PPpM|CFN&aXvKKD=X^jyK_{mv7b#R}Oxy z#j5eNSdYkV`4tXzB(3V76n@JDXia%&^YQ&vR{dIMW$pmsh=5Br$wDGI29ng7$*+~Ocda^6>@U} z{DBf+zX&f%%$J+@4~P{&bt(<+9A}FX4?)2M^pienXuQ=(v2yC#Ob~qnL{dx4}u;3rWz~zUw3K%DJpeS?|OrdicoSsvpaF9)j>r4 z_Zsx!7Gaf0A}IL{l^Y>(`x0^pu9tWyW-za?YG1xLQi6Qb*Y`>H-v7teS4LIYcHK&d zphyUaNO!j)B`qN!p)}G+r=*lLNGc&Hh!TQyO9|2qiYVPBUD9>djn8w=`QG;%gC8=~ zeeZqkb*-3duDP~vJez~Hph3i)z8y#O)4A__A&;O&WW;(b-LyIA;4&pu=4setV}?zU zD+9A`yvR6HA%RO=M*c7UUxu(}dV4lDawXwN(?Q7M8Sf+yq-!JPHZh?DqPqg?Fr0y1 z@blB(WJ6YLgtpYR^hgXv&mPo0Xn|)P3)#q}j-{BE^MJ*FIR=8brP~jRsfU?2N)e*m zoC+m{5s54nH9AZUGr^K~efNR2fr5gi*ZkzI&-BFzaUE*vxSW@6Y1MguF#+kZtDal0 zaW_MW7*d4YRX-{u(f|WVIrIBTrPxAvz^!vG&9$W%Q#j%fTOgU04t*bMaCiRC>i{K( z*jKA{&eRV*ZdcbZl@nGX37%%)ohQOsZ3sGf0c-!?oZvdDWr8~Om8M&GKYvFvKa>Xc zMsPUEcI_J)-B#D%-}GR_G=qNsoRZbSj`J?QH68QX9 zM50|EM7^g%-|j=)r+yWrseLKOK&RC~4zfH0*#2{#onVu38@YY$Tp9VCa+6;L(m;!! zOH=U^O>YdOSB*dT8ZUyM5>@@_dH8l<|X` zLQAAw-AN=&dwvrRa;AqyvTB7rJ~IpyPgxw`_zrkuT(g(FP;&Pe*juWpQVxs#pJFB+ z=lW-InP2wLJPuS6O=g2a{S^RH_Y3q2jygY16R;?>Oy)un)`_G;H6m%f<}U{&9GTZ>D+SH@kTs$LHh#~iioKp&0wh2 ze&NLu#ekAqSkai$+?XegBOv z6k^j+pS=oY;XCb35#{84(naW&(7N5L-v%k>Gw)IFqt(-5u6O8!D1(6zT(g|r3<^x# zjP{7XEr?B^O~ESV>uxK%#0VwGfFTqhybd6eZogJ+W|T?@_xh-mV*5<4Cx$U&6%9H+*dpR`lCwI0!bpY$z!Bn2?f7SfY9Ku&tTv7eA3`i6?mW#Z&a zMo6=L-Tpmk1_cplJirckiBoWg%?GenHwK(#Ti_L9#WnS)b{CaRW-IPK4^chW($gja+HB{i%3Wm;?0*CSvaozO>$xeBxo)f&!yOP>*VL zTl$`Af%ZVUVdGH-^chhuIqkEX-(Wm1I}LRs*luD)KbOJ$_TZtKZ#pS`1}e2P1Y1tSaSY_VqQ~+S`uF=rqY+0cxG~$8E{! zG@qzVj^$WgvGD?l26qUBYPF2-+;pMTSvc%Nz`z7dR}k^++Z5(^+laOvE>!`Lo*DjK zN}}gKV`>Nn^*rtZ#>Eeun~+b-4;7nc*o-jdwr~ETMqeBM61?^6agI8>1*ksN2#1J~ zt^j#X`)|!;K9!&(6GWrX(na_q(}x2JVQyhQ;@dTJqAZELX1{`8WYeEFXw-;$!+>`j zB6}VY@Q3WR%>SzrK~X}i{fd%Wek*5ugGtn#=k|5S0E{%83~P$Ozh1`&>OK!Q-zdyH z(2%()2E7)`gjW3e$Y&)4vF*Z$%G~g@#4Rc+g8Wa-kh(ATM-ruwi-J2z|55sbNtn}EkC4uBUg&%P$X^{3pxYkLj8RUODAAWqiEy!C79j#Za8V?X}uZk4| zs0SU8Tw^GGj#aRd{|MMsukyJcE@u8=cuj}5gHDAVz-WSb_)n4dv}PV^?M_@#HbOW1 zV4F6e(-@0n%0iWYg`q(_Vf16SvFZnjizO`o@@qc>T+IPWgkhBtM1y@W_S_flZ%>Zu z0xq7$U{zlD@Heery>fj+^?KwhC^d6x4ES8Fl>*btF|obBpd2sTw7M>>EQIu-r7;b%%!&meyOKMY@%its!Ox=cDBVGaI9 z#^vOm*CGL}W!N+R8nJ&HiqQS2AT{K<`4ybHDS(!dHXw!}tu^jpS1NWR7wzM9yYH!$ zOL@4_nH8!|}xt+MXQKx!VtgiAEn_-4(lUKPf@T z)wCOKDb$h}x9!m=b|3~n`6%Q*rw?4tu6K7^yS9Ooc|TduH4&ugP*{DD_?fFUk(C94 zm2z7PxTmAYoK6>To`*95FjLLbR$HcyW1In9G6kh!3I+TWo6d;WkRqRt3 z_nquqKhNCuQVky*Ya5l=TSY*w+2j5fQgjewC(Wh&S{Vvs<+b_k^3HDb%Pni7q z&Al`puu%d2gib!5ZK-&2$`eQ!*GP|YhSz}m8Ox+XlP*91FFwA#;A7_2cuK98+#s|I ztorvgv@j*!R(ci^EMr>g4 zvgty#b2a+wg-odaNnNt@xHqywhOeSUP=)JPI%W(5%Re7N-i$#o;T^y);?{rWd@hcH z9ox^N?l|}`ezhj}ts!N3-msu8i`24(@8~!6r1M+yySLj}&*vxpr}y&x%^1z9+0F;L0-JniD7jh|jgW*y%cHRwG1Rox%@fne2nd;`NgR$F(Fw;Ir$k^Ix z9{QCk3TiWLql){ewdj9VE+bCsJ?<2r^+fGs2F1fB>tOKuJW?Gb=q~s71gJuS-=DUS z+F?J_gj4RK^Ch8|z{=Au;?>fe)TMhau0BS@)YV9^)45lx*OI(W2G7 z^@jZKz7(LTq9R8o9kD8t_X^eXv{7VeY$s|ZffGy%@@sd#kT#+{DKct~W&8>LSC!9p z)SO}jB!(IQLyzSr@q=}Lo9r?GpoH`E#{;4D5?io4YUh0@K6y>rs1O>_xG)qSN1_EO zpV-Z&Sg_n;E=c(RM>$Q(TOAb+MSWZbs&=~wmoGg~iM`ahj~S!#5-H=L92R#k`>dV| zv+X!~+c4l_TKa5Z;2?~UIrSZut8B3z-<`TQ#OC?-7|(dE3@-p)N9gd2hanM(s!VajT4 zO0s>&Xv}~4elY*FLgf6n7hQ)t0usifS&pW@itSojViUEO_y!a z!JXj-rB7VujPgzDkBXx9lh5Bol2KreDU{iYigchT1>v1R?A3O+=!s{4dzbVx1f7PE z3pM#O?*f10mZR~}ar^cLx8W-oP_-Xy6NguwDN+3i2=?@VWdM)QmJ8})7ly-0cv(gw z>Cv!sSy7>PSdhf;AOU`i6R;m*H>D@CHzB8ZXpkg(=e@+N#D77fogkN#a z`#R)rE~bIGHpHGM?g@N~*Tepob5uYAsi7XfMk+$gQPFRH>E#RhTP`O>f8dpBk*q!a z>Rz6YEs{*6Wv;0L8z?knsgBQMbg+JoNhmz%_#9Z@9pJkG^NRlgDuEW11X4ve z1PXP&Jch331Me1LNg5b`iN|ysjf2-(`8)Sc;i4FQ5pa3Thv!eihcM9$zuKP%p4D$` zH|_zz@$vlgHU9Hy|MOV}*O2UNyP@*h4l;Xo$P&47B|VG1csVKq&Upi=)j=lG?&RtD zaU6rvov$C3kB$E(ywH@)d3*6#n_gZDaIPri=*sKL>)rnI`+=_ullVLb;TYA5oJBZ0 zTfFlmAlZ^yF7t1%T~w{RHBkI8Zz@bnMq~Fwv*FX9ManY3e*HYCNS~+Yg)*Y0xW)*Aap;nb8`^7bwwI6QRZ_j|DR9$ ze;@Jh9}T)ZH{htWK7S-&fattMlreQ7ULgKi=rVPx4Ppe%nj-Tp@ogq-aa};%>elz#-l^2N`i@=G#-@nSVs+*uEbg+cbBhJ*j^P6lvkOVwr;@LAa@(FbbAYTwoCBZ6$Iy&Zf}=% zj%SjcTSCRJueZU{f!>CskZU%vbN}5(r9zyZL4-#zxT5h-%ON$YFNSG~hc%J+FZz!w z`hj=j9J=83YJ-=IjKk0vcKZx`EQioZ6*}(Tz1U#rc zDE`ue%gEPr@g9Xg7?kcmX28K7HHUl!u76$8KW{k%#u?xP4BV_hcxP*WUD20_Vo&7m z{l^c|u*!8WZW7_qJ^|HO)n zxgs*;%X;uPR{Zmp9nL?%j5gW;a-oyYV@1VhmH5BY&;PUXf-CEHdyO1S-y<`hcI!S| z*fvY!5Agnv|0+L>DoGmLLaxLh5IDu^1M=kTA$C)RV<8|$umdzw;33xMPqg{_N&oZ2 z@LbNL`U=bQi}(59L5!r@6#UFcoFF80$42buuT{HMlnTcqU)CrvjK%7u{&~wV2!`N+ zx>m@|1Up1-63!l9#}*R3{^JMnsf8_HBq6-6_d84JG2gSn*Ro-Q_y3&oub(@zzzjdn z@kr0vgoU@UY!Nac_g~Lu`|cc}i8zlDe?RH}JTBxwBax>BJib^c2Bgh~Srf@lG{%c4 zFNRb%r ztt^JzmU*1Qd>P8SaAHcPQ~<@H{Sq&x)gWR66nbRxW5?Qk=ch(PZ4H}&Ir{NWP8$z% zvc$LOsfoyGN6<>0CK@*Mq?pRQ?{O(xazSJz!WAG+!6cE)q~! zuGKuc7UFh(diWC|?kIGV)aSn-e61Q-IsoFSb*xkUA^0Gmj)JFSVYmg_V~~+X;nCjm zh4iswvR)E>U0C09^ByA3_h9R|ulox|y*cavArqZ}+5o!iiT0ODg7=s`pN0th(I~bYI@0^K=-2Wy*L_B0g*<$!%Ry% zQq@lHU`VyVa9S*&;!8|V-A|9*6K^dNghoW%p2=msGv*X?3lMS3U%7@6@sP83Ed8|d zoc6PUg6rOk>+ILqbTl)4PHqRZv(hQO6P7S^)YMS(yA0Dvjo-@|f1}3OXWDy~(@o87 zD$`BAMvip0e_kqe`vR(RnOgAw0=3&^aJTCpx(K@=^<|6*X=Ywt0=W}bT9n^Nl`8iRuZ zH5%X+$*qr(vO?4S@{5y>xHFh~{lcOT6-|b8#L~P7l6Dt+fI@2=sa?(YjgPurHG8vP2?oM>ZyY=Dm`$%!mKAw!+^7= zl5uzEky$0oJ^U0rWe4dz7=*I0J<>ry(Bk%gnQwsdFLGK*HTfK^dP+ur(SCd>;1~Ay zdtXzy5>LME?~q0I#_wmCU}MqUMZ%8kGe2RY3IwdxwF;V3MQ5@!mIRj`!tmGQ$UI!0 zD+50OdBZt>xo5Z87#XZ!KX*ClHY&o1UvmU5(r$ToOaCU`t8tLg+=5d-AYx!NBb_ax zef<@XpSh+`0_hO}Rw385SQyB=%?ELNC$ zW_vlNvFwRv{wxC$z}mZGT5&1C;|D7}E~LYOgL(SA0ZENR{wC~hO?+zClVA+~CL|a2 zBYvS)qoZ!f$_J@)V%7r_g6TCd%7JJYF>$rw`xr&ZZ4?0Cb6p=0RT6<^5ZFGjF&-B5 z@E`HJ!SxK~1W%%?>$mF^>DmdH6kLLVXycj`y}Xd(6W=THmIKh`7)0v?bk42T5dMZd z3@xLhPJ-SJ$-7vq1dC@E-HnVeF2@73@e@I@}+{t=V?gpV?|^60|-M^L1yZ zF@VUngNEcR^lV>o8%r~*re_HIX1HxmJN{6- zb8&b~;VpP6_-tX&(2;gmKw4t@Fbg+L!`blIb!?959S<(qN7jwCYVQ*aaAs=bj6lYJ z<~(-s^6YB}19HG|LyPx>hPmG}5x0%^lU{nj^?l^!dpFYbYSskMMzXVn)@y$Jkv*A- z%K3R}E~JrvobvM2r{l^K;N9d^ALSzYoA$OZmt(WKz4L*4J+`4gHeEF9nhTs zdDRhQ5{O>kFx&zU9lkuCwiW@s3sx0aBv3sEgnBg_QJ7B#n#t#EkE;}QXo1R0J>E%Q zJdBArNA1jdPw8QxKz(n-<}*=@j%{W0yD;x#nv@Pja7DqJECXD4_(&Bjmh@j!?p^Az6^Ortzwgx z;J|L$d{M3$JHd*nzlf?Bz@nBd3;5*pYFG%lkPC~8xqji5U(b&y7WrFKeBM3s7yP#C zINL_;I<7U8nLjyoeUGpK;(oYUGf8`jXr0QXj7MZEmo$eZvuub40<1tYB0*4OtqyJp zGw%GShZA(b0U!3hT(+v7kd(0NGuJ^>@)+93vi3b}TDB^CxJy*g$pR20avvYXs4U3* ze0qIFWe=8_+*+zl`d(YyQq6%~3dfVx|5vQ8O(B?g52SmtSHb10+->Y?qGG*-Ll%wn zK#%5OfJJ$CxC-J$ru^$)c$BUCHp>W(mVah9bF=TTGzQd4@53Z0J*d0J0%K4M*CzjL zeQ; z!sOqSAIRLs$6+U0%g&P*uD=a>yMf3En7lK#N1@Kp&Cy148A1NLy!PIM{H1B&Dic>_ zL}gSsH+CrjW`>BPH}nTmA!h2&BKcmS9@u+)hiJdiV9A7BS$C3v9nqk5=8@pw)6XEa zvZT4u1ZzhgQ$~&MZa3DZi26JzqfO!zkd!!ltFDt%U?nva zBm4C#61MCc1Kd;n!B2fxiBj<(+7}PPIf5zh{@d3%$c8)nvo1DXfeaP8X6FL7GA6vH zNL8Tv9Guh2Or}`L3^V+C4FuqTyX~tOTn*`XIxM4H`DVQvfJMoovN7g5!47dNW^aNr zN2Grw2ggVaQy7$sIct3@jJ9T(?|(I$z#ZXtf#z(|EA-S*Xi%_j#y!LcDSPKO?a=HyrcV>dhOoW;|lxwq7b|s*a`6f#If)>$@Ms>FaMyC z^uP$=6mnkrO^X_2|H)&If@PVtpe8p!p3>`P_U;01*TlJju^i1L{CMVS&aO zpDQIlS4-JO_h@^uAD^K0;9C|3?go=seAB?_Jm}di>HY9C>s*ZeN@zo|V}OhGNyrNu z(;lc*hJ}?ZZ3COnLQyUtTR2dK$rnnock~+FJ$9;wDFmI&IWz7*CMp&rAECJ9JA=e? zluaU!SHnRD8$c>oYtWPWdMfD@y3t0PhwZSMY&mv{>o=jB7T-W!C=)$Nx}%IH^c(< zu66W*xlZ%#sbLDw4e=cX2@(ff8Zpd6&`j)ls;S{uR?<}Nv(Zp;x%YbJg@Q&P|AjK1 zN{=HXJr|qWw8xTyE4P=(jXbP27=du>yuX3Z!WvKy5-G)N^RDE6KMWg#m{kMFtIVI7`uOsey`* zh>D+Z&`#p_S}zahx@iF`+#9+(-z0Hw`sbBr^Ii4|yelR=29ru|5>GL$&y|<3MeHV; zN6Uv%$VpZz!#q&@bP-|kmK)}HXYN6_Fn59WrovYX-8xGHoaq=^y3#s}vNF)`QafQ3 zzO;%my>Vu?Er+TLj0XcUlx+8Gsir7#}-aJ*T(Kvmz41KcGZ>$ zZFliz1-czTHJJzeZr@alN16E~te9M8Y%?_rye)Ow`P06O4F2e6Z+%l8t6 zISz=P#~K`z>odRn9gNq8;+wvsKYJmpB`9> zLGpo*AclG?ob=B4D?b%YDUxys74d}^r>@Z}Vs?^R7kZ01R&m|yz7{vv9>e+B^fF1l z^RgHF;!)k%Ns5}DH!Og(76w{1FK9bhX2~uR77XO1Bs`udLT z&CGPgo}G~^VuIDs$Xnsi{{AzsI#JDE`eppHzzo{OL4x`^&v#`Vm}wkqzpoSR zz|Oqp>F-djF27c0|A^xS%Xc4YP_fy4asKlBmXAYLo4}K<48G*7Jjo_`vn(UY;TNxd ztK9qo1vYl}o2-e{Htd&46A+Th)!Js?F*T&|b?!LWKvM=*f3{lNFD-(e1YxX~@e!MZ z^3wpxcVBpW_-P;cMM~;*1}AvV#c5nbpUl`5$tvZusZxJQ<`Y$1uzds_LQgUEi68Hq z4x0#+hX14u-%pk}scP?KX;--HAW{`wwG?88(6f<5lYi=B-GjvWv;HG|XJ z3FzXrcgFq<)YFBz<~0bNhL(q635$rwnZZt?vyzI<6(LiLW6t~Qz(DbQ|LBBr#5;oA z!$NaSSJ~QV3w*6LiRu{!P7U3h9-nW09W1}YIM6kX6kK8|neg^0OyBT9zh9M3L!1; z?X3f^=y$i(<;E3lr^dpnq&>PW6PHqFz4_rHXyg+c9@$&Dl+Da%$CQ!wW}@lWa#j8I znNs5m%&Z|Jg$tYaW?8IU6GvyqAIg#rrt>nSyf5xP>VVn!;_S%GYLT@fiSavL@T|`2 zMI0e(yAhS87T6_VJmLE3X#c`Hc72pDct(yQduTD96PeS~T3z;)rR)yF!4jeEfu;J* zP4^t=uOQBVF2^Y*SqDER=JDxmkv*ESpZhebsDaPVUBwsWj^G7l0m4U^n7&f~ID=Hy zFdk0u1!c5UDeNhaSL2ki@K7bF_)xcoDi5q>6fg|heDDsawD(=0tU;HWxEF8lu$W=2 zDk~kyhU{xY)|e7zC`~5_?O|=V(MApa_B2&JjG}5w{e?A^Yc~<|P?l5oLi_bsR3==q z6nM9(nUAD}@zSWBc9%ath$usDe;5!|#~SQme2}EgwpM(r;&`i*eTsCa7672&Omgn4 z*ZPLcQq-oj?Il;Q`6)s%+(jMiR6cNs&f0yj#zQ?p0P)K7{p z-k-X0!_Sl~P0vw@L0fE1Xs7=n3*H8Wr~OAnnI&Q^J?6pX6kk=mm_&Xa%YJi@g0#pb zd_3ic%V@n@KQ;7?Pk3Y06VfL~)HEKOG8RK2+45(_z0{{;jaXHKd^3DuADXRvU~^v< zf99BF&}~@n%#uG{n?{N)^8RSp`Pz zEhZ;pCha2;Y65POhEG-+iO+re+)Xj!nd)XnqJ-8e#D*%>hUGD^E82cN9R6|J%A3n| z!pl{=*%9+kE4i!Zuo_|3dg)m7lSE;EO5>wu;!gHZQqiae&h%0K`QfV@3wNJasSwSF zw2xj%Qn|n9#nVc?k;ZeicGdwz=qwojm{{Hkr6q9qiO+^5`PQq2By(i%mbY51a04*rX2QV;Cx7i3V97PD&4>8uYd%!JzWZy+8b`9IU*; zfMNa`mTG_cwq)jD_zZO%QblNise z(0A50wUJNSt-pKcfQ5m$&s&YrrOMTvHoEjQY>R_ELxdPzN}=Z>dtja;x|`fAn%9t- z{OXqzEjP7yH^!7PF;S?MsZixSKE&d37B>8LgeZN@|M_t6$53V~Q{>ie$%u*Qh*Te2 z6**F&zw-YZuo)R-;*>?AcozEHmJU7D)-FBq;1V&8kPH zVJ|%*4Zcd+@qw@!2DG~1TG)ho!9yh6Y>)RheQB0o`yM`h``kq1KCiVpVIa0boA{Z z3f9$ogAX4pE~MbZs&9MzD#n+7Xp46+#US-Q@-9qSwP_i*zxq7pQmx2IXV@1mju(KA z9Ry>WmmgK`DOSd}<1ytLN0X7GjO;zd3r;??>u9czvMTt}lN~1WGd^wVcmghQff`S6 z!X3|jE+LXe(Owb$$Ilis)V+Q(E;dsa%w;F6h{`{}7kER_|3lyVU>)U?eWTdUZhGvG zp*G{del^?a5VMuf)X z4CMP;;Lh6epL}hi$1J4uENuJblRrZ;NwO7M$WgmD?!k7|@5{eh0HVsmbwl%G1hpFU3$u_s$!uGcClNY_^zx8hi&ZKY&_R1)1Ijy6igQ9ADgIC7Yb!c{vZOKCNK$G{u*$)7t45tgCd~Oa666 z(n&7FMu)Qos5j@8$_p>~`QWX{L{Zo*W3rOIXVAOM`p4@BBLlAr>XxhEQv$tIZ`Owg zEt{(cqXp4>pPUY|JB){hulM0+dfE3XiZq!_Oe`F}(~aX_)GNb9VqSmkwMUUW)Ko@} z3?@!B(o|HcIuT45^b&AkXsDx0iSHk5(5R8!qlGY+CnL5h`9oX3rQej$@$_M^(2+{25PA*VOD&p3$fchUNnu^0b^(Ijih4y0#h+6!Oig*=9U?3* zzefO5tn%!R(_dVV_e;RG@PKJ_rMG;qWiaQ0DV~K~eJDHhWuqYsS@6t9krMKDZT`X3 zwbZEqteHltKw+yy%rwJU5|{a2pJCzsN&j88bpF_gI}nbrKRm?MC&Zx%=Ho zmhb2UG81ununrmV6=NmcZGv+_jj%}iLF1IYp^u+-Skmo}NNInNrhnFtcLR==ltTr6ATN=*qtmb>X z+vEftl)1idvIG`0iPOockJNu3eN4=`TP=9ju(8}`=lBtKI&Fd z#@;lw^sxLqJmJM$v8kJ$e>fE&Mu=P@sqKP^GGY|`7%RJ>UoVnE`_)-rs3bxzIBACd zYFC1pGCv#g#OHV+!4Qx}F$p%6)tJt!NDI8^-uPY)#ctJH2{FuARFs32QO|N(2ugL{ zLxo9ukm9aV$4*ln8AgVnIbgriXYfDX1rfyIAMhpmTEHF@ht3hR>Vhy_wI}_FD(?fh zLd5r}ab(lH-;Calq`ERRU);%1**L{VKuw3O+~|r_nBzV^h6(ozhit1?QB@xiR7YHE z$K2m&#C;10bB7q=2-qQi?00320E78Q*LV8J4x{ZxgWFZKj)?XX}2Gt6U143`ynb=+LA#U68da?uRS!qEns3QKMdwzIdn{kIJpSda1+;}9s65$H z6Vc+(Fyg^N@^N06)K&f-zkorBfbL=3nr6k;vqch1EPGFzcx8*wPW=XcIs*2d0eq1^P5W&h$88)+Wfh{;xzwGu7AqQsF*T-7uF=r zmFuaBs>J)i*g{^P$W$?YOxkKbx5k(D7x&m_uyu{+;W|)_5p)H9Ss9x<)2Qfb(*p`acbsJu=6JAzu-zyP7vy46zXVu z^nQ_9=>%CfXO&$jx3Zp~&z8)U+J%2T`}|*QMMYUkjyu_uh5`5Htw9d8l(jbs ztz@BtkFRj!`5Ewe{P`~6OEYO4pMd#+KsAmQMch*mTm!4F-biS>i5qAkfhg{BR#DQC z_$6|4mkF=Ejehpeqn6-!lQ&$G$m7$^ES{wp{4BE~{sCbk{I#Tu6gz>l4rW`=T7~f& z_nC-0T_~5x46u6F_z&DR>J!(@a@m`xFohCmacm3gG1S%iqP`YXpE`WT9dh29?Huhb z)sfYX)+*ZW5#pqxH)WX0jF?>T4~#aw%q--($~R(dOk`e?;ed<_!?@9B@g%`#A9}SJ z8qCX`DxPLpi~jj0ss7jtCa%^B$0P)w7)e6)#-b2T#m3UyucLo&B#vIhq$y;IIbe=j zGAQ9^PTgmdxeia&`w}b%DD}PgPQ{;oK6$}_8+IOoJGm$9xJN+FTS9{H}%{cBJ{5pf^I;M=_kdI3+vwBR3 zC!%uCdv|Do4L@Kca{j!oo`|uEE&&)p3ZpT>^xuCL_ z%IL(UX_nvl`+@7)UE5L3oCNaEV_j0Z&JIr=db7tSU~`{-%ACKLL(W$0+|(K=XVxDI z0)tQJ7&5I~Px!N36|9YykBnseTB9VhB6EV)p-QUzwx^hqkQ7zW{irr$V-<|Jxw-Vw zRB;*mDDQ(KyoE~Ye5WRp0X=(>{DW1EQ7cQ23Zoj20hjR919|PUd$-OGAA8{AaaZof z+vK$+%G#8r-iX5jC+_`^F=rowtz!DRVP<)?MR4Kcss&y{MSMEOd79MM&(_QWITSNE ze8`iCC1B(O-w|uc9y*5)VbP<2T^mRAYnUy%CPE?l-EZ=m)1eJg-F;uR@$^$5 zf(Rf(~EuWLzW!KByT$hle@@LGk`1H{HT_5msjr;6izS# zqBeJhI}=NC1<>>08j#33KDa${Z=-{?;0>s3jie+ClI!}SFE$*E2s-m|gFa7rFd4VN znBxYUxIPI9sgW+NNTA6H^tJ+!a4P|_1usdiRm6X~xn=}1tPB~Iq{HEw?j@x0Vfg{>d z);{j3a+WiOH>671FFI`bwlt}o<2(eXwU&P!y@3( zQ~B+e^gbskw2EZ`oJtZO?YdJw44-DZN8y|mlM)_U%pvVr6KTrf$*?}@BdD*ri2kU9 zHmqjZu~Tn|Peei2(y=i5G9aGcF>=BKaHkTg;;(9GxKg)BdXEE-;e;;Ma{@ocqOr}G z?ZiS|w{OFw$A?*P1)f|jWoIWXO_CP^j0TrxY{W+iGyp;Ue zJja{|5}U(ByJQs}46I2zyxA;y;Q}Kp-Oyk$R!SQ@1xV>p=rxxQ>u(*rY?ujSp3+MY zABqsMS7)Cl=h;vr5Ey^&RfkHu8$Ql2Bt|%=<4BIY)qhvJ_SvW3ZCbixZ9VaM-#ZS= zcli19koK|RS-^)`F@slnhRD*gP5$vE@Fe4Ms4c{Y?PAmOMx5YByf%1%r1+zPFP zGRwwM^9e;pk8T%$_caKcs#5nRYpxPo9)}Uni}-{1F&Jq^Lmjl1@1qp;)>WV0i%}9G z>Q4@4=P+*7v*a5#Pm4|zIX3S#o*qq{@kKAec!crquyGKP=$@?iSM~dV z;W-oWkX;#2WM~CCDqKuAd0#FhJ?-haK}cjS zJCLwFVpn_c5qL>LD@DK22|d0YEy&iXn0gTh@LkF6m}RLblZ6wGbmPdfq+6+ZOnJQ z*uGKT==Gx~y81cPn~;fw&6H3( zcpl7Ypr}~J(N{tLu=iCIux1{<@q>-MVwiN-{tU{)Y2@@^li>9Ig7qs3z~@r{{+ljWwQ1;Hy?^lF z)(V8{A%GKAdyYh@2J`h!>~aKO9P-7Z8#zKAKCnaZfWLmF((FmIo(xlP8_oxE)<0UE zQa8$8n(fPYAsQKXt6@iQ0>;&w=~uB93APx6Qdwq=&HkvQ#kQBA))UR?$JQ+O4-LYu ztAK1edb`gyeaIYnS8i(;zsZw7xSL{j()!8CFSM7$6B&!E7hS9UrR^~i+Y z&X_d_mW@9iSWUej(ZKnu?kuppXB>`a9$@qmXNy0-RV+qiLw-ZbUNk_Y!<`t)@>-YY z+u<+RYcoRTvBJG8GIV-(cW~y{*|rzP2hqc%3M;c7&$h0&cY5cs8u&Wq0IQD6YYg!H z{YH^|G;aHW(5m?ZVDu5&R0Pgm{Xj@NmR^_LjUQ9VdB3i-auM6-Hn3XW+Z>MXAB2wB zR_#%%Gd=&d%7#<#2>q!Q^sD1`K{({o9Ew9#uD2OZ#AsT_-DVV@LcTNT#o)=k$(k%M zQ3hh57jtyTNHN;W#+(E80FmnY=Ax9q^?g$ElW~8t>YK(p6MNl`Gz<_O)H)nP2wcm{ z1DBI0+V~viKp^3c&&l#c?t0aqK5h#}TyCt8-K*Q@H;hl>gaFl@3IS+^sru+mUqF;F z)wY+DbE!?|6Tw-W>>Aj&ca;~MBb8Cp-GgLr?3>(lE>LdnJ=X4M&RG>iPw?&SWb@C0 zC1DY2ag((97C$D;R*vVE;EDR;t&JtiG#!N+b>1gprbc_EW{bjyM-%$oDW1i*62z-U zUC=+U)yuFXmnI5g^hw9hQ&GN`f9*}y<#!6g2#q&|m_`ey%3YXioOn%sNEzZ5VNZY( zis>F_mATkQgE$JaO8$OcEyBng)n?ZX;OlW}d7!Qyk@nsaGy0crmU zGWS{h-5X~VZj<8BdF~CUOA~5B%Xg~fYE0}w7o6H|7KCQ;!QqCv!0*rJv9BEI5P1cA z+i<$hDS?~Wk`faU@=595s|O*L)jKyj6c({lG5uq+ZnS4ppoEY~2ASv&k7c}AHx04= zV_a%kW+s+2^fQ^Ia}|{K*tN##$3MAMP7JHFqc$(;y!t1D{HTv(M0Wq>pZ4!Q*KhZH z2)`7X547m{m68D#E(rs_ga-GvGPa|4JxQqKrwhG4BBHeJ49`}9GTjY3J?!KjzJ6RD z?>QN~*={K^)QkJ@;U2jb%YCD*ADvI_yKfJ`@|43Ll!`IW@#I8#rLa31G)i|0j3?Ml z6(_h%l*%2j)HyhYulI9Mw}{VI&qP{?Pi*6&3^`|sQ}bE^YFgmF+59^96-{>Q;$g-K zeTT}H)OUi;I4YtquBLTQRTP3QbX4PF$o*o}ZKh6i7^`rYu^yR?K}w@{+#M(2Ai7>~ zHf>g~9bSqy#aUf>EMQzM^G1RjXQq)uJwX+-;t8#B7GlmvEe ztqNwyjqopOC0_Xi+aWI+ds}rTqdk}sI>dg?Z5(yO#u!w;R=xjB08NyliF=4*ZMZB9 zSv`D9HgFj^6r(sxeWsvxz@{u6?f>KEm6(5dL1U+2qL*Y@=vnWTvFMGn1pN+GL@Z2Cq#Gijs5{@<{R1T1S=%0;=u?JLWxZHozw zM{2ggPZ~357o_cR{#uuqxYHS$fc+$}Mv3Ukw&zUyuW~#yK-=b<*UgL4{kP@ zJh@J6#1^v)t@t37l`;+19}rJAT)ACzGkwEy6iGwciG;{U-EFQ&PJ)s$AIveoKS_8% zOhCTWO5tHWjQbhJzgab_e(yTH&L9i(uBnc3dd7p6l409N(mDHn|D^?=Rh88!x1b#L zcJ*AwsKe(BUI-5q^)f~^;?nl1KW=WVHHBK4Emc=I4oN7~0`p*nKCU}k+9E6?K>6-_ z-jGOApLwT`k#B*n`&IbF>4}kJ)gK;$TG$6}VW#o%$~vX|@Dj3*D2mtqp;*vW|q-AQ?j$(?v}3iEb!8dbiy zC*-&h)~1Guwo;^2=?0*+izTbTzAAF|Z~ycJ^u2_1)E>%c-zy__KxuoW`6#cKqHC*w zr`Uv{SU;Z0s*9P>NaaQI?<;}A<&dEVElN5N`7HviknQ^qM(e`^jHj4$kX&PV^`wAbsxMr_1G;6=q{^x*c-X7XSYY0Uw?0~3Dx$P~j&rXpJN@^fPa`V7G!l;33G ztK@hrjN7{0r{dluXj5KSXg-u!yQ3Jl<<*d;wRv`Nw`!6l;azq&%nkD3LJ6-bfxhE# z)`?@(gH*AEi`?X%Yu{xkZQ|nH8T}s}L;QIoL*d?J)WX}}M9Xl5ZiSh`6vw;RMH29k z&_P9{H8nx}(C@hUb{3vpu^jo^aVLwO=3e^(>n7eUCqMuRx*kL>kL;OL_tu>^sYQKG zf4GE4ABhQ?3cEm~Vhm^R=Bq3(ljY=hM?xlb`lb`$1C6ZaC${qLSJ;xwC9B|mECF~)>yx6yPu?F(}CY`V$HhydtzU?rgxJRKD*JR=u`L?F%4*!88fnUM}F)whv zt*cGwTg8nyBRWQWN1FMo93rMoAuo5`KlG$>+%*t8Bdjaoo9{d3ob`IT*r$}MPh$$p zI5GQb6o;j%1WEHQ0oEB~$N9$_+)+liCJ{w$u1)(dkqVQo2hT6xU8Txlhm_#u?$F%b z3;2Tj6!xL!cPvQ54)W*v-sj=95uG#3UPLv#=0uofc0=?ua|f@6Em64>BYz#O=^Pm< z7=CvU&y?dFP>w-`1QyI=L^?RUac-11zy8XVM5I zsh&qLiUhL>Z-SSk$*4cdYbK3|9!;>b@C)iIAr{rThYgrs*v=wa7)W&x)%EiH1;BkbsGkLs^RWPGiG@jVP2WR=#7tcyVJ-{7vQG61tqX5gPu%Wt zvta%|Y`u3p*L(j5Tu8DOBCl`fkB7vF97 za7_y7{d}EjOpA`56KBWhCB&Fmv?cZE6Qv=faEvG_nfX?I*?ko;7skPp5bZ(xPe~{K z?efylmA^)>!sa`ggiUs!S^t~--8L2uCZ6@2O=bfeb? zWM+2bXKl48oh=Q8%$`RcySKfI^em#}T}40nbFI1SZ@&yw)cfoZU|r{UuV(3zFn_Ak zFoAPW9!#;Fh_UzbzF@jeu|+c{<+$_y*%M#Cobsn$Swl+4xJDXqE0C&$$F}1sL_YhP zF8!Cx@rK}ZV4>5O8^RoN3iIyutE9snzM{ey^aZE1RH4rmU1?$B?i!bKw$VN^1HB2gje(_5GyESKFK&5Sq70f@9$hye;^3S*GjW1Yg z(M&SsA`cSg&~;vY<*!s9K-x9T{^YZ%xzDH8Z$0_?BKlKkFrLa0(60? zVYk(TRIT=2o6Unba78j2&h_tjrtJIs%HutkP1j+$dS&C~9zD&$m!kpN?|h^^&90lv z50{9UaitrZ3fqeaxRIp=S_*T!f=o1V$6$B>-X_a~%#koxbP;WyAiTJTZ0Cj0LoN+% z=%@IKT8ko>fiacP4g@B9MGO)Z{?u+!rkjtjhYtNQ)k8?eFZrf0Hdd}EH#UzjI2q<2 zr93xq+Y=h&C|mWkOr$_CSvvQt4Vutd`2Fvowuj2r*7sF@_BGF<$jos0KJh0MTmcDqF_GH?^~cek;3x63N7;-()`^ zZu0`VlcSiCEi0Y8DXnjFz1Z!`zIV{)q3QZibWfKx_h+Q!6vL7~AWnLjV@i-)1)^s1 zf!pH-7+Qe^X%Cmb69w^eGecjk4SJSm}GA<9!fS%KUuL6^~C1`V4s1^=LPbUuo8wg zwZ23B_#$x}m#?7>x)({Esbr#{Md^_C!!4Sk>BYgX0L3Us3X2~Kf=rw!#sbw^|1+$+ z*BfKOaR;P8jdbA_bAIti6v;d*4B9B zv*%VFX!@3pIDaL(X0eB1Z=x2)z&7I^arAx)Cv;(zSV2Wh2IIXG;|(ZhtWlkycNvkL z%wm-jCTM66jEQcRtR%x@6jo7{(`0U^P)wm&4@Qy$lCz-_I|Fz8bDnxk?`;4aU@&Dp zOA;yvZD;B17%&2%57TzQUbPt7EqS4R4r=nuTLQ3hkP9!DuFHu0s77QN)gRU(hyG&AjGKD_#u z`8KyJh<(lD(vr6EN#z7@M@S z9-vdfgtDi7cx??|Tl>d2f3$+m>zoON=Gi4y?gm@NgkbTbnAtLi?NQagSjRZti$Hy= zOlQZ?91WE2a}%Q!y+SB{amhzDQu&rUO#?51IA%~;bzuh19G>`PUrBZDz6b`aq+fV^cr>4&l|?e_{`}mzZ;}9oCkBgbnIz-chq$F z4DBb}cyODv+ktOYU@JCSd2jv)DixHZz zy$MRnusZtd_H{H%kx4&2+$^l&VW`s;k)E>Va{P5mxf>63gxw9d?k*%5`OJj4v^ExP zc4G!rPT<%vb_A9(D%VOM-1i7j5B=gsV||JB>eREQ*A<@OWZXh~Zo#QBhO1h0N2VqH z4`qa8JyPGV{yAK>wL1DL8T@oI%*R~OvSB)1$Drd36&C&Y3QNl$Bu3S@Emq$YOB+eA za1U(n(!O665T^2|ZLw>{=naEj+%Z`>>0|dkPi=OctrCXd>g@f^?I8{HQ`S*7apX7W`L<+T)%$m8dg?XRUTYW)dOh0q7QX+5n!i+R>RY9UX4Mutf_Q#Dycbbh)<7*D4Lsl-k zkm-ab!^nVSJfQWZwiuW@K8i^Ypn5u{^g2qPynPB$&w>E};F}(NQ?msHN|y(P17l>V!IlMZ$&=J4vqs+r-%nzBIgS`~{sGVIlRb9!8d_O=Y1?<7YMn zrPol~m=m~*L$Ch;45)b!2U};|pr#&r)c7#_z{ID`^;ZmU6UWz8qD7$^YofNbT=8{I z-D!ErL0<{;gs#Hck0*x>r5)e$M_MAg>X*{xjc+}MP*$1s$aRi5?`pfn{RoYU(fLZJ z+caJ}wt-9&ct*6V07+?G+s0!Mt?$0Jg9s$M2n~cOli3?UV!4Pab}>p!z$~8exkJjr z<%!SehN!H(eIowPF8EB1h6-bM%zOwJF3o!fD~Bz{sXnLC9$($*GohQ}`mHe4-b%%J zD*)%eW0#%@AlL-kelKCNvQg-p`w7SG0ax@uAs(;_uIzmF}Nc-+Q6%l2lrxF!^hDc!~?=vt`5BWZ$MD zr<*WpDPmMjxbQ=2zO$nyMln6MDO#L570(kk^pZT;#0K^Gg1z6a3&%MqIl_cO+I$N#0^0!-nUk#8`Gga*5BhWd$;|kQ0jGik&|M^qqVjZ!(N`kOcnNf~!^*(&)N|*o zP0bo{R-Iv=RcF}pin1h7o#jAv*1A6mc>mAe@Mgv@k^UV$NY_108i&zob#n2lXIX7# z;_q%W4aQ!9BS7CNE;9YPTz|zg0Y=`wlDdq^Wu<+9WhZyv_9FBL zsDQF4TA^iO{b9leS@RF54aSNijFU^q>mE$F!oGuUShWyU>RW-;8WXgpkpG&ao1&Z4 z?p4##I_C~&W8lOUY(>;K z3(#(ZtlkRG6n??LwWU$u1#*W)P~h-7uT4C;^82nql~nKcjjh{J%@iD-WQSI;qkAaL z%QVMpWQ}+9n*DbWNL#U=;P?!telt2sFw1(8fLRmCCf!r@57i2)oS(6#x9q;X&Cetk zkDon?ae%`7C;z^7nL`#V52I1hLqH)e3?VY(>9Vn->(vmLILXGXAJ(=JN1dH`7Xi|r zj3p@z_mZ+m)PKVwqVl?p5~%f5%JWJk7J>Y;r%@(YfOXbKj%=gnJID=J>j& zOkw?9!_w2^wbbynvgU2bnMwBO?1U3Iiw)Im7=3&NjoY5&k?1Ek8yAcIiLezh!^PXb zF}DIU1zM@avE&e&@sH+4OnOJH3tg^VK$UJ4xw;clU@L`E|7Ttgb#b(^tVf{pre2NF zM5?fGjC-%~PQXi+W5FJ{@-phZ725xJtKI15yFcEx6Cy(6yQ@2mbQt0_v_z2ae8O-i z$EXAy=8!#|5BjFC*P6~>KDqW27b_n`2RUDulKEZioc#vO;!9K3B5`J^9z#m>KWu8| z{nz>85t|Xk$d{ltKPFwaFRU92L$DWhzMVo|=Qi^JcbS#p!&8UP7mvopKFoDCURVc+-sXPv83AuQs>NQLRW zQ#NJuh2Go452N0XyowBefJq3ZrFDB86nOO_x#XkY$4nL*_`FO%{GbE)F^$U>fH=K7 z7yaOscVo92;d4l)#>3gssZ=$#F0VWkUFs1&S}_9AX!GSag2I+VYWI?E9S#>+^Xz}b9J1OpGoAnJ%+K3Ph_3oz5Y1_t zy?sOzVGOhTnWGgT<=oSLzgtjTebp#uh}pYR#gJzz>csb1{WwkMhKEeU>!P@ofVmqf zL0>^&q~WENhZvWuljFwZ-O;_vZ+uOlYaEtK;2ZVvjZb1*w$zXx`ie zzq3Dtl^T(?)P)#=NuR;k_U{ek>kK@>K27SMNGEB%KF3o`$T9Uz&#FX9gh(iO?oaNolqTU$L%)}Yja6zPo%gD`ihyZmWf>?T zXFkv5x`RqHs3YK~q5fDqtbY`NT2?>5J8}F`@4LO~q@7b6P4emm%!Ut~+b#6z)ko$v zxEDK)VM$tH+Ot*hPZ{bTBuAlbIpluuOT?;}!g+$5ntI)u_zqc{Ug@lnPw;n8gIM`P z7cN9g-AMKGJ+^v+*>#M*h@sX?!R@16?5Q0Ws8AjK#vsREDFfm3&Xt#sPfth_rl5v@ zdtWcVkuEiEqELT4t-itVGR`%X7XBxF7h4sA;FtA0FYs~)rVcMqV>*s}?m`Phm1@l> z#{=nrKs^*FdhGw&I#FIvD^YP(!kR;WP7#CtvUmF7N~YpW)C2-%V6v^zwfpH!;WOx= zb|f@W^=bUfP)ln#B>|gU6W7hB$KQ7Vxs@CZBM}J?j%(Vf$%of`_OV&almko=Ye#=z zW0(RB(~)`jd>(+=8gpfiaahgn)`0X-H#p{H&jdg}x9qHr^Z)I}rGFHSk=z%qGMX#R z!8Q)4$A0|Pg)}c;+3|Yr;x1!1jPafWbbq$heAuTt53&;uBCCACWg;vuHmC7c(M+5# z8n15m97P?OS3)39S_Qr2ha{3~PqmUU%kJdqX zvDrN?^yB8&8{>R&gEvgh@448^_KN&ho%=nosX&jTy^wp+SH7{MRzYCWG|?LS7^T*& z{Vc?YQ=hfs)8`*GSnxvZ9iHzmxa1lVNrJhm@LED41*G=l`E5M|AHfnkob#S+vC zHt84b46(jcCi_#TqFfsXp&ECt1H{Zlu{s%H&Sc1{E(ouE`tDu-{8t%;MEfGASG*1tm*#3`H6jwOOKpTM{w5|-u9Bz zIl_Xmp7HXW6qd2(j&q&--)REKr#}!TNlu|+M*m5bb6uJVNtk}1!8(UB2C$I21|Tu*z z!!l8&@Aq-~MiI#954UxX{ed)>BpdOK%BjL)qF4H&fzy3g+7w7KIiEl;t8v!$u)F@_ z2sGIH^-U|Gg?;ij%ja!2C3f$ThsCePRA)w|q^nBz7a{`NRef{!oJ$U&-vs$XF1x{b zsrfJKfa~%MY3F~L(;FWPM{=}=&`yB>BuArRENe!zOm0jAvhnEyfbDNoHaGwtM!WQ8 ztIFHtJ9e)$9?UsEG~_|mcbFH7DNSM;7L-UPCQtg~!>p#@lpXD~tRBLGg?>*JMa~R9 zC_q0l)FB>Yb+OQ)RYm*N?8G~XqbFBJ3->l4Bv??ot=QGzamSk&@y6HGLq|JPI(#ku zm5I;^z@!skuT&gh<43u&Us5@$hbP5yvkm=xqpV=M5!pD6WH$<@50vkj1brcY$&70r z&m(8%M;N7_#D*$p-fvg5iCvR%p-_NLcaZn#KV*e;x z=z|r#e7|hH7NDhx$4JkKix(6}F0RTh2%f;cUh?Mtpjv2k&UxPDpC^KIUJ1+MhpjRcrcM|e_K2mI;`R=yR#x`!J6fW5_RhjGlT!`!Uzc?0qqFJ;OA)k-S zzUj1+iT#8-!mos!wX<~I5NQz%xO94_&NO-Hi_vIdFKV(1oS>i`Zdty_99_|ioPod++aX>;fle=#;niJ`= z8S=b2@-$uF!gfIdb0_s2-$zG!E*3ewYZ_C5<{Qsp&n*E}cXY5j zTRzcRbC^qYBL1-w%p7qvKP9XxU5ff#gBH~&=-Y5ipxK%|X{nEm4^n4d1Ky%f+iW4tt|!iSykLG%PT%3|v-5 z?AA&#?Z7bze#r|#Q!~j@x~#Wr;=BUbGyXC&ktNUIIC5H5M?ssrz2Mthpx@3v^ICON z313=h#8Wt(XEuc#duI;b7 zm5u^@d*D7YuR@qbWebNpcl*+u$cNYJoc#fpM{2!+Ok|tqIh?q-*LM4!wOkk4x{UCo zbxPlQD+P{b%ks+nh0rOSkWSrY(&+1B0_4Aa{>f^JYbpDKQ9L=ue%@X`;_q(1d)a)i z_vAXC)l)9JchiJ*eU=mJ=ViVic{wpsIDF>=a#tXi>iE*fEjl#F!p>Twtli&iw`Rgc z{51?=)^>|2>6!b1V6_kCI{5M=`w^xzib6Mx20Q$kgSp%gLO5Z! zi}P`w+$Al0()eoQFGT6$sQM<*(+i@CzKE@mJNU zsNOf4{Bs-;begYOuXhN@PqkG#mFGN`Z!69!_WA7`CSJ}UWfUvD|nUGHL0+kP5MAkP64nn zj`+&G8-Gtv_8UYmI;&*I)B-RF9n~rJ`u7*^pyE?Ap2jnq5AkI_LLxnGWg|PdAdf#= z8-#QiuGuc)rB!=>f&#H=!mjm}n>KF>RNRrNM`eJW%5#zQFjyS>5T>iu z`qvlMwTug$96Z$X@`qMC(8QKgdp@0lzf3eASo^pTG|nELxcQ2VDfqU_)qpq!`yVfs z*&TogJRU7Zc;DL+=y4SdlMRN1QIjt>@87UCPStS^zcc<%)2C6};OyGW{nPX*`Ej%R zy#2T^U$)TWL93FlKin!__p7E1f*0|j$N@+F-qB~8h0Eca z*k%8Q(V*Oe`!gHFQ6XXqrc&&O&L`Wcrz6j;Dn?CBH-3ttn>?Pv*a!ZU@3AP(^;=wm zs~wTV zOj$O!eKd08o~?!o^VO@clQ3MkKqx9JDW+ca;nSyj64Eeh_4pc{vdqTxIR~o<=;_>G zOca!8j~9-5nkp9ErR0)|zg{?8v4nr#RD==rlAN~lS@`^~x%{t`6FSvlPnJYwr4>x$ z+csyIMjFY!aLYJ?s8oVx0bmlZsax6B?N&VdW)9^G@A1*&r?GFIdjr|)?sjFvh4O%aNst2O( zVcW)&2Q`I*U*dz5;fD?dVmSegt5N>1E{Us=$IPq&qzgMm6{}rxt2%$#%l$@870ST z9Bjid)7V?fTD|PuRS!DK8*$1C^G~jh11l&Ik~RkIQ43Tz91q&&i`+l>38Fl1<$5-p zwI`SVnhnOjUjuL`GN3|^=>K2cG>ak4MLRClxG`@eas5DUY0VLQ)}=vLKo16Wzc;T~ zEvn$!+{!L+hj>BL7bOb3Kk{rcsz^f5zV}j28+3C|Hc;(Zf`y^Do!nsspZC&iwQFj%Ym{50gd@+tX(==G_trv zp+EM5GJb}5sBX+p9>k157l!Q$MgPsAa?9AXB!Ll+lRxsYpxSq$xtZWn3__!qeWG|J zG^|oxYyi7YEhzC~-u0!6J1}CpNc5}>lp)LK2|VT4{uOXq+@LJDs@~L}S&ws#=lhQU zBm6{FlP~U(tEneDtz1fOJWV2j-5gWbUd2J3G$*d$Z+y>n%Xquj%hNoHSi>M#Lc#RP zPXLglcaxZez8H|_tTXQPzSsriX=d`jN^YtNKA<_nR)MFCnu81T07#53oh8ND#Kbxv z0dNL+aZWvky{hPW6B8uvv4wP4tvMXfM2xr#4BrQ@-scONbPTez#{KL>dsJUU6Td|< zt)~H{Z&1V94`!xqoZh=!FVj~;PpImflBL?q{t!lekbE>9@Dp;R224iAaOcX-Pu(C! z25PtQ&^#0gjS^-(EKHJOT8m0y6g$z`#1OZO{e#-jmc5uDyKqU2(nJ^XNw56YQ9#L%Pt3llp;1?u!twIJX=~I(ydJ9ts zhxLJ{{a?ePCq*)4`pWdESO<{N(waAUJ7X9%Hcc3H@k;4$c!<7%C@bbqDAp(jF@>SJa+n=rcPsn;)LAxKFmWtw(p}^-E04mV>KQH8F2uX z*xZ0?D>pAwTZk-97=(?)37yCd?KA&MhTB#zX3hg=T2a+J*uQ;85E_5rl;WQa+94^U zXcdq^#C(J7i<;yb@MQ=g^ZE0~N|Pu-*y9D)F9*AfK|k9`Bo>o<9{e(A`pRQB{8r)? zk4zCWG3bwsZ`6fpT;h&DO8eW{Y|wxgFr%6WfN%|Y)9IozLxQN(7fUSLAmdo`w29q= zjEFJXKd$TeQ&HJa!T#;K7rXW%)~S~*`tU>bPo-V@$KS2I*!gY1v{KWws7dIsFu^xw z`&Dv{MgqNNz)8?cnAPB3^yUfD!6JGaAF-nF|Gn>7cPZ#y7FgWb&F4!zG_Y`3ylMMy zZvw6bhG58y%bHz!E{_&+9j#_bX$yRmmNkWLzc_4cU>KKFot|7~`?U#<7xT?Kq8qnU z=)!&{yiE!$-GT{B_hl+J%=QnG(}C?P5*((VL&XH9RE8FZR%PV#eSfZCt1-{2AYV#u z&`RgkbJ(4&sXDGDFulfXLG|LdL8eLPWIv<-2GG!w^zHW`N5g6=j$X3$swrQbs4DaR zp45$qwr@i{s7W>}X@c=~9+(Got8<_piKNVI4?l6O-j2r|GKP1(ciDg?3X9{@XO3P# zAjQv_swUV>e0rnN)RUf{bcNqp==>$)N?V`ZfO4FR<#>PIOjzjMQ}G06%ZvxHXM2Ct zok|qn<9K&?wR!Tl^KIW*1j7U7H!2*faQjtz!~Udm!zvMtl9_vDUwD761}pE=Z$ED` zF-GBje*-JHi1T0WT70s9BTqH;CjWU0rhK1m2fXvD;fX3`v||#^bcOdE09x8g;#*aU zReS)7yQn#_C%98CPQQ(e=C~TdUvoi0gvGewd`obp*vBhqQkvliBruDcZBOZ41%9WY zt~vrmfg8{VdUmk)`JJZzDBdY_3ofOv2E2M3b8?L^dT|P<|Ent<>InO*3p(p0k6>Pp zAyvK-7?(t~vJ}vc$FI-uzXD8}09Zq+gQH=An-)7_4eURv^};Z|NB5|scanWNfZ*0m zqW71PI`U-b=KR-g+~5i}mW~U=s7%?@2bdH|kD;&n2T&c@ow7r)n)b^Dxd}Ixhl>Ph zj|#O*zHsnYH=^Ir-eu@uFXYy~?_o$CS$&lvKaY)4J(aqSH{!CGC#0f2KG#K=& zex;cQ8`stT%K0Pyikc35^A=N;37Q7eS!iSs7Zt9#Bb>OdQ*Q}vuQE|$*SeqMdzE|R z34^xN*FD(W^#)?URC0T;+-?U!=4+A9pjXBIYRCGmlV7@8Mtr>wIMpBb@yruXLK2?r zl&J1y)0EK?5N*)#YMDmE0LF_bBG{|c7^W02iD3i)7WHPKFi+{k1a%0{UUEIem=i8{mevM$boN;H3WL#bqeZ=(3Nl zF!8rS$x^w}NxJ~L9a7vZZ{XTDOP=d?aI^Zqf>0OXa#q^CIS3HFfZ@#pCkgUup}BdH zH_-^gU%FSgJ55ueT>S4t@KJ74B5~sT0g5V0h(BZ?Qa)+~Z&5D38I$wQoxTb`pc-Fh z3@gLk#c}Y~q!!YN{?BA@t}N=|>04(S6&n~FcbdiOC2PF+A2EsA^$c?B%8)cc9uk){ zQOX&T1R}2_E$Nb=Jc3VjPXBGqC&NSrVABAOfO9+l+8r2Y=f;y;D3^;bBXo9dL0%YW z|2nd>DEQq4sq|E5uq3arT?dmV#gUUz$3&B~V7-(Z`~ZHy(m#5#gBk1b+VOj9j5B-m|n3I~Pkb6{QSiY*w{;;B4CbVc=elH@Xzig8&!G&a{UL zb#ANW07{Sg28!(d=xA}@-T(1S_>F0%h~;(P#LLKhhD`RzC0bO(k^e#SDOeYN;7w`j zMN~t$?5=MIaNuFgM2K5APM+!a3011LOGfT{8o8`Tp}8BZEcz z4>==sdt|#R1KVZUc6mC=fLE%n4X*(oY=pX7cAx`0P z4Hl#xN1mwc{Xg;)4DW<6T$w#uB!D$GZIBZu_wuETHNyoBRXBGQYs7b`3D=J0 zCfKmSN5=y-9D+GdUa4FmzRaz2Yw)}f?MkC!dTxO_Z#C@ymj!yCS)jL6(g+(^;K+N< z@KCTo%DHrP!~y|shY-+P^GGqzoGD^}z9}g15<1QW*0ypAl^5lSY)L{tPfAVMI8mPzKhwxYVdL_08N0X84qd>J~u)>8vES(&c3qf`*Z8tK~3wz z^5&5^yT)C)`H`&uaSxErf(tk%y}~x#Y^u{d+f3r&YWy(0VvCt619^_i`Jo9ts#7`B zw>krO>|8}M1mW{TQnuERgF`~hedqzavj1MDw9GTb$Am|ea*sFh5p0e2%}hc>m+p$F zMl^UKb+A-K<*}$DH}eM2_Tl`qJ@5_QpMPb-*JsA{p6Y_hBaG;4XUAruY4Y|V{Oo@} zO$PKLK^))-0TW**c)N<|^1HjXr4aC3iY^fXu2f!t5X;R~Udjauu7joYto^I?PPgkySdr})d z8qOcVFr0toh^LTE%#{%xUtr!APwP56Hjc8Jd9(k+Gl-&`|1NiLCkOnHqo zr$DGfHV3(X;MkEv3)kYjdM0gvSo4*8m*96sE_TTf$UPMg! zeP(Pxzm^bk_bFq7bI>pXziXnX5NCjm4*HA2q-d@wuON5vEAr9T&MqhO*;fYHT;z5p z|Gq35Pl{sVfA*f@HFOxj!T;xJgn`KYB-CyW>Mjjz4`M&uYWpN(J*TQ9hdgKVpF^vC z@lFLEgK=ifzgZAB<$iuhsbjg($RWW43y@d#p9lDgDxOExI-%(LX~ef}7ON{TAW@a@ zWiB(=Xg1$JQPo;QksrWvaQmC(H6YKlC zFH+oqE#_b<%)21yP`@3&9(}mIetI&T&5Yvb``N2*eh)?#aoveS<4l^60!F0dhpVDp zy(mR}N^k(GBUbN;SvB~8&-;M|789R{q?2W23)GTn_?t=*sGtSkMi~?NP1c~zuhN}F zn}*R$ohG2?=%nEDjYvwAfO!ZbyGJuwKmSIysS^BY_*Bt<{bd8cjqk`$^Ti(Z#%9)X zcTdfVq1<|H8O!SC2d51ewZLZ?vs(Bp8O_Gt;$B#&7a7Wl(K`;Yk;!_Bi_Q^+7^R6gdSF`khK`+O+fvLml=67I>Nrfw$ESm0Voql6SwY;a`n# z#CUp|<{Ol6xug3;irR-jCAmOA&?m9TRG*+t08QO2ucxQ_e$ge(|Mi>O?x2-+d%m$F zPQRvf?IHtX7IyLvZ88kzoB}SDAv5@Dq6Rb()~IrWzx)PEckUvOTReZ9f^AcRmlSm( z{@LRa$7*6U2-=>XKW>LF|Bu%HdK~i~4CBP(_p`&ml+g{^*;=wu%cWGJv+N=6YjT{gGGmE&R+1)?HBCD z|Kl8kMZdyV-wO%Nqwapzfx*mu*W~xk*Ds=?vetgyrNR>Mo-nb_kCHP#CZiWD&09hG z{BbXC4E<$A8TCDT-01fo<@v#)nRI85%d9l$Zup;%YnP@TUm;~^xL@x3>Lp>+r7Oqm zF~~`3YlfK0!PC?vsmIZybDJJmF~3NJPcWtcgJm|LUA|sNqD|2D1g%ux%FvlJcv_8@5IcYuw^t zXWoB|^UPF@aZyH19eR=y`jRq3;Fk_asjPFVpaBFSZNp+3{)kH3KaZo~=kh@AqA?rt zQ@QUN-6%4BNYEyJZYEz$i=;Hsct|b|j^>t`*TT+wo^YY9>`~y0bwPy^n|BWxii1?C z1fToL2)8Myv33(nqn46-!#<@`-t~rtE=%bfbq$<~i~Sjju=7R%H0iojr77Olef9-e zYv)x^_T~o-<8o&hE46$FQ~^CP4urdE>x5$+1F52{9(bC@Rv+pCpqO$kTEUSv6+^Ph5HzauXSWOYr ziqi-*MI27Q__=8fSa7^3L(ZGv+_XXxYDnN(x}2Z)!TtP8Drlt`XXgzA6i!}~4#jyu z%2YJx$VS<8?V^iT5E^cQ^6T5UB&>HUINFsq$p9qc-Uh9afLG68yb+JZS^G^r-$nHI zt`%nJR-qUfg^)|2Uj{5*ms3zG^}Z^tzY7!ZM5yu;>B95PbStdlje{^5U&vaSL5F)Q zusxBT`wyryg`tsS-GoyoVJVapSpE2*8>DX;v-V&&VceU*Zz}OeJ5^Y?KlkSYHwHpD9YxCr<t=j*;GSz$3;FwE*KsJLngZLQW55R-2HWvMbUe!R=Git|?e?(1{i#Ho z>d_bIlOUa`2)jzUX#&)5M^K9VefD;j5)&n2bHgfrHKpQ1t>qIC*>icq3vF#gVZNgE zkn=i9%bQv!KtX7Kv4F!>INDo~VwJhrs%B`9``L2X(_+3SIgx2>yyDmhHbq*_z}lxC za<9L3C-;EwRav$F0hCK3`-pHn;LT=J zTLll`9m4r4W9pL2|+ZYUVRn=RXqmXSnF)&J_$_2IeJ&V*vuB_{J_a&!y zq6k2b{_z_SLGNeNDQ#YXu4|0T!>X-D`}PwU6k3|jcj@eb_G=CBkR)HayPqE8jXbF3 znt44+yky>=-j4W_kB7U}%ZD|w+d}@gJYd$VZRnn-X_f%c!&%qx`;gfXdb>2wzVCWq z=TSiz6=K=_v>x+1k|bQcm6G7ODJB}!-jc;}i-`tY0z2AO95rz8p;G4_fwv;Z;wuD{ zvx= zoz3ZDv440ifJ~ii_e^Ve8D;Eo$f;o5y(0~fzqOM0XY2vF4DwLI{UrCOQ^e13RLw?y z+T3|XtMU-?3j3V|_^;>rw@d-RkHqA>y^ptokbgk?d`I^U9b{9qMJU}!_BBg~GRl{x zPLUG+S~?0jIH=S1@J8k1nEP<_u(B|sRnD$5$2kPM7y8TdP=QE_0m0|G=|l(RzdeSuXmqEkS7_V#RhewpX@#WH#s!t zQJudc(bfZ6?+Yz4L$DC2bRXvF<7|uDX+F3-a98<&~K_z&uK}E#9{t-+R1% z=v6@4g{ag}jNiMZsXVL(T9$XgWtF=kgwHMz4Z9je!elv= ze|vejsEob_V9ouH9+z8`y8=$58}5xUN8OHE8EB`?S96jTyZ^BVt;Fz=pD?}sT6bCb zoeOqL;&0F^C#ol1;{_Pt`dhcx9{geV_O#`fjt*v&yI@vnI_?Qe6T4wVZaZ~bh>t1K zc!?vfXRJI`x7KCK^N&eLj`pVLQ9U5U1`v7h#^3K2+G{Oqr)+CC{S~tSgq)(pLX}`z zD?0WW{9GJo!^G_1LT`%j$e^Lih=F4lfiyXRkBILkXZ^t!Mn?cCwBU32EW(X&FS8yO z$+Q?u+M9b6FdIynZvCNG?(JCPN{#K^qU7NXj5pHrFGMEXwgpaLswPx4VOjf}AIg~q z9%%j7uxJ$~f!Z5gT?G(D#%Bm%d*Ca^{%lpcGGGYKSI52_%o8ac>8t;SRk-oPA=wO= zbNf!Jm#vG${V+2Pnv9H=Fe#b@{n&Irwk@-I@&R;iZz-)1N5bo+iAtn(UUX3DAi&@= zPocGoFuz_1{Gtp0TphCbJ;!K+U{B~K_ub^Z2H1Supbw4pzKt&XxxJEgJjV!`URce- zIiKttxo@d6LRrMx$sgd~0mDzN(`|JQ0q_DuK`1qUY{{)#)MZ23pG44ZFvw zU;S~l>2HWDdH&;uAIM;AuWoUCKlkCIUw$7!N3+Itc1G21{1C=wGjC7vim+>1K1Ly& z5}0eWK}z%$n@U*d7C&GFVt|}r#>VaXJ^PL8oaZDjcmIt9Phbbkux{&{*lbvjz% z3JjJT&z(lxlC>JfAsb30N%;hRiE`$R;DP(j5%6j(#tC{^Wn@ii7ngKdIw5?rJxcXD zsj?1uA~p5-({1L>!1m3r?-qr7Jv>WiSoVK>5m3ss4eA$Zb9+#|qm*J}b-j}8H_h`; z?x(&|3KgfA@)Au~y_u2Ph!&IadX_PDTJvnAYB)p1Rrd()CsVcNb?ipv7K3tDI^|E0 zptki-IubdRS?-HCa}lH{Gy412Ts9#X$w$!7^O5_417}6t3Dm-ZcauG)JRY#K96*HU zgS#7DwGB0{q(?Cyb)NVJ?0uM+z0pP-E-cVZc<^f9PH7Aln_|`&Q!65RBr)#9Bo|9H z7kWq&eel92<%G$!+SI3|2>KOZ_##yLm}_$S1#VSr^*F30eo8`<=ZGZSIS-hI9cv$o zV-iIgaG}h0Qr@d>jd)4Jq3?Bk;l?h2aZ8#rj@G?CM_OJ%pyOR2HfnOEH9{`{mx54X zNF-IjF;{1fAb^HvZ*gE8Z{Z27Peq^R+?EjYK9KrL-FKW3YZ?dUJ}K(I);~wcYdvO! z9$C`%yYB-n!4!3GJrJE@p7NV^kyYIr=Cli}0klT^=1eOS{lhB$DCsTCHw9+BDSP@& z@(wE0S$*?40cq)K&XMS7NeK6>$Dm$&!K+OpL7ZvGogeZUfz5M8q#xC0l^x*^Hk%vzWWP%paF% z+ruJpdUAa4)t`&+%!PNqKMxUOqrX9H_>9(LF7xuQ=hMwWG3vN| z*S}Z8Fsk=gUdkn-BS6u+p|pKTg6$OeS|mQEON! z=}u!<>hH@wD0j)%e~Ix}2^rd7olNQ2rhl9hnl=05%U{KRZgkVM&{wZb-_3ETPt0^b zJ~hxS7vN>o%{|sqpndTkgWek{EFxdt|6qCt3X7f%Ot!^QEj2yaA_MkR+6euB(pjf+ zTlNCDx#?k$ezX%Xs!8jvt0T2OwZ~ZkqSQcaj)`1-ZOCVpl+3WWuZdrM^cBChiqhqY zln*Iy;B)+NhQD91IE!1i{?A6grsW?2RGv@k_6SHh9Y7X4W_*Ry(GdtTx{;K=VTZfR zdg1TLC2IW+E;gd~e$=lK9}{4k_q^*ZddIx~|J~&#!1k z$Ws9_TyMce!k2t3e^hoz54QQG!wZOc$?8bo5OEKbLrs@=LCI*pR>FoUOq`jd^wuLH zntAbqSIn3tJXx>bazlx?+3|4_t5QDV%QhPtr!hbxD^ecQ@Jer1<80zvncKRAzGgyp z1TD-RIE0J?m5_o{x9}NF=TBl+s2nRE@zZc4`!r)F{+=9lT2+r|(mci^d**>1#5Pz> zM;FnPsZiBkKad0*QbK)zZQ!hPQJS*|65j7GA+7bwskL+^xX-Zqlk?H{ETy`sidIxS zp>InJwIl=n!ka?41De!qTG=W;=(-=T6E(MnUbEZ|s&ou=G2k)!+8KjJMc+4Lz5|2r zTP}mmN9>gGG?5PV_H%N}G*M>L1eCUA6I2?ey(!kFy`F>jvyv%24-6hnYE`V$qTQw; z-&)%R>BoIE3cuPIOm1W#y@~O8dDUT~U$;OvOxk|uUW$j*y7SWacDlS_eiuX7q?Xbx z@<`A8flEW-p$KO?8zuoovXUM#A~9aj4eT2#uSTpF$pVTkM)uXKRLYY-TQ~*6rSPNO zit6@uNObZ`DSz}S@94Arw7Zg9tA`Y^Avf0RT|hB;deNireWj4{px5Y$<;15F&pHPQ zPogN0b}`Wl_}Bouj+%u!O}`!S+t11rCFv>DIIVU8mc>l=SE_5u^LAE&>CdRFt||F= z6=W}^R9v*~hf^BOs6CE-*nby3++?QTJnC%r-E^@7wo*LtYoi6LA{QeXKWS42# zF4!fv%?+-Xev9P%T*H{^r}V%gC{6Q~x#FYIs;|iTUbSz?f%r zMTz}ffK#pfxb)=>n<~n012l|TTS8p2jzYx5y?;Yv6{ZL?ydp|8bDL+M9~S*>mKx~b zIBUo1mnTkUXc*c%4SSVv)lEN+!v~l2H=EG zfj729irhT)XW!-s8VMtw&^P^)xgoNpl9YmOB!-+y#K&2M~SyB46zh6Srs6|2eWu9&?Kizgez*w*Hx*pi!B81ZcJABvQ zBv6%2_0dV&FwuB`21HE$S7-f&o@57W!QO3XHBhc6{;heK65~gG$rX!`_>Ye$o-12} zpY4M&dcqz2#NjeuHVGk_qFPIhdxUYUa4!>f$rQNdG z*=3SAQfd-X@c8-TZ+W~}DB2Gj`R}HijAgLG(sVAD-}g73t}gkyG#g`N^%s?1KviCF zy`rs@i>0Q(jOrk<4y|U4`(EF(;+G_rg+qZ*@*z z+aYTJ@bOy)yAKPS8(1v-!7>dOPeM_j-teOlSD4rN8JhK6>;Iway~E+`{&w#O(aRuO z^iK5NMkk25i8Ms-5iLrXQKLogqC^c6Bzlx!5Sy<_P* zcK`YJD9LHl%E}nOX(ztfX}V?+g2F=!n=i^>4OdVd1QZ^8J~|#(47B`cqs~}>p7AT( zLzf}K^z{6U>)k(yG|oUBQOR=zVBeFAji(EmnI3W4-qd5p1TjRx%q1W7GDFPz**PNS zpOvVcE&CFRDYCvu^b(6^fskMzJImOGuvY}l77hXk_(R8!MR<+%QjSUfw3y-%xkgoe zBvraS-nS1P*k7)+6R`#&a$N7P5|x0OHKJpIX$K2(W@Z3`E{4u^JM3H|#Yj8yUVy%C z$))3xAI#UZ9thdq7$D|6dxk%dk1LDVQ&0F zsp@7+&s$K0_l-fiVuVp*-w_bu{$_nqQrXrBF80fqSz%{a6^}EpGmqZs-$|jG~trsTR=9sy&84HEZk>^(S-9%3BvxpERlZk9|~1yvi{M(Qxc<*)2!kd5%$F>2MD@ z{h1ZXQ^}6pJlQ-Em~H)@#*um4o{D>>ki1(xS>i5%Ny)GH_HrpftoqWGarf44tY*;r z!{?<}T?cTvKS@R{OUbHOv5!(myEWImI${`|8m>9MQ8Sgg#5Dn0~fq3GE|0>04rpOfzB1OjqSpXc4mH>1%~ z>?#!$dNc~P6h-PW#S(*sk1k{|ZY9_D1PnYZQOA(Mw z@I+aI@VeAy5j5G{6%lvnbWF_jtO62I{LSllN(<EuM4f@-{wzp#hp)TMGI^`D z?;b>tM0$;hs^Yf=^Qx&D7y%m^_8K{TS*RLi*E912#6Z)v9Es)(LaeYI$R4^W3d@uA zJlyj*dJB;Oq1b7wbF$3=k@PZsWZFhCLHvqed@hdNX)oq{*3(7!UzC~pvnyC&av4+? zIqd4Fzu9pO=2fQ7+eRlsG;A?y(l93;M7_&<;sHF}V=xfc{CSbg*+F403;sRmrKIx$ z*7Ymt-4Av+uy-kcJ7}FgfMmbs6^zGpnNiJh;bkuq8kr)8#avf-F>9M#mVW|n=f!z< zITyV!|2D0;EfOWS1jZRN=DQYZO>orTpax86*g^3h5I>JeDw(;rb9r^anA!O!!@IPs zMAp(!4vZJxBydtz=LG5x6PZERen}Y1k;ioo+J1#;Yt(`5DP%KpeU=V243K9}-j&~R4Kwpfa>@Tzdf$DIeB3|FZhp`2jY8BwEW+Hf@N z2UcfeFLf^dDW7j=<#=+8N8S-q{Sk~OfgRZAm!~aJx>>G@hMep%J{?!%FD=D!|76=d@Y*97uZz8%?!M=#S z#!*wH+wFFd%F|p*C2%cXh5Xm6&L0(0tgJ0%Reu7(6}RU*9Z>t)P`o6rDSAO`7)Ix+ zqwT^RYujc?m`%aMVA`WddjTrV?dP`CGJ#5l$dR&kFoBFEzFqN&zGEB=+Yt%7V&?I! zbG_mYFj(g67QB&c26E;Y@|!Nh(4zQ9I90rndpDwg;0{a)*lDP&fptr05|%^0fOs8O z`EbIiOn%xb*$DdBX9f<)3QVI(d8)xtuv^^+feZ;o!UE31?^7ai*h6t(xVptJ{y2{E zGL&&qIiwXoVLo62%&qcCrwQ_1#?e%+7J|E$IY2PZF>09#zt{S@e`M3~++M6_B-fz& z??P0mTm?BQvPvZ}g;$+RNZ+GkVutci{oj&7y06b`YIP(Bk`S0@B0)Tf08YI@?0IhD z3Pu(cx=@SQzYBO4830Q%-UG)B@@Ac!VkiY)q*wJ_bD4-sYJtw+Rr1u^xU zOyy}vJS@B3^tJeIDKD=iB>x=@wi{3eeYZs`@Wput<(6W<94GH)XZNNEwf3f+)EOCi zoz90fj8y!HD*p^GbjN!hhUD3YsdvO$d=Qr%IM_!-XGLBAwW(G6;nhag!<2$Yir@bM zi21XkI$0X%J$Scg$)S4RR>(J{hK|-Y$?^aze*3+X$F+D@_5%GVi5s!|*vCXQciNqx zHU_2PKzpom68~GoI;&n4xu3f3{nHH?mnelZ_?j)6jE7<}ha7*j47qK>=B5#;3_E)h2~9dJzsA z4Ao)iokbLXd0CJzK|H^^>HuFGAD4N>m@eEzkM6D$Cp$9AA`7BX`6x(L5fnY&c1OSv zd5KaJ9ep{6!KmF@LKGl$kHLGLHCCm6PMTqfxof2G$z)mfCqdQM5rdTak}(6E zVG~Z_L;?&#Ql!l;$6LBYGj#)h*0u!WJjizU_=U!!H2tnYYWujm#>L;k1KyY@+%$>! z&=k5Yk7+k50pHHeCz%xv#D-H>`ZI4RGtymta_=~td8Y5chyGOgTo_yFK`1#E8t&0Q ztf#zb0lX^uH9es02>vg#;Fd?kizlpQB$hwVIeAyP?^UGw;l31Zp3HII1G;ZO0prHCFhKv`b)Lq{FyYN zRXvNk1KuP^wxHAY9_{iIcX&~+=vjoz7Ill<6oiun*Bm*BxwcdIDD9$Mk+LjX`I$Nu z75+bxBVS%aG6d)E+1;_=keljO#k2Xk3JUn)EJIeLLCxA^`$Or}ziBYP7lu9DspqYl&PjCWpEu9&lca9(E^@j=P1-E626`O#%=VBC)C+2rWi|v#M zkI4Jw&uJVP{3v7dGxYW#a}T(#U7T2CzFKAkH-f(^S(ajVZN1SBg`2zItI`A?_g(*# zT;%bF@=cwRY+2d-@DuG{Re}NE;aH!i>x?UzrxanI<CB?@_3e`wpG2m)yB}zTEK9=>b`sUhNJ)Wyls1EJa_G&Vek(YReH7 z6?4>&Xb1VYZ!{gQaCtQ{M06D?{#@4Br<_XFfn7_Bzo*V47Vg8oPwe5Uim-RoK-_fD zAT)Gu@_`|>zT1N|Q?+KGpeXYl{U^}9vqjw3$cUE>ekd8VQ82SNU75>}FEazv9qsr! z8}NI3Jvu+f{KX>_*%2R91l?4dgPL$%Af7vG(vRKML?b$FW2~OdB3^eKt(>G{@N8JR zS=T*DX0KpdkDYkP#`J;)AeqHJCUZlPEKPbwUmIxIaN5Kh9ODJwH3>1%@sC z++XqRyPnvcZ!)P`cO9f*AL!imG7KlPG~||(`7nfF_EX=xFDBP${4~AtI=_5=_3WpP z$S}F!12$W`yw*1IOmd;`O<-;;&Q~2;WO!zJkpixt*^+={8wOVxrk@>J8(NEp-+}@Lf4YxU$luQeOQ=J&LQRM7EjeINmiDn_UfsVP2Kf#^ z0NY*xogC_MX16ht@ZMpP6umq@irDE6u3X9}2DNv_T??fgHcjcvK)WJ}NU&9^4F)KrxUAt#M+-=)oF8@Md0t62RdN^(9H&ht-^efzCp8;Y(ZN^`V%#VvmCrfnr@F zj;bG_-ogWJ0L0x6TZuO=W9)F%1llB5S^URX4Eic-c2;T6Q*XuFDZx4dsV>i`Oo}3y zpOrmh@!@?8oB*_L@qJA?6Qr{XdImOcwc(Cv_&sq z{*AZ0FNhf|95kT7%ye?-iMB&(1Qs`HY8HroT19OK$FT8)r0iwj>g|ZQa^{ZO+oS|8 z_{Yk5U|;_ksD3^JjiqB{Ud+(Vk!DKJ;oS-ZD57SK)4>sFrH~W|s2}njHIy-}aV+G! zw{nrT%iQJqcVAY0nk6<8J*aTVcbsn{H@NUB)o0PUG1;#&~= zO(CIS5^4izPr@J%Bvx(ZjP|COXy4KOsD$XB+q==kwDL^E})YNexmz zo3D4?BB#@jT03Ks&4Tenk5Rwbp_C^usQBgK0KFy>xlrQh#kXN!u0-+Y|@XdqAG+tDr6?dOEu93vqr*iW0 z8Xifh#sGb9L?f{%4jx23q%xLCzaj5tU>L^)WZ^&E+`dzr<>d(W8F?7_N&PyKc|Dh% z@_q`~rG<_*=*@_RA#jzwg%-9}AO$G)*Ke^BlVA0&6d737no)=PrY@OZsNhy8?q}P_ z@uSAcHZl4ym{ba~%ifH$C%YZj$PyWM7IfkWetp=AmE(3ZV3ue)p0Jxa_WJhMV2=xR z&~MNSmq4ptWAHNEKkF3e0y4BI6E14|^2m5*NC_Q5P;b{mHZZ(g zxD)lh8{q$2GbH0gWjq=sJ49lGHcMF`6#m-=)9qQ_DS~D>KBGpg&xa4I{6e)-UUM#B z&8oC5WrqaLJ#U5I0d7;DM0K=Pl9MfU%`Le5A#z2K`QF{?6XaG!PcIsMRWrLRtzuj) z?iPII0$RN19`)xVQJCGe7M%oq<>N&Co08*KqP(*Ehikb*yk@LhbwTqK`F5lHN%l-; za|_3`g)!JhgHq_&GJ4*e)Kt|xTkGbOs8OtN`06DK@5SP~v_?9- z4MZIr7*4!0p1h--32l!Lo-XbyWaa2*))I8?!}9bEm2oalWLmD(JU<-M? z#aC`QGuKdo8Rs2=H)B>UM+up68~P=VXa5Sm0eb-Uc`RyMy6d>Jp(j(WF{>|41FPd@te3i%DZ)+Z`0Sco$a)V z+`hUZHbJ#KY;TED{f}uV(XHJ@xNamT?^OHQ9ou+umR;h`$DDL(>^;+9r^B#*x)=l? zm9BTD32kF-n85Vukdjq&FZVy~$XiH1z#U5V)B4I>ry}Uv>}=Mn{g~4qbCPqe@P5bb zAvogAjNy3>_Qq2uvnJN)F;Xr%=`VBi=t+wsAMi&UR;~F!$1Iw(*`9o!vZVi17K@Y5 zkHX?48v6qom_)BVwgyA7sItctR}Mi_=7K@K=K*s;-ui_f{O?YOM(8O8OPM+FC?8Dt-5ZI@Cb z1A+?BW5Qi7VP;kdaCzX{YV6>p*%Oc@2p!(ZVm~>Ez<^k2|7MNw7Oi(~jn-(g>1Pm{ ztilQF<}=7N*F$LegsQM}h%kpHTSexx07HLWjhMNnR25n~w%;{#a$y!${qlenfdkHf zmO%2`!a7W&)Ux0$OEr>@M1#V;ipjwQvz-5bA*#1 z6DRA0yb34mJGpa!GtfOfVoV2FuZ^AN9GnA2uzO+I$*F&>T|^3+3ccL2amfi{EsT6v zN0+Evgg2;sLV`#Wx-mUP1)3-2q~&P_?LlRNT>a)FFnL*9=RWfg6+OKrnF zZdFxJBl(|+I`1q-NGvH@aF zGrg6zLmeF#$CJBIZMVhka$Y8-(jtSJnVm6H7rX&E|2 zqGxE0N%kIa@nod;X@#WlMo5hphZ;pJkY-XdDvfbJdxZnwcQyw7X~Nc4ym*D&Gtp|i z_;g@H$j+%48ORi(5N@9T72cAv0%m4oPLj1D8PGlN(3^roz}T~$o9=?NzH!c{%(&sT zQvalrfH+_#)r?#FL&dpJue-meoCoyMaG1*3J?~ra*b*9B%^@pdlXZ`6)?|qoWo}iR zFsCB-ApO{8{km^e7R=KcLu zSHOug>1XYJ?5nq9mygGdp&50qlXbkOk-FGm=ILcxFGr_gB1p+CoWdDR0T6+7hh0xL)6+xm&uHCKj4!ODb` zJ**90COhP*4nMB1;y6G+uzS`&AK+N4mxMd~>?gU(;~Io?Kw|;l6f-ROPdy@!kAm&b zUv=2o@cR~4UZdrm5nrwy7y)pm|9jtqy@ydDCV3`Je&gZ*70~}7n1E`$I*5p;D8_A7 za(~i7nBW;UA@$2Qo8_GhcKpb_+i6WI*XW$7uh-=kifj2X#N?^kA7PN{@+d$<_NXQz z&#EO^(OC!^7LhRl34^k_qN5kWXB^kTd|&}ut7|yWd0cCTP%w$2lN#Ji^R1CVXdrTq z(}WrB!_0;2-^l^(YPBTqsrkHaO6X4bDtMPcl1=bl^djTAZ!EkYG*^(IprW#L)^>xpWw?}ma_Bg*eC%=m>_-zb5h79Eg-fGZ8zBm zoNJS+W1uDQdAH(b;=!^)NJ^Q9-=HFcxRB34aL@&<99a3U5(O{M9q4U^HlTm^ScQW4 zBTdnoa>fseN_RVmm>-$(TC=>GtoDOCVU2or%rFu$BA00A&owwRENe<8fCFob(jVfz z?7L7V%QTr9h85Nw^o>aWV1?5_={FdK$d;x!jq#~0XU^r(cPs(%{KX{1JjEZY8>zd(Q#&nYM;IiX&4zs}Rtu#P}ht3t& z`d$0Fyz;ZMW5simHF~HwR%*wUw0Wioqa=A4&yo3{JK<)+3RKod(6>-?ysy*-si%BK zo@)IOeN-cXxV!haskB+T!;eV@@W^*m;^*jMQh0-$!#YdrjjSH&3O2u6y~ljj2-w9d zAc*_W$!7CKbs2@TtUBpCvx`WPzC8{pJ9vUm6Febj_l!K(MLRa-FIb4)QtE#1 z1f`tbzOcKTdV@gba^E~Z)LimpCLzw%( zm~WA^OkLkh^aloDC-}l`bDXZWnm7Yh|PB>J`Z3!(`OmW(~w%iJgK{gnvcJnl59WH>w2t6 zmXKyL69_bot=Nh|ZP8d7q%7EP{6myb4BIoE;6f03y&`E zF%(m8*$^dzaNs_e&ZM?S%$AGGP)>K}s7Ykjt4hss?$c+Qv{`O>Bs63^{86ZxoNhEe zwW=od?$&+r2aOtrEzhKZUT7oQBhu5xpIdwYeyT*51x#87Fb`)Z-`ZSL)Pb?RT@N<5ZV% zG`It@#{PjcbE}0AZ*P}hkUZvH(!-)>%6nO^VXDn2TX*8zTMt4IAWqENCYiDe zFmN9b$cM*vwq&Mh87yOjh1&2=e3E5`3wDgK{5!$bNS4m`9gs>k@zv)K5Ze9Q7PeJz zT>Qt0w?kpfHsaiZ!8CN0TO4L7gf-eH-xOFQ$eKSRMb$~)>~Sm7N=Md*RXkSk3^WDX z-k77nR$0v$`*ptC3yjLB*q~4r} z6u8K$WTpja`e*3%Ujh|Wx}xFscFF59S^i$X!O?w~y)TfN67t2Yxi1{84Ya1|e)(m# zgq}e)%NY%}A4d|2!q5Uf&uFz85_)Mi-teP<7`}wyb6zZEN?tuvIDd=J6yx1dp6YtR zNO<>geT825nOui=Y2*19yz0%lgM&>dXyCviw3#;p_0-oa^OZFEc!UkhcZs0q93Fkk ze{&+FQ-OxFhy9xBvD}h(8?f+B`kj&d##Cj}xY3faLGQ@|Pq4WQwyv?br7S4M#OHFY zfV9-V_r^51zV=$EMV-jP&`lRa!}rf-4s7dg4){AD4W&?R^(*^Q4l*`_15!D#)YP1cm#pBU zT{W}`z}wBiO~9e9U|w5hNB3vGdLPJB8I32Vo?P%e#ZO&CWOY%cVQ7c|`3x{BQw_MZP4xPquFe3nSJ-KAj%=~*8bN#H^P^MqJ~=QQYQu=@-k@1*_b7?O!1Sa|M30d#zkT5ZB)=U} zk~h5UCTb4brQneh1ZJSvjJxc!5HUUKXEi&d?r{S^c)a*eK*?bzgHDY+kPX8Bd`0(p zt)#<`ZbskuBsZh)Ew|9_;V+T0G!n{&fv0UPl2|#Mi{iN4>Oh7jOEwgDoZ`oeYiY*R za{D#%1HLUqX+vzhMA(ze|IGqm(qvI|@(~woZbEj&??^lVYXKA_B401a>2b$~7oy%S ztn8FHfO}R=vE{RYqhKd7M-Ut3u26@i8Qrn$C@cNq=4L6QDI;l-8p3h!BuFZVACUkLly#}3700>zN~hXt&($W$BB29 zs6%DqOsRsrxA0{$6iijhG|bY-!jyzr`RjAMFSb2|ENNPv6wB-^Pp*O`^W5)+$#M%d zpyghP9R~PFD=Pdg@QEcM=^k)Z;$dAaAC=U)|8Sf(59{{s|Gff9=P;e6NCh!Nf9QuX zXFWUVN7+{DX^cqbGsHw1Mjp}(w|*oU;a3;lv`1Q4n zGFb!2>Ji<$qUw{mV0etId(9b9kE^ifI~z`xOr6iGnLXv0bk1$0nY!!zQ|9b9a=HVf zs}=$&HhuMcbmZ0nCX~8pZ>div2&71lc&4mS?=KhWf0H_#kcjYzJ~_gdj=5k8ixBh} z$Z79(xd&uuvp)kEu}J1DIwDcK&LmUq*gNJf5?W(I4y2siYm)Y|z=M6@a0SE+qG&70 z1kHEf={J|fT5)cMNN(_EvMwG+AC4&5&;u{vEVN@lVgX1}tvSYt%FOe)8kow(LyX9Ca%54D$k- zsomwXTg0wmmE)!|p}I{dH?O*WO&jR@uaAQ1Vs&TZ3;be>ggH!&6MSQZ#z2gv!>myU z#@NEZ@|gD7^N&t$VcmK2BbpVL$xDiU6#kYszSWA;mw$WF8}?KK5B<0UH+2Vnj9ALY zU;!nJ|DWD>nN@Zi-+KSfU=ekAU=Y_Jfx&!#2_iY9g!%IR2&(t4846hBOM9s*;XA;sxB;lt>-&#eDVOJ%#@czAz^48z9VM zl~Rh@)gvX2z$ErO^SO}aJjNH`o7PFFMpgP1P|^sDa#5dg2(X;fX}?%70~FdFwx+f$ zVXF$+M2&y&NDeqaU{5RID!-6^bucTP8IK(@2j4I5gspFB60=wm1Qg53kKM5sPFAq z8ooAc{{Hrk223SFkQAF+^^lqYKNY6Q<|v~rnxvliKm++1UHI{b9hF+4jhwwoH^N~V zBXeO3Wp$X+N^X_HElVB7C0tV69=N?*un@@%3+nFu77waLIBpON1XJ1_`Mc&q9iB7$ z?*SLPmCQB0;PQ(d=0Dnak#w*(J{|3MN2Ue5e&(C>JFMXGQ(V~HdtRm7&Ra+kx5ccP6l9LJ%V%0;3+hFzJm z=cdR5L(BobtziH#NOK@%I!xlJDP=zf5@zkjPCaD%@s1CIQ0no|-cm@a$$Jd3Hr*0dovkA7q1jzIcku)al8lOv_a~MmEpcZ}S<5$u7J#`fDG!hAGWj>&N7 zx$3ByOpd@@gR&lO%s+S;X%Cxt+KdM8Zz0m$I?~q3f*1cdL8mi!4t_}dLESx}{ImqX zq#KM=-Z-mx`mf(HV!f`eYdC9+A<21ugZis=rJevjFYm zkK|h*t6_(MgRcNLyT|eS`~w+`@cA#rtE%CA_oXQHw;V)zl2VF(guuf;PO%d`M8cc? zotZUbzV}lSCE^m5VZ>VJ^BIKN#%98% zKW_Q8fKWOS8gYvb!fQ&Tj^b@x{JMS6cpU_4%hlG_ba5ng&6^O?VO>1oi2U-jkS>(M z%X0<+_vuENFB+RY4#>EZ@*0EF7dWH|HkaF?bm_vn6{UJuVQxt4Fup)wd zLZ&xW5s_weyQZ*kR{PZMpsZLWHYWf9YSW5#>B}3-R>X9Tdh@-bjd`XvCDd$-%&Et5 zfyMEP3q<%C>B&WMc?rx1cG8pU@27VW=ec6qBA#HXRAe!$0ux==OFq%b&>5?kR1=*x4#rOCIB$2IcO8 z<+Dxq7zhx z?l8$p_z@=gK=NofY2-P6t?^Gl@D_|QG!bVv7v5#8Pi9&B3_i9#2C9{&r~mB$!s>t8 z@x;YR=W^xW69_uQY37$N;L-U#l0uKL#XJT$GX+4ARrz?mX$rbl&Js%qkUmZ7*tAh; zCU*lCNd4!HA7Iy8obhFM?ACJRbyRFP`_gMw=x{(}=xFR7*KeWzw{yl@#nW zeTBJyx~iqFJ`7GJ3)43Z7nSyia50ykB8R%9>ev{glGH2CMuRS#s_|l9UR^_cB6mkZ zOk?t+0USX`Yg+*OLG@94E{^38Q(S^Nj8MVT)Fqy8Dxd``PNuo-i2ItALj(iE>?xa0 zQ**WRLRd392RPE=9}Lf`u&tTiYrYcw{>NF+cTCD>eQUh*18~={ZB=AQzHz=E4Zg+B zqz^#$5}N8pLK%wZz>%MZXp73Zd#=V2oN}t10((%}rBq-#W0>PT>?{BCc;q3Bm?gut z1bu`Mt36T%ZZ81kfCBF)RdL_DABVtcFd-y%j7b@!O3{T04+whnV_}V{oAZ^l&O+@h zb*ehdy{9Wc{EEp<@Le0v=PkgmC6K|k>+l2Ig0!PL!toKKSXy^&v*7X{S$Fc_b&Cc9 zTNfo|`;Y0e611jK#X-8$d!wci2nl1;ICT4zvH_ZDJ9@whKSzixl_&^|rkS zvZ2pK>gGu*c5Q~@0`LHnZ7-01=LOIdm+-+a=3ch-( z`Cu*i_aahrs>l0*^SZ_U{SZyq&QN|#R5ZVNWT0{DNK)3WhVdD9!KNfzc65Q=&o;>x ziV2xK^DT|_Ly9q~ai6GTS@X8NuEo0&0%vawQx<>y{RuWzmYeYK##P`tNd6P19tG0YsiQg=MdR+l#fGjmTVQ(y8V$w`p-U0=l(lYAsx2q ztHkPVOaBNA;|!p|Gp})Mb0tflER{B>sk_ty`Wj7IgH3GqF{*MaK?YEa-ir6)uUpHZ z7Vv_Hv??dy8c*+y0fWn1z;gN-UxdPH4>C=ubef&7b{{_(DteBv$`$_ZZwGhG6tBOrUg2kgI-CA7}#WY8Pggs>KT{CCC809M@3Y}9NW z(6lgEn)t5=zue4S68B%xsb&{I-U`Zq9Mv zHTlJVU=wYm0VT|*tnAM>v_1tq#T(~D-b5ueDcU)K6)XC1fEn$aSaT`XzTxaK(f#K^ z8Df8|LG)dPzU9?Oku87IU*X!VYo#v$8iw>^i1`5v>SXZhMKfD`r$Abc*QD9=npH*M z#bCVv+hAVAb278ZCZ1Aci{rJp@84tZHrBdsAG0R#6ULTiLRcCvAn71@?lmanm`O<( zicD~A3J6@~^9FrM>abN(A>SI0%<17cv1_PxEU~exqxlVB)3TxG)kt~5qz}OyGS)^+WoT=*6_3E0|kMn_zEzP-x#tMaJAgT0<0`FLcUkCvR zGD%Z>&ViFU58;nIsO}2sXL2^dFV5xy-_IodC^aaRCo`^k_009pGu@xIA1{UF-r^Gb ze-IxpeA4;5*gudaM;<70QXIbWUp2$ifoN`MrMPCMnt?$7?tAqq_n8_elP8}ZE~^ZD zTlsLa-?Y0IO!*YNw&8sLc?!}&KP4P#tA8l#Z0=$(rKVv5)K1|F#J9mNrM&)^^XFNr ziTh~N{S)-}diCe7`)Bknd|Ox7WO~%qJKO#9UuE4V=H;}2#UkH}^Ubd>v*56(uI0z02|;~1P0F+jPf28gt?;Ny2mlI-m~ z0j|d0MKM6HqHQUHe`5)eQzW1taprS6uht9dhf6`IS49=$<8RhPF^3tG1fLnDmYBdG zGPWlZK>9&3Ig!Gd0rUndiBGh`@P^1$nP{*mfeN{rZ^yrl%E{otVGA&d7T4^EJ4~d2 zO_!=~~%`QRs^p| zlT!%isTNArk#dV*c`FV`I8SrN+gai6(JbqS`S9z{+VPF=wpE!|ht%p=$VJKAL4uek zLx%RZ{59*>Wd3vVAUin4H>%NesVi>gd7PAwpffO10~p$v+uCnq23vU3%C8=M73Ddw zsarit4LKW?It8BiUJ$TyDLCH!gM=#xb7DA8BVqgahka_8%{muDCA*!+^qb^uOd1lm z-5H|**GsKbmjpDJsqlI6huVekbUt-g)pHY|eQJ&S9}g7HR}PxV{73F3=f8JyTE=uK zqd4o-O3?(%ecUqBqwN~1NslPi6rgnfW@AF1`C2z+DJ#bVJZoSfC5Rh3ttrcq|8BSL z&8DousP#c732qs z<^%}jU4ns#Jz#N}FrfD>i`w7sDTNz{u0C{&QTWpaIDJxbVVgi?2-0Ns0>sud*^mm0 zMECIGxA$2%aJoC-wjFkymRuXJLC$wTVV-c&lT zV(qLM?EXz1)r*j|ps>Fz9R2B1Lqo|@N2;<_F9%vGU%j!0y$6BquGU~+DrBYvTqpRS=9w;84=!`_{0csYJ~r69wex z9a}02d6uEz%H|X9haMDNM*@=H=;79QYodV3%x^USS1M(o@l5o~=#DXN@N7SH+VRp- zaVIv#@o%}ytp>=I#rfC5RzKN};L!TT`HXU$nM|5atYD$8;lh*2xr07C8;yx($sG_H zW+Yn8cr)4m?+UJGHk_{zk;=0`zZunXTghGlhcVqEO~WnA80~CZg6P#9${wIanrUSs z)c^qq)(eugDx%fkvg5j~8iWRTVqT$9ZKhl;C9Xi`RXoiNYXKGX4JG%79uCjkqw>dA zGF0SlkX&l++o|E;S465-D%fU$+_?gah3_-^-h|wiW~TH};-zPKKgkx)%%PlF2gJZc zY&@i0x)3k-DQBF6cB)PDP+c@-P_4R-zaz~oHidUxAs&q{AjD$4GQ92Z`y2Dw4?EUO zY1O^--X-c$IdI5RKX(1|!~LL}EWxVhF(T>je)CYx?lYlDTSYBeDVL|c?k8_>*6(DlX+aAsI+?cQwSLyK@ zhng!}`hd`HMt+G(2+dQ8Is1b_Q>hw}P+W2a9R9tWS>6kO&K_RZ(ZNy#XGY%) zUvAgTnu*(wF(tcRR>a=!--kq!j#>z>0`kQt_GA3BWI^QezM3DF*~qrY-mMtU(}H+M zzn{n9C7m|s>FB0ya>dieVCR$O>@U^E4g*Ps0##7s7#{#QMo-}-P?uF?o}h$Bo|M-U z_^Uj8m$K!E!+Ubj6LbPpptf3I=8+0TgpXI+Ciu}f!HH-Y>}0ct1e#DCY1TbS+id$c zft3yu!!ah*IPsmHN6}>jLHnK@22u4`NAg#vtyAuk+trQKxpQK5AkHnR07m)rz7Xbc%)Bm{CGx_5lDrkdX z8Cl2=1|PQ%M?ZLMgD!!ZL%9sjog}GfF8uEP^Pu`5k+2>o;JJmyL?(N_OQ~=y({J(( zOci(dfTkOmw*+!RX7-Y{9FH=2g;F&nL*JMokmnnXLT#3r*9#E>sUU2=)AG)4Cj1Qc z96vmzH;Cm36XTI8X%`9B%dcpoUnwmURB5X z)zib&+hgSl?W#Xe&`7(5f-Qp2(lGyB5EYycjcM9FGjq8WRs$fX#*?+Zwvg^rHjT(8YeQJU0upsx{V_mdVn#%BXqaOjAQ&%^C^F-4c z{qN*Iz>+jsHTOndlEz#(XbMEKoh~`alkR4}*&Inq`3rRPDZrI2Vm%N;+b=5zMm47{|q0-NPYGnWsvSr2{H5maMAN+%jVc&5*dCb-lUC*st7cv z)?$Z9M#tQR`u_N8151XGk7R(uqo zbG+O9E9$1L{U7MtOnzwiw(3>(=R(WdXiQSji=PWn%3&-$O64!AfF%fLKGy>Y`%ET_KV^v z5>gt0a=2dmfn!Auy75x+B~2*I1$eJs9%?cuO9PP?_8d(ZX1U& z>kWC#P5XAod+?38JP~fQ-0@eq01v%qX31z|nNx%_Z5sPb^Ol9b zZpTVq!UxLx+^II-)YpJQa#64Xs2Xc&aya#hUR2$GN7%XhZ zpKwT3M)w)`^~#v6?YBBC=1l}}V^e?}?qkrhY zOGs)vT2d^v^L=q?_}Xgp?R=}+=_(zThgDcDwTqH`+exDOVn@_J7ss^+?4w5#uB6$1 z#ub)fM_1QJqqBPbAK=fv>g3i<-(h+mU)ZN*WRo9IGn4!8IrD!**SlHKQ}`v)K^b8R z^c4QpFDs2k^b{UX z`>cGT|1;jPhx-N!aJf0NmpY_pqd=jKZJ?_V{jz0v%6(?`QkBUr&P!yjFhgV-nK!pjqH z67)p>tUlmC6LEdh3E^bnu-PYgJF2Sw6W)_9bwHuH7QdhF`AX9jKyP~rflN4D0UuBo zV^f2|viqF=e0gs>u&|UuDF^^xnaSJRmfXm<)h`EFIHEJrEv7Yq)yp63B4HtHAXo+Ez=ig_E1>DyUplj&yqb866CS8Yyk#qljHabW%J-$+;CEcSn;RlSQUULPy5I^mzX4exCETTtPG%D zeE;p4Ym;xS>?a)tB!ZYmSkkuiS!#IjiUBDX7eF|7!CKn>x5>qc5*_kjJ5gC!_Faql;yaeht zFQ1$OFS8$SH_=%6DJEACVVDLk-BUBjFXnVk)(Wr4slZNO_iv;+AjBZ9wh2A%FvGyC z7e3tasg(lttU3Mx@HM7M%o>`uN_*_sgP`lKl+7@$8+fpafbqY%7qd-oZo=m5 zf5`IOgtUODpa_CAsFZ|siwM#Zf`F8C$C(%R@A`euXMfIh{yEphKWo2x?*-30^UTaW z_uO*;>a&JMTqS6aKZq7y+IWe%5^NZ)aG%-*`T5Sd9@9=xm9-`UEX(EkyH6 zl)s2d?Qa$GpSwCh=bI3r|4vgoq}+i~I8eZ@2`>>198$FISf(2I#)-vB{m&`!ylb2W z++}ZUVI?jShqF|%K)38+o3GVJmvAXY##e{3Go);D3p3qm_TtQ-OdVaJ(+SIbjqt9; zeB1(+BE11Y_xRAgHa%Ko{&H`{def2TiV?JtkX^80cy4WZ zuzRh>anmmF9N~F77yU_34@2@HpKWom!j31u`Z`~Vc8h*lePH-jnbH}yu2SKaDJ53f zNbDE|D?}a*eSn5M5R__Wzzo;_oFXtK~B zR{^B=>I67K)!OE2_o{V-`v~tl5aV<1k)zm6Vz?peLXJor|F8>Q2f$#IbHKu>ZT+!V z0xK8n!W>Ao7!~4nYpk7)`+|(NJ^*!Q-%%J2o%VDrupx@6se~iI2>as&Hf6nF9Y#q$^L*0v*Fc3T`qT&#&o=aPH4Ak#VgLk; zd6j+jN^|1}II4I_0(o$gMP%f84p>8woUJSs{%(rhM@j4N+9ic zg8a=zL{)uAeSq@*UBR~x%syJZMfCSz@x}F5o$|C%TD$|ygI8fg%*|7dDQNk#Q<>o< zYHTNUkRdoAM#ZVaaC)6ba8Il>=NN=AyCCBm%I(`XDucx4#Gdxhb{rvi7*jqJntn`SMDB9U^!`Cur1&ls# z9(lrY`$ImjU+p;0VT&UIzNCO;?2aQ`Ig2Fz9m%jN@dt6>pckyy9xnHINCpkGjM^Qu z&H3m~nECwu%P&GNYByiIIDNZHsY_yi@xlc_W|V?DCOChT;_PW9cR z{1jspExxr<#S|U>ye3!GBh9n$4dw(1#!sa}_GJ9mOLy&L;m)*VK#B>VYH*W$d~nT> z+~1bvqt$ohwru-HN?+-rZhssC@f|U}It(ObTl=3Y27qq~fBA2c`?EXW>k6o0Rw|ak zf4iNtkk_NtmG!>K8dRLA5vOS6l|!^6EDXqBl`}O?BihAP8{gdQ8y?bZCkJx^otXD2 zhvr&f;4dsr#rjoj;#SyRQaY9nboox9(IVr9e0CF0H=q{o8if9-T(}Atu8tR;>URiD z8?7ycw=@JCCZyCst844vi|8MIn}L}|)>D64P@jOFTVdXz-U-{62)ilT?4f_W47iz% zw!m2MTxLCdsdkiH8W5MFqYtYxV%%C|DXJkH| z6Z>C}5`oUgPk3-OXR`6gb&>dGn=3DH4(pb6uN&fQta!+^oI}KOGheF%Df`ccoov#$ z+`5%%g`74VF46<_oqHYH8BRvOL-rLUgL*+p`dI8~AcMaU(79Op{El{8y74n6L6~6( z*#FcEXYXTT&<<0H9GdNq#K%gP=%a0Y@`vDZe0I&MWEYhB?Q}f+#FswwipkiUcjx{Q zdH}%N47k8*TA;#VZb9WYN#eu^f|z*VJealiLY4k-3>LXu`gzrC39K6)5LEPJaw1$0Y+LcVXFApx6S%osQ$0HUs&p;Qjz zWHCyO7SdCkP=px}lMcrUr+trKS4|7b(^d7N+dL%C{ekA*vkK?go8)3Lj%Ruy$@MaT z_@Eoz`23nx93t{+ccbxPyT&IsyXVc{GXHqmxdx{hx`j~!Y`Oes;*E|24hSmdB4i*| zD%l%R?0wq+fG_=uxLVoTSLo+bmCZMq^Zw1k;-!fVq?7qyUmyNSOua}|wD*b$iK%i1 zXH)#q$W{pwk&{xMAN~d8?R9@3&)J31G5>U#lZ8naHAi}9k&Ji^hAqGq7)fNU~BQk(zlg0#(a!)&B z-lA0Gh#>encL{2BSY0*Yr(ke4bg0`+d^MlAkHDhH28*L=Bj8th9eYpK2hRYA1F4;$ zXd824+OITc6pIXj|L~J*09dcLa|#^30=`WHqTO;-L3i;yRy?~ZAF|pAAoAqjV~5|$ zi5P#`I7}?YGzMV>5(MPr=k;ed*QEq*=hbAH=~#BUvj9{+fr;e>;hik!8&MfKc^Fav@`33l2-qfAt*!k6#!w4${6>5a6w#VPprhXqv~KM);*3R*Bmtf2unkrG|t)`{#N* zFZmF_bupRkXGfkfmpjk4%RCE+qi>vsyrl`*JitbHI%RF5Y3M14c77+IU-AlSR^M!m zWgfl!NbeNxMB82mkC0d6v~+ zTe`&QCJK>p*Fd6i@eGhTK#>L*+k!BWx@EJ3EaspUHJD4waze4Jz^PPd6{hwp+4D*Q zf@$E*_@Od2t^%i?vr&r#Hy;N3%3kc%!ZM!$koV}3gwVi7b%M*H&a%c?kg@)qcP%&CAu#>0hWX;3w;QDTgeWl(S%^JI7ad>W@b zdLvpQ1 zker-0WnnqWE)Zyvp(Oql7BJE|17P9#vDDdJNQ9YO%V^MD4dHew?jFy*4C zUyFy%xMJ&{s`aSj1DN3xguYlh$p8D<4#Gf#)zylO_u@p4oR+`74t%{__V9;wp)59? zz=KHtL2lBGWN)auJ3VJ#vL~7P_Oi0c7KK>83_nlFKbXL&b@i$4W-103)3PK>B;2?n z(Q-lY5E=UB2_@N{`oUg_7H4abRc!b_0jRICPr|O+RDL&)7!r0pv=`#q%je8>V1(&8p8*>^+M-Z%1rLLrqCj{2(p$93{+a?N*Czl`o0B~cRbxM*=ldP zR3#6mTPjxS2|AGp((XX)G0uWH(;Ur+uHKn0!)Mg?RXw$miW5r%g|$PacF(H~ax|_8 zc&@QX7I>jp*kmt;@X{o}!jcpmI*+f!Ar5*q-k!%|W2aL+5Fw9h8ZIr4ARE$l9+Nc? z5di%JmG$>T!ULPHM&S}Vw)i79;l^<+dDKNmIrO|l;XWA?;~SaSzCt;c!>=0cWACq# zWJ=$BXUIX>)*jBpG}O+$ZM{0v zp!#C*4$R|Zxc`xOYgu90lU`y!F7e(r82?u$AWbuTZj1HEa`an}Vu`KIo%uuy=(_H3 zsa-Bl2mF#|dmG(dQ|AaD#z9K(L+l9d!%Wq*i>Gg>z=X;DTZvp&2HRy&Yf+nCUEl4f zw=pJ7<~I)qxcVMQC0;pm?)=JqDBTv!VWZOg9-_X|X^fZVnNKnIUi|RQQ^M_=kFgd1 z^+Ou?cx23w<(%sl6FK%}<*2jfr6l~P!-r+$TLM_5u<#T=+Yu*hOyXGvEt2BJNXd{+ z>`B$3WvJLh<*-;Lo}Th4bx!kHo4!dY;T`ls(r?V{{u_Bh&k6tiF4KKb;eKxRv$0HE zg*k_}u|^Tu$^w{pQ`K0pDGroe;hvE%VIN3)5T1R?>;YbUZ>AFa8--&|lj{VOqHe}c zK&*tQe5~_6`>-K2x)nph+_|oqYha4L@X(%4bm-?$L7P%8?INj7lew>qaooDs3&m4J-3vNj?mwxV;cTxc3wXFaG?u(VgBNq^ zUq4bNqz)ZC60B@KTO3r#VV=|Mr{u%B_)+dWD<{)wQpHnP50B|hwiF-W@v<&rA^$xK z_UQuRFLDp@_>32^@nRn5;(fKinSDRoZOHK6qI;|88NAST*g`;#<}77HPtyu56Yc_R z)!FN&whHd*>9vR6?>!@FbH9?bY>DKN#4|H0%WwRG<}d*h4)d?}ryZED zBf9)%t*@ds>8Eu|%-$Wq{=IpPSSC5x>>h3{sZ&1P5jFUX6g1BU`?jicyEp6!uUU%%j zj}uOZ?KFP;1!sf7+^=|dl4(Rl6C+Q^7WTW8~wJeer$vjiz-CeA@<+190GsxN3 zASrmZ%b>U1pP#FJOv?xQqxZ`lUO&T$O`!M6drqlFxejAgf7+qdVl@+1%1cQ&)bv$o z^o|0InVE;jlL$gKP@6!;c`xNqX2Tq9EFYf03-i{e11wuafKs3bVU!&VRqOcox=N|Q zgU%THTKyLs3*WW0Vu7>c@uE!OT|b5MbgMC%lP;UM%Z??uts{visaxXt!~T~b*zkLF zm&E_^=Fg@G>(P6woc#66A}$_^UnN-vC*VBIVFq>nk{_y$GQjHX9O>ieIk+(^x7VlJ zn8m#$?8k&Ee?h6+Hr@6o7gSWJ6#@6&%zUi7w>aVLCiSXQ3Jcu)KYvh;SP#AYNE{#M z@fyR)zbH~~i1I%b-1gxNDTBWm(?luGt-Teq5`(B~e`ayd<~xO@6@tCze$z zjkc;ATs#ywXkMULSZiX;{vKSB-$acZT)~rB5L5Rv0^-&?m|(#wAf4Hur27r6ykTnVx&& z$DE&aW*J7^?z5@9Nah%)bsuFE`k^sCCDuIt$(^1RyVL+;O^Dda=fi$=Yst9!X}giq zE5>EjB_QS#EYlk)?qR95$w&=`eW9a+=J1heZfnq zmb$<3`}r-~(dzx)0L;J^cHNDjseYF~)yHZw>I=e)3U`wuJ?Z#NGG2(dwvR=A0M^V! zHs-jEge&y;>7x5eC{{_>*%M+}5makiMJ|nn(H8eT@E9td($chn`jgcVu-mm=*qWp{ zfxi;~FqIY%8A&uchPBFnW!>4OW4pX=^njG%^nd;+;v!ZVi~2egmW+DEE6kQWq?nDp z!!M}e#H9fKkHH?@lDbKsin-S+0rv?D6Wpz@!$wIRuMV+;-A=QEWma}K*AfFZ$c1dz zTO9ZM%pAbWg;U?~EmKJe+FlyiW`_OPb&DIn(>lPn5{%SlWnD(@J7mF>E&bQLwrJig?e?ql8%g;|Pg{D0XYf+GBCsB8b2%^TQq?7^Xh+7j zAd#nCe0Oslv^&0L^zV2Jw!_7=bTxG|Jgsr<{q!R1kuCq7PToyW?JoF;c?T*SVj+VcqZG+B0k7M8zG z&T`F!C=8sO~AdzV7L7yWOS02Hk*RX^G2!=<}osy z4zQxS%nS@vh+d_Rh-6oJ5pxEI2)FrB6PYKA-;uZU6P{5CndC#rbaSj3hQB0SQ7_kI z^WKf1;Nei?v^`^Di_Q!w`mT#b-PsLlcaghocIde-b_gn)iBD%uluz{(!p_kcKKlC! zhM)C9Qs&+>PraA@)$Iho;J<(T@yeGD<&2m*W4RzSt0X>C{^oe6FEQgnhjHvB-lWD-phIV1vse<l$@PEB_9rCgTst}jpT#r^TjLh*&ENn=amst4S8!nB%1+X zB)8LOBdd9NPM&?W=(T7Wz#0C-3SXLxg|u zzx|++ks<+`t)8Y$=5hVB*|RnlS{ymMnm4k%if+4|a-lEqZ?@k|iGKn+1)eKs2vsW3!s-mTB zsc~@QB%L_y&%eIUaOuRt>jnwd|2{(;_8+7Cmq{3%IBYVmGYbJE8S&<9@h&tMKeGOA zbkb&-xcm2O+~2)+9)uSxec_~-`^WbknNLhWXv(zV}JCxae-?(h8^eyaHk>cmfzhAR_S9Z1txo_A`?E4?z|0#ds zt`D1ALQbBY{BeJc@?WJ!*re2SjpRF}A+K=5J&6utOM`4) zx4^s%PaGEW*Z2L6PAnY9l&4ea62?hGVJnvy!{8nO#GR$Drym48^|BGdzBe^f;V;e`9S+lT6cd{jPZz zdJP|I-g1};7n^sGzgc`F4Cp%G1_t;SFEgAaAV>6ORRGQ~Z+likpgaEFLN#aoNCkjD zB|tT%c$Df55keUhZRU3~6iGa1o-N~z8@ln{z^a)^su8~t)p;AM?Zh_YJg*90R|T8# zTANS{AOYK~V+;Dh2=`vZ-|MP@pMo6Xp99H>ZI-u=3Tu!muAi7@ZxxC2DV7PQ6Ssq* z(-@Enl0%yFtS_j<_nI`^Pc`1tNfv{>Gx+i9Bu;?KG?M!|(G%3KOtlofG&qjtN>8kRiXjX49`spR)vzG%L(D#lRi{uNMP2C`!pS zMfT0Q5Q(g^m6xDYn+U6?=G5s%I-dzBL0cSPsY<$8L=GDEJ!iI5Na4VL_>|xL7EXKO z*8$06n)>O?yB{popwfQyR%YQv;qGnpINdNVvla)*Kw|5YD8bmr_Qktx{3vyaP8!)X61TUtG+~jNJbKXh7Kifjflwb<4^5f^j&L z`Jm(jF>PZ(ZP3Svd#5gW*X?_jsy%)@?YMEQC z+wmHGKue6!>Q`;N@7%dxV$ppSC>~Fra@K0~#49CoF+xUO9!iha_=R_2Ov7Bw7%&#X z(_Wfw$$W2+-Nz-4Q#?@nrsd=-&@XWzO{NijU=rF6e;5+m`slp3VYQiyo22jdObkHy zkm#$^oHi*pB%vsfjj5J-az@7H?KIPbQgY|)*S_@^7#pQ|gSGQ`=u{*Qqf;4dlr@m+ zaK5w1FdWjcYuFHg{_kZuBxCm@Ozhwt^{_~#Ej>(ok`@*EibEla#t9I-wEAhwVTJ{j zPuRc_79m-W(=?hIVbtj8+D`BhYTfg>bLun1rbj8;)!P6D9kF4w;qjiBX{eP97xGXRJb!s}XlHk)=Z!)~Fo7RZ8vX*J zLI$sJ$hLuwJ-$o@qijfyvCG^_jGoWt_je&Kt3Ty{>6Tph5dJsv9KRU$0#r|wJJZgo$TVP|*E7~dmqLg)| zpho@;7)?GmQHSoJ_Is;O%%stQ%yFn{r#tHC^BEJ%>9&L`@!}EPrW@3Ug*uy5R^v6* z-QHDFSYeQ(nav7F8<#lW>wKnn5W2 z03Sza>Oc*-=Pz>WD1*o52g%n&o|8cq_Aq#DEhfTt)mv~yX1e_5&r!jo9kAlQT8Z!X z+Fn*SKmK!kmC}yZ~==q2@rlMIb~pjRH+)TO*VvT8eFXT z{q}iPcvffl1(#VUFxRG{ZOowD`oq4v%znIJ#uGF@0=7K? zP`xO2jJ29P2yYbpxt4q zJI&8({l07yy8azAUAh|8m`6Upo@Q!{0~PTW;`0jnHwH`XJ}r(_D}^oQ+{@1?upcc) z-ZC@03QZDtfOZL>OF1tNgQ7O@ibtW9SXCO#kK&PS^o9*iZPnXHEe21zr{HR)o*H|* zOqdXyZQqfYFCR2x_;hKu{i%|ib#rwHX8hSGIdJ%?*b;(8*x)T$_%y{+>fs>T90!6FhYS%byK^ zi;s8Zw)@FoU-13nK%Y7u?F-9ZdJ5F=-Zbf5KW`x^03fk1TlDH?990>)4QocVIaL(H zNLeF=v(vxS`901QKWmeF=|c0pQrr8Q#}E;Kbo4z$bKv$Ro12}WPV5{pYijZfh1_{a9i?{v#(VCd!y(IkTk#BJgOzI$Z4PBI4S%5 zaGzKabS5)3b45EBvQ*Qq&+i$~TC~PU=Nr#7of7@z{wEQTws)HcZR}}xj)ry65sB~3 zJFGF$IQt(qWkZQzC#ppxV{Yh6Ak*o?P|(#1r(X%c6V%SVzFoV&EV?^>ETOKJ0`1X@ z4*B2C!Y|2z@?`q9rmiYZnegiV07<7C(9f-FoMyjpgHoABH~I$7c-SoS#+d~>_+Le? z&fL;;edYSzc8LEQ$c8k~+iKRFBiS=n5b@L%_$uK|vzUG7b^Y7JIoFHp0bb@UQHH-3 zhXmTQva!NeXg?JRHtELXU?Z*$wN>47*=XmRi_J z4$fY&8PZ`Bv^7R@V}KD8d|5f-{1PQYjrVk{3SGS( zZc?gWO;-CbfT*|1H=uvO;mEDhpR1)xL?@Pw-GVCHS{N8G$oD+h0>#Rp1{6Oq^1q8k zzXY>xe<5s`dn`HaSa;*`3c>D@%ywZ-$`v3ikYZlbKgzCFezx`+M3}#DNkEFCP%nhh zVJrx3ohu!ADA=Lvj=FNG2fcc90c!^~B0jK&{5dp)Q#DwoPAUJppOwd3facP$WSxA zR5BUu)L|O!s$Oqk_V_q-j`X+WF{rQ%7!+W&?mY5m~C+C#UGY_FrW*<%>6eU>Ze9#HqclyW04fUWfX9C_Shr0GP^O6PdG zL+y#k%Itg;HaMgzXfQM#V=OIW1G~oDHS~7;(2j4s^7ZwV*s*-`>LpnR5$nFotQ?_V zDFZCL9xddD-5S)Xe&p)8QirpcbcRlLPQvjg`l zjV}NlxpJ*qJ5Z+LIB!#UXrSkrQc_L3M~IbGTBmq_U^p44hn{oELs*_+ z!&(|LM`ij5>YN9({eo}cj+ysu60uR;DW8uLeJCVRx_5u*@&?%!_NvS5m*@=A6j`Hv zpv+vVpAgt$nkoKHJQwfZuRltFnr3qS{jF)|E5qia5F6AYG1WEg-5qe~oahM$392i7 zv$t~#X@SW3$hTg^QWX`-{HR?2{DM;QVq;n8x71~=%iZdgwp?X(d0@jhKI0QpVq(X; zw?N)925HT935|1gJs+Qm+GH?n6QfNYN|;HCP=Un+$tb9Hb;HD2WsNW+fjZ2>3>0IJ7<-Bymd@N{Z z?ziD=}L$1y!KDr7zmN4X}TwbU#7_r-1;8n z!6(hmo1nm&i0~e!N?Pk=)*oV>}_7AZ}kN+RbeiDXQxyz zZ|gABWfzRp$X(n70-VC?<+~Y}H6@JBdFo+nG)+jpkqZ9BR(s4$nh>)S^fZ+>FZA>? zHm)ZEb0HJG;zlCQ^rQwD{sGx37+Lq&8yIi)Cf}k5QbU7T#r~&=^d?bh6T9x z8g7GDka|T{@Vs7@!|nSpf!ZEJ)?dhHyE7RO$R!`l=N3|8P5j8AMO#(R=OkdJSGF;W zxraxP0N7)`+u$-4!%*0rO?ow5V|9$L{(Rcyww=r9{W%9)O@eNn50;Eb>u0x);6P;N zS^}nRa#)hdHISlo#d8N2YwAnvl+zS*#1oEs(Sr;9SG_-*l4buKOA*;*ZX(>SiQ*zW zj!^v5k>qEA&Z&9TUkKUgv-K#fSaP=R6hWmf#>GNtYtz}iBck$~7*Kg};|e4@v6Zg& zchXl3pD0$&aeAYn<^DvmzlrQjQ4#wnCx#=sDjDw15zn2QXa=A4uChL=Q)*WwtR3SF z{CpzAFGfa7Ghju@eXBPc{gZ6id7+;TeLa+Tyuvw&@ti?cW4n=mG~>!aMtr>MIxN&Y ze_6TN`?W7-%8@6L!!@%f&6y)k>_CV#wc5x=JDS9m-Uc^4#dN8!-uKfbT8UYxkF`u? zGhEPJJei9kS&ql_qz6n`=|fDDXHYh%3aN#w5)Z$1UzwvG^iYC67X^B#IYk8Mz_n^E z)lc0YU3~%91~27$ghektS$nSQ#nNKq2A+9Oic(_w$6g&&r^RWEoh~o=-^}h-SMikR zH{`X6h~Jc!vVC>V0xw!EV3wtc{UFn7gTY3GUw4g%XT{B1BW zLeoqTP{OqZy=;!M(QnF6KjP={QlPS#IE;V^ zr0n(B!RGU0fB8?dXJyRMVjr{U{q#&RDUupYRnmb+WQ=x0C30ck8EUKn^2kYhso-T_ zv-_4YQ6!GzTM45J6xOHZ83iHy@!UVou&2j25+h>_Q`oO#Gmt~EY(b^T~fP&Wbs#@|D+ zQTL=Lh}FsjgC7;bJ4=NzXVO-tTV4RqXlmTI@ypw;gIzi1UqZ=GnbHK}5XZq7$o+_S zhcH)}Eo?VhUQ9_#J>>=J2v0FQFvoH3SV3KmvAKmDxNZeGXU^AsyBVOLe%ssfwB*3M z-iCMB9)`Zcve2E)%dvrK){_`5n;c23aE_QReb~BpMn(4VycKbI5{&!g9tcS2)G6Ti zZw%WMz9YVmAVdK2m{(_PH56-di#7OoZ_KG(F|4T?^>H70%;eyQ#Qp``T5Ufd%^NVs zy|>8N02Xb|Zt$P?3a-sKr+3P+Ow2Kf#!3Ajd=DQX6mOAWO#i(!0AbG8y))2SJ$;Vp zCC)7)Ve3AE_Ofw6n&i!9Qw$ItOsRFKM}134C002%b3gWhKpkybz8>i|zNOx#Pequ4%YVnfC@BBxfl2xwb2 z)AY|ljv%?lyJ+)3+;g*x=Qk7Cls$Se4wc_Am;?I^S@etE9#=-&z|UQ}z!HARnCxw+ z9}t5ldH>;U!24pLahyf^k>x$_{RpkqsA8av-_kHM5AfmjzeJ>VXH{TP5w*<}z<4yS z^vR9*79ci#p8IJquTPy`CVb1GAC!PtGv4Fp#f(2MCz~aq)KIVkiWI$yX9mz*R6!CX zkaP=VQEJtA08q0+n~B?^{R&Jmi+2fV)xtD)0x?0D{_u>mcLzfWx8_#!t|T^BIK&Cg zGt8fM9^_<_8a^B1Kip$NIo;45!pvVRF8vjU@zPkKPLtwfCoTFrip6A%G5dp4S!r~s zF+J)vBhz97vHJ&u>rD9}ZiTxSA|G8d68%b#W)N|M?QphQa$&6FUiNYGJm~s40aEM$ z)ak%UNG|NqzY2b-k<-gE)Qga!qjVnIZ91cf7UpW{f}aFBPL18^X3!>y z&h$(+SqS(En|vXgB3pGv+eWj6>I`P4k^R8A-;xJK?I^Mb*VD&J zx62n*#mJ-b(@DS!ePJ?5vr&H$=T^-km)?F^R2GafG~-ZkSG&m({B$Jwsjw6wkS z{AXDY@y;4BAhQhxK8GryKykbB_K;-zB;99mGqU>mJrEhPMT`0AKG9F>)%ET>O_Fo? zhRWwhWz(>LNh2=Vp-^)4={(n_<&uTFz2^5M>wJV#ouYj2Xn_sR!@ zcCzk}t4V08#X3fMHi->g@SQw$)Rkm;)J(l_6R^RhroL5>)XI?{4HVb*<7;TEBrx7n zYR0it?2qQ|!tSM>ug2m=N?>rJYS|(!q^a5e$ z8gk6OQo?0MRq@S?`v-xZ7FEBTW z8}zw`bP@EAx+zJt1X9$DUt$IV$k+@kU2bmTscB3GGTuUe@XRvt^7~orU`wX=VdeY* zNySK*2iY(0q5I`qwI)sYQ%Ae>DR+E%08F+XKf(#{MY|}p$Is%gPvO2$SR>~qpY_}O z&5kq%i#U&WyT#|<;J6wcgeC9}alDZ08@DN_kQbUPmiurR%dGHhmcb-Mk$yW!kXyUx z>&}jOqDXM|E(op*@-&n>_;o!OGV~FP;nux(dMXgK{HT8B5UC-&t#5) z0PhxjxyQ%XP!#Lb>^?{h{}w4W_AQdqkTN#5R+HY?i16#p5w`hlw?DEOcwSNx3oWFV z|G514zAbQ|1c;$auXTjPYy0x76=jnAi_7b8HIo;4hRcsmovrPEWp~PSO|VwQ+pB0P zcwdYxU)VvXu=e9wS4*$8GKsl;wu{D29n zgr=?2-EfEz308DO?K4_25(Sx}c6V=~Y9TRF)Axm%9%;MvNZS7?)Yngo(uu%LK%Hlj zUI`Ro&@SD&nbd=IA7dvU?W>k{y{rbC@j(doxF?_t8^4oI45aIhXGjTAN@ZY`R zoF!-FR$N@IPXi++cTxTq@OsLP6(+}QYOvqrkVyJXxStd|8&7OeOm*%+1k<_owDMcg zI=@74z_{OWwG_)a>cCehEY_DBp+qP-1Vu}`epVIqmOdga7*C1Om+Q0L)N1DHXm?>=MK^i~A!`9;&Bt)~ZJE%n8kAF_fiP)%FB z>1m?3Pr}r|(OF;TxvvStmtSnPr4nzGN;rJ3JR5s8C=W%raFN@%gnUp&J0d#pTb63! z^Nm5K;TsZ>U)zox!z7})CGbI+H>t8L&u@g&>CJHj`3JrlmQ_<{-^%7fdi4%B}nv^*AteVt4fj3 zb8{rJ*6UlFPhcg}VP3Gvv%9zxvU!T)UY~;BK?kzj+(1}`1V7&DEZ%J(w*{rrxkZ69 zDE@5(6MvIR2Flv!kC5MCvnM;`zjl~_qz+H|gpk2_KK3PWJRH!EB}8we1IwLw`_4mj$1?pVbyWo`jI2Zwvj%!0z4?YhL}8B(U-N4R??ESI!9>lm1T!b%SuDE@$pquS!~JlySLw6w<~j9b zl_Mf5if*}jMu~U6kbaLU-PR9a501(`n8)0(`WQTSiT?UEyWwl!LrGdAE;kkF+FZ25 zU1m@YAx0*uLX9fy$7_)O@vS_XR(4Mpmd~fLeRW<<@#y3iTED;y$N;Ofnp?LtdmqQ= z13UUmOUqf*UD>{ew~rc4hsW}E&n($U272pw+$%Pblf?{QxudpT$s^i(i1+;nNehjL zUL**KnhsT%;YyH@c>;6)7ADg4<%A!@xp5e96(J)u<_}ser*Po;p5s~#iUs18yBfNq zLfX$`55lw^X_@qP&aq%#!T`F{CS&VFooqt#_p}&o1*2Mz)pU(~9nIk~`>grm;k(tetdQQr+yJ5_njg_-CUl2CXXFQ+?<#44Q2gHE|MoTi||Fm1smTtlOqj2 zsZQ zTry#RMG8sOY4%`!Xn^8A`%4dzy-r3Bg^2^@UuaVA0Uga%XfXhj1ZaOMyzyr45F8Gm zXd(In%CO4vW^x!M6m5aiuUozkevK>b2-{=y84N^x56T(c-o3+CIG$0g-iEb7tw1n; z`V}XDJ_7_34Gtm4AZ_}tnmnQ;ZG>A)8)TTNl*M~Rzw*Os{CbzhJ;MN$m$=pBrK!;p z^W5+%ynSE@M0 z-YH_-x%95UX7Vbw4rEmnm}!?jTm3qK;@hDe_T3l;itdInxJoQs*DYPVo26psdW#^w z`jAG&>c#O2U0d;Js8SuuFKXhw!Bf*l#onuICaGU+2KYyff9TQ3KTmGg* z-G-0Wind-AlNY<pX>f(M_FxzYVO{S}t0ioShf*#YJH!W}xF1FQ4FM3p{AKTj9Q!1-3H}eUMZN@LKxI#*Y42yH70Ni=WwQNR>`%@x(lzR0UNSmKCiVA%!qpOR334 zRd0r_RR}W4fU#XQBsCu1-kcq>@XEH_9a|=`p|ml(w=~OGl*&7K`zdz}E`5OMV2WhH zup47!=nhQJboO6G`xp|$udd=X&++^wc4GL@grhO26Wn&xkGKH4jro-xWTQZ=5y?{yHh4Iy8H=zXiF=oBr{Jy>Z@t!z^6)Lz!yj^wjPb5?=9I_^0zi z6@w!Z?{w?#Y;#_~V>yHHdyL8BJNMEa?`N{KyuS5Z#j7S@mP<&4>tI2>&?9Ey^ zAcJ2~+x(^A|;q~KPEhPgb;%tgM!!nML$iDp#vvPQZ-#$C|fUQJfznQwz$t?8Xg**x`gK2_Z7ojQi? ziKVAXoO*F&*=1jhCFT5RSDNHF>T#DE6OuCTkoofHmA4kXd}e*4A(S|t>wZacy&1b{ zpJ(273Qt}37wYycAYWmr{QyY&X|kC8SQVrS_R%>g!X4<8+{KbcE6AeN{j)M8ti>u8c}; zkvi9BKg|+9ep82_HX3&e)w!nx7k@ZII-kV!Zy1^C&ck34_6WvpjUZ$V=*{IiZxP>t zQjMN_@1sKh!2O~bhHnB)TYC{XdFu+M)Y;Mf*BOsOa7Q`%Tq_?oBM@Ih2oddr@UN@q zL+4tyE-EH3n*9hCuPb2qurN{@T8*4!fg=GSNcGxN{RFUVbsufdV=8FQJpxgecP zv%IcxZMN>_4>0uv_Y#R4KK=laUY3c-Qv;zB*cZNJ^HU%!b#&+nN!o=g;v-OR(SaxVy(o<_ zKXxRFf2J+IWoLKWK;o<_#sR7Ns&9TuRfsIq1?aK7bH@}isq$-(MVEu=}S2N zG^A)XX!@_+L%)ne^yln#X z5H)Clv8ICe$t6e$6Ub|ba(<*_bhJ5On5zWr2X!^^m-u-uKFHqY;p4RMFX#Da(7GT! z9ZSxwqX>wG>-CRKs#V*+d$qb|0RUqDXs!Rp@yDZ6{!2seEj0Sn(BsIs8YPwtF5a22 zB!=>k6{_C=G%D?`{rc|vN>ZhXAEM}F=gaT?^d1wZ->EgYHyUtX4vnD=aLaJ`BWM_) z=2vB84>2EX4eo&&^c? zg)WWlymbpQHhK{kMc9{@x#qGo+;ov&wix-nAIC)6^9u^erLCi>wob)$iVjb8kb2Hq6v%GwuEUFz5e3z;eR z^kmJ%Fmr%BaqEA2i#7^+j8}hAFSMLoa(|ioH?9lnSRBZ$5={bIB_pMFNx(W&IOD*wk$b;INZBKDL z&An*Pfq-(@&Y4S071NUX0Ykclbvo{;&>EA|4$SsFwJh`AbqX2uEQRDwVYsxq!{90Y z)$~8l*ltsGK+2fHL5$AW*>&$!fb=kum~~lbeTOt%Z2@p0zeelPX5FA^DZtOv6=iIfM^l!Tu5cq5njZ@BZjY`NnH_%Wc#)3X(Nu!%EBT>M{Tf;>DgLPzy6J-*NNkU~(yzNWetg6Zzn6@D($yu52Z5$ZJ4`3}e^TYtvw`&Q#bew3IK0CN3WTq$P?=Fg~X z+}cxy(&e0|WaH%Dt-Z3t%oztl)fn%#M0ag{WBG@Ik75w97#*~7G`3mz=Ph9ad4Jxs zRYUc~M;X9*Y^5;te)mOuvroMlhq+0-pyj7j;YZ6{pk#5xRsLw1NZDE%EGwXe;)eUh z$HL#02Dl!@{T@oM@#7J?mn8*WzysXpOKntSBYVb|*3N!fo{!F4$;I=S*#|wI#)ku2 zTg5xTKMyJoG2_$>OlO@L`zGl@Lg!TtelKY z^ODfnB?1{9`HaxDLoKAakU=XYK)3347afAy{ug_18CBKWtq&`rgbJIGknRwXknRrY z5(GqAN~KF0VG|O92uLU*QX(xOAfdQPNeKaIDJf}zcP{)rXPoDp=j(Yt{m1aj9teBy zwbp&#b6)d`gM{&$1aLEf$C#BvE!9^CUpa{WY#vl#Vd%X4k=D#>4QUJ@-ZN+g zTLuGd^@_Wfw0#*=gAIu>v~M-je{ZtI8TJB+O7kh6E1tF=5eFHbHZucldpuM4u#~*X zqmQKVek;N1OI3~3!7f*oWvzy{mI4H;0$#RM45HmM&KlUTMW^pf97`*VLOIqz{7E(% zPdn#*XeEQ2oEUl$jhlk1Y%J$8FH5XA<);hQy@i^HBw)p*!NfJ?EjE zmrEB*JcP)c8K5kGDw^`0@Y_j|m5QcftNNEN;F=&htHjp^tDbaD#-rm1%?Fp#=77F`gN?Wj5@d!g80Ujuh#a z^&5+Ehd`xOOxQ(^%~9|zu>1OhmEVQ$*A?_O?``?tE=)9D=SPIq@TRUChcdPcFNAE{gkP<2>w-P@V2bmNMP z&fJXE)3ma(R(A5qiov@ZOYi3M4+r0_uWOk0WqzE0Ni9DmDsX@NI|?Jv8!q_>V`w~C z5QjSb5P&#zyG>(&M*JtuG0o~TN(f_!AygTo}_RLUKhGyEp_kEcAwJ7Pob89SkbT9rDHv^P}<`ATcWk z+lrqe3Qk4IHUv*#81z?jSj6i@fCx|3faV=cq81wQ{L=}J&2@rfn^U6BgVM1j@o$|A zHW^26B<0m^b%bNWPNB3p8DhTT1zXEImb2pOqplLi%en_ElUcCg;<^X(oRVT7D9P<3 zRpzq0L_74!Ut<()D_L*{{{zU3EY~nO^5m&BT~fP0LO4ZBE8YS9w1Po6b(LtCT$Vxp zpnn0x9(wUI6%TszKB_)z^#D`?>!26UV#wj$+dM*DCv!Op@|N4mC>5D(JZFxqAqEEg zbzsfrIjW`e9KrJLo&DexaIhjYU^^s0ET0X<>rIol+a`d1E%Yy#>ssY5Mdt8OI)(Ci z*4#%dUt3yT`|BcH(M@Op#>*Q5ECQQvg@o8Z^FIZd8L&5kG$3NepD5Q$3* zJg)wd!1gXRLF!2Oo?^5@`4CXCywFT<{RU)N(?TS+77~c9hf7@KkzOvyq$I)8_ z|0Lcfaiz5r#;3U z8N?QoC%x-Xs-#aaV6gSjNGkg4N+>)Xdk>cBmMG;HP-P3D75I|)bbLQVbzoh*28>cP zia535&&HLxR{W|79;sp$iFu)MLrwbYVSYa>1EK7_jP+GXkEWiH6&TfWyW$|&)+c8a zv~==#atF+WH)A3%#Qrh7@qq3{cg+Na7^65ulS=46-G4>u#{dXP*lL&g&@6-QPkiG~ z!pH##-MJ#dGM7w~k)QBluIrNh0IH~Sjr)Pv6A=}-I}zJ>C}|G>^EY^F-u;CJ+33nb zFY{6girI7+Hh)_&82j{4`oYD}c3k-sTSl>OB&*IPAZ16dqN!3vEs=Ye^A&~H_`l>L!3&i|M7*-*Eqr!J<7nqPZqnxvIby;;K+TR<75tCt z)qIee846hJe-6^qGljv(^i`Ji1QjV=FQ$i|c0jQU%;aVe^y4X7&Ae6&tpmg5R9PC6 zkmNituluaY@rLZ$LMh4@xQ1Wl=phYCo)67q1eY{@U|kS7H|blP&p3DCPEsVp*zY^a zmuCIv#TIh(JtRMpN!5fh)?xn?V--x>RPm-z`WkGwMJN`scnA02@+PjF#l2g1q9h4` z^ohr-{SAEE#TU!x1`bevo?}SuY{P z52e=Q?dA6ZgjoVi!R-E#&Rlel{2Ak@EGdGk1z;tKShZ0eQz{xJ_A=zRwzri zp6aKE-yw{@7qDyow6*n86)vx7fq|#jCEatxtgpmB^ZV`3!}Cd|8yLH}=2^^ve(i?s znx=$5Qvmo%pXTwKEZ#SX%0z27^K^_94x#vjLom`bIr;JA*HgQN*_MyU|COFI16l_enAy0je9&R1vTn3XnZ#X2IFKT=FL4XgZ?h z6)=$>nTD=>UTMca1 zpV5BlYeA^2VW!CHcV9}roHu7~@!N04GNldvlG4vQ%?l?B~rGOJ$#wXxZ}V0Gq>`OA72u+`k%b-uAwv&OV_BqBnb~qySm(@e4QE zmmU25_O>64_KC}RXY^W6S6ny;ydw2g~sGzpr!%6kz z=o(q0hC;s|k|2;r)=RK?^9Q@<$a?WTdQ!gwDB>ZhYasIv&VNwEr{1o`0JWH-{-TH% z`ngUhKjtJSdgD>F;b~;OKpEQl%~tMXIiSic8et#ti5Sya(KskP;$SR!y7H)pX@k?u znb%~{38fK9ING<@>9A?gQ|R1ejaN591Q>~7Yf)4%RlKf=`<#RU^pI*1S*Qg93u2l& zktDy6VjLoE5N_mzhN7BTRq<_qtsRkRyK82MzixSi%2v9vN5U%RL}Fpy@d@%S67S1c zO&AVg`)?n@!covE&vzmI|Y#$~uR{SU-EmOnao#<&jx#h< zuNw`%GrI;X<~UGdNgdHx5W-%oOfLfp?L&p&JGMd=((s8Xq-{uEBFq>!4=%tS;=KNT z;tVgrFSLj;4C{&JmpR9}^d@}7@spm%x9ofdkZ6?EPAVY{E?3YfT0?*br^`gHcH?17 zUBZ4!IK0)PkHDI@`m>9-_ybfxi7?JVT|9B}5{G7sNl0PWI*iB=l@LYp^3zab|OeX+wg zZbb82^9`y6CV+JL7}*H#xNV>eOL5`CE+ZBgw42bsA+Yky_v!{Kz~@{L-lTD5v>T|l zKSUaV<|Yu{@x&x<__wpLKM?(vaR{z`$^_l%dghsJD`zx>?hCve)RL1z$Aq!6(Q%1O2^?D1aE{Q=kU^`0Q8_JT*O*OEnQUq zsoFE{^m4mCMWA=m$f|S6BJ+k4Ho%&^I&Qwb#d0TC7nESHK|}b2O_SCy()h1?z=@^Z zgWfSYph)d>xTjKcC^*@QyQfl(V`+Hhzn6Tr7h6`6DCyjFbzmT|F5;xNWWUkCzC1_tmL7I?rF6FW+EUPuRh z(d)Q%@?4(79(;FUNT>TYMnDy=4*W_J z8&bqil2~4}L+mK*taD68G@<4YT?cOs=6~!c*zy=aj|r0(wiCkxG}WamFsejfKKbyu zl;l^Sl}8Joy!z*7|7NOy^!d0a_8Pd;mhO0Juwbw=s6Es}vjlG;n=c>HUy~X>qid~j z#Zl_eE3hY{bNou~!Eb&cK5@M$R45UIS9kxu`uj6P;r(y_(AdaMg2v__j2A>ixq@?; zin{FF&I;Y`paf~1f23VHsk}HK(M6s8`#!-&C93e3+5ft0Jh3aeg}gek#)D$TP|F1&3c$muG!rY@+IUdah+VH zFSke?VC|z>PhS1=v;Xm3=!29`;7(;8OBy>ww`OOVVKRCH?v2Z~_~W6`U9Fs>RPMCVd3EHKe&sd5S1e z5#(BYE`}d#zB}_7(7e>G{XxXnh3}0~$Xxku>)Y6>3ybW3|Ko+J!wxyGbQ>#iD6COD zKBDC?Pq0Mto^L9H|81A>w`=RmNiY2duS@>!phLzq#;{6p|Js>eGQ z;~;6r=OFff(Wc1HABsVtmaxrTfMWgI+;9|PUP4*a>SxJt6P||+;E;JJ-T_a{(mRc^ z{F@cu1`+Sk{hj3ujat+|+q@+q4?YEVsGa&3qSm=`yI_Q1TsO|zi((~4# zmpsE~l$3GAJbxv6j(gvP`a#azB@P?B`IPT;{3km(JZUKY(@0K<)S{RW<1^gr&+#6g zGRq13{P;DTYsCLtc#=MX;VZD8w=jL&YOMZpb=@Xb0&1fNh$q>+wOFVt{5LkV!i>Kq8S(>+gw8g)`<6HY;{8FM;P|l%UJM=^nOf{xE*h``?bWzuS+p33N2`X;u7<849WJti`jo z?K7$dUejfYOn8d0LH}VAO*=kt%zz@P6FQzBCNoJktWRkWO7<-%G`svNh0HhP2rHfe zCzti9A2kd%5h4I%_F~l5(zjfdY>=4C-A$810hSQN0KbvV%@yp74UAS|6c9Tr5zBYnY69lk3L0d?YIs(=!* z1W1>?HL&E|I~fG`6-Iuuu+?05;L^sr(8eCL18$C>ey7=(&z#RTeqZzi=4SkKjQv@V zmUd`^&eXi@-31@QXa)-BXONSs46QUXkg09_mv`+!dF1!`p(D@YzJ6Ew!3_l*ZiB+y z?+=1}j30-O*nVt55=LS5HW#+Zyl7tGTu&+HGtY(YZ+XV3?63NotOS7PE@ z_kZ<=%YJ*E;~$8?dwS#K8VJ3wkZYF37UO`!!fJMZT=~ z2tjI>`k>&%0MSCM6`J+eJq8L-FMWp(otMP|&JsObx3iVC2iP`4t!s%_V_fMhp1wk&dV_Dj|IEVTihm9cOHCU0PX>Q)`M?6jxWn! zzwa3}1s)nAD1UYO`*U=bnt3TsQXtN@=fdgpJZJvH0~9CSgt+vX=LFM4ppdo)`^kWO zc;KNm=OawdWXCOpCoLDqcy69CY^Vd*7+jZN#UlmLlAMJhqc3=B{RlmAj;1N(*&Dr2 z-VT299d?1zWlFKOotDeeYND_=>S`@J_Xta;Xr$97T`8(+@>hwVMx_1p_FK!Aw8JW_8aLsfoU&8tmMcr>L=NHRhY+#tw4^iNimJ|oiVTmz?v+U zFprTu@=9f3JiaOJ*nK8w9g=*nfT-x^GsVX~3@^sOJXIEgh1p?-`UGMQh6+nH(norM zfW1i}M$rmrnsraseZMZb3~}$7U$vvih*rE!(Vo_(V^_8QaN9VxW(5b<(i0`xg&79> z_wx~h>l?EZlyp}fD#C^xxW_H=f4O0c0lB&*OX|;Bh@B1${gT4ze%+ue&0UF zd)Wae%Rv4X_pS2Wlv!}D-GDeAO6>s6!x9V-yUGx{Ct^Ku0rr-d%#ZYu>w|Jkag3RFjxR>Pz z`l$*5nb7EC0y@cM1`oyTv6ph;Uh*`b#p^fP3TU&O983rOa6=HjbdZDsnBJDeQt~Up z1l-A~YyQa8vqHP)jeD4KM>7oGt>-$7YE-v2U!Wde4=3vZ zDQkFG%Bs2S^k<#_U9}*7MsSu;YYsY!RU$r{SMOH>`?Ox|A~8i73}l$E|I=KQi?#=JYh2TNH-uB~^MFc8gL8J})rxd2QFns^~UfaG~)x z#~vh|T<|^WaXd4<3^ICT{}&~X@b=o9y=ev7*nG($3`B^%qWFQ(nDt11!6nOE+C|8Y zthSq0iJt6g1Q&TGnnV8n@T%!lVho|f&6HHDJ`<5 z77POkqhv`Zfagfrllg-q@X?C?g5eOM7ylOjhG@kb?6GQczq|FR zf3BE=kOh=BReXhe&1{lQ*w6QQqAhjjiK;aK!%upX>949FKRACU{94`bQb|3FUkq~R zuH*<;1Ct>|^3ZitRK5?TX`CSSH&>wXfCm^XA2_j$6|Y-3xZO9|{j-T!55BgkfTHrm zm5L@@j1Vyh1SIacb^(!*&&R+ctda%|7_3D}OTX1k7j?gI+SlEWBH`*I%uDk*-{h}V zCI6|!Z-M%FT%`##ikxEdX(*kk33BC|W~K_FZa-gazYUH6qtkHos+QlRsdocsaP|ybS@a3qywj=qiwN4X{A|EP>;Db4qTu^4>9e`1;8g zO76W<WiQ)ejqW2dGGaqNVbD-4RdT2tN$!eWfsy*m z&z^u+XXPA=UR?^mqE#%%pafS z$zWM}K)n(Q;%3CA+2XQCP?Ia=LKppcvf#ibp@7@7F4 zROCF8xeH6okcZKtLJVf$?>wZ)d$;dS`n8SG=sE6 zKBM63NJV=zeZl4d3G0&hpcB~iXG3(?psx7}G;NB%q0hvL5YQ=ouYvS8kpl<|A1n-9 zettD)`6=N%6{_SB&@_XfiLTvSYhPkR{*kq$%#T+1YC&I}6C(r-6!54pq$$r+qSFy) zNXVu+J7tLLu{nDqqR^@H)eiWh70iLzjhsC}2_(^{D`Nj@a3iaLu><&|IRQH+!F%j7 zW>}o^4x5Sj283i;!=`9+1)S?Rkg_TEtr+^d<6~w5BH^sdFhzUW(F|3cI3uI+=%+() z{=BKWw{fXoTsn|0R^Hs@Za=h=*Y9xw?)Sgi_;u)JJ-gPeIx8&^BE!&zje`vFkM@50 zAYL(e_GJOOL_D-*pEHReuJ6)-;0lvhvwSTtxdMNT`){}FOTr4rS39cHW~-PMmw};( z%cLq!FJDgu*kKFKhlnL%tW?IFa~G!Z(oGWvP(}!pK|GNv8Mny{(d^KNyUX;qt{q)` zrCZ!I15h{yLO1S#4dYMFrjam4HEyjJfxnmcK6HC9v>gF&YX&HDxGk7%E88EM$tF2! zb_*jF1$Fo-qVD+!mhC;xsrFf=T*7tkrpr`|3V*C0&S9W%ozrM7wuM7FeOtQN4iyqC zCplYEu`|J`Ml0x8Ma;W|b?awAY`P=N5;fEJ;~Q-%hDozn%o*}?zD%b!=R&4rDL8_;)Al101tXHV6Npw<~TNxtyn^L$JDXI^U~Rp<3BXB zXf{AlU1QiBDrt<7_B~0+`1})S-_PMi4?{Iiocb3xAsL|_M(h%?A)Ekd--B`Yh?`GHEqo{A8ra>7Z>o6`^1k)v z{gMu%XxM_1?v3e0J?i-lHXJixWg^7LOvmqw)pH+a31<(X(+ZLYr>REcs5r3>1ZhoJd5uALsoR6be``AM$X(`T&+71Jp7C z&p&|5BpX71=1Sac!N~I5bF)rew8ll>s2OoU%|4?U>$LIedIq6|?c6RDgOm6v1f&^j zD)@mP=U3GK@%9yy$g>BfF&~KG`=;^@>J&k@b)Obzr24^R@NdxIBkfUXj%MaK`-BGA zo=j=G!QcxlQw2BEq|Eu`G3dD{QF<=`_6m)Pv|lOq0WUy1fL&X5v-j&*Fn(puA} zF3wm9V2C#{uyWo3R~O;R*^HqT3m^5(VFEnBPQ(%Sk!CJawDZgtBKyK^kqv=)4eY6H z!B|=ePDl`y0qT5q=<>b~=tO6LDEuv)cUUKx`m#-ZINoEb8vud)PfSHx9PCBYUB!*c zR)!EK_R0^#x8jgwioeZQ+}FQTr;M+2U%KGenNcu+L{fjQJ1ygbBL4=^LjeAZCuWt? zx?s+W{aG2>yeE==K5rsbqaUIb51#+F%& zV+a8TE!W}@w;Dpd0BaUwclF~Ee)(*3d1}Sr;>%bL>4hHI-R4p3z0;rT%rj)Ot>o1d z@jYpOG{eSxchIl-q7cQ73JWyHXs(NmbsBJn#zB{`*qrRh0W~%M|7}gZ4A~y$NDq|+ zokFsKXY)n(Z2ba*9N|60gA}--Z6N6F6gRE;^9_wQHmC%HITF?nb{RWlhwg{_nbuGS z+0ZTvgV_YcO5KN0nb{QEn&*dd8FzHEA7P+q($6v&i~Ywi_*=N@?nT~0fm;tC59sdQ zq2ftkbt)rXyu_mx1tg)Z6z|E-$)Us{QKTAFmke6JW{I|ZK(4)Uyqu2nfmEU9)6xq6 z6gTG;c6M|iK2{{<1?B!rT8*b7iKbHxF0d;rqEI~og?MK;OF7SV;AsaNY4e5z(aUJx zv+~jFyMuhnptOuU~!_*^I#C z5<=AcI5LOc=F6V5jFlKHw<}AK0B51hPX6wWV*AElN5z-d&tLm+=U2n=Y0qKe9Pmsa z)qQ`@^tmFsV*!o%qsU4}&n^~1fuufG%iV|xm;d!(N*0 zCkb*{axKy*+*;08kZzgD|75J$PJG%u#|AGs`21-Gt$y4@;}9Lm54lmVh}p11rHL3` z>@!GW-l9t(R~bw8g&I*@cg$+priz*(hV1Ok#HjR_X%L_*cOzH9d@ygpWsHpu5k1;` ziF^4=uy)Mp{g@iSIu}CcK%`8i7t7GFAC}Lz*k&mD$*Kq;aS@AX|8XA#y;onIuaIZ* zmf%Fo41h~tp*$0ck5LyKZgE@e$2it3u!0xuwGK#ybE41QKUdFw#j={%BEoY2cQ}^* z((v-F0^K(;5FlEo4wjmlwW1f z2ZBn^^*$J)-vX=3s~^iOZ&~o|K+rQE`<0u_PlZS$yff+icN^=Y%#!?Egm>nd=vXyA zG;sl$;Af#zS*IXi{T@Qu(*RZTz#1ahu)LZi;Y(`)XU=NyO^iXyOj~22e{$PoPVK+l zw|~9RW5b#qoHt1~TpHGo3PfY{quysEv0yE#brSQOC5QWyOT_;E-0O#4+T=Oau1&v6Inlh!U*>>g5lKgFG!og)4L^9%G}b%Y6h_o-Cb5b=YxJT`fk3l;DjmeBB#Ors8#mB-_ zj8O0GeL|cYq6BXOAZD6JiFTNcC~P7(?iB-jS!SD-E_ma3N)L`Pap2~+0gAv6YG1!z zZvvm+KZ&A})rN$|y_z|%k(h~&f*s`<{dvm^dq247_M}CWXhzxgYj>MRp-zNMP!UlT zZ4v4mR4XIvO#=O`W<3I-F_wQ{9)B;jwhJ0K4n@BvAG=bv9L>m2j;_wG9j!3-RSXaVqaoTnN6oI5KhU{~iwUZzMZ> zJhd=yVv8xT2xkd`Ebfe!SCDw<5FET4o-%j8mBx6~ zNjNR00OzzG%FK6VOB!=8Lcg}TJ6_ZHUiIr?5V3RCnbah5=%NG~lFI?E_g5r_G>;0#sJKuA) zn_oy&Mme3ysf~3&u(59@u5T}T0BaKmKldX4*prQ#haL|z(;<92CD>&Hc3!gb&IulN zh695FgR6Z-rlZmdXV+u#kB zXVDru?KF^n#o{y{f@*GNPJryUgbW)*Ja##BHXY>Tio% zs%uZ{H@u4d1t^OB6;IA>gOlwqXO#>8cRTmZgHAj`v0BJn^LO z)}kHMZmGgCWv*a%WcL+{MM`(DO1R7Z;}lh+aEz9=}2&=&gcgRG~j*w3=dT zlMG`p*7z}#K=(nTR<|XOJC6i|YwO(>bYPwBu;OBVeHfLkUmo50sru{<46p{oe}9!b z%^`eivdpL~M@DR!y$meeYm`_kYg1s9Go7R>#Md%eu#p7Fv#=+OfO$ zVV%{uo8&l*>fYT6618NWq!?0lpA_m-7^+f+EqiX(OqvPX`C!*HUj~mN!;&Uxt}(Yh z(Mm^M)?Uil(;LU06K^YLG+9G0Sy))sTqkW7sOMlM|1)uX_)Q~HF8;kJYtsvVbx9c7 z5jJ|(1v%C7n=_c+qEAT(&pqN(c`7cyQo|QE@%qByG~L9A3OzeFi7hn~P24m?yWFzk zOEERZ7!tyU=j)o~0_#q3!_6)G!s~j17bv7rW_9~wo819NjuU6HJQ+r4pQ>AO?_g}n zW4pUp=-l7^x5DIK2OMrtYP59qmRbMIhyGd?CVC4OK3Y*uK5Q3;ic7-<>>?+HjPAXQ zZ6*)BtRpa_{OGIXw}t7Skm?Rw7~ZwuyMZUQ_Aw-4#{Fk;rU)o4NLrWC$!XY1GcxWZ zKluQV)jPvv#yrK0eKCo-JDZi#xjXXw%S$ms%l|s5lsbU2^yk3<&ML>G@nNdl9JVC;>Hek zq}W#NA32W~)EwG#J#f%^0h{YYKGCKs@VfcI0RDQepKR(YnjeV@0N&f&j94?H38u9^ zgo#N-wkRu)fPHxdJcF5Mq_*-*_kt=Zu{!{w9o>Es5Rl{dWlw1AI)+%9VM1o@omqpw zG{K*y51U@no z(%jjV=$~$?NO7w57O6J*$mwWVSz+0aa$jAxrN`IL^sD@mZy5IUz+>2&ydYyfyxY2g z0*%oi>Z-%Zzmsb>K-wN|!N(bmQcjmyY|BoaZ<@1w9>GJYpceMPuy#9@CI9$v^%y(5 zOkX9x+rLIDM0_%I`cQY|9V0eK8u9ocT=1Y=(r+KT{nl#y@0q>L30~OiYgyP<0YGVV zSqo<|?RG=TUUSAiPqIhutQIb;6GY)3skTgxO_Gzpm)nut==k0I2cYmu4a*3RMd1mb z9m%G0r_n*FrM5@M`t`xQ-Sx9c#!hQz2!uaUKlpfb^fpL#UaE8UnP&MGof8#n^4@2A+*eAm zB`wncJQ>TD)y5DbSDn8RmY9k3-bAh!OvBR zf?OQ5=BApPTV~jwL|!?=B_ZZA!`@6h*<~0>(WFsd2sd`m=b6Q0Hb|ad^nb4wiea~K zN&fIj4C$n70PnDY68{N$&_rxDF+m;t--n*+Ghk^52&&@svz+OrnW?>1A$T2p>)KSu zkiEW1K4-OKHoT!zUTwQsaix`EO>qp|E=Uq~hHdFwf4;2yLmzPntgY|TSX)m2l$)){ zZIc|oGB3{_jEx0Cvp0yz7}qexmYG2yE>->tBoe%D*^)Y3(6l)|tR108tl%l7j`(U< zGYKaGV6#7mzxvKlO2Fz%9J7V1aA814cBV`ScV)Is28O@sT#EmXk1~Qz09f!z__%3e zJ12-~U8fb>?){=72R&f9_hR0g3s#Ozg<#ShaiFcL$Xg9=Rdd$@M8upk(qa3!rj_E4 zfkQz;EB;ra+X@gr_)yRCZeDrimO+~0NssLQzQuMoPuA2`+%LB6wl{Ay_Q^f^@2%gz z?weH*vcFoLejJ=6jK#?M%JiYkV@jik%-BJdleFsY_E_Aw>o(6I^{cq~@&-qK z18hJQrk@W1uZMw%vf{FI@p8WqsIXj#hg-+C zf!T1bJ*{DqU}a-<^xkMkKB^uJu!2Ol-kcNARGu<+s(3APNpRrFLR<^vG^-aZR>A1E zAhfDSu|Wu&(wvLA{H_$-r7+;rP*6j1LsFyy>L(A3Y}4I40o%R@u>!Tq`Yq(Qy%?0I zyCXaUcjwWjC_ilzx51ZkI8@sMH_gr`WtutG?=Lz;5gCRY<~+Z*82owMhEeS^3u`S7 zawtRg*FYt8wQIniX}ZoIjpVg*P6ek<*E68s8fHq?ovE0SV9JcNhm5a;l?rG!`>xv& zXJRAUkU>g)S#AeLUM*&Wrr}_0wF8v!PHtfD)~!X52B!Z-gXGR1;3;Xv?8D@B z-3<1d<{>#mw0?xfbXjDuREBuUy@C>o42)xgc}y8tj=>>(piB` z;iCIjXz1?n=7TFN%+SYc;^|Bdh;XB+gu1{3lC!LxTMVZ_lA46bqB9R7%Eljpmm%3i z6nD+njO;G38{_Z@`1&F!2mD9lccvYR>bCE1k2tr|*h1VB2cO9<^Pb4VUEG4Xhb=@( z$sQ|N1GRW^lt@~YIw-tIda67|K2v=on4-)OUS0jLI~8>rv+I9DjaIZ!B?%(FuMDjFV>|6m`w7{N>exo{acy8gO_qiG8K$BDGh1_154h7V*%t zUwRg`jpwM6p+HfVhRx!A9& zW=Y47f#Kiww;f%-tp*o{;glNiwSX2$0+J@7F|3u)&s-)|b zvtnyko5K`H*bi-guLi`hoI04#+J-mMOcx!{aC3H6Ai9D8E-xI%?brgU9%vi)CvhaG zu?F2q?etYJ*RAzf$!-Osp_cF9t)(*KBy}p`5zd-ag-ZyS z$eDBcO14nvy%$+7mK%FHCb{$7bq;Je)J4hNPfc$2>uT}>2w*+s!fH{fdrj>-YFS!# z?mlP`RhUf^gOy_ITk^@~6Ou3F;aPtK`T8zKxjF#8meGJEIlY>iqNz6ka5}_k)z{Qw zSYsLvS8B3-wP+Qe`V8d1E9}kk9ap4svg(pL7B67!tmfgR{G&aVP5qjWltnwqEh$Et zoRu}9J1$p;GP?y9@aN@nU2y@GDU5t_;RW73=nnDP+LN=bGQ8&~PuqR4>lL9PB{)6d z8BODBC;LcjG2+ZQle-N&YAsD`bthGLR(;v47*W2flTSs@>U-I~mR2K3$V=gxJYZ7B z2u(b^p>r5Kkqr_BUX5IhJ9uTl`oO%+ z`@A{zlou)9SnDh_&qDVbBqlOsc~hQZ-#ybq*2Gk82+oj}JuyfK$#e6ON=1%@}$fo8AnHr#2%qM~yu0^CUG<%0}2 zO9Gse%8Y<#$pCJBsPt`ATz67;*9{pR=Krvz!KQ~sj(Jj)s)DH%E;`x7iZW}4nJMmk z-c=D+8a!lM%%}V3@tG!0K;j5*C_)D3gsdnk78}4T!J{dtt^!VN2vzX*)A9~KM{F*x62&L!bs{E%Ulf)Tjs;k zVe@b@gSX_R1UHJM4wltChnL~J$^qKZHifk+ZdVFvg7$fNfv>~R*;3@uUs{^;A7MN7W(m9ZqJ}Wyem*+RU(t&6uS2UCB`U&3rL6( z)j55m0Tp?F^L81oi2*2}P^W?99c<5qLCKY@zN9U@cm(&ha?2 zwS8&ewd58kDiWJdYru9&dAkyMs^68OfHICyJFJ&4vfXfVZWM>4MB_1j(gyWxq{{8= z5IjEPd&3{0l6!Y9OME7v*S}YV?QBBKVENTQXl4E@mjL(fNV3LlduVI+u%s8cNd_w^ zr6mA??!O=QTl}c~in}D+SLyQ{mi(_9*JvD;z5x4hNS|0(={ceMPuYQIC(rz&j()t8 zXZ{isedg6n(@zQ-u?0c6YgEV3uMzG)P8!Ag1IjW!wVLcs^@$9}t61e*DaBv1jYd|? zUzs_=C}P{K!JjSr&lqvNW~&40j>VeOd-X~j7&dAAZpF{E!nU^%c`m$;f8|FHaFK`n zIDb1M3_HvZD`ERVN8_@U%1+MEeZVm+&x*`-2efW0ePz>n|H~!^dS{PET=jcyikXct z{t79H)1O27_=H73GjD$lDEGB+Y--3XMKGabz0ZeWKGydYMr5DcB7m+}QJ|KyNX|LC zb7iOeO`F-?w#zk2*w~B7U`EqmcrZ6ouz;-GKG&+2iEHFK#t{uQPmprtqWp{RmlLaZ z*LZkSUSpc^quc`btkfefOd7Tw1fJQ}X7U!j9>i$`0I=gQen6{lT^#4h4)rh>e=srxO;vQ%XytX8q zra?drm93Oba}#YUMR$rQM%GudsyHwC&sox+>!Dn@z(sZa?j1r<-d`@e+r#LI5yq+% zJI%4M8gT6UBKX7Hg_bp137?^mVhcW+RMZ=xQAd7H->*S?F)8BSE>jd(v^48oy+l9% z@JV|q>w+n0k&MVNCC#_E4()0Wvd){KRgl2xCT`|cZhTj|VvcB55azhc3 z$6kjSeYC_dctMG&aEOGKklg*FqWmWFX#URE2gYLF=nobf1Vem*m$=Q$8NIz+GEY9sjH6)9Z=bBDND01hFHHrqN@ul@!A~XS zivZ;K2(p)#maLuIU#|U?YR^WoTHY6v18mR%!?xc)Q=?B=z4ZN6{Y@h-%13kLDO-kD zRysYodtF-By76S>m7)u*wEpI!-=CRDzHD0RTNQ-tPG8Bf&^COb#ZZNhtAy3RdwCUP z)VLMROi0>OmUM%YJ63-Q3*H}pZUcs9&cUorJULCPP7^FQN>8yWyyF&|XC}6jm-L95vW8p67@tM*#*``y~_mPZ{N5Z`(AHigH zM`wmO&VZ<%_vGX*s*h3ZbVzZZ_0YxOKBq-#o3u7^2ENTTQ;Q%07@O-K82kI7a(B)P zX;mA$HFyws7X-f;g`6`@qi-yS`89q1?;H5dr`uyEV0;y^2|Z_-$o7yx_Ly7COv^rDJsni%No09v75c>z8L8Cg_( zx_*_xsg`p(A04=DGKZe@G2UOkW-tv1)VmF z9uMZxQ{rUy@@4`tY!b9a>E!euIXkK?{x?-)FJ%16K9Lz4_KK(~W)n?+r?gGW$X-*w zoI5{;PhMf~M3G%<&Le_ry>X4$oq8oyj&S9vp%X(IH|er%*F)|e0(x-@?HqdQ?iBu3 zjV6nYp0ng8ceKhvF8Cd+B!pm$k4vkHXKC)fT06Q&d~4TeA!fF0`e4~jcrg_z$X{?m zja5`Fd5~XFRLaZ|5Uiu0$RY9SA?nBbuBSJT1}Y`&%yb5K>&mP!ItA4Dr^)4b6SuFe z^te8K2L575KsdD%b@u$}}1<$7*3=MTi3)DJ7uy>3u$;yii-W5?4a|xbH1zTh1Y)+JyI!(5vF2gmE)>eYdZa_vSoXFbXED*IRf_% z821h>-5ciEkaT3HFaG`qFn#j4R%12}1`h5Cm=9S)+U*awHZ+y}& z^6mlLHhTTu_aTLZA=zzNzmZ`BV<&5R|4+ODfgc}v?z${{M%ON}r9F6fmandMu9DnL zd?^1;jinv~B`QJxB9;cgOCM7+@o!2pv~4Z)jW#5Dn4RE}{hsIIiRcpAehwYOQYC(N z<599&u(pg%;5jo=>s@1|tYFl~acgE!^J-)mk#a*H~_5i?0 zmKg0O5f~qlw2l}>oeCk+&G~MRe^qQ{HpeYTU)X=99Ss6NaZ2>(qhTxVg~; zFs3r)98iIj%AwIWOkk|u`eFUEc&)6wpnqhI^Pk;zM}N6C;lvOV6B^m$3t>#MkZhWVnY4r;sme>SZfeGl6!uh3Iia_Qdi zC8XAnI&>>YY>{Sn7ggO>qVp>s23t@^!*BP3KaMp71o(144>&311gkg;PnH%6P|9y6 znWoWJRkDfZpN#x)t0MLaOP%LZY?;+RFzFZ0HRjVAS{n?M2o1&s06{CB>q$eWAe%xR|6#0Tl`PQSL!c*WN~@T7m0B;a{^&sqx?@1kF1Yy1gDkb z55maQ^0wcWzL@vrDc**cewzoI&Hi7>bz~lid}w0XbK9FGagvhGcg8(7n)KTjJ=%WX zFsz~q?HE63&J>a*x!?Flao#KBJ?Z(D9trEIazKs4mKB%o+e5tAiXESWsFR! ztPi*zos39GFaOhGjm5e>V?%(yi`W_y^l~zP6hva*@_)gg?9-c=({0_dtR0@;tI4Aj zb?e*+PJzP9hcZr@gT9UaOi*~)Lz09P?L!a_)&4wFs8KvK(Smp17I;)Dk!Jv(%+dG6 zBS|pY=d!ms0=-9wZCyONhmF;hxTy~$x5RO$Zn8CndVaKo{FbuzqT1JUhcRkRO74a( z{{6W(xEj%Zg{3VsFkyNQapi>(EeC`z?Eu*!v85M(Ovx|moOZ93j{d=<3k$29A{Ds! zMs?jg{xjdl)hM=*O@JTv5h8)?GW_=`siY#M7WCq@Y{OqXi!{vSjQ_7;8HJh0a42)u zJvdlWzV=kRzR8~9V-MLM1aO2^&k{HAoh=XvGyc;9R- zd;w}=t^Vzek^pKgwtpodsi^drqb2*|TTuGDEU@!Ga;$;)r}6_+s!dHY-`VV~i#Y{e zhFmKmo9F|jrys=ez4j`1@Lw*XfAj%FqDkSfa#PmlU*G*%vfQG1_j5uNU#lq0%C?Cn zbsTNEtN5+>Ck({8W-c&C-;yO97%o`I%I6c*f2j@j0|)?n6}6-{66Ccdu=EUINr9nx+72uy2(=~krgev7#_Zu~SBaRjYp zf$wck60mCqxNxv0dzhy`>51yBWXR@t$jNp#(PC@pkO06nFT@eU`8$uIqQ&bP;D zrpaxE-L(CE8Q_v#!u zy%>vg;55q0I`0}fM%_N-(wY0cQ~y{v$5}nV3Ij1`0BR&9!s+KHG2gpMro)G*U5`ol z`wg~+vl}_zI7FhokHsRfTUo1r-)$y^&9A4 z*MJ1Nkl8D%aMJYmOW~>CrRL8!J5YbdcmoLBGYHWW#=Ub2z+CJg^e+_Mf4tCfSUO?Y zLQ@LT6!?|EBb$-at%@yEEP?~PjRmHS#M4obifSLu6Kp=4f8B~z!Kw?x-SL{occp$k zgELC-@Kssw_i66fuoXM+#=#oZwnC-d_YKAO;2Sg@(YRSJ(M(!qu4TXU<50O>T# zJ*Z>iwm*wjP#oMl?t2zHOZ8C%+3^ZLpP;a@=sPu zY(#))565aYz|ULLt~^p_WG-M%BU8-3+Ha4tZW1(2wIQ6jrb7Qyi$b(B{8Zt|jAld9 zb|CwU2!|tZ6T#nj&_1n>Xg_N-%{%Vd`wEVYv~XCN?P>}5QAkH~Mb_25YiFrb!8#eJ z``0WQ$a)@s_B@@+b8(IajSwaiSf|TZO!@n0_Sz0qELy{G<$$W3^S*n9?+ptmRm~Vx z*FSG>rHYzck-R*UWo$v{mZ5P8im-#|DyPSh0=r2o%5BEkk@T>N9eT|k$@;jjZ%%mF zjOyCan3>#&%aJWTP_6@8lX5n+UY65}-_7zw-F+81@3N!y%4XGX7%Qnd6S+HT{LVU7 z-ZDgQy2!D$kor0ksRgtcL|xKZ5pru8;EvcS^dA#2R>)1-o@fvD z-UgYjMO}4L&XBZ)-yS^cX-9Zlr8nPgnLacJ0jPd1)7ID?xXgxXqT0wD-9V*t+w48f zOQu_ zUhwObhdZ7toysAcFf&RWdIm77f9rv}1+9Q5Z?Qcd+fes@tjy>4TVGz5op_=-z3y!F%VdFVq=OI->NFht8^Z^&!ysfr<5F z6QLcE&A|Nly?ZC7>CHF;C(yIJYVc_H=+h|~s{D9;$~toz=UsXV?yP+Nd*5a=dOWs} z2=Z+N5RR{_5cmDU;jco?6|8yrdCl+h25M6O_YPR)N*8DzNf+3wF zf+9PBO2J@8*7C=PPiiixX|9G$?*MhN0#>Zja;SzxXqTVF+$m@DHFj72&yE!hl2HJH z=ESBoSd4jv07K6A*JmFBj`sTDWchN8>{(TSN_~PR35>8@m0`=PTxzv;pDy5{T4F!Z z!WxQuIgWlXa}LU^bYB%BlKKVe9@?G>Bak>nljN`CJA26-ui#6qsw?sFiG}|rc4>VC z3nTvBdx9A54&b0^MnF4^saB)Yjb}eH8vzcMukTBw!`Z7;Lf@WPS_If9dy@|x6XFKD z@XJ!z79HGCiYP@1LriyxOpx?8hcwn0`%ZS}W~yu&^GNi3zxt#DqvP_4cKoK~Tc_y! z{-PDl`yAx0L6DEU78Sd65!iQceY8$n9Jv2e0$q0rR-vJys>rT()}iR>+1akAWb|Oo zZEpD0y|XRNhI?P^R51dDrplwKYxvysdXJ04I6jF?gq8{ROHb)2Qqz#KWUnIr4cj%I3@k=g)0Dr*hD^{ z0scWaR}%thY&Tw>NsRGA0ej_XFmm(!BY_LLAaWIN0)*6s~U|z&`*!sDkMTH`gYN}Q1!;4DrY_`Tc zAPHoiMk3Jz_Hw_;zS9u)G*u&v9VM6Gq_^#jYlNWT>4-~b!_-RB+bX~2-PZMI49AOS zQpS1PT9eYkQ|K0a7nJeQ@SL}4eu|k1fQj!&DqUu`!ShAjKH`xZZ!t)2ay*lm%^~|( z;}lm6z^ZG2sI5T%{`anZhZN7n*mDgz|3 z#XAap69~JUq*ES5CRmP+wBO5k_a>^nwBtMHtiMusfcHh;RLGAfMXYP-?|3={ zT;}T|iZjV4j5oTFIpQnz`b6GA^16YCq~_7TlM#t&ys;DF$snw&Y)hB(HP^-9WT0I^ zaL=vXwPI}I&H4Te;4{~n!u<<)Zdh}5k1Eqme%s%%Z2g$>I>%^L+8R`hU9iM>BVUj1 zf_7rZF-VC$Z+Y*MIP5_VR(C;xL?d}`D2jEkd8_Evbd_9L%(z&q`&?YrNOG88Q=YI< zHQmC}SZWaIbYD#IdVjL%LdY$)rC0heK;mC9s|*D`R@do>Npyi?p?QgN0L;B+tT&t_OJ8XZhCi~;y{!613P z{+Z?%q1D}SEs**w1Saf~weX3)P%%Fy275jK@I)miB~&RhT|ow=Hed}+fHj05F|Hyb z`cHDVtf^7cM^PR4juPYYIAI^@@%ymBv#L1fWDoJQ4P*$>e)gCJ?dK(FKW%w9EYA7B zrVDiJ;LvZ><(VcC{B91|JHt&!!qe&uAcs}$;+dG*8yx0a#)(ZPK^L1Q2rZ#&3}hAz zUSCdOWKUMoPq1?ORd>KG2m2un!L-{2$o>c757hg@vR3peXg*i8_$B0rVCmOx70^8~2C znm#<~&i?Oh5JzP}#GhZoed%vL5CFt+)*>}FN~-NzN;jq|^8~(%!l0oi@jjw+ZD;>M zOp?F0w}fVDGe;hS(r+Z>hgN`^l`A6K1gble=JrTrr-{PA{a?qHoU2#tSjj&_#?JAy zR&frj+uH{0bu{=A#w8eIvZZED8iZW+SN4m&Hdo@GF3&(S>lqj1j*oQhWc9fkBnOFa zt0Yu%zhsyrZS0dLg>4PXkfFefTfU5kx}Y|U64Z|E(e0b7aY)<1tD$yrl%Xz_z3IqJ zEJ-F`(}+_S`uSM!3cFt|U{!F{W2qy=Mf7L&!1X@Hi*o}&2**IRAX_o4C|rqKfZz{> zQ`GwXZ|~t$mOg5U_p#d}8Bt*Yfy|qU76aVq?+H5M%<`VkQ@*O^2Bd{GQ0eyDoz>US z-;jUZg~jBuu2LmW73Bv3g@UNHfy8nDsayV?5GZ>R3Ca6nNT^y`6Gv~eO(#JZs5u$2 zB)K0s$+u)Qio@I&XDxT8ngI|rN#PBoZj?T`%SyHv+>`HgIFoj+TQl2=MM}Xw;@TlF zd{#C8e(U8D@y>5R>zrO564u4ZM`(Gq9Hi5`Cn4J#z{X}S&bcF*5x~K;k)<42mGx@C z%zgy$G}dY9$F!bMWg2znR6}|Go}Rde-Jie0z#GRjvu&q24wlQuES{ZtTaE6C--U4^ zc1Efw-97HmLo~#YdO;7XHU|JY+?Hwf7W+z8Jv}AL2qqkGnurGY7h#(`W)_#b4qS(1 zYS=AP-(5ia^%tF6vKINaptb3Ht#V8()Am5!Dd7OOqxmWrm=&rOtII(TtQY1-k!Nd- z^-H0QHo7UMy?iZXZzkp^p{gOnh+0WmK9bj|_&$2YE(B=o@amve;b+ESPhKDZ75*^h ziQ|bZj)*tx=C6S4TFuvJ+G~UQKUrZ|Hx-I$De5^p!(T{UM=!h1Ipd82(1PRWKtMsGL{UI zL0VBW3c@^S2(`U8ai#!>V`qxe^)7LrNIXIx#suc_#hWhMuZTFZ_uw1Jf1t;^UOA21 zM@Ut>X)U=DNrNVqi-RjaNZkehSiAqyM}vPe{X#8;igxt#ok|%KX!`Xn4bky(!@DLO zIqhw_@@^JY%g-LRx4+3}FbBB!nWUqdsS9Eso6wWoMysUkMZ5!ci(hU9yhL|xi!6m{4^q|NxM8LT=B6*D(%+A*Oi{KqQ zz8o!^^pD#l_H3J=6rz47W0c|~MOuSW1E=@9JEX4#qG^?zg~Xn%ivtlX8(J$$l@yW| z?4Cz`l8P2aagmIcPPQX*f8c#*-D;ft(>)I5Zs~WlF=3qIB#g4vF{P9|V(gp-BZ+wC zT@+*UFb*r&fiH}N4f(>ejsREWbwwh_pewLbWy{sNCjaOwFzoZi0u11g2*n}XGz?Vzv9N3Gu5(}!AkNjwFW;Z$#eDguh zVB{C8s(D~dv{exsMkw;9%Js}lb5gH!WA}Feb};QL<2qn-@kE6>TS)A(EArbj_BuC! z* z21%FFkNfDRP#PHj<{^uoT?nc0!U?Km$R&Gu9q7h;A&kY{$VoDB4tS0Yd{q$@pt6p3 z--!C{dfthLUO^qvD?HTc3C_kNxR|F8H@@hzy}o+u%3toB!-xpk(Dwo3QsgRGE3zU| zbx~cIu_56u0&l!?=8_kW-ie!&8#UU{*?UNWnuA9!qbfZgs=Y692v zh(JfF*NswH&RLG61@BvG&JV+1^3codMPZHx_Gp*+JA^Ic2LyJ{ycrK0f9>Hd^ZWDA z^m>70+-WUK%L2Lc)mrV1vS4|pu{mz|-X=(5*PiKnUBKNvY1~tuJliY6U~^gmo=bTw zm5Ls~7loQ&-@5*$k;Mw2dT^AQzMy<-M|_4zqsoz70g|>|1*S({$5cN>5FXwFJR6GF zI?WmEx3hV7E&8-~-!Yh$@mFIkM;7|t(cXC6?(r|ZWo#+iQ{D#oheIhv77N4e;2w`3 z$E6^)Jk{!^!bTF*=j*G!KDvroNWT8EGjoT4xZsx)UhOy z3TH;-mS~6Nq#~a0nMg!&5ru5t)`)4Cga@7+uRke$ibC~plcBMyms7Uie7^M7)C73; z{-5<7r(fsMR5J!=3ZwC4_}EdPo)mFznzymBv`eCFvREFU{jB+{)E;z*xd$NWJoA^6ckuN8l`mpN60gC*rhQH-pl8wy@ITXry7*Q(-2Eo9+cH@!x$cEqZesG z1WK**lYK?RpRzdYeAx00ETBkO@PCVhyNBGfAJ+!~98WkOmp6M9NJMaLdZcAL!jF)r z8xN`|1&Vfa#rbdO*h~K)Bk>u$9;6-QGvT;m3W?qYp18@%OXZ7YO=ZR=*zYBCTlJ0J!V9r$tH<>w>WOMcUqW z0=9BNmA{H7V)CvZ;+5c~ByEp~B8)<1Lj)rHx1VPDj}Ua{>Ya3fISv5k*kzH!rl%C3 zAGt$1(l$u-hsa=@7{u$cJ%013To`@A&dzoKcnFuDk*0CvSqa^%FB#Ntep2H;!yUA| z9AucqNb8PI+Sbr+x93!e_0nn!U`_zX&t}piB{4`^+C;t50 zo2`#MF-K)!(JA}RB9Ml-KZACXMTE1ck#;68qez3+d)wq@S78lYsnVz|6DzEuB#%sz3sYv~X)^T~>E-nhe2M0XG^EcbvK$C`s2&EihwT>AYwM zvO>%KiH0Q=Sul&-r6|jZWH?C4lTmyhaIUT`$k={==ysu;sN^zqj&^S)Rue>yUgU_O zx6MpS3;n6A`-BpI$2{{oPGMf`dq8w|EoRr8GUw15Q5G4dluq|qGsUfFJu-GTvXr8Q z39M(HN31Gi2Rr*x%?!=V@d&zH3VXAJm#MEYL_pBo6}p)yTY09D$zGd9bagE(hD7Yg zyUl1Z9ouqannmr|YwU|EqWJC(nCoi!wd+Wk=W{pG2ki$}R)E2*}qLp$PC!2`ULO0nXR9nmkI@0^dm8b*jF?>FgNFc&RMzn z0l>>3j=AVI{tjVoxk7l{FiFb!`2$kjpkAh0Qqp#bW#y{wXD0T7w1xTein4JvFTe7yhoLQ)5B9pEtV=`t3q7v|C(buV=&K4+1q z_vE{GMUq&JdtVGLE5Uc;*rjdVPGTU>hmT7p-w6SP(cI}cCX4O2jjoOnOi=h~&-IJP zQ$Swqz)B6BJK);+A@RFTDqyUi&De=F?tzjn-NOrk-h9`69^;ny|7AkQ+&9vI zFB>2OWhIcK@-tMJAQT`I-)ARDO3@(S;GT~^|KxzbcnT1{_bl{XnTEc#x0WFw@#-}D zx$6gK`fxqU#Uud<0!IEH99c`JUa@X-i$>0tqYy`7_9<=7w~Ot%-6FS+?R{Fqd~!i8 zspGo~d;E>pk=P|cAw6l?rbs3j2f3A?SK>6jB8i`(#{vqAwhG@SSkzn~gO5|H>X)#K%!V&G;tdeO$9#DWyY;3CkF)?NKt59c$`hZwW<^cc9XD3)qT%40CnwvTINqK#e&j zg^3Gh1<7w_FfTeNnu#2z@$d&nEb6R1v-MbOBym62CR+ld*Y0l ztl}eQ;Z=|ttY3~4*g0%uA?`J8xw|3z;CeN}aBfcu!@kj%^GYT)ph`uC z<70Shzs4H;JRtyAscZqxdnPJ1^$0|DnLO1fbXQMLgbKpy#`#Bo{YvqBzw%2lyP!&4 zuBVL90J22>C+TWFKsK+{Pkzw3_u8_`Di|*&wzNN~?+<|k$>phTF^hSj^;>t1F6>^+S8pG)gmuG$kMi;eDK77z1U;i;fzQpB%{IQ?ez zMl0A~&pliBaPnyWh)jIc;FC#>I8EZ*2dIOj8ym-7`n<^=E4}Q9E;|e+k0_yy8^8wM#uHR#~LDuGc{awjdDrHcEeGBN(1AaOgns)6$7gVR+{J>_Ygm) zd2ui$Hkszufu>GV?>s0=gfK7HaadlT0eut}d)$~SO>KP=x;GVS(*dVEfsKC-iCaD@ zcdme%=uG_XJG30$xQH8J!?Wvr=9bk0lq^|&+X|N0hzpy&?LmP&d>Rv#W{L!9Odg~# zLr|R=KdoV|nG`hV#bedIrnqSVJ0Q##F|C)*5Gw4nt}HoY7nXT>%QgcJ`*s-UT6?X! z8!2J%Xh@@DMX#?#_hXRd@3Xd8Prj&O%gQ(7DF;FP&fGx2;-$)>E z*e&cb;wOZ7yBe0XeRh|9*|;3p6MDSsmcK)FxDiB|5t z-@bNDaoZ;9^@#RVJx3`zt{;64Shcj~p#VMhIvkZT}&W*6puAy%>ysIuIg#)-c&!Wu@4g@e3D`s-S^?vA@Z+w0hBbHDtvgTIJZ_Ff zeG_`vZ*zz}1Ukn3(1p9vW(QNxEGR>PZ~+mj7Y*xh^2Rp~%vk-EF;%)r4xL3Jzo&G| zC!5asnze_euSE!bS6dJN7|G4oH9a+?pyTxM%X(Rd=E|;$z^T*wn_S*&FnTdvc|5xTI>(eXS+}KqI9{>6E|z=7gb$yz0gWAR%QFDWXO-sTPhi^1Va`0O*j~% z%3zSF^8vLlmswwN|4YPg#wFm}OVVrchg1NB!a@dG><>MiOCpGAA;d(@o{RvAoXTN8 zO7>T3wyAt>+V~i|r;Zjc{MuC^ucX^?b}!^~=j`$2kM|C}(||-mg0a6_W+Q@V5s4U3 zu?AX^S|{ndOaa-{(xVv?TprK|vFzq;b5^NxG@;OCOwO&)bcGU0t%)^_Z2KKtOKYHv ze&O3lj`oVhF$OYHd)Hd49>J8tT8jrTZC3Jk`_#hA37G&xMe`NE<7cZPRm=!PH!8WT3Xp z2t00cRI(LD9D$`5=en+N4H~g5H?D&gnQ|Gh2qnpHXN$CzXGBs5ZvNUc!4@6Q@;-!1 zu|Mb`R)3wVb;EpJ=_mtEUrO7Qw#D;=q~G6b;pFfr89k2%+ng1E5ws15HQC8mrJ|yZ zkA^oq$y|2AmP*Pmdv{=RWiyPv3$fg+@8EtQ^09S^>3%1$c}9aZ>hgU=$ZxBP^N-`3 z;VieZmvi)Kg&dA`o%CVog8QG0DN#I$&WV}sJtj5G*aJi1F7CsH+j`C1{G)>@)wNA@ zt=eN?Qgk+Jfj;)MgWN?2kFC4NeDk zeOt}yfu}uP1*E^VeZ}=UM&I&H1e_Er zkO30y0c^X+y(VXi(G5D&X@d#Rd5TSu)KL*Ne&v_`sru{}uEdQfS%9Mq*5V!c^HJkY z(TAaJ1&Fd6OAo#IF*iiBDlr{u7Zzi8=RNfOnvezoBhOEN_wflne{)ux)8R?K#zCDq z*_?B5PyfpwDiohN>y*+(UaGw{-*-89qf3hT38S|*;O_T~d|n(T0_He+?r7H!p6t3y z(Cqogv%AMEA_=L+_wvzYS4#;X`m?F-!8{l-DSQ}iyh8OJVIR?09 zNBB@u#a83L)OMNX zsT=UNYG-4bLM6|WReu1CWd)egDVU72gVl9kC5*213*G&fB@2Hv=1kAN%d4L;q^FO`6BFsbJ{ zcfySr`ZIctWRYe3jVdtVv4~z0f`{Eyfjza0@k_5}B%aN9-`y~NeI+@$*qUS5TU?s; zJQJPMb>(eslg-j(Wyu<&r$DYe1jl(;V< zzjyu#BY9B{^6?KbPgc5JL-~_KlhUj%T6SuBT&kOR7nC&`Zi$X5vO)!2cTp08`^!16 z(HACx_Uv|nI7Tc**AeqR^G^LbDUhfX-aWvr@!ID6 zMu#SzWdlDI$V+#e17^-Vq+F4JNhUDXOOJib349Wn@kTG=IDt*0nr2pz1-|C>->iFc z4zi4A^rKBO#0yHP2{p_MYk<5^>l~o0SQ1|PJiaAhf2Y1CZ^ z-l21y`e>jTvN*3hlM)3S3oel;h0Dib>0??WzZni7&w~$m9-rdSOAjf(Abb%c2Nq<& zrhyu+5bohP`V=-zA+_l-#=Qdq2Xi=eIEC3Mo(E|fsDYdS<6b32T~;(g;PnNgsb~g2 zKmf$hkVt5Wk>F*GgKCg1u3|F&Gp9dn3gSIgBeFF^3Nnh#;FSRa8l#|{@pUdkp(32s zd{g~5z0eM`GXo4Vk;_-Un)B2P*W+!VDSS%OWIPn?Z$i~gE%T{Pq2@LhK(BqsZZ&{x z5?R-G6Ne(}0JPT(VzAD(T9GZIr^*2{^`-9v!^MZKAwb5Wg7K660A_4M-Owl zSa`e2evV;mkM9NzB9IUm0m?tE^Vro6soyXTSkZdIX8;bgekDDX&L_Yr z+i-W+ubZu5X+zUBjqR(6m>8U95<=9~~t z8qq0weG+sj;4M!cMS-h)CluO)Ct%_L6bn-T&Eu*^u`#nSZT00XDC;XJFj-WS zZ-!V8%nf-)rxrMpe_Sq2`y(ywzlEDzfdst4Q~Am0)nv04-7*tAxHBhi&r7F920C*aYf-iz@*&`)x-*b) z2Q(!-*Da3TP?^0D6TL_liX02lxnU-nT9~dXFc<$s1Igb!@9reLMx(4A|J^@cgyhR{ zPvSdVG}q}4JC6t1>7{@M{8nm`tzuu+0pl#Jw=TZnI&AM8%Wq%T;#}8$lCAQEJ<5fqI z9ZpMOyts6kodQ4vHPuFS=r9w}`*H(J6}yU<&^)|?6#f8?OvBdKHkg84&{nd-%t6bH zK=6DiM^^>5`JgM6Nesi;3`d`2m^1X58>q0o9N}c>2L!7(YI?U1<$b<>4+JeUnV2*D zeKj5j9*3AQuzr<<6Uz{!wC(p4*lrXw7GZg@3uHTxY0^C6fRvL*vt}NvOUKH$)9F5- z6ld&JF|wP-U8Nh&as3^o6Y2{QGtazl>pz;RQT9d;ILpST`FGrFfq5tf%DHBe5%x zQ>_+TzMR(BJT5ro(Ow`uY0{ff-zXdA0^1Hb=$<-`CfBKF4W*u}`Ld3wDac2}v55I0 zT2u!_ngbe>A$XI72_C?&(h2-kHlcbGEz&0Wn33>333x^*#={Hii)~7#1o;?{tD*-? zDv$u7kb-oG;d7fn@j!|)bb8%9@p)NJ1E}E45WDDb7#{)I7apj%|CBB36|eK=LUF?i zs3=;JDz;_Y<64I)@ zO1@ncR~&r0=W#d+ura1Ux@tX6&e`7~cpGDy9WgjRE04pY1H#zkaMG|EL1Ygxa~!a# ztMSyYvzvrYCrwW`A*eCovsV}dBdY{>2O`l?=>Qw6MzeqnryUoodRU@qCBX?~s)0Dn zR^2BTcOWgE1bTmPk*^mMVNeF;X$-i)bwqGacMEey7Lve;;`|{3>8RVo#LC!=Ewu0F zBMLvJ-vR^#2axuxOa$^(Aw7m(7r6vHwoQ*6y9n}VgZo*8YdVnNqYG{<@hVvddDy3Z zlya=z0ZF>r6T)|2uI5#9r5EuUe}6c#N%s6l8ECS?spn}nrCck<@C&yGP^KjCaJL_G zV+P1*zdsf1NRRwxo`oDsM~46^V2ym6`Ba?qSI476ll&Dxd%4w>qp8hxiSixbhW8&0 ziP$Y5wQ={Z8hW0@Gq?Nqyx&@KEOac|-DXG*+@h>i$eL1Pe+SMRR9Fp2dF4)#fWD<>aC50Zid9NFh7BPGnb?apAn{Op zh4GeRNje#{egzF;K5=_!P|DVvlu$Lf?#&OVxJHqAC$|Qvbm0a^0GKEl+{w7vmAlj z636h@ZDAdcdC57-Y~nD`Kap~%RY;a4aBL-iyD0>L%wF6JH%)xSDz3$Z;UannRW+^v z!-EsUPDOYohmjp@}z zecoEA{yNad+G2uKoKM>5VLvf-sSuaF5|Txmz%14~k8?0ofaSOmr><14&>!SCyypgZ z%(_xihy~G)DfapN9?0W|AMRn7EJgR%vC0F)cauaWoVD1R7LC0O2>6*DwgTs(&P!-*K z{qqwS!?3FG$5g=ZjO^Th7>T3b4@w|f*+AohF;CE#4*zPwpwJ<~>VnqbFzvc?Jv@r{baQh=!H7}D2HOMHvT$;k* zrT4R$u44Z|;%ZG98OBO#9g?oN&wI69$>0$S=k#W6n+%A2v@YCk(@cRn=fLp>`jjK+ zmX1yn{!FpK02iU8Wc3B4ti@1pB|Mkgdf^gz(?A7+{@}_*{<%&R-^2!*UI1Ro;Ixcf ztjG7a2p%v#(k%DPVp*&xcAYb$r}1O|yb0WF?hOxjUgmmYiKHOJ2-e?IbZaun>f~#w z{D8rPRN(?PqFbrnw7P2Dpa1VN2)UXrH4{HQh}uJ-s9pYIAB#Dk>)Di3^vH`XYaqB+ z`qOQ@JOK#DD(4dIrBYN31QjVA zFP=v*P;S;HQPt7FT-QLdIgdg;m35!0;lKj2zq9ByF9k7E$e4EWx)>rv0JA1kZJvFV z{W5Uj;@Vi)w-j_OS^FvB{@nScj7UA%@`I zFB12HA_;ii-B?1NZ5HP2;Chm$rksQ-4#m?zNXwa-{s{+7PCp%$H+jPWu?C51xBn!( z7~%=&wuP4hkrQGL$hiSO+(+`+6jlxvPoT>??!G<=lMmGH0IQOm?rLi~D*6+EIrz^> zNzrEjoIO5G=&7S@5cv9T;uR)x1AKpnB1XB{TID!BxivB;|}T3m`^ML zE4~0X9Ca3$bJ~He{Br3RpzK(X2gzXWTf=?!uE&U_RnD+(QOMdJFUp$&n-#lUIhC7v zUkGI5RgD&`N?j7dH(`EnQ8Y=!C~DTII0i;b^L-$eC;f70+Tjj(t;wzn`mrsb|8{lZ zUfiSbz0i=yO{~4C5LE;AU49B^ z0_|FS3y+apGQC0OOb>uShElj@fIcf>jCI(P0a%kOOpDm(+!SvV2Bmt^?GQ~hA8O%! zCpQGTEb1;TfS6~I>3OPjj_pBuCWhtu3v~J#t#_n#O^QisGU-I#Dnbl~;f?jn>d&#rLITrp#$9~j?Sqbqi?`}GAQse2DVR8G^3;QEcB1{j=m;LeV%2{{u=Cue(h_#?~@ z+;!Crx_S>w!A?Eyp84^JdN+OB>)g;8BldvL_7E$UiEh+Z90U6S-4IaP4Ns4gexJ&- zFppKKKV4bu`dT>>pMAuOHSWc9D9~Dp9$Ry=$1}MCB!g5?n3>9dO_r6_a?nLIV;UDj z(R%dF$k_Q0=wm>5jl~T}bL0b7TGM5;P2MH_fqi0y*C$&}3$^Q)P2e2QZ@mJ#guVj_#v2goy>v(7wvTXF+ z*UY%?ug5K2$OCl(?&RR0Weeytv^$=JU7%_dvb>Mx zuQHEPfd?;#97D6Brj4dbvAb}WmXkYK`BXL_bBoLyght#07<}xqIjJ^U6HCZbKVATG zUO(U{$B`2>9D#`8D7<$iU10{0V;`+7(=uHoIp)6=fAzwQ(fVIn0B0@W0$rFb%)G?L znY}5ffpSv_kmeEq!3TIgb5qS5B(uo?T;l~A98=XWq2=(=*zS*BFG+^u9pmy^{U-8J zuZ(Afn^8Zocd(&~bLJ@YikKN(ek%uT!m$`dh&u}k-$;j`hzaLED1g1ub?3vgiflp* zUw|J!Ra`UOOM1kL>lR_mzUrSl9`cj(~KHwH_U}#9)+ZTsjal>ttxh&S>!8^Lf_j zbhJw+2w_EVvz%hpW&&@gT__G4D45$#u(YEv@*%_1mNG@6Ab)<5p{*5u6!STTZ|Z2VsBO*5<{Ln|GMy3+q_O%Y&X z6fjdsLM#MPBuIo1y6G6w<)5dk@um02D2jsd`6i)X`udd=fNjqW?NdGE|C(t3g zF(@jo@nJNPx~*U;oQm^}5twD6k(^c*epMp)sn5t|!m%gpx~q58hQbPGR$4l1HOVYV zH1=2kpkL?&xfL4L&?-9VSXz5KhZ3Ge67%(9vA4R9<$p}*UJpXrlL&4A;xq$*&SeoF zGv|!x?!H~#D3;6HwBliosKzp%&)m@nBn0}KF4j^LqBn!YiU}U6Ciq2Fh-1gPS=6|# z=Q)A~biRjM?Q2Ivi8P2G^cKuwBZ@!li6M~0<;X*{?iQ5}vkVyn!L!+;wRmlV8stoGL>)otp@QGQmn@d zb2V?Icg{dYoXgmxqOq2vxh1-}4oqmCXW}qQ*(l(FM+sF97V8PAGbZw>u`XyktEp>% zLpLcv)uKuxvqO5w>%R^{rI|~`L7+2BPV`J0==D7a8WXXd!&593)ilWU=W2(h3G0W?K9tR`j@gM92=50q`AKVds2Y?BIu|IQeN!8 zy>hMYaPL0ZO%HlZWU&?2JJ#sot!+>*?Usa#bUN?ON~)dPRm%-@t#Xj~Jffm2RG%#X zsSSo4TJ5a2h1btlXB<5<+=cQ zPmDIP=QSRu?V>3_jfGjEs8m(Cgak!6&vx=}laX4Tvz5apUUVP)u<2dkFucMIa3hm# zT3yJ{c@9Bh!bLt6hTK}$>H%# zID#J$ce;$#mpas83%F*YT8TyBMACCN7Q&k z;j;_62y`kdG@m9{1s?LA(7l;3R@P-i;8k#H~6DO2J17i9;=%5$(Y2|-@n7z14A zY;_F31S!C!JSO;5ZunkcmEpcg#%epGzJ^maWS;_kHW4sm`@VK>IR}W!-G96sPUR4& zYl$`F5^PqGe)#2&guM-m@R$$>qq>5sQ&V651Z18dHy*JPLfu6bGqKkfj(%OgS1<(G zZ}HqiM8yn`Mo6z0(j4gr=T843*eMT;DE=uB*i6qsE~cwv{?}lde2;k>G;R=s$Fy$T zKH-2_MvFkiE_$+zmWu2oCuHYtpdCo>rq`o;sRRuKu*28UowZ7n00*>4Wwzyx?~5wc zIP8UlHamD1mCgIZP_UjjLPiEkmCL5N(c?bAJsN+|Knley36V|RKa9cf_*$(#?L_@XNjQj{%&5B-vhArY)aCdeIDA_PWMOg6dqNE$!bG$H^ag>8 zfRx@3_HjRu&^Cc|8i0Vf6(o??4??>P-Hry`dv--TnC@*DVS?xT^k?8QOM@rYFZ2Ru zyXaO>1sP1Yo9u5wWXNzzRT0d0%o@0R!DT9y3U%`U1;}*&GFDn4zh*!~fQY~EqQF96 zb9)fwO^vL6b-ME$D5FtFRs)%GQ8%jn%PqSk&;joyhSyo+LNXAN>IYJ2HBDl}GtfJ7 zKvU4w0-0PZc+~Xq!s^d}rFx_Y#CT`vZSL_4;^aWf;*vFPV--r@tj10}z4$^|9dA}c zKMZE~SLot!kskSj5_ldtoH*Df`Gjqfh%O}e3d0Nm_jhkDa-=O5_&6^i-6+D$o8Nw; z1E2-b07M5GE!1SJ1QDCIg4fn(@Jt+97%2I6zi)w_HEevp4b-|Ql=HKEJhXSoVSFKB z`o08D+mI@tzGf+jm@XgmpzuOj@F3>`(ju&xG(mx)j>;aI)SO1C39zi-l!ZXK+co$IW38 zA1*Q+L;vXe4(xAG*9dyID*hQvluikJVJQd3!I%OKu>CRquAfHzPd+g4{fqoR!*%-K zXQZ)Dibh`315PEhH%4^r^#4>U%=6A>vOy-E@WEPkB-Tt4vEPWOj? z*xUz8gAKssS@5eudC7ozN(D?-m zcH)PK{h9K!1hf(G|K{>pGUOp$G>ZGfDIp~u1T6q`9RAnhfxkw(mj`P=Rr!D%2oBRD zKP}94*oPmd4}G(iAfv4F&k~l$3FbTi=qJOH z2RXkmFa%y7wxu1e>qJOAA8dM=P zxgRI2?j7hZA&Te^3{k=m+TYFjZ{G5(7Rk?|7&$rP9zL7YrdZ^#0R` zLFx{Ni=AqRacE$)P?Gz>aQ>ONP8hUkr_&>!g#P{rm3&NCv*k0vHu;au0c{JF$V7B7 zP@=Ly;!0}hm{!cx7fE1IqhbC=|9NzX{LIj2Mg-TJn16`M$Dg0Uqon>O?J)6_pFRgm z0L3`r+A)Z2yIzRMnUG4`{{b%Av%=e3CrQmn^_eaQE2>TY!;Q1fl=^>ap zFzn)d2Ex!l!fyI8b_{B|au%sr;M<5I|Kl=ck^g}VqBuA?z^|hb|7#C`<%K?ul%8Px zGw>YX!viI`)_XJZpI=HGtU-Q@In`0i-Brt)_wBlOC~rKlF~Jb_E0yz4t=?Z?;1;8RCZ~o4+GyDhci}kM7C64h7rNVV8afIyRVeXAju{`2VT+4`_LO zxuC<`^L*h0c;Q^XdrPqqrJJBre4 zO?j|Kp`HIr``;e^_rrafyeD;;458<;dP5GC2otXQL$CvjAADkv2Tv`0{C5Xx>#C0W zLAHqf?+!GP((1v5F$Z28=oa+C`@wrR3Kf&Tqw0Lrbhtkm|L^*JLcJe~qkpNw(;S2h z+*=CEol^gYu(uAYa{ac3rCSy$NG-wzf=Vc%bV`>r(%piBgmj03lz<>12olnzw2PDw z1QC!F1qngAdFR^uoa;O1`+o2B{jvXG!`>IH=eg%S=NMy-;mGs!i8gdvh$uMVnA`qG z3Q0J$TT=g2S{bw8|9UuH0Z;ZI&I057mcG$y<|6dX90!xKc@I3O?m-yk$W>BhjN!gK z04DIWUc+`Zlw7!H+0CmLlJdU2-zDYZlE&pA!B$piyP%lNp%k5mOTop89zktg@AWf~~-FNT2b6{nYf>nC@6%vD>~5 zklnaZ7buX}azTU$EHTKQJuN$Tr2-*l1vHb(Oq=qkaGlyAHT$>A&DTe`i$hTIR7dxGqSxc>42&=qTho zjKQcdrY1a{584|c7^EJ*Ws@iNYaX1X^0o!g=-ovYiP9UUO+~H^^Y}gz56oPDWBiC$ z(9u+9DBi!2Xc~}m`=M>?JL#j1rknQ`Aoo>y8jQy!%0EDka)y9Saq_9;`C+`{_lD=i znz{cr@g~EIEg2erjF+F%r8n=z_o3rUXMP`PX+QoUQGfFTV^B z({Sg5w_FLN^{#qlSX{)&wsC49=9355{8UK%9r@~h>(4cV&D=?d9@pIgi1!`FhiLWN z_~1fktmpCMGEa=>#W3$3yqN$$Q(bWD|7}&Nt}rnO*}Y@1LuQw9*&D0gzOF>Syjb5X zi>v-~iT+TITeyU%cQ(_l<)(!H@x1@X!-peju-ZyU$f)ql5m!<5*~*H_X*hZKD1M?% zYrrWE_HQu3(8UlH#fH@ipV1%D0wvG3pS0uKuE8u%_%vK*TTIjsiwl8oxtd@P^2NvX z*47CZU5Id;+P?wPU4+sIFrmul{a|VeNrz+aOpL?r&={@ZXzKO9q2Z|S<8`owODu9| zg+##)ttcf8+S)9%L~{}za12O;5<9{|e+{tg(lszj1~j2i*;+`Hu=7Dwia7rD@$!9j z)jGCGFDYEN*_N#LXGg0pxo7KLlLR(g65l1|=wmUTRl*&_+;MPN^yqM+&m}pe5F%&j z;-K9*>p{bI9zAtMzu&nhw zd*#0seG}>ip$ZQTiE$}%N3z$8AA27^@NWwXO8o$H$m*FsHgZ(m@ zzrw>`-jqr1lEco+p)ZBqUhND)DmrS}I2ZF<5Ri%Ra{TWz{NK+MTLJm?h!-0_>XO`b zY!1|2m$6QTc3IY1JXuwtBFn?igIU>nV8VDyTB$DU_QTZ450A@JW|B1O^dXM6`dN}? zBziGlYWOBuLT{l);Js5IhgKkV=qv8HGWXqQj7E(IcXxNk{l@1r(ks6ZVW$kEpbqvh#%dFf)k@sXR zF0Xt9*Ne{$Hv6<=?BC5Sw;*6e?kYXbG*Z3Zc|yB{=f#%d>h5@9RNtd;;-9)OT9-cb zvh)DIMyhKJCs2C|&rY_!AYFEPr_4#NEZzMMW~g z%~PokIY;~MCIU7D58-D!f)UK8JHMnvTPG8hC`hLZC-nY`o>uY5(r`gre;8`x)&p0u z*~D+;KP2_yl>S3`mP2YIqG~0U6x*|Y5=z2DjbyRzyE0DS1e%+!s@ro|^wA~*Hr%YoE6^H*uTlUX5M&G^y!o2sV)|%5FT8l;s;UzVN#}#!0cexs8dje`n{mEWunDz%K=_=Dc zcC4PDv>63MI?0uu=dT^Ne+>|~vaW-)`<`yg6CXdsz6)XI?S~3_7X_ptKr}gk*DNH${9!&)4HdQ=v4{Q za^u!5&UgHR;>!!P1XR~CKA>91Zhd9PY_zfqfV z6^u=p<%U*YRlN9YaGXQh8R-|C(EiV3)QN`2NYv`4Z6m+^26O6YFz4)7^?H)G8V;9P zOQxQTD|g9C8lSVYYNptsr{~`Vc^(nJy|p|`C%gxo5d4>wwpMZ)gez&?qe*^c1L*dW zv(sa|Fn12QXI_?7&2C-MoYB4Na!**QS-ONJ#8m#{38SR==Y*Bwq+S&xOh{v7zMt+$ z$%;_6D{e(w-_t4TSIrbrGHLc5!@bJYv$r}vey47O@y;W~^_kO@_s~}e#MBEL9_%r=stUZ(fk8|`B zv`D1_w*5shmw4Z$gsT{cq&uw{C%9r9Ts#-hL|WInc9Eenx7a=r`Le>N{$ z*a?K2+%_cL_*E3n&l%+u?zdoj{$Bn$-%UPyd@INSWu13LFXE9%=zt64^J7La?}YJN z`lSZBAZ)m?1aCy1Ys;Z+x%)aNse6M#rR7R5=hT#j&l-zlfXpAshrf)U6cbPJPF7fi z0xS*ruSmrqhmrisZ1qR8m-r8Net*eGK8YYjVzP9KWg|IFl%`NgzyuNn-`02~#=K~A zJg09N)2p}&GOpwTkIM5AmF7~rOWkJ%rT&@`3m;G0lidF~Q*ZIGT3E2z8w*l>m;B+n zMr6TzbG%VK%)$q;j^VR^yZ*EsyY8Z?$_6Y#uIo*ui@4|A6*;o`EcxS>D(M-R(LQ47 zb_k!1I#_>pmI9)-AuyLpZ554UC;MhFy#h_JxlrW)C~v7cCl@3hNOpZ5!X|~5mAm!D zFu@LF31)mrR2a^4r`jCWc(k*ub^DUN8I2zG5wszmk^@(Nmo!56lAnz-Ynj43MhBc* zCGO0BjFfMr+x3P`ZxRVS5?ameCEkRsmok!P2Uf(VHfMB4$j_H7`Y-X*yMrTVk&tU# zIcF)gpzC*o@v-MJ&32=w&}n%3XMH`jYE?S7f@Vqw62@w{WGoubK`q)#E#6MM+vGMI z(9AZb)qFH1AFex3Ox+-xa@|-D_tLL^pP~2om{ycu)%;tvUHo15;qjPWVh)sFTjDa- zu?1y#6vh9livRtE93yt+*Cj@Gnl|ikGAwX9#=lObPK+z_Ta_$1EpBU4Ddx?IdKKH9 z&fEvFSa@cs5KFD~0MDH^)Cz~dmop{fk<`pB9Mkqis}Xm~q})D|pC-p`FQZAc?UGPx zJ5mbtRMsxCS8*uYM`FRbla|JUN2^;Mv~0SC>P$4L44#)$eX~UO{l(`VfA>*-2J=Y? zB)ak7+Kdw_(H*RmP!%vDsX{Z?ZXpsu^gJIRrTX}0%}cm!<$IdJIU=E5-3$%kE7@$J zo^*Uqz~bzCVsZs^wAT+Wx<7fS% z*`7R!E_S_%L!&TT*vvhcYs0F$`JX%4_P|8rl_K{UJQ)6l<1YBuol7uSkMGaKa;oIb z{5?j5DVqrak`^dlBR;78k<} zNVNA#4Q~pv?gr{LOf&-f{zzg#P|NE%s?YUSJM$DU|5E$2xAq8cCOuU%hY?vPU7%nr zjo*rDy&ih1)DDg%bpMQgcmuL~@TKrjM*c<mIys_-3N|bHCp_GPNCg#V+TX6hB2v)jw71w5lvMTV+#{P!yc~1#00H zw5=FvheYTfHZ(7swwc1Q95_j~&P%*}9t$zA^ErFA%{7MquaD}B@A zQ*zRUV9h)CLRnFw1kWCj0PiW!lR%yDq0#$qBFb2O^iz!KR)gs4?>M{GAEqIeas>hw ziPF*-oh49ioc#2-rXOUUN88PM{T?x-xn}U0n7Eb{I&UrHn9SdAbod21c@NJ{G-M0} z=QYEA&z#D$`epDnc^9g^yb&XZ>UW97k|L#?f!J@?!lY~c*Cb=5l}IZlqFXi9eD|j( z@??_vt?--I>;l6*Zj<3CYW|e)TuH{BvDdf%0fO>s+h(3({u%skRc6hD;1P0CoD{kW z)qYKKNVQG0S2(@YAe&3PqT$P>PfoX#=n+E46s4B2lR^5;Qi>Yqb$c2EKYiZ>9G!dm z?@sh}a8C-J#uPzqIDDUpI#B>_klRs3jB1)AD>Jadp`s~&gJt~U3hRPOxX_KzOW?}xxbSD! z=(%9SlQ`mpq_nsuK0>_`JvCN$OFoy*n3O7xysHG%E>ag2(k*gRvGyCi){T@%&eyCB zxprhs?1o-7fAvWalimx%l0+!wCgRAZ!wKZJHqZPx@&Y8swJSt8L7L^AQmP^@pbr(e zKu{&9*xBguQwMZDy1cu-QuuWIb9;amIEHvCj9Wh0n^;LL4mYPGs9#JwRajfbx)6~h_IazK{nTJ{s zO1N^XOo~@jfreypZKm1G!^C6!Qvq|kx~0dj{(9o8^y>tvoEpqp&%M}#{W$W;Pgqeu z&iZd!zk>kUKc}r|03H7nX?H-Xq$DVCdu`@|R7r&30UV zR(Ln88Z-!zbYl0d^*C2h(j5>;F5o>oOw3lj0ZV&9jVsn0?9>P<Q-%;!?SyB5bP=Gg^$mKBmabAB%NmY2YBTz6#5kRF2VqtGgtMA4+@?)oH|+Gp z`MlJ51&^L`9U$?pkx#xEp!ySi%0L{K(-F6)Te*N!>~1w=W9x6aCgQ+}(l6H0@<04} zk-nxgvFVqow1L~_oZugQVUaL`Q<nu`p$c3nEH-?N$U)O`0M@j6ZlOIu2yi z>QNqK#Ss12d(5dZ|Vb6_>?~cEdBRD)m{Ir z5~tQqmaFq`M|f;Zy`)9g^+!Mu%(Ek`U3vOe<}_IImfYOzwFf zo#NK+s-FaoW=;fmb!8-T@pYSaepJF#^v`f&no;FZCUL#rGR80Y=569rMifQF)45s>nV?in^6EkqCKT7xNArw&}2__A~Q&Cm0Yw`C{4~&j)FeD9l z${?(6(tKI6ZMZGo;`cQQ3rvuBaN52RXuj|;DYtDhuPE@1%Z3 zSycfIfMOBo1UbjeAG`%)4;g`Osmnc`n5-l&db4I<-TLN|Jm>qcNE5xWIt#?W7$!ko z{;J9Q8sD|bU$hRFITN}wZ*Mq+Y>iWv1FoC*$J%7^8-JKP>DtB1w={E2Lj>!wl!}sI z1wb7fRE()>ho4FL@@nT-3^_w_hYnbt+<=oKN!KYCCmRbCz<;eB*d%Vw2>>_>e7usPxjQttcUQdQT% z_q_JuQsK{UN~&EOJ>bXB#r5m*$FOzSQFd{jB*a z>LsC)ysCnkY_^1dnNr6UWorHP$=aI}2F9GIWjp)n_bH|>D;kY6a;izcdfSf;-weuO4j0~k=unWi0TDTiT|}q)6kG$$vGCeizc>YMW`3O% z^tM+}R&Cua$+p$DYPtYhP$g62DAF+oy%$h?Z#Q(t)yKPc1?jF;gkCh?f?+JHc;J_9 z%lVlf{RRGR+qNFYmo9uZ7vAn#3pC%;t}v6Aq;H*vn2rQytkF`O^0g4Ut5jEBBr zxN?X=Up!Yvhx__Ssbz-g`v$!}o*rqdD%`K(W)XR?*i@Ab ziEf>)a|K>;CMjF^+Q4hfD(eW$%Z$PZSx=RMhQ?ybr@g^ zQa_|jsK4L?2FP?b$M zVs;Q*F?tz|rU2!XBwr9g**;$VsvB@umaxqr82fP%EDv`v`Z`|%3?ZdR*wA7gg<@wf zVik56F)074JJ=^Y>Q_g3^mqvvfRXs97N(tTbHBwNt=~?S-L+In>;B0_$AC1)U^j?M z?Cq~jl-Ler*x)6lIZI1-T2FBY{4IJA|DQRlC=Oi9vZ33F6?TRlu@|Cy=R04#jf{d$ zL1^g$dCW+i%S&8hu06IhSgths=~*GJNX05j6#Ny}@`BUuir@-t+24|8HYTM`!(z`Q zOig1{mQc48NIgV*WUGG^4|?E4s*-5wply|#jODQQy;0@5;nrIKLG+WXL#}UjAd!S~ zz)6~fw12?8bU?T~+nU{%dAmBEu02aYS%r%ym380+Z?=<+m*Cn9)0HbK85uVE(Dhv< zR;633VwhC6L|daHJ^o?_nm^NK4r07Ylt^!@IY{x&IBIdz!Xdbr_`vREiqwn1z2L9J zG<_v70lY`YkO=HY6u7y&x!STMyA0=rzZ*yQ4!izN@q{A>R*YAELlCy4nobPb3dCJXBmf zhmKic{yGAdYj4($*RV?NNJI7dEKrSOwNCmEmpx-8E`{D?vshRK52l2i)(gtLnyOwm zIp0#Z(u+QR#!e<0-3zSm7k|nDu|#+7a~ZWu{>omW9*a@F>$Sal3A~mbfVl5+tj*}% zUlY*{`|EcprdJ(OstQ$=6+{BI-{A85KqI#jO1^*+68*Ha`VCRF-nv0CJB9YnGzJZ_ zQJpirSEmds>NRh_q1&<<)>XQ7Qe&&-@?dVE6=K>I@t2Q=)l+%Ra*-G3Y>V#sN#?=) zeJm)Azh9?K_v(_U(kt|$cm7k}+&+IX)OYs(Py6}LRL@3&VMC*??HFb}z!2dg!#0zw z>_CJMOa#Ywa44vHare$$7M-98rKK~dX23VxTI?+&xKVYL>rS~@t0|MngSHrWvX|7D zubVS5gcK5aZ}sjK14{Z!v+myxG-uGo;meP14g1cQ`ejYI=A_y@*G2`>zo{>Cvv9Q#Ja{YDRm-5(6Kj_yXlrHK+f zJSOm1>x{irAQrJqN@Mm~0(aLOkxO;+7`X!eWu?V>WedBMH*?}naz6jCg?gwDb&+b! zu}E*?MUiK0wn3Wz+{oPTrmmT-6hxt}!r`?7(D3el@OUwJtjv2l4c>59F?rQ_@z}-JQfYOl+nO4xFKY0o_6f4sMv zQa4l60YFhs1?o2RasNLZUncwitK$okaeR2uAeRr&m)7&M50?cUYr2DQqq>G980u>{ zsC5CMbb31)lrsUnezEu81?GJRPUQu;9H41?x(y@1Ew~4nc~^QDi~6Z_)h*jpA+;ER zv|Cxm*GvwlA0LOc`2(D|x+6G#pPfVFn#mpO9)ya`#7oNrPYZ#yI3`hb!m%PJv#@zk z0Lzy!kiDQ3KU#k6OZ52|R>P57&TqYDpaZ0c6DZM2+ebZy$~|5c@)?hg5} zL6v&{Z+~Xjn_% zhxO)tyW_I@)x{BnDtZ;C!o1PFzoWo9`yp3mLS9)=5)df~BN z5Pq0?`WA-1Q%NJK zwT+SJMUdI7V3pvl0F2Ch#TSGY*Arjgo9>h_uxPbE*rcdxDk54PDX7*{yX-Ikz4rf1zaI=pwc;YPau|O=_Xm%|wP<4J z&wArdvAE>%g%#+EzbH@ojONNlj+M7|&Ax`KJvYs{qGOJVIucgdeRZp>iK2ah3}$8g zkpuM480-&Tn;#6M;#Aj(0>X)Ytg2vN+H}cN(>r3My8e#PUwAQT@You&O5Fx6V!gul za7nB`Yu?!08e*{&xPgfx9TVN?Pu7v5jKJ2Pta14H?LK^p{=sJv#f>JvF+Dn`@MZ&z-#8xBdbL*f~P0UutU&tud@9?@tmGlV|4$S^F>A{_ocY50fTex@T z&8s9(S3Xv-QI8g9t|0!>Z{aB))*^Zb({`M<+8d>g z=&-d^6(+$aLmR9B(eLQ=7-X}tuZ{Y35nHyc!QOP@PDL^G5h8PaM(J5yi4bfFtE^8{ z>%Z%6g_=XZMRYoihlx0RcQ2-og38+&S(FZ=DzA5K|zm9b^#G5Mo>Uy@`gzO zJ2zqSdsHtn#`G;H7(+42tGv%0hdHr*kE=|*pcv66t${EgouMp-eb%TpKgJ&4UheQ z0j>t!nohsRN?xG4Z2uzD*<|=^==d%3<#+JYX;thdm1^nIf=4KlT`iD4uo8S9-~J+_ z2y)T-cJ4Xrx!3w+j1g}KpU4hIH3n;Cs?>O6>32MttDYr!*sV``u7FR+bB;<}hf2#% zN{;yVFM&H|^|Uf~h3!9PViBSn2f`P|JvW$zmu)yZULMdTuY%0&dv*0iHAcUwHE?MM zpSchHS0`i&h!5K|3A}8WUl)f4^VckaYQbb-;v5uZj~%<>>N$#Fm#-LT^t~@tpqTQl z1@^vbw#-<#`I^HkTz71;%@=8LkN7LiSHG4e%12XndipsmJvRY+LXa&P??N1m$|S5W zQ`30G$5GynswG#h5hd+~!oQ;#5d}z*HX_5yLRjH7mgC0WnFu~~KG|cr zXmHZu_0Y$1!QZhH``aEdL!XvA=upi|I0nN?b|G`)fR~L(cJ4 zKb$58lD!}9f(e8{gI&upBs^v6*0^^EJ#r$Tq-M%8j+l|YyP3%|MKB6%kLrSkT&0gO$%aN8!Loj zo7{sPi_6tiNm&bciXR(&UsCDk%UV`RCxKq(Jnn9|AAAU5A#EQv2K6vJ`B}r$4qQef zF>LrkyNzI$jJJ7|=M3HI=RIptiWBjddC4*VTmeKa*axos*w^V)KBis1&WioEGD|IO zv+9ojQBCpv#wzAjf022$4`Ij_|7(+1ltXd=gZ=Hc@11*{3aga?i3sC=pvu;{Aslz* zhbRse%isQEfw)7UbjuYOn@;-{n$&4LEVo^i*+1B{p;1zCYzQa+L4KnFpsP4g-PW~thtwjWFJMO< z`z_%Sf6oP#fBjHURWQ>0A#XPU;>yv(ZOQaS8{;w~-LV{LoC%E>KRhKGYh9}Y zX#>Cyw?enU&*Te^uCZ8v!JXdxL1}){??Ja>2Wb=PwG^xfL$!xMc3>Tn_$an6jO9$z zO~!P0b$t7v(jR0Q^vgI7G+%S1{V^9}YhMB#KYcX#vCCq_m-Ofm0rj`q1&ahilb7*r zfL&l$`2l2{$?o#7xHRX5$)t9YrFEt^NQu_HNo&tv{q*hReM-v+IX}6HoPHc^5&TH4 zNdKdqI{X{!!uFi_p~)^R_SM}a*0T~)-`;!j=mJ|>{z6vG0bt#)l!XeXQ}^e{`5XO@ zy|}@_^A~0O^_7FqxgQ;&j}1`)by5C9n$XnX{}L78w5PZO9t6bbGmNI_`S-l$7Q+Bc zcglcuwASXo2b8*C^a9iAhg+|n{MO(pGOUhx6_lyTI#;PH0i@^lkMXTi+?EaRbUQgcMFgY5_Of72;yojZ~>lT)KPGJ2E z?pfc`$%u!1lu17xv;|`RI4?2Z=NRLhhd&QPmI-iq?B$TR5p7|K&{`>-KY)bkU2plB z#U3HgL>?O{C_Hzb|8q*i;6p) zaL9ZZX1B)7H~olOUt;r@t{8z5FJ6UD=%92-rI&K*Uhvwd&wo2R)7Y5cNef{)bGkS7@l6ye|O*La||T971dlI z{#_QpK3q@mz&K7BH%f{Uj@0QTB|@g8mn3r`?n1bXWA*vL&ZWBv{GeUEA=&iV zXQ2iv9!D9xowDCNM*r!b5zB z2Y_eF1ytrXxqw5FO`AD&vJF3#5I-0=P08UADc|j?Xj%e1GupSB=;2h}b^*+078|(e zweRD*iB-tlkCjSu=?)A{)qM={LMy}XKsH`XV9aayvpt7; zv~is-;{@!@C;dHK%xdJ`&|J-?eraHpn|p+^ce$~W(ero25>V*gJ<=C?2So*PYaZG=L@ zk&5W#!%lovG!6{Qd(Ex1jc zC$3i+vXb>OmzPTBf~NjW1-K?c(2Jv`X=3gRa;!=zyk@3AtK4cCX}pWu5q3duI#c3Q ztt|D4vImlXg3A8bo3drLi6TjQEuz+bScc}R_P3i9%!hJF%3i1E%dzWLAK!*w*l>CB zNk6pxalL;nm7Dwd;gXvt2!n1&8>8=nSb!md-Ivhr^%`UuM*egA3Z zmfzB+-qL}0{UVLDDT^Mi3~TK~;1gdSjsOmup@5fw!qw}I_g?ulXpYJg#+i2q=K{wc zU23!zU(lW8<$yBvA<1kXUjDenKk!o0@uCe$$4{_s3RiTHw212c2fT=JgIH7JzrznG!<}-P8p*>&s%iSotnMJjRK4pu%j(TytL)t1D}|cE zH6~rOXsdoO-%)kVIfPIe7Z*4RTBon2S|CV}^N`JII#`G$mUD7r5tJug;9>W8%_3SHfE&;DSRyXZA*@%?|^S`C^8K8M`0*?NHK3!S${{Db$4%;biPr0`Ds;uoENHTR%;esWnmwKk z4Ajgm?@r4~i>p8%7595;%E_INz@1Koi2G{{@wgrmfx@rPEkI(hvOH|X{1Z#M9wNB! zoD>;V%*iI17|WNPy|a+1WENmzEo{dw_BCt zJTy23@iYH)Uoz1mWIeHTKY|H~TYkfw@K^rtNVDUq1KUS8P+ejAKCSrUV+amrcvfW!iQqv!Y zZ)yXTvR+6v-A%W?THbmiDH&uU?4p!7>o=`&m^S(aYKyeh>4 zQff;80T~r6J?<5ijUXjfISB%R`~2ON^qY2%mS$}{KV46k8y>%;^)>re=+jWI=mLw% zM+}PP4e^T^?NQQlTpsL!q?6LQB3H@!?p?ZZQi_q9i+>Qgi|zS3zn_QpOANqaio5fb z-}bzRFrB;*ARD+E9Zh_l8k(XJ1)+ zaEs1)^v_BFsbms7C2#+Jv*NBK+tI_%fnfo1r46)k^NmwbT#VhKsih8wBLCZSBn4#td(j}&? zv8YGcpqv->zW@xdjo|EXD+R~ZUh5H*+U3}ul$$naU>(zBCyiKvDrQHHM2 z)-|z9WvgYcH+yc9Leuv=0@iirBpCc}8%QwWHe?63Agv(-#d4t=t{EP*@4cZkM3u{w z(Cx50pu9R9c#CVymBg+_r$>igBs4%CN)w`A zmel9x^O5YB{iH;e1!+ST9?th_)}X;HBaAk$l~BDP0vDrc%vsJIkHw<<@yFNRy{Hl{ zIk3p<1R1ku=Ep<=^xX>OA2{SXqe%#X$ymxd|DxkRz)LVmJTVyMbT=y!F5QZvA!#nF zu_LA?R7i8K1XWApPRsG1Y8?+@w;8s5a%Z@+&UX&alV}i7(`~DiD#X3k(z@0YE}qBh zO_gWlNbu2HouA<(-bnV|UK-*o;mNu99asM%vsnJ>YMQDxXugvdVcHoEn;y6~Ek_-&qTkUw) zm|kza3SazE>)u4>GjwwAIIRoJ(k{L~pWYL=y%NFTs?%0sKg>2sp1g@@Z?6v0r8B4D z*4aefSI$|__W3n0ImfbwpST)~UNOUW6SELU@8p-KgM zGNqdPJr4zejJ=QpZdIppby{3>bU0w#G{f9s?T=;Jh<~;n?+uD>BrknR_p;m= z05k)$u;duH+1#|T`83SSx_><@_+N#)_9+<^{eXwss2(S{Pjnt|xV16zEWu2K zY~wXR=t@i-_2;war|d&+@Lt>4%z?KytMs0inbV)2bM2ua<1mWkGc6pGZ{X+uxaEen zR=v~dM;&4JO?8J%P}1)#I6z~f{HFvQ<=#k4W#C|`>c3h*0f=jXQ_$hD+y%*=&Gvv_ zqwdi!GG1hF6X9x5!g?1sbWP;SN1Hms&OTI_s)2*4#p-E_5sntL@HGNUA9~;4)g}!1 zIM4}1DgL`&f)r`~+jUFrzUX?b1hf=ySAhQ*d_8Li5Ufm?eCuiTki?JOJF=SCT94a; zuw+z;Zb>4@%m7Cm7hCySR^m8X4sKh$XRso=I9wm9lwJ1#-{2h&iaw1UFMqsRX>kI1rN}B!)@Z4v3yiS=sZND`PNh*pOIa$;c-%gk zrG&%L2d}%6^Fov+>btXakK<%bG-6XVZR#uH(o@T;gpNRgoKY%FZ%sD1CmA()SC)>< zc`=7cA0QEa7MtftlMYPF|H{BUdrkD*qN4)_CGK_@?w>1>pf2_}B27c3)@+dpd07^T zvN?5D-RkSvv{B{mA86$|VQthGQQS%j;xHZR&sph3>v&9H3Svt=`wiEK6jKI4 z$F!i6rwu?s38+Oy}it)Pm3)$@D9Usz0>1NdNycl$kgtGI1HUHaS? zkcJh*p&(jN&pvyDFovnN3=p1_xhIxb$c|Pp8>4jDoRb!aZu1!k!DA`DZd}J^ ztj3{_p8BnTQkaMASoAeW(zmXe3(^(_j~?}~lRG7@j*lp`mp{1NqO|F6McDsKjIa*! zL5-8XpVi+)n@IcWDTlu(4t=OLR3FA8(+5*%+}0>ss6rEpU$s@OQJzP%^j0 z&(TZxAH_KpZ?1dq|LRTZ{?Rl&{tRY@7XE>JgrA%_$?hh%u2?n?oZ!GGetd`N0(jfv zHt&9>!koD%|Bo2et&#jmPf5F#iF~CH3Ciu@0hzo28`G0qa%=|s`P{B->WUeP4{b^uVPoY(I)qISm z{R;X`HG^yH$2|J)sJFP1H;?u=mWr#0ZIlw!r0%>0bO$9g{@e*?fP5v;>`A53yKrq} z&rSGKX=JFdrJr3hswv8h4A~4L;#EnP-ob2eu%?~B?qVKyli$88t02g>r943sDeE!} z%Wfk?dFm2nc}ArMTC8Fr=!Sq(eAYq8C6_gO+>BTX0vlZF1S>8cSv<;9OHFacTlP7T zi6zv0(Pvm+V2CDBqVbWYr~N52!^J~gR(`*c?dQr&^M}X`n+m!KBE9vg`g{uau+);Mdcy&LUagd zz=QSG@IJMMdL321lqOy~3BI6OQ9x+_+M5ur=O+g*M$y(qY_kt!FKao6g}A&DYYeYx zbsBdqd-X(ag<^3Ph@vgzb3Eh64f0~bysalOs$6aSleZNg(F<5pd)%US7=C9Co?`mo zO_<`pB$?pZ9iNRv2O#8f`-SdK1f^MFk*aJhoy)RcnMhn6wqz1Wxz#cP zd$kwQXrg4yBqxJ@ID_*nH->B^HA#-VU>G`wyVAN;EA^Vz_|F-;A+G)@mo=LPI5N7> zjvqUHdcms?iBbv6_Jy0gK3j`4fp{Sqtc)F!&{Xtpv79B0hp?jV7V`?B7h$~=vIUNm zUj+t5)J5DOgADc2y};iiSJbexxnia_ebR8BYqYYD6t)^_R2`^O&&+2_sfNjX$jXVa zbNcgrzhLI?8beB8)9al3EwE^(6&`W<1cYCuzTJ3AYN}^z)kBN^F?-{M8gB7T`9Vjs zV0OFXe^v|_WS;(oqMW&N*ba(HrjcN?8@zASdnexf!nMo@JDYD6^9vf9W-gOr^YelH zJ~opzzqc-4xLTk0YIGqUBf96pdvW!ikz(7~eJV#rS=FxXXGfiWhz(TH{>Mlb&>$xT z?-Lr*8<-2=j&43Z+@2}bd8?g=wjRASLU6mqc|w5OtmWjrSYT9Qlh$@O2WgF9Q+)3G z_{Tk+u`d><9imRv1@1f(+>ua}i0Qz2r6*_xy;* zM=RQWA`w$T0vnFL=s@(IKo8RRm@ zOZ)MRORrDV3ig)j=$*BEF;PvRcE6V!t4Fwdiz0N#AMw-M#E5 zThTP6OR%;%UwN~&S8ewIn>J;HRep{jf}{}) zpiB)JY5bz_jIjU$rZ~&$Ol8N)7=#_L_l3RIL|84sYN67q5SJT`%x>QOI+e)Chnspv zH+f|X_b=IE%SEPFs#0yo2R}4M0iNM#1bu|Tkdz2Sm9E8-@zV$V0{VOfm}u>IiOFkP zlnuO{i<(odS_gOz5PZ~KoA}Tn-mzPhVwYrgNyoD*?1JjM3x@RhHZ>|Aph44@&Sk)t zclw~Q3Ag+FXp<8k7LM{#G<`+bmgr32b)%ZkeS0HV?iOcF!W2Uc?qggi_KPh}cRW{?|C$8v@KbzL z3 z&$eF*joY~O#A+ccMCp!qU5CZyIu)wv+H6(Y+y&A#4yVOvB@_GVw6LJPaIc6xd?4oB z*Y=v@{Mwq^m|^d@tinWN@9&WD>CulVcmJHj@GbH16MIZcE%}e6|Ag>ncd`sd(l7Js z@F@I(l1o54S`of4NA&NY&U}R|sS|XN$WGun+XFk~V)SWAq~Q4W|1+pFZIfeRA+fc> z{*^?k=U4EsO_eZkf1Iihd>eg5*#757p|4jFB00zv4vTa`7+^06N+!Gj%^q8O?qVb^ zAm`He!|$*}1scQv{Boh&eEtF~z86NUH%RId1drui* zq(G6D3!}(`3n5}_S&wJ5VE_Fo;uxAcn=A%#-x|zHyI$apawRV!rKKo)H%U#7Fb|=A zM1BRihX=IQ*Q#!H$kaYSBsEhUNt@$Qke-%!321Y95@6pTjP@3iDysS6+Kun?gC3iR zET#fEJGBlAHJbMN>ez-2QN3y3f`~49qmFleTk*!MSy`en%80EHjyQpjn~WhG#H25U z19eI~W_jm-%>orDzf0eZ%%;cQgX$tr#5j+1^2;R#OM$JcfD&;1v6SS8=J#Ul z=~Q+z43R5Dm&oqNS`z*hA@bmULNVHWyt~TlQVBS*kxRW?h?6wq`j^7;Fe{mG6Zdfj z{@c=Q0l0I9(#9e0B~XKNr}MYC*7rA9mg==G9&FV(xKVo=s@7m(?fI4I1pr^%NIi7n z6{{%4*Zf9UNGBjvvY{r`Rd)+5NqH^i*mu`VUSW2W5f@)s?NYc)mnJG zdr1YH(>(zZ6^4jU1ak7Dsv+U41&^rT@m>) ze1%7xoAi9eUm!=vf!XOXGzDTFEL1J*|h%znOKn{eB{Jfv)}(Z&)oY6$uz zJhlqq(7>aO!1K>BCF91$70_y8UqRiif>zUdj{K)hL8Bn8hl00$SWSkE9K(3vIXW>7)7K$pRV&nF zTE@fY&yCUReR-|^p$Fsb)1L-GJgIVmAn|*x$WF_A%s$dLN~K`f8m+sNk1HTWH- zJj|g7C90sHthRoqseen2S@HmJ2!c}N1||Lk)_d(ymHpkjjOu&#GeeO47$8m!dNMUs_m|5~9VzH};t}OtsV*tOgn83w zC|`NMF^=9G8lVpACHFaC=SIlX5O=E5_Jsb1^yx=MI4tEg! z{T*GsR$Yp$9s8(;It)NLn&E^lJvtyyd#?JJYU`mwkbJQMPZ9}*a!Y5ROH)5h61n<& zdpcko8jvzcs3Z1FhybgF!}$lOU1IF^E2mF(Fj=;?7kZ{c@?|Avme*nC)tFxQO)la?bw}*WXtQ zM2ohvwg>?++_H8v)FL_*=og0Q=-l`gf?=8%()FIb=SS0G>cV;utsm*83*9EG8=CwyXVy`W0-U}f zA+5fEe3IKdOnx7(f6UrBAMNwV-_R=ql0OcqMN8hKpgtbSUuFxv}l z5nMM2x?^4wpu|0Wp1cKa{kspY~nZA4Cea!h%@Fyr@9lgYU z&M4-K^D_U)vvaxIa^7ob@>aJ$$4AwS8$ma$vDH6l+*m7(bp4@K_RT!-FA%}e3{08G z=cWbf6gn!)-$@_hPEEkfy(TEJRiEHkR)L84DbDei@JmJPE@O2XQJqo}_yg2@|-^oiS0ZjEt+wMlCWIR z?tI=9)vgx8QYw(jZ>(8;YcsrH=J4LCbWu*5KVQd%ms%xo_-_}UW&Cr$;bJ@^U(E2| z<6b8NVP?=b+x1?N`!)ZhibBRyPvBx^9k{JQFuTkXAlxgSE$G+2cAng){J zXlo03$IE_lnsIL+gCxPgN6* zpWHv4XAH(;sx8!7f#meUdg{DD`q5FOKmW^$$vzN(X($8?;qbbQHcg+u-rwKuouq*KWG%Oao3+ENZ3xJw_<6R zvb5`b9+hGM{s#*mwW&K(`BGYOu`RdZpf5t;uso!TegL|69lJmctPbGB@+N-H!WR`9 zK}TK1BW~Zz!Nwylf_quZ$R%9==7pyFnCrM9WV6yv;AzHvqg5Qupa8@9MKg(C^gpzA z&m}&$vJ-`>e6*bvILrIMWo*nyZ zvsTtV2Y~1nL{yB#{<=GPQtC7xtT?gJ-UL+zcloYh_y>)ACFhIV2vjmEkcVzDxoD@@M<=ae zq~0HN)4h1MY;8c@`AKrjHLQ`)YErV@wxP{6p{Yl^6YC3YxQWwIfQv83i^$Bh|6_x7 zduo&j7nEIh5m7d8VlsvnEFEGlxc@BwyNsj10_x6RWIy?jIY-i0J*Pjw4^L4gVzS+f zr4w54;}yX5y1BR10e>-B9CS&nk6Ww|+6P z)>eA6wz|!B3rtq;K6^$H(jN@yRdFt@;ksO6|HBx8N409W)~FEhAt)eEXi@uUjxZc} zK@&)rElffEy&(!w!hz)*f^oB*XSF~mZlcf}KX#XA;^aVGRO}9}b{bZqGWg)zU!bC$P-!V-`c|8(ZtWJ$7#8b@J{Ks3|ThA74`&&wmoltRf~d9O#I~LCga{4_68>ql{?hk`OYQzfPCp8z0er` z!}NOwH_>*$9XDwFZSYd@+?K$L$EF#`QXScWCh+&&2BWAp5G-wI99lH`#yiVs;XZ<% zq6o63zOZv2;C*XOLaeBa^+r3BBwOv#zocg@n*7Z|jNmSHi)i`@3E{>-G#%t%><>n) zPH-_r9Liq?P;%qyDK8r(%+x>WS*;9J|(}Q=Ts`< zWj%)-I~e;IHy>`q7DQKBcG0xP{+n z#H2>3Qi(9|$LN(t?qBapUJ1{J=~xN4Ty-`g7a6Kvsio60^nq>B9}Eixf3%(zE(2LX z84SIO5uBfZ^|@VM7p+#q&f=gYp+Rq^-(TkRg3tPe4GID zFn%znc_D(?$K9jC|AVtpA@W;anUCrdG2sh6-N(?GQ5^x4mMAizdb|J?lXp)eapl(n{aGYB)cfs!kx6xt;X zS-&HOS5mrJGG4mzXXMnT!AaJPfxQy<@PK>^pG5Il%{)t2lT>kZm*-*Vtv_Hdm$<`- zUj9elu!J%{(0dx$D)jtf!b+bVBIO0`2IuWt;IQ$c;5zC{#m1>6=sX3gylf)XEnmCc zKx{3zhgQ#Wm;7ECzc}&@=%1x$f(|QGULrv;4IE#eY8B?BV2HA*Qr;qdG~j?Mu!Gww zk@_JBz}yH45-n|(vHrVX@>Gq$OHTXMH(FbV{H8d!{KKx>k!f-MxxZt*USzgdk}`;@ zG-n={F73>$`iXHxb%6@W80cKdqgYsUDpw`Nnihe7`^BLx!CW6ZV3o1e4;*o6CdQ%n zH(txNx3QO*Iv*zFFR%U^s9T=BWRv&oo6&7Hl-WKxuz;kYOul@b9!?nu4v-_e1!t9y%y%ei#J{g5&a_i z5DKOj3QB6#DYzh;-(#?L10$XO`~(RtJu*}g=38ZHwXaGa!QUz*#6L|-&lPvr5&KZJECS2XB79a_m%dM+83g}KY z9fc1Od5nPaL!w12I!djV`2aEW392q%w1UT7j-?9{w1S$|5T+~ZQaQ{7bJt=Uz&MIm zbHOvmx%;}m%zXrC1Cof9^bf!~Q8yp2x~IH&>Gd91sw&cFQZV==KV4#GD<`gLooB5bBS>VImWzQ}HC5Pv2v0d?=Yf))F)z&!>4J{579VYL7Crc4GdIYP?0 z{&#}snarZDpjXV9xNA!I#g!Sr&^m7ige%N_NlbE!~sn@OT_+vt;k_hw=qHf>UVG)f^3R2^(G<*VTUinuy8*k!exB+XsduKkwPF@>n7) z;H4P><>oc>3`2Jz4-b9yoL)eXR6vE0wdl$%xE<;|0$y@emAIP^cPIc~Bn$9TKnE-W z4(~8)&=!0JRJd3>U6kz>+q_a2%O?~`De-j=Ec(tzA0D24bOZ)y#W6IjsGP`CyRuga zlItqq&eq+r$ngGvLo6Jq@z!s;7Qn`1KRoOh;;5_$PWK4U+Y*d|^ z0*0i;h+m*Q%luUARAu}y(Yv=LR&8qhj^6~`7-!S~+oo<6iJEwe3hdJrmi$GZ%zGdD z9s&rI1 z(JA{+Kt@T`xK;P4HDZ<0T4LKOq{(YtP8t&6eJnoPt(Sq9CV7I($GX(EO+;g@4=q?q z`+5K&%@M5QZjsbvOlZd@_T3U?#EG>g#UhYFbWuUNgoIISS217K{ey)_jnY zY>W^YqVJ9SI@*;m?czaNhmhU~f&f*Np;Fm!2>ZX?EK*ap}2 zD;*zMP)c_!(S9w8$=DiHvj$(ua+Su)%r7TA9m3&Km)_J_8cH;$cnOpEh3(Nz-$u@? zc3WFU?eX+hB@rasQAu8n-be~#U#l=*JMNiTlrzG^o3_|^8!#aJbWh+^FZ})`mMl)# zm@YQS-#%d(_}ZTDz0z6mrvG?mR^88x^b3uZ{iUP*cf};5Gid?4qNq3wNm$5dl0L2x zh0cbbJCVrnT>Y8b+Ny$OyRC{eG@;z?A8Wcv|KK!W*l|S2@C`(a>;OYM+p#+z-w=7% z+fMPB1iq-4zf^z4dQWgeCeI~jwzn6$+>#bzbpoV$626}Scb=IMy%B{}6O86Phk6m- zp4N+)c$#^urTF=JJw|JY@x9CH zOcMz+NxbxO^oMlp&zPE+gZ6`=UTz&<9hQL)xnqm3XZ_AyYNqd3VY zqrE8n3)hLjDU~`;);~@pXfksms`Oafj>trW;r4d*Ah)BX*VUNV{Zmtn;df>hi5=J_ zCh)vhu0vNa&{Px4>rSvaA>Mwi06{s$x;e5F=uUQmg?qZWCZfF8%=^?pr5apNqrzr=G75m0 zgp-|+_r5C+*$H{D6HxS4?5YB>>97+}n9V!Z%)ww2(fJhhRipd6psU&hj3kZ@g zPHcR_>_B3h2Q73If2ltH`FR8<^_zsD4bV1Hxc!c7ot10QBZ}kYP)uBzs(8{NeHX>6 zc1-zPdw(b|4m1oj?A&W-0Qi2|X`gU&l7MXiEbI&*omwR|xmOys4dZYN(EpQa;f-dU zjzr&hv2~M41Dxt5KfkG*oQbC5soGfN0n2zQS`2Dl>_#^)aT6)y`87SR8q3Ao3WzfT z0p)ClxFZlm%~h?wTHvF8t$^?HICshEsiDA+P0e>^xR)hqHTA&e!5IEqDx_KpD<^n5 zx;)xU-B&J$-RVxsBtNbBOgj!_(yj_?Rs>|s<%GM01Xyo?@x3s0kBQTMa-!3*jtoEO z&GnXhdGDF&^1{!XHF%4ZO^m9PhQGKBb1;2f>sPNO=qFiqEt!E>wj$ZT-3(N`#tU!V z)?Y^^#<;IfwAB+5Z|gz>R9AF1%+`@)i}Z$D(Ri3FS?eYNt3O(vY6=?8q#}R?;<2UF zj{vNY7(S?ua5(2LK>fJFg@kxoukv2ZYsnv`?RX-TRD3<{*mva!_tKsiKs`$SH0bVx z6C6K0tHE%GnycKtd+v2jWZKmyZ&|=0JBPaY6pdF^kWCuBJ{U!&*F{9*d2a4B{)(?- z1n;44qG}&ryw%~#j*P=F*D*sFFCh}z2yb$?#@F*uvv(h`r|q1}ZoX_0ZFnZq#rJy% zapyTR(oZ9xkCEe^{qBRy#}qS11ICbg*?Q5f|D5y+cX3+$FQq%a=7Pe@=dYcY>Z8|B zIT1TA&ix)4edu$vsM*!f@b5AI(4l!9vIO~I0?ilm7f&^)YE6@dzl)p<#yqtZPBr+j zqi!Gs%hgIuMwm5kjp-FRT{-D6%d>Bbn2$U0PZEPUe}3 zr!gbsk1$yEmf(Qk4}(=@;jgym}WeUH844A72nIU9#{N!Wc7tqI@CFUwwQvv+vGQ`z&~1 zsm0(}y6^wKm2R2{;W%vT&)lVzds+Fria7ekSBNGlJeB}7zKD-Zr(c6EP+1n8U8|2)qN2EE2;n734Z#Ue9gIMV=pwutX zz6kZbx;(t)pmd0(2tBHt*8- zf}!@|J9VKF;UYQxL$Mgjprk??{|8`Ath_~>FFv-GusArk0`RC3kTB@q_?R_}d*`3< z1xDnyz5cX=3{IjB-D?+rJWlSXeK7D|36{inyuVlNP9KV18zHl}f@PHQ28x@xeDfs4 z2t|DYgJZ;*Es(bogDhoPdA~1t?+}d@f53jG@%r?;0YIiQ*|&PNkv35q7dTFZ+biRx z06LT!i=Hla0`i3&#*819TvYIBYy>UWeSCpWW#nMBd6El1%%APlz#$C%i@}u1{08_G z7{5Gz0udl7FSWd39mB_va?;6ao4CbIoR97jxw8JnZIrWGRZFKL3zow!Xw(Aq`tBWk z<);TfKlph+vE04D>!k>annCehGGHTdEbn!E`4X}g$xhx;(pN?^O5_FokASWf6Cw~fY$#$)5*|$``~3&of4l&kvjyS6!X`U;Di)p4d&mQYPu?TNn5^0Pe|?Xk zh;*lX#D)M+IGe&3`5U?#4zb-1Ho5QxuE9SdpQhg}LK4`E!GuyL*-S(iQ@*po6H$Pl zJ*;0`$xF2H@D>S9p6Nb!i}Jrd5ygo}NaZSCxuO+f*3djpXZCMZ4!BV*3LM#fQRaAB@f`l50B%2v*wLmppZ78Q+Q zaw=T=hH&J2SNyN9Q<0bhG5g>nk*vI=23uTLtvucMJ7Kw)xNDC$V$Pow`}e(GbT+r` zg6}9w5XL}o`oFrusRc)Oun?~G_|1dX$oZ4+FDV8=QLcyy(!oRFgZb}gM4s#U`Vf*f zGgQ1-)L@uAlJ{!F)E-_}!#{7+f)P6mK4awjLY`>&3#T^%jN<;~Ubgh6r~+{FHU#;I zYw|VL{xwKUvHj!(qPUDDs5b;BkhIfh(WwGOIQR<`lWxI_Lh=1`0u@xrK17TK)c-m$ zu{XxQ@`u;m{`c7?8Iey_vEc9De%(&}0nhz!@9K!||JA#)YW@G^T^%a;4PtStR(LEH zKM798LR4X?ZR|n6fug_M*%^P zfvPIrC|4;bBUWG8(})E58UGFP8|cZp;K78oK0ICNvV$*8g^L^FdQs88W_QVTHQzu1 zqliM`;$r>RALzcO=0w^AX58>JX6f6Hd2@`^Z%4lxF6avlM#G`2o~Z}UkbM-KrY8?( z!WNY$v}*mvHERHWZ>2wZvbH)u%>nquZzF?uoz{nI&apj$2croIvH$B2#UVD-tx3!9 zYdGo=N|C{+6lMG}TV@j6a4@&0<|2nzMo5Rtep`u8UiPYQcE2+66f9T_tl`2GD*;9e zJn$Q9DNs3Q65S6^tP1Ha0N zFzOR+&h14?H@^S*-jFvO&Vrq^eWW@h9&E&GOGqdpZTngCeT$-^`t24){SEl=LtHWF zKJL`%wzjA98glS@(PI>e>li|+sfmkE149+1&}(3~R&tsyFt-Hy9J6sqY#=f?i+rP0 z1v47C@Oh$mPTul;!;YlPe|^KaA>Jy;ml}1^{%H}e8oY0!u~P;OF7PSOF|kI|z^iDF zP%O~l#aW-S^k0vFP@eo!{HE2W10%3hFy3AoHmY_QFp8n(yE;C9DGyTjR3Mgb{LNF3 zMHAo~o~e8>GcybK;bjmh6dNP+ewe`Mlr6Rgz5+-9iaxhR5zy$Cfk5B+TD>%bynpyU zB-T7H2*W2e;sf)_7s@`OP(^rv2elNPeyPb>cznFnBYC>$8vt(O01!B0MCT@ z=Z=!AG82vs^XZ~DjK~!Z%faxx4zb{RE<3$A3rrW|$)M(I5awn8puR=Rr(6pJ?F2w0 zPE14hJ;6?R^jY&JLm+~dXB;B_ZH$sDq>CfJY~l4G<_RX$hmwbNX)?HD4f$Dy{&8Jb zO`JMh>FaGu^J{m3$W;V<m+ zEV*-8hQOr!vRTU;VCmz5XsH{>lMt0VlEBArRP+RVgswgRrThT4v0n~LiA19R$wGCF zJ=to`2QdZz%eto|4pBciX3uqf=r+TO#m3#CFlUg*N{FlEu$fPY%@uS38eip%I{!wcdd7HYCb8O8FV*K`JPW z{T3N{cv-iu3mD?J&)WH?|4abEl@5uuTRh`2g$IUABDyP#fZR>BoEYC5Y$8uXSZ}>V zRF`;|{)6%lHe+>nR1{}oPOMm*{WH^;AMJq7ey%si0OTS+oRk9_kYG+3uWZDM%f^gc z?sp=f8C(>FEL6LMsp~CrR@m*cARRTg4^5K|Jd}d(br#6=>u6xywI#&9Rz{y&<#i() zfP@P=A&b1|>U(!IzZK~#Ba^YF0-K@^=Y-Z!Z>;I%n>oFM;ZuwEUt8bb{Qb3e04Oc1 z^s53W&S@Zg7qJHJwum5(uD@H8-utd!6zTBB4Lsgcss@9%4(~C@i4l+^_v;r4gpB}R z_b$=lB!2?HoCA->7WG2L{pS-Tue0L-6(y?g3G_uHFiTW=h3a*jsv%q-UJ0lnz3`eE zIl0gi6jAOuEUUpxiKoQZIvkptr#HOPu_nc*u_6@6bMWE8V zv#gkaF^{o%tux2gEE3VPwKA@S8SiIJS#LSo1+SqXUlZ59$kDX8LV$v5Mj-WRE12a% z)nzhc$NC>JV5^UKlK6r%&coonIG@#-IYc|#ye8&EfSE@zC?y1X=Dlvm*bn&>5H zYr0kq<`FLN%9!d-NGJ3=Ru3+C@Ox~`@>SpXK)VGykJo={uTM*;q^PKfelKWiV9=Ls zz(Erc4aWOm46ew-Kn)}pEX6!wS!0cUUXNWI5)KeBpIbMpfaXC;F<6{kE9ELQ22xLg zFH9?LwRC`6U@=JVf8HUtRFvNDmE@s32hw6TcCikwc70?=K1MBb+#p8ox$EqxU-F~v zN*_=5=f7RF4HPJAH}Ben{*OU$*)A#Axm}cHM}z+`u6Yb4oXUwDs9y?EcuLy3kZx3B z(U@_ODWqz1^HYb02!(^+GX%#ewW<*f!@fW+{<@1)WDj7Ts;4pvgoFy}WE`2dw-qs+Uz4wF=+gf4F-U|}ViiFm%k z++y({zlo!y${fiB8RYh)F!a>hOUp(ZXC15q|5{W`?|ETMlCa^LRzZ0sA zgo~nBop~@J!KZ0#dBR2}K<_Ee_dAk?l%@#`Jyj z%7==+(9e%7F)Z|qQ&Q}UP=H$vI$veJk+Sux_^}H3WX#`-mSAUI0541H?v1TM%T2VJ z*sV9}N$ikSH7Z3bbE8{kIqcYrxRk~BAmi0AK^B}y@Wg+@QS((P58OaZ zr~F@CZ<$9zH?K%vklC|L(eAx9eZVU}+W6`IYE9C{NnumYftEM-uW7v0S^aOtB$PtV z@WJlTO+_~M^SC1)xciXiM~osGWnhkqc_eu9O9=U~lO%FU+V34GhbnQLy;`RSa7mYg zkdyN9dnOx}=#Zgjhj4cEk4EO?mbImDzP?wZkr31U0uKEAWNsaYA8kC^b5k%?GnXkD z4V41xK(aC?e-kkN6*utK$(EJAee?Kd{vHx?Z44!o6w?;4lPPldch{*@>}LrRSvTi{ zQqSe?pB5!cW!+hw{G?$t*JDP#;r1SamT9fC4BQ0s*GEbRih~T0WYOaDfYa0B84tm}7}a#i4(4of96aYS+es1Mwpvx~ z7el>M3N-m*FsfWAn>qbXPjp*NTOO<@kpsB(04hoiY9nThz0w)aQJ5CIn7O^RwDIGE z0IK{tj4q8}lAP(G1+^L9a?R~Y$Gm(}*>}j#&)>axG=z73@CB>-*`5Ak!}BJ=?v{`( zz2OHEB7OSi>w2Lu1xvQExWh2REGCMrEX@rv>eOteWBeIBLDiVqaPjv&K&rhmgC}g! z94Pm6xWa}f-o-ul&(u-J?x`?F;Sti?A$JlIPAQfb-TJjL@m`rzLr17xuih{%Q1mo$I7#|Vq~W!;Dat%+R0zt z`AJdsQPypika2Xk2`GmpJClEcTi!^oW&hT5e$3_qx+FWkSNQ}H%NhRI9eC7>M zNck_n$jY#nHfOV}53wHvt9$mK^gHOAfxo|8Bv#>Y*?x;dUNoP*sBNpDJENi68sa)xZTQ-!juNEXd7V1?}=jtXJ{V0Zs%m+u8;p*ZLS4T}_i^G&Qu?XJQ zY={eJ2W`N>K_SW-G8X8J32Zfru7!5)Y>%dt@#pm_`dhwnFQ&1}rapHytGtAJX#*)= zAvg^5Jo-ja@D19jC|WDi5HcPx8ZKzEvh2s&8YP!cQw2c!Gvt~LkN|>ozpf1sG=BTYbu!buFDGt z9b+fF!)zZ`2;;<3f`i)41mXp80i3o3awghktt{eGe172ULmg4kLuZw}Dp>&vpQIAK zT-l57r0z3I$8-*xcK+@WE8`0UV`yKey_gX!8^^0o{XkaTpWmL6T|3_T_4Sd_YOm@I zw1~~&sbQpK@x_>mG;y^gOjnK{EaAEc79-WOiY)eY<-3~~54F&z{s$;=(zwh0ZQLcJ zjD+oxo5WsEQ!V%8CgEM+@Hr{)P=x=vNwh-27aS6jUpwi}R=6}DnVdD7)*hNYaK*h< zb9Y{sA103`u1>Shye861p6uH*s(0>&Z9LQHi|FGbyrE}D#x262`3fEXn9bKW39)qD*Z@UEO-fa2+Pej_cf_Rhs?Lr-K$j2%!5pLvE98y3DTdl;msfjc0{ zVeX;RMBC2Bmls!;!5(p$B(zi#XOAvi(8-K73ixy!lQ20?R1$b(#c$+BZ=`_9unjZt z1j>zdVwa5{_t>AcHuBQT7Cytu%Z$Y7pzQvY%iDWnH~~Ex>b{tOmzfs#YQFbiC`<)f z>vKrlM^MR+3uV7#fJSqx*j47nsewxktKeW@2)sNG&1rh>nJ~Xr72c>Wr~wE0HwnsW zuzVB(_T8_HZ^dw{LK?!IP`p#wO?iWog4ypPQ!;c(_Y{+vyYe;7=;xS|)dlz2&=xwn957FP{lyENPwSVSZWB+0o0M zk-~GS80Odp4^4yd#2s9aiFa|^J@S-R$!rD*@Z1>jIYm4HtO(_!eTWCInt3bKe6@d7 z%lF!`d7ma;#y6T^gF%soPRwS>mCU>q9Qri?Q zaPIwGk(Uv$j3J8LODhzbhi_8yaP>`tKOdJh1vW-AQ`Se6;;ytlba&!>KlLMg zF2Q|n<|&Gk=79EIF>uNf*Fu7w4D zWHC8Jc)(Ap()f+}iN&IIvj|JFp^N$4oiZGass&ec9TWLaUsU=TMQzJfmB8C68eD+O zXvlBqC$?MZ%|?_!L+ST?7c9(*;N<#J4VIXSvR)7PA4IR=T8s6eStWQcHUI95_1EBk zgU+bfgDj^E5{ACT!&1uh1rTz)Sy_xC>D^Jj_6GFKzFPbBQk|v(?cWYmpl_!Jb-5#$a0QkF@~I8AI8{ zCsH8USFc&5>j8uTTqSvTyJ_$jJ+bvhhWMl}uX31EbQ3-C0UU%skJ=ATiC?mmfP`(| z`Q?HD%N_JzQ0h8W%9J5o_bz8cPqk3Co9ybP1+?I)w?g4meb@?V*c!!Yl#4-YKHwKy zv0_>4{CI!k!)TK>rzMo9KZ5l3y(TQYJ-wj<4VPc+@i*Fs4yn^$gdD;swuCkR{(<8_v-vT`hQ?vYVWTOV67 zUE5r$y#1Vay8@c~%kfN-d23+*SPb2z8vlT4d$_cgRQgF5mNlZYzz$GVQuGPjl{CEh z0}{RgsQvGngp%sy0JnBvDt5e%Y!~6f*%cHAQjD}4r!1X3W{v5eVq}?H9PHo@}4+uSgt>_YLcK*ezg_NJDtu z2|8Z`nCQ-ET~I1!aCqnh+aS+(V+%6y1|Y0(H@Wi-dO2e*HjTvX^V$?gf0=phPg+@y zPQzylV(d$Gv;x~{+$dF-uPZ8Uw*hWrFLIMp)CC!8+C5R;a+sitarprJAg6v+`|aET zhVd9|S2Xshtk98zFImfE9eB9IqVT8P!N_9QQz!XIA8yAFZ}9K9Laq3%S|O&Z*s!o~ z_U)j$T&h?wBcJ-5-fO!`o3~TW2~cBwNzh+Kl2Od2U+2~kE6aAi(6fk`O2@p#^Z8QT zi&)VCY^!!_Z}NS7ru&~OosYu#x=+1d(}Lr&Vj78*hq%&P*Jj!+K5`_;<|*oWI_9Fe zSN{%v2lI)4p4R5xiXvRYE-*;c!o-DHzY=OYz#aHr|QvT zskm~0;*$FWK3eHzb)hS9QLV2!5ZWYc2{?cYTn@l-_zN4H7=Hb`0;}s*3X)QV$Xl;bp}EpUexd25c|uh0t~Gk zY_{~))-XMKqp;jFB;q!|aa{0Ke^GGc1tg7%I7~JLsI;qP>)Al|qa@I~&zx0nna+Y% zUjG%0>kG?+3-xkC7ht6CoAlYTN)dlXYR(UoQJkV;A4O`OkYqEtO4HkjTyCN0p1~uY zEetFNLNeo5;heW=L03~+M9$^rgs8-OQQA!HZ!y{Tw9?1#2tk@d3H(%6K*O1LHzxz> zW@x>Gpju zgxsk5_C<^Cg#ISEaYG`p5Tk2%IyKGdr5`-j2(*#Xev9@zw3+;so*TaqgKnZqWetzP zZpEC2qitLE5;s#2SQ<6?e_7~9lZMIm;3xC;(_rMWH5hNt_Aa&C@>(eGjhs*11>Wk7 zYOd+`_gR#~xw8(GwO<$()|BYy<2!GbgJ7o=@3eev>ytBwV61gz@Ho32h|z&sj{=_> z8@dSCDc`OJs;^N$@Uf%mJAPznHt62Q?-T7zdM2He14m>ogkq_ewCPpYibc;cN6v&3 zx$yI*R;JJ1BHQ#N!4vUWooHMDCB_=B8wBNv&30~|1su(^j-G+Qa|&>z)5x0eCqn%#UL+M4-m*j_FAcCU5lvh_tg!KHOOZjslZ z0=Rd#g6rSIcHOk#OR?ca@;s^5ic?PDzR>UN z?e)fUIp#XKa!!tj&9hdqa;uwB+ZkCPv62{}!IHUp2yr`AuEj9?Dabl%Az)1um8Sl{ z8Ym@@^zP5TKn8RC>x`Fsc#o)h@=wn6v^p(|lNH*IchX?a^tsHQ`IjRd!Nlb$qN-Mf zrm4*N1gsGBv~^nOX-B9cx}e7N)kFJ}2Tem8deUOfD1|D8De={Tn5@M8*Qi4z8dn+b z5vlFidGNV<>Tw9YE+qG25B!djuu@o>d1F%wu?eo40Ze}D>yPW0% zlQ8e)k7lZgGz`*bJ3IIc3ZimjPWSP5mU?E&9Vk}=jZlCdw+zA+`@}o*(5|`5%lPbu z0LRhvdt$OA9wa7x)76%!b(h>^1et8d_BwhxPsa+>__?k0G&HI^>3L-RP8jJR?S z=`Y_^)~-pR$`vIF6?OueyF*)Kyve#hx6n(o#U$fGUU+b!~-oW9LB# zlZLx78CY+f)R#zGa3`^2oIYh)s;u$$@@jo;Q^(E>p%PnEgws!)pQm%np~bU*w^?0) zeZhI`wp)>**_Z-kS3b><4C>~Kwn_WX$()aw@W0Ex=Un){E0L{{`}$lS9=)k;$es6H z-*-NOh9jnS?a!lg*YY;OO{qg&-b(4b$gpnt&eN*#dM}sQB1g)UFp>A~ik_T(dwhQ+ zuhHT{eAjlnUSCHY5!5Ea;YuR3MrpK8)?nH5wIBSHp0mTYWU%4EQ?b6I4`P<*?#_oP z4~9Nbt=y|9?#r~nr(Vf*XU$9}{xWwTrMnZbJ9V)j@DRMSlCh=w${A%pLKs9L03tD8 z>Fv%{P2mZPQ2shqbSBId0#kh-@ENKJbX{ca)dvn(-fL`u%}p8dY5BPurv72qa22n= zcg8_$jMCJWktn;fBgi9}K9zdS$;zx#L#F0VgO61yPYUh-Im#vqS1bq!N>UWosvru6 zK{nMXcfLM3>=1}bdc@9mQf@?nTgXXuUYqhn@&2vRZ-&*h=Fh`+Pgh@N9##y;X27?l z8v?ki9|UpTUtS~t-Af;QSPOr98r%fD5gb4g%zQ%7Z@@pr13ZlcdSpYAb2Pq@N{IMO zG$d@*ERL43k2+M_CI&t3(Nzgpe@Caj^;y?#>zQY#dBfcaXfmyU*4oeCpmpBtrE$NZ-{aqEByDw|q?z%WK zNd>6=EYXH6VWbl@`fM8#0&DEDNMCnUPtFsK;U;(nTFdh3-jsia12^!*opw2k%|^S% zOhQd{uT*(o2~qj=UJ0X}tq>G4^6Eycu|Kr;)SaHWo8f<)68m0TP8dvT zLqYvX(s@k9R)cIlfBX+eR&FfuFw_`J#{axhLA#dfj?u?~};p1|FKY$x!yC5sy6>3_S@ z39*TSPZr@RlvWZ^II;){z4^YeoGiiz=;9OjJ4)gIE<$a$xW;$o)w?kG?uRS0j5lT1 z@p1v~RGP+zZ=_^Adb43Af<1JABo{KaG@i?oLE)5Ej%p?%!c_PMxS?P>*BQ?%{o zHBhjZM4YBue+mIf$qtYn4t16c!%G0=)+1>_PU47e@erCJIS8&{7gPSRKI zygi%=q4Z>-btxfZ7r-Yqro^&28%CfdhN2yRCn!rtXM)LCE~tz{M)v(7b`<|lJ>{FF z$e`4skr75}ApI`}?R7D@(;?ByOO2a>+k_ zTyIo7U=oq>1M{J0^cQn?uj%vFaF0a0im!^iPDozS{KsoB=}d*M6JrrO)aaLxA?GLY zu6d(dz*jQV$>OUUE_KY5q}3(4fgYQiM7nJq6*iMk?#Ng+`Ii9ZMJ)^9=x>WLkU2ZR zBqHnldx~R*02({iN^4FDY(0g<92a1aT<~0a0x^#+?_OQm1*x;(D^Yf6BA-q8%(M8? z)qD7jYqGNPoFI3*_T+pB{RbDw#R%zUxim;U>wlR7k^P+l1;6fR3q(PYaQI#DX*)z# zsNcRLXyAN8k3if0GlE+oCn6@b<6-^r=}!@Nje9{2?iT8MO(3e9l*H_n$7(C*2u+AsWV@Yo`?mW|{MN}3M#L}fnVj5&b%bL>_ z4}=h~E?nc(&8wKX2p2EW0#;dX!n0}Ly)BnJZwW^Nqvp!dTHCp5(6uETfQ5}(EWwlH zga|$-J)@QWVh)OAX_5{AXHe1UZE0yF)!!j`+pXMWN$1((g&~9Fc|t#FZV_m3m>4 zR5%t4n1!5M>cCUmK0*4vN2Pp=wMg6zVT)7Bbn?f!+KD?N3gxAdkbIC+0^We`J4`Nd zTfC1t7Kft7@btk`v341e z;mkK{$y{0kU=`yyfK0kdph@^v-OK}vveRpOi5&8%>&w`mobo%`_jvO$g{PK#(z9aP z)!IcYT$&FPMo(tVy<=Da`IW&Y1UfpLQi)ST;5kvy{YdB&j2Qw*;J$$AA|LO~Hx<`m z#$(qAnc2wT_n|LeH$e-d%Ay`a)Ezyg_Xid)u1XISXxMb*!SwIh!8*S|56gLQy?#|V zL#p;9j{KN{`|}wzb7hNVKKb{@6`9xc&#W(bxq`bgw+FN@S;^wJ`r2)XUf51g}vU7D^{Jyq!7Z zxw#3Cr?&lR+`S#3s8?xW}CQi=e^rjNpErP&Cz56d4w@XZFKRSGn+eh4@AX+lr zJw)WR&1I+e1we-pD~6<@0h>Vl=F!TVLK}NPnKMeeS+PDw&^?QABffh}$9&rUbhAS% zU!Cn_EqY^4N?W08%6}P;{|%(!hLi(E5%>&D-=DIxT?B>^+dWfaLR{oH4M`Q)`3pP~ z|5H`$Ji`4^_24KN>!{4`yfGmKAn4op)qYt%2fOv{t6vs zCCsa!^y4$~oZ^6I07VeYsFWE)!`ru>HH4=HFf zsc|wh5SU#=hzghx$}KA#qSLm5X^#cxghUv8g0FY%g`p80EO{P!4O{;aQ3SdMl0maN z^*uv#YR`TLM~P=J0S%q*)UH-f%+?9bdA(eJEr2Tgxmvv9|HIc`2UXdIeWNfS-AGF< zLPBYfkZw>~Km?Q&1Q7(34(Sw-P`Xt_Q9!yo6r`mj7v0_9K9=|M%sYGb`+a{njtnyn zi|ahEX6g<$e(p8B;cKP4Z>3h%N+?JP$>|kgLA!5Q!LuBk7?w zho5>o&R<+|RA%|j`@TqYfv`i^;`9)rIV4R>8&h>1xm(B(SPylXmQvl;N3*H*yODQQ z+D-tBEP%9bL)&X`dVu)MON#nM_9d@-M2r^{H5Bi9_}ST63GKR7Ex~vwejpJWO2xiD zd6xUAd#8rBFflQH(6GhdKiVlRroxiH!z%tbVmBuz2cjasRGzWk&Rj)TkNZ-#NH0MuKNa!9J_U3(q>uPa& z@D9EMy=p#$y2G@bVofe%u8QFnKmElAW&eQ$9(UVt(XF z6r#RvyO|(On6q`Bul`u~v*x#oUCd(qR#Q%vzaU%DIG>U~n8AeCC#t_Z_vbM?y9RYgk8Z3`|5QnzGOg6Qvlbd6=`frBc z{@S(5&c(RnT2huyLn3dSuqlf0oSU>L5#J2X#SBaOa`HVioM$ghQOwIvCYY>+{|C8#dIfVJ+ zJ8xfIIwsrQ{0M+-e&DyBg(wlNGxh(?u8kB?PZ7pDQO;la?x-Y*n}E{)df8(d#j3*8 zaz`4AfK#^lVyC0d;DL9*PWZG45Wd7qVA-s5o0<`%j%^?SL$I46t}VvQgl%~9(; zSV{Yf(o*=Gu6%rfcgrTf*3j)aE(MCmkofgOV_|PPmfk?7=I73_Vsd59V~X8~^7Gf%UQpx(vx|VvAYc1md# zmkvb~(zmLX95mJ?XjyqMWM4oXJvK_Y&A8)!KbwYl!5|Hyp)Rvj@#pGfsPHWWI|C8J zvp%o+g!FCwud8l|HGkx{rLa%w#0`|2(A1U3y_NTZAN}O|IrMSrE{2AgcTOUMHVVv-Y4Xs21 z5^)|yF*X1){)fDi#)faumtkFCOigK=o7~;p98>Sx*m}W^;R|&6ig*&xz}`0@i+^+U z&Xo59)~$MPrhz7sK*^`~`ISxhiF$@rE>>hh>uw8h??At#*VL>QMXax`L(lO zK-Pa$b&@#|=zecTb60lL)${lNvUDrkB)+89yk<>vp8>(sk>Y}+D|RaC8+xjIx^`>V z6ItTKTr zHUA?s%mDY05R;ZL++aTWe?N8q=U=kwC|^fp60T}zdITUJTSIT_6fy{8Y6F&?HoMh4 zS#;Fv6|NaDDv*Y0|DOjjm=}vuHa-hP;H(;rQS32J?*a?vQB{rlQEr_1A}QEcG0Sg- z-pNWQosCS2l9YY^u-rbm+IgWM`8ruHorrf_IU~+a5|LsCOzOMW8L~%fKnYn`{lG8*gxalV<3S0bg<)bD$9L63JdYB%w%ijS zpOm`LE_s5LkXrNE?_x_F7O~B#x`|blCr?Rz`lx-l7+O?jC$CiXXdVU@Sc5zRf|5=w zhFHsAnUTg9YtPJvekV02#vkdoE6>0mC>~~|*+Cr0(f+A#L}$B`A1Qq}YUy-CxjnQJ zrfse4JQVs^_~WvM^-w#t5VnIupG3-=y|=GpX8S>`kkRb1%G#vBAgBc+RWAS%5)ABG z%F!}=6QSnN=7qDcfK8NvnEMO5yf0@!9DV`<(c$49p5BF4`t3s5-*=OD(Sw!PAc~9K zPYTeMr++X$(au}fw7rb_zGT@ze3%r~>qaAlg7j{5S$n`4Vs(}Y`~4wBfGYl#p~E-` zv4(#nPUk~|JaZf^YO=h1Tu!-|1xlIsSlHH;X%eijdbuVl94lDhUZz|+2}@MN$n4I9obA1; zYleN{SS<|^60P1cQx7=w?Te=tw&v;O#ic)^wG z4GV;k`I;N2WXURBXT;^TU3A-PnBUpd;$n07J5?{QZHERhtmT}J0^6d1}y=i@wX!_!~z@#)*72;}aNI7gQwPhL-lcESL zeKtu!!hslzGu`d=BoNAsaqON4k)CSdH^(tC{2ssnB1({Sa{*`A~LRD^=v# zmo2mbOQ&w|^9(ImsH=U8V}G44NwTm6u%FE5Gk&r${5}qZ1`Ksw_$XDKL7HDvwd-xX zLz*Q$drf_#aJG?%>RZ?TCK0WEiJ=7ABn_^6VPcW51{t zJlo}w{?;#NPyE&R*8-R7+;?(7dW~&P5?5p#xYa`AzeD~ETL$;KjVP5y*58z=Zy=1l zNg6eI?T5md)sKWXKVEv777d2?MyK|MWJ2IyMu&Iz{Rs+qO$;?n9`cxaOm;aH^JM*j zi-YHd8R7O6s0)+%3Rzt@#JrD-UQU7~CRj-v&pgvdWI8Y@DqX>Xm3_MU^{wJc zut3=`P~Uyk2>2v=44n2F>XQdCvOeafW+U)6e{Fi*OE7b!C4}e*!5)bD>{nq6o>wNx z)j3sfV)+Tv2H(kIwslYRxaz9!Z!G1FvyRs*PweTU{(l+ha50$wdDn266XISbF~elR z|CIDoGzZ44rrq9`LK8gHFf#K`#{sUyNhUTCU$Si__2}u8R&JsjwTJ;ZC$F)RZ&C># zP-O(*onqKyXPASkY4EBA0!16G_TPWUdvT}m!S{Cjz_=$shJ1M{ zP6mAXu@WrFf2GgBo?r)(m;;soI^SCc@O;@)6ErwP6t#kq0&b=Jtka*^x;&j_t|)22 zr@t=lp~M^dQ1^Q*_$bDSnLRh)f6?z@NWqUNwG0C=wx|dL)0%rqh^Xd$RztGu-lE2E z!(X%*1~Sk6<*(E#R)X(DW(Q!@8o2uK$pw zWny{9Ukue&2LPoRUr>St>@AXO!j4-lM zC~KrqgYT8}3fn$9-M%|06*9$F`7S$_JtbW3p=$*GHZ!0(dez zdPA3k0G+w)fp%v&%*B7u|L0R?=(F9*Qc;a+od;i5zVm`);zTz)nMFys@|^U$9cE`d za>F!!C}n{C;j5v90Ip71L1lx2c=^U)D)Q0`M!^ZK5ER4-UFsu+!SuzPxqtHD0=7w4v z8+{&Rv=r8#u0CB$(UM&RtqrN^K!3fZ9E2v=(jTf)1VyTHup{f3q`fhjA3!t^xwZ8Ipk=w+G7(U!T=KuR){q`q6K?Vs4RJm@s(#2g2z@GY6 zH4HX6Y5KtyF=>p84Zoywjf~Q=xs${wpH7;NFmW`Ht zKJ)6f`*!SYkKLfdE|UBxS|(kTk_?F7;@y@m5L|zPUMj2LY)#H3R3B9b(@{aD?``Eu z#Fj~w^Jn47y_*3~G)iAf;gD?tRap(D>fo;5uE4?itC#?L(K;KbpgA_Ih zJakMd_ZUz1WbTaU=;-9>Mn*D7xE26;Z@dD4mgWg!W(WQkZFA*O@K^|yic)ev2gaRCs^1Zjb2dk9REA5Zr#c#I@9Ud}vqRN+2c zf#un}*EXx3AlRZDcp$B8dyciij}_oGtD|hYQBU7j@|Xaeqj=ROko7Em`RgW>8oRMn6D(i&B&u8TezE!v}yaDV<7a|1Na!$g?TBP(o`bd32!TA%^(N{Te6$LRs zkpFJH%H`c*%}3i`PQ6k``GmBB%R9Uk2G9Afb@jEnyGCiiFPiMN3xKClWHI8*?RJJx zm1TJ`byFFejIqdV>(N0I&Uaj_sNhjsS#EX=Hwzg$kp22hH4z(YNsl2G6(oXY_WA)c zXRxTnS@@M6>YXZuwOEyOwl%hw+k9k@W!dw=IK`+JxD1CSZF;T}k( zkmT2N_Q)xt$*|4dy;tr9jgi0kG{m2I)62b(yU^yV2-$b%6(OZRugcttw`^wp=Z)_p z5OA0aeFw1QXEZ&k83 zET(EbR*$B?J;**r&*&*0D@&>pp`t3;866kqf0I26 zIm9qWZ?zMtfHo2oE=ti35+F@ZcQ14eXb@mi1Xcc7T0-7bH`F7+}Go?68xJ1L`K zq$q!Q;VqE&6D&YhnmWE1_lG%eqtFr@%&q+s3gK01fn>IOIBr6BjvGUQJq z<#o9eS~n4fvCCG+j5Q#|KxrNs`{B;IZ(RQ8QgViDWg!Qiyi(4-yDxHZAC=;^&J&?5 z7a(e+;8`@iURUNQcIx^!LtPhS6S74R@vy}g5S%(seu>frpHFb+Jmt(Q4|DMKaF?5j zR`@TEVXKmtn}iMaB4&Bn_E3p;{A4-2tYbiS$YQV{P`Zpq00o>brs^9!^{>5R;hcr7 z#C+cPjQ955TaJXcC>subXIi_a`mb1KsW;~0Q@*Vvi`qOP_*tR~DH&2;hE^uv?l`D~ zCJ3DV;SA6ViXX%r%8Ug{eVu^j1vXn^%%1V*#Eycr@AhLjfZx8V*i^UH0M9@XJrL3UdT6fgE_a+GR0rvSfQWuj zK6qTux0E~{#Jiez#tjxv*+yIE!7A*@>67|6c}Y7H`!M{m&LAM=s^O9%f6X?j_Wrn} z>%%ea={WS{Mg7=^_!ddZvJaWqAoKi3-!B$(BaKf6EXrueO8{o`PO#6t!Mu3z>xz!B zGK{2|Lkc_YG{|gw+LhI^FZLwr5ZYdxiv0yj#aH`P_WG;NT|#BW;zpYLsR;zct7RCV zkQ6$QZvXyu0EVxRZg%2#R!|M7C`xWJu+1~60p+!$syDx%0&d2>0Ks+nfVPlh^^kPy zN1iL!NytcpEGw@5A!yMQhG#i@lCLQDCrEJjdAa*te9!(6OGKIpSlPP*b9ovSf)x!S zHLd+f#rjLnWOggZ>?O2*qxE0%jdTLEHG(MruoSmzZ2103Yx?l&u5iFBzkkH;Wj5<4 zav_vtw!4rT{Ux=oF{W^dWDbHk@-OUIKrj?fdYAd3-{3-B?6Gp)_Yoh?X^Y$ogg-cBt0*Vk_80VSXF6Fdpz{%9W2bfQx%yYjPC5q1a` zlgjPLafo$QVbn3&`3rR49Cvsup+%rA{JNQQZiP)Ec)pmNyiSz)2so=ZL?YaBU4Is= ze4Za!_)E^<)$RS=g$n&*2=7xUm^jz8q+0=hux>Hbm+B(0i=Y%s?(^WS`MV@-R;4$G zlEz*=9mrGD55(5$`wj`zY2~$x?wsto4cTA$MMo#jxXax@nqJUMH44KDv-9nxP)Q)V zzry=8aImNXG&TeC1LTUr*j#O?;LMy1Ef%b-D76-=aQwhMw#=YtS{ct1S09R}BKRl$ zPX)`)m~4K_C~m{l`=5I^ES0tNt@1tOhsh1H<*|Z`g>*OIg{}Aq(_mDm2^KZo9lYNz z1Oj6Waq{Y}q2wP==OX!rP^#^0G*@(ir8}e9)&R!{hhpr|NCYRLdRh7$7;#%{D7+2K zubj}-BsXp+quX_V$WGrL!;pwkSi$uj1&P17j+A*?S%-xB_sanW^dL?8A9ZO&PI_3E zmh=hRo9Gi?QjZ6;;VtUULd}2)E3Ed>ljtkwa~6BBvb#v){?6y13mfEYanR0Eeqirv zf!++2y7xbSV#sDgAYHendYTiqEU!|Vq6|Mq4+U`^3Zf?>VS9nf!B0K!UIbk`Jlpb{ zAzK71oG3A)WRR*(8r~`%%NC%fh7+nEA>%ea7RNSc*O^7Z#V9s0J6h`5xG)KpRjlwX zIJDzENaMvxBYvXXm;N*MDNqIgC20n6qeVEjS61Uj@#)@5``p$Ix*Nw9p4b8O{}34X zdEVRRUnij#ll9+b*c95`>(wOw9j<=9M9&1-}FGWI%5II=sgdBogo7`f%yv1MXH(TdPZ&j1V zPom#!wQ>_j@27}ar$uZtd zJgO7(VkT)(D7uWJcvsl@H~ouYv2LMZae(wsW+JMis#}-zdXW5n0Gj#gI*kE53_MgO z6FH$Lmm#UD@W0zH{DXO34mv9UF|U{t2<5|H#g5B|f1O8#C+)mOg$T8UcDRwmqYV3q zVip9lCH-!a>K7l~Rn&J(0gnU&N1!6EAhR(HLclj>DC$MKc%|{rYQUypds7^@1Co78 zzMcg6?IYJ=rquj2Y5(~LMTAUOL9lBUQf97GbI+>>vZRpJ=aDd><{bFeFT*aIKR zsHl@4=wE6F0Y(b8PpybsVlF_Siu_5V$aE=}K|Y#j6$lc7oieS=`nU2g;Oy#y5V+EC z?McV{|KI~gax2%4zJokVkvt4X!r>l4o8`TW5vHp*c0mV{F%IZD^?MMre7WZ!=Nh%XBx26Ki3m55%DSd#ZJRU&Oa0<{) z7;0tu8rxQzw{Yl#WJKymV;gKUP=vVlW&3{+4#SaIPYl5cV7bGNi7+ZfL4ShkAOQkl z|LqW~3F;-%(>Pm0zb`>L<9l%+_=YGOYReU{^-JcFDfF2c@i*+VQQp_;Ur?D|M%r}8 zEX^z%e>cdS87HB|{4xQj0bU83)sA4yT!qF*PaQRpLd{39%~|`5AVptVl;JG-yFb_q z2kD+35@+30jh`ksGd848O`~8F?@H z(hM{47?2HJ5tQ}VIV-NlV~@(y*9=ksMs;Qy@&ascJQ@EPVsZP2!K#esQos*^aU`t2 zrP`R!LIoilnnlU4)W1qLa4*Vfd-5@Qu#s#inrm&n=pnG@$C1lysf@S;G;o7~ z@L0O`=Gt$i7=5?{54Sne+DFKIW@@&|SDlcA8yQYpbw^xgVQmUPz3(eL#)AB>>qre?yk`7x?%pzC&${axPG;h*$v-)2X)ewdoG^z zHS$ROacPxk&ZmFmZV$TG2Z*@?er(|#)#ZSwO#-gR}W!?#VCwxQ7UbqGmjMv?%a6-8p5l_# zA{tYOfVqs@BHQ~G>NJagG(4LDiq3?5ykd|HRshD;@Qhy_HZC_l3Sf(Rb{F86FJ_9K>WgLF!iIE3CU=6iy2wSu{k{CF<2M4 zXz{fr!4M=L-a$%)O&@QPVduy}6EY?4w*4{hZX31K8n_*0j!bM4MI9g2x1lan56IXW z2JJwhWcCxBxzNeJOehbq!nzNsM8n@qr>lua;zg&^RIT_(#Zk>j--cUbR-pdpy*uff zJ_84J)Q3YPDfc{J_XPOFy5^?^=`DODkbYBc?&f*FTm5(vTgR>O75aSdIS+}V0_TwD zclc=wR)-xO7l=zZaJAH}%cpS~CO_Tlpurpg1`@R2mj zE$yFuq&MF%O81w- zCAykUS+9>!sCahv1*Hha=t}CTM+Ho^ICmB}nV4;nq9#kWeS>XVJYx-tXKB3q zi$3|RtN1L&aG4BCY^lEoT}Yry_sb$7%+rF&xdGQSoc1VGd6lJ$R|RHt3t7Y&%}vX_ zGRegf3ogFn9c6WqC23gt1~LCGD`8oWP5qL4eh#y*Bo%hDtsG6OJCOxnciKlOKxgWT znmyzQRA13VnnBXjdnE#hM={sDGIwk7rDjMl!Lkh^`Q+(D#a7>?t@O#Yk6va*luJK%ZCxG3ya3Qqk;_@rAYMb_h?*+$xl0?sVdPgnOvlyjo zhNVwZQk}j#A(a)&u~)`5O>T7%auc_i^q6#ZJ@y|uosTCH?mAFe&DBJ5EV3m{^ZO@n zVKp5>+DD12?d{I%A1(<4R6yrV#W<8M?mq^Yf+-{H_D4N^)E6jV?LB8zXM19) zHVbzY>CXS)e;-<7w(JqpwcsG|UO5Q!qOoCXCaFP51+wJ{-&=9AOC+bOMl#9nC~!up z341dQ;qD+m+PW^7a*Fu7TU^t7Gv(`5LOBn2OK`umPmY=i*tV2t=0!+9tXs#Kkw+xe zKAR9h;fLd&sn%|h53DOXnqr26n@9(sk&4|z5I$YlSAm2{mK?$g=6 zr=ZX9EadGpSEuQySvF95?V|>pqbgb7yE~~P&Ez_YS<@|M=osf5xMkX_Ka+)w5~=1* z@+IbQpAHu!vU5}Ay3`sYVlXBEoe(eh5@3Zd;H0 zk!O~G_1JKT;BoF(?NV%W+Jp7qg{h$_k4*#w@eB~}Ss0>gM_*W3pyc{JAr~u&Z0Zzz`WTByePsV*$i^^ zfTO>|3FrR$EVN{2sxedk0bPi1bd|x6gim4guOG5*ucHbsK7j;jpz4CDvl`j{n#01c zH$y5ckLd<{COp7=sa-(*VYl#Cg)$nSWt1EL{)~+v$n@0q>bL{Ms5G-Ov>PzVdb{58 zUPP#FOWMo|YhUyEdqGm#dmK9CnB5uW8}+pNsqg8E&F&R#`;c+&O}D3@@79JtdGpI3 zxA`E0h}91(;2JscY$lY?iU0JgWd7C`oJ9Y%J}JD*@W}z3UBk#}ejDY~b|r{-yF@iw z8+{37^=71!Q(O_4^T*j7ArL%@Zk|N=!=(BNk0{(1l zlJ~C1Oy%HIYXD&SnpXecZQ3^O$e;9rR$&J0e;T`Vrh%M}!&nczP0g*}}tWE9w(TEYr%uj9OBIIC@ugz>=AvjKOVi^T-tVt0OKeE^M zIJmkjnK=m~`TIur8Idl$?WEq)&7)ndz7n(y(l!Hm70Y8qXp{vfIz!*?*){AFY=kvh zVpF|JVsS2hU1ONlwns5UG%7|*m1#ysw|FxUM`G&>@`j>4X+ z@T=$<-KV5~-{1;?ys+WBV(=GXzM%=?G8K8T%s;-FILI$BtS6&D?>i6lC?Ch3*j%VX zK1qrHm&5h%{jC;WbwNpAD2C9E)~gCrMza;XSZMiuT`dGUMG?jw)(8UxpF}uaLHhBV z@vikCR|mh3rBltyF^q-2C)ZPC!-bE@GKY!f{s<+O%jFBJ{nX|}G95bcbt=PD)A8vs zxIgF7?zN5I*>8xK4e!zp#l(vv3gVVju&1I-eCV$Scm-I{H8>|0Tv8n+ujomEMNT6I z`FehN{|m~1Wp6)5^p^l2Hvt}80Rb#B95(fQuGAa5qt@4s{3&oTSi_=RVVGGRatl`< z1eS4k+KDG-FGJWijy*PQC@)pe(@E_fae1_QHAWM*-66t185?5(K*VrKT?h-ls2?iH zNluDFBYmHB80wb(40J$tKs0-+`4Z0y4+1q%Sbur?6n_;$IM|;*7Re2CB_19IV~URN zVh#Z>nib?outTEzst+`nEpk%ck5UhyY_~YRpO5joK>sI8dUgZhHDSYdUU$u#a457k z$}KxIHS99(w*F@J^vCJ!E`p#HvIj&-K<%@)m+x`HVm38s_35tSx=`ZVWCT_N$yLhL zP$$g!VzX3nk>6#XUUnEzk;lIw?j;(qPhj^?ZqM@zVrFcWF0U+S*o3&aH|+L~d0$Xa z!I``GueZ^N+NNnni9>R-&$746`OlH9bO*~s5_*^A$R;IZJK;Vu^!Xo6lMsQPpH-3N2t zXmN4Eh~FQywqZt^P3XAB-S}$2!ycQvm;kFY9<0AZKYsnH(cWL~k3Z$&hd$(neU>(@ zCtoU-NHBb$&O(?>BvC5joFDfx$=LD|UnT?@Ot2K*N+d%PY#Qr4NfSfY$V4F0Cprg4 zvZ#_*LR4MJ(zLUNwYM}rt6wpdWTkq#lfxm3WZ&IZM$JmyPm7Er#lOj38iqAR-kC9u z#m;OS<>zH3>O3)g(hrGo(K+Hoiy{c2me3r+!M<-!e5X-9wJt)N7DxEpqs{I(ri6m^ zlkV9ugAU4vrA~Drj!=w-(et>t5uIk#gTrtrSUR!|XW4YwM*WXycvpVlp!eAMALBAR z{lcP$y#-$@4qqZCkh+f$dt9FfoKa~TI}!gRAKzx~nB$?esN@vBT#_QFk%>SO-Ts&Yhw0Oo5oz!a8`kL-2 zWN?Fm3P7t>>rv12o^Zu>r|_NQ;rpgf+v?oE< zB%I;{OG)@my%1PH9+BVOETi&5Fk%wN3U9D+*B^cFm1eyq6Z;O-HFui)6G91r7Lqdw zzReWoHyTm%q(8@mG6o6YvvBrP+Bct|64kM84GdaW`G)RqNTVSqW||Z@`6Q}B3D5*= zq1^L@?NtJCX+stEZvlUTcdq8K)XYj}wSe z+5RtLl$1X-Ip&&<;aO#~uv?m6p%R-(hdiX12b5q_3`5219bl;?QRB}@VX9Hkh&WzS za5bfhT4rPEWtt;01<<`9bSn=t`Z;N+Mw@z2u}1PPF;~&V@LTbzm17W;yonP(B^Vl# zi~dd*R>rCvm38^pVm+jG@tZ}-3Gd0;na-B>sRcWGZW@bHMC=^zFH0duNXR*BIN1b_ z=mB4)dvo!P#WbwFhsP}WUQlW76^guzUGMjA@uiQG>nw>KMk{*g! z5?US;kBZSw#c7(TcMn7Mu(mULGosT@WVWGMGdfAZ!P4Faz9z!bVDU^30u$>DKi_!o zBH;j)>?xKZb&k)Kwmr}@>CC366wO1g9E+ZLzgF9$ykRC_!1`+ddAyiPZp(qak2B=o z(^E-caq6yt8zSBl-uD4?h`G`MZOYo@B*DqkSIl(is4B$AV2V7zNGIWfvU|va?5|Q& z|CK7r_og9za|w&jwPB&qXY%;4GJ(3&`^QQZ8%l*PAM@`_dn&#UdX8!im>syPOQM2G z(8rC$M6tpwz`dY|6>?jZL^~AETnp+5g9bNJ-b8s+Icq0Ar9i4Y zKOZFt!0F_-M}*C&IEdIE5iBr?IATV)O?jyJ3%6QdqS;*{!jDyT)nTzK4H!t9T(>fd z?T}-!xiX8Rh{L@G}Nf3mQRWLda(FOlf+!Nx?4s?lNT6mDoX8~a2t2!$$}-wp%i zaw{~j2>8Z{lQ`7}0LzztZ8-=^tkssW-+9fnogSq>BrA=H*IyWpl6UM}&Rqn?F;YOR z1D9cu8KLf1^25cPIETqc_q7>quApB%37EIKA%v~VxO=D+Vkr}|(Fm&El>=J!_uBW~ zl)G(B1u-54fi8W*YyUdBz!D({dex=gN{NNAoC7d48;<$x_tOUl(=1OT-rgn? zeM95Bu{u1xQV(LV-IQNH3^N;<0)|jEcEKKBL<9Y*J@&K;D^pr^gI_8<0y7o;FVs@e z$n;~6Rd&1bOtIw!FA#SGr~wglO|l=>jgFq*y0NNRn+J=9V=(3MpV*@ZMW@!70n_jfdt z$~_OR=}xQA=K>g|D$KW%1^7wvNLqup>_n2umbr(bnZqBt@|MaGl}yC zJ*fAtGOF68)3sH;#$o(l93T%*Grx?b%e3O<@pn4ukGV34^eRJ)l|Run=hBuAV-V#U z!=lYGM6^XQRj8d@b?@gZ^egn4i9g#}GC;2X&#)Fvl|AQw_N#2!(i}jdOgp)-9o&0#tg~2yVB=OlB;yZ7F9WQ;} z_I4OSY(44K4CZ?$&Yb2fV*H#`z5&do#6Fc$ ziE;cbX$ma4xEZ&^HS2=6`k!M zUGEiNyi@0;62A!%Df!*Ox(>Te|1O6p=ayk=7l~IC6AGU*Yi|8}^UIu3NAa|Ts_6%Z*)-xvo<5Nd#^TwrjY>_euY5ks zQs?qh`P%f1iZ~%9n;5AC`W0=yMk9E1V)$L^s%pQ-S_Z5ZA9DN@gRkx-S^*7uYBPJ{~*QugX#tH z3&L~DzjNc?7vuv$H}Ti!5W?(*XN5g$T>OmMQgyH2WN>Ns3-yo!@h+oXQmtegp$JAtsvBS+J;o z@e)%2*OD?SJWws3{kp!I(3MzY91=zgY>%|uUMLLu1x~o_IuHa7MrOPn6bmgTaF=gO z!W$NFh`8QJ)J6C}j4b|&twcRF5{K&9NeQ_03m}*Ij+%Qm8TqEHp#8Y;;u$@Fg*W`M zP+o+7#o~vIE_kik46?$XAAD!;xk=h?z1eP7@Feg#4xnBxKzK6-EdY+YCf=oCl=Mn~ z%MiQa$Gp3#UD?zR7llWW1Ol`R!MS|aC3DcJTM(YlP}g*o^$$$ceU~vZx-O`G> zvx0VfHJ`=tPi46D_n8!;OB{kb#7xraaqzb2)qE+v_R*lR{~Pd*b<-E#6!mwg_g=TmA4e^#y&lw8b2Dne#qgcSjvre0uvsA(G?g zQB7hg^+{^m+en07jed*ho~u{1^y{U@obRLF5>&S>9U|Ra)<*?|4U$^tE02vFH|X%E z8JE3(@O)^}q#mgUJhS8UJ$Jf8ZNb1bMsu@fHcwMSS$1znVI$(gmN(Rk`l) zZ5IH_3%}kPQD7M0(#j_dunMVFN1ZcYcZOSb!f&pq6Fw&%E-BE@?XuEFw#8hq%LNQt zK6Qx=H9r=hYTds3E~nz-qVOT>P^+v3hCov(JQ-wNL$I2^KoCO;w`@F3g>gk&V$%7+ z$j?%YERL~Jz2Q=n>&w6PY}3n{^qKyK#xrhMoGV7Jkms8sJG@Onr!1f``h?7;B<)+R z0%fQ#M8@lBIQ$KdXe>Vfwf>0l=yYB%_OSzceU?%rRRJghef1Uo{eZF|(;@PV{H;tk z6IqDox$?gS_H|&F;14+)>U2&AlE4=qn1YrGj4L2qVmEkIVYExmm9=r8(-6yzmz z3fzdD2Mzh8LO30pYd5vot-qOdXRqGn-Z(?^#tiE7;$%+fdw<{dMka2)D!CFS=9jP+ z6nWGuIXM9=x)e8Yb@fwNSTrbN`@9gO^2^sLZXNe{J?HfjtvTB4;Yse14rQt`wzl~t zX>-`UxG1ybP_ko%etfPt$@INj@F|(MDTj;^c08RAgExIl9oBDFn)?%TlAgaG*epdl z&h0#Y`+)t~_nwYDQIa9vk&%hQpl*xw*8yD@v^Bf({*_5Lc@fK>P!^Vz_3wUh)MH>d z*bP?2q2E5B|Mloa{~Ip(CkH&uwN8Y}u}{0MPiOeOHF54LUHOo@sFaGOyf!j8c!A5W z{ED~PWyhsEsiT@VDnfi^FY~X-h*y<~)`Jtl#jnTSR|{*Ca{6roVFO_SLHK74zI@J+ ziIL35G`Ale!K*mQ!1!62bYV`zY+3#>17#kyX{{G!@3^L(EiZ3i*V>o8snU(|iQlf@ zJ0^Ofzh5%`l{p*hbt!T`-agsG;+AsFX^LN1Lw>>)?GU%g4yNj!-n@F08{zcb?)-|5 zfOtJK;s%Av+3q{Hp1lY4gYz-Fdk(orsvCFhZhn8e=e=RGHYI<&;}$DsdN6OqSmUIl z7nJ#vVASqRAgSV~nR8l;1(TQE0+#sB*e#60o$teY*57CBZZ1V#>Z#YyhR{Ve*qn=O z8JGl7p|4kNi}LnGX*&l6`yID1QTe^|tF+~>>i4LaS~=gF{+h!u9ah@GShMso*W!%n zayyjq3Ut~g51f&`jfqSeF>!fK|9s0<3MyTlsyC|}7A-f9ST}q={ZRx}%j&S}%iDf6RvY zmA>A-<6ZXh9O>=IgVDZ2QdDMM<*tDl_wGjhxYt@CtC+Ay*@PxOd#Fl~8E@VG0E_pT z*~tCvb|lkhJob(YT*Skd!^2gl4uANJeUkVu%`c7`{`!1x$EgEm&d=U=I6pMDFZLLJ-a_=V z=AjHLy;~=9sO#Pe7v??eTNYSOe|*=BIbIfizEsA%_4Kp4ihlcPL_^_thbK!Kz4;fK z&~d7c)3d3g%Tj2jeyLwj=u^L1!PM9@wvjE&Nq?sKhnrzm!AsRXq}`z zbYx)8#f?_vWF04#us6lj9a%0n#1vyaeqdlhFLnCMTR^^hrB2^wqdaF$({W;rD~X=+ zZ%)Z7hyXJhcx!zp>n0tS%$zssm1t%TA*!h1Y;voHS6lpiyCu?*CQ0bNQkrh=_^V+} zi48qHi%rJG!VQH#mzPIcT`pchtrb9mn>Y#Ih!MHX3t7FXn$jmV9+WtY#|I{#zWe$} zP4WeHk>y3;uU*)ZIY?gY5AF#tG5_JI_)~HdZ8Gzq{i!ita+@>il#ACR1JWy>b1eQQ z*A%Pom^r#Na$Y6o>PtPT+QHyve@(>Ra7Wr#A}Ni@ekVrX;6YV>K())G>IY_}ZTh!N zxOojDwI>trKT2+pGJ||Mo?k0CZpI=7=-}jt*%O!e)#5a(N4sxNks`T}aL;8~ynx?t z<*w;!`PXp?9lUK|mAgrJ%7&mMs$G7kih~d-9m6d!(-k+7cYm{`1>~@|p==6(S`j($*KFD#)Ys3)@g9)DFs=10$x z9eQ+(K#o4!h6Wl*wWnWGUYR)$D=Yd{#KK5&89|to(xN0er3@AjFh5i^7mLw=3qMVnS7-G zF6P@`pnLI@78=b@q!>EZ5=2~F*IZmNr@$FHOP}_421jNzRx-NE(RVM8zQ7nvWiAV& z<5&d^9g*IffYeB@0TN0GA<3P%_c?d1z0TeHtowWY@OcuW^PAu3W6U|;agMyK zSJ%y!=2+Oo+61NI%rd@8x4KtcllZL7db>G#<`iT%nfZE?ib(f)JtJ3WfMD%VRW*MG zFqe!^!YX948IaX(Gs->pq$iAwHe3THd%$2r0lKO^%kTDIv#-_xCx)ZtbJbLNF~wct zIp&1A=M|(b%&9XqbK|{CzTdJ|Qu{@`o8q<-j~Q{)fysTak44W&LP_ym{p@kka;}M| zGxrEjK`v`NU=dnF!cc9KqCXHxM|tr!tMSZC^lm_RosU zCyn;7xK6%Ri@}<_33SlDk8t_;+QnW5*UGaAbt)B7#E)r^-rB&h>kHH|fm&qGNQ^5dp3`d$J6F}YQ_Q-X4qs45ZpVF?QL3%s?sn+&n%KT; zH)0({N^-_?YDUTl?yC?-hihZQM~;hCiyOm9Ckc<__7+{P?pLW91+uc0K*yY`H0EX$ z(E?=t=UeM=3UL6qetpO|u4i}L|7Q^09Dd!vAy3Eec#~I6t(54ax9(Q^#$42-F360j z?~?V>s6&1ikvRyHWyF!BHFE|rWazo!7LVRcoEu=P-FVry$6~&Wi@TSx^{lB)ceI7B z-OR08Sdi2#i_#1wEN7)5+TnFyCX#e};)LQ9 zy8Gc8+_b04`lo+!7bJFi+<*EFT3sTzSwfe1k9}^B4rjA;zQygu;>`MkFatlx+ZpMA zp3`hokqgCM$9VDhO>G{wa7HfiUFw7#VrV^E>C0^3m-VbKZKb6IJ}|t=%J3UkZwB}= zsGof@gD%^diA#Kzx|<;ko}x5+*!(#S{b}3lU*ny+ou|YL>8Yq$7{zT+5SysM*_m&M zG=$uh;9JYV63^}dJ7c>yTt_z6_S?7B#JZ+Ahu+%2L|Y;RYI%w2?7kuSw4ltI$F7oh z@@RADURBMN6R2*vmCsHn(ySHf^&!s}+x9u7UWQra?!dOE*O5fN1xwC9FxS6W0945O zk$vN9MuF^yQubJg%=UNA+030$haPsdw}r6}({vB(TAOme^}VHuxq?Wd-%N1t?r}Rr z0K;%POc_i?^~n2OE&&nFwFDR0-g7$P9j*dN;Yp>YnjDb|X{k0PwMRbVLeK3pvQ79A z$IxvTYmL1|(&_#4zngtYp z`C6BXIo74aoQnbG*8@`PIT;|k59BZ<18&NNeW;^b%<7_Ii6MjC3Y(o1%{3<)x0&08 zZ+>*GW{0gxOjKJYXv*%#Iw0FpCaj~3Gw9_hDOrIv&U>?bN{kxb4yEfcVbbIWd#$RF zehi_U>0-ZSxS}X0k3(*uFQd^|ibG7|PWq~i@cx|Gdh93t$1%v^NNHz)cFO&gQbs8o zbB>!fWKSJD;@|+hw6gqSGAiembS%?MDPu_36UUNKGq=cv=_>`JSr%@7V^DUDzG>== z(c??87i>t1WXl?fd5Kzyh1IgLD8A!oT43ZxCJo_krJh-Wh-mX`R-I|feQtUmTTOv7 zO(C&YuNNTOUz|dZOHOj&%hAHo?3>q(dRauCVO^qdR>teK5=<^&jX#|zVF zerA1bv%Ch_OIC`@Z_-tz0AyO!*bjS|Q0Tui!Y5L>*y`NF(3F5PIzMLMyOi#Bd3#j0 zX7#2ls)ZyLfDN?+)%*^PQr}78=f&F#TW&RsKf}ymXxE59d>?+#H> zds5Fkx_eDroDu~}$@)tvhhMF7Z!rzpvl-Z?Ap634HMOB{mr;G~feypelqy&7hOG6` zIc}HxvtDxqb<=wdp~%kbosvE3!0@}QS!&nDdk*RMt4nr$q=Y*S9@(AFX;UI&^Qyi{ z0aWa*MfuR=fhJiQ15RIuOf#Gl^yQB%=JO)iW-3n|0jyb%+4`B7|H1;m&xB`no}(H7 z_bq3WZJf;9)xr!;KJxTTEyorokredC5zaBHng={-P*hfGGIMw5W+q-

b**nZ=~gLT#>>JvR9Akjw0`!f=(8;iR`e|i#~%f$f?It3YS8pK`qgGyDmZCn zdx-(Qd$X2vJq6rZR#=BsBir3wHR@-7WQK}X@_VKH7>*3d?ys61!>SgWxhV{zXDDLu z3Q=RXwy}#N^a%mDh$MCQu4{U^a>4FtA7ItNsRy~bmS2@}3B9R_Yf~g)2T&qG>W3K# z>2rC$`l<1Y#*VU)$8jv{M21h^aYrI%xI-fD@9CO|3I?_`T@N$BG#$~5l*uNP^-n)~ ztJWvc;=kJv$GZOfWR)PF5`b`BT2P`u69;Ap(V>?21q_{%Wpc|#?N|0Of>^)(sy=|> z5qr3W5gahc3^^R0pYv^hXFCptVa!xcGR$q>#1>0MvyU0tf4RK*qeWK4fZZKS;1_-R z+CRrXylFEpQ94saTy{PlH=SPI%8gjUJxeY>#D!SM$*+|&{m4oz8h7iMH}e`t3=MBO z`z0#iTGMdE%ZQQP+;R%pbY&-I6LXEBJ86!fIK+{}kQPFYckhmoW{v#7L&LcqWxG9? z!U^|t4Dk^dB@@?8w|wgTs>tEE=scxUv0*O76*YBZD?JNe_Wa#IbezJtSb{b^5tf|? z+DgSMj-@3t+@pOl8r%Q$8Hl8r{~1Xu-1Y=n@fYr&`@Ozq7TG7>h5g2*oUC%-eUY;4 z)1Vb|gC}u(k|b46Zh| zF87MTd39PdiX+S(mC#>RUA%&z&~G-c*QELH&v5o!9PnF!!-1bhKskIDr?`6wo5+Bc zeWpo9?oczM5_%TZ$Pp;3{v~v{QtZp&>58X4x1uW@86P8Nu4G%bz<9q^@u-S^I9#x8 zUXk71H1~ASRN*(GOgd0kCpdzVRdOz6D{IuGEKB^nySBDv*g{%fQM;hsLV~v-Tif-` zb-#sKWGKrtiFJml<)Q5SIt+b8;90Y)Ut`muyJ9sSjE6`TCaT2%q4-Dy&+b0RP9^e% z1f_<%?`v1>PMAKT*YZK=Th_`6fTWlKwKL)Bw_x#7!bd^mkfOz9H9c#CoT%)`YNsWz-{lhBr!OX+=fgel& z_LmJjKlNqL%*~OH+9b-@OaBxMI@enSjkaw#sq`+V=u;$B$HJ&cG&>PA^bKd8cP_uE zH!OnZ2~g?f%?975UO`{Bq}wMgS5D|1gsjHr`JHcZhRZFVmwkP962053Y0PrgAu6Zl zLQoc(yn|YLugcLC`JrQhy8s1(-E;>3#hb=D1sw|+mw+mj?Vt5m-2M5y>V`W=VMy`k z>Sq@jC&GZBBJjQ~ArkQo92^Ct=pHVCF4~ z4Sni~b)tKRvVE>}H_TNu@JvC z^pOqYB3_Yuh$DpzicKlwes`79?43LFH2Y+oqeKK>t6n2!Sxn}-ISQYzZ!Le9T3wLr z=TC#1p^gmqo8_4hBt`W^DS<%#o!_ZP&J}Z&&qn9mZ*CW#;1#Qw&DtXLz#%=yHJcO> zl%l4Wj6%qAi`pkbqQY5D!0p7*>d{F?vyS172W1ZP%8;KG(Ml}2U zo}ZM8&Q&6vJSKe}{n#A_N9nD7{pgn{Xu85jMSWA~SFOgt*f1`Z`dOQn7P<_^a@u|+ zvXz>KzT~}frhoF)U{qiImmC^;bsegO;95G~jOD-)87k@vB4*uEHr`w3zjia(N>aJ+ zeC!!vj13J*!AjN|C_al~d|;OzIe1cf)HbbTB9l9G z>PHei=Dvf-i5Uw0DJV-zR>;|@LS2K%Fwn3?U=In&Hw+j2SjvJl96{On$B^F|?~|pn zmuvTNLb66@Qb_gonpDJhH&1otP{tP^aX0<^Cv;!D1t-3^qCswe36{*Ww_BVHR?{{J^(|wXW~tTEdWFze0xUAW>hfOb6X2$ z>N^^seFq^CQi$*m>0vAtLEwS+c!?*+3voRC8MKwgnUEO1elTZmu1BEM|7_NnYoCEO zM|g!mw()RqJDt6}j(&KLmd@FuB(B~^$pZoKzDMJ0-v9f%c8g67Gc&4<53l(KYivz5Pc_y&#b1;pw>Bcj<*5& zK)7gpf3sy)U$gV+*%say0Nu&p(t5(sBg^d)U@Et&3v7-8GkpD5h2hk>Q3P72eiorb zlYNrwyDkRXCl5;dyuEgu{9RN2@(|&BfyxWVWRy<$o29ykOTq33D#K|zN9I?_95+og z0>Abi{k1`IlUP6uh=t2a_HiBQ2Z`HF=^tgc0+r`z!9eYLk5N0NcG5V&Hv;u85d#8b zg$rzxCW3D5%xjl?nWfJzbH|#9tHs_19-0e5K?9|{)HI{UzX-ZElTOJyPS1;Swr=~v z#r0i^rPt}hp`hzb|A@k_%YV#`J``l9{*_?9c$jJ6$3-h|K$aU+?q#wtdIsq@Zsp`8 z5Qe416z5m1RZa`l*xY55tDgI0h|2ij#NuBh*~tvC`7Hf~Bie)c0uQFo)A+tJ{KpngbF2 zeiR7AJ+oBAgfaN0{{FycD?;fIY(ScIXgWu3O4^uu^flS7{wTBqx#ryig9}P?r5Wu{ z$M~tJ2brVA&2OAj^!11ZMc+`tn7f(aVzXXxnlBWP|c~ zY+pL9vkArthg=0vZ6!aS9nT1p+A{-XmBsrSYBDB(<>H#JQ*&w=Xc zE!ci%0`GO2OF0m5@ZiJ$tlT2%|4{D5^8BCT!Sag-Y84CE{jHvmQabbPAq~B@*4KEE zS=}xkt$a|JyL7O+w4A7d%73l z0C^DGAmq8b1UApY`Xu0Vbk@ey7l#8rL>G6Bcm}_y0{`yOuf*dYKm2a%%3Q~Pu@&~e zV=KM-_Y1$R{l@jc{6K@Mz6EC@8Mz+t9qfGg*AM?q6YwFZ{pi8kg3^cNuG#`O_FToG z>F`CMqo+fLt_LdX{8MTKRTBe%czIGS&;`B8=1kjD4g4y9P!HLWSAA{>wr>1u>w6N} z@IO#p`M>~}H_EGm9L&ABQUtG^l_wH>FZ1YWTkd}tsC%bq7??oPb^kzZQrF%+i8>T? z?DzpuSRe|XVTXd`e!a!7AO69~e{Ns<{=wRs6;!<`*O^YMb6hnL;-IHWDGPc~atg@7 zKbO~$#ce%56qJ2jMu}csn{;MSiJE2-R8-@N(X!{pfn{0#Rn-{`*Cg@$o-R}e!g!o# zQWnr8L2}5cBJ+lmldPj0u%%4@6h$|#r_sO4Lfs71O#cH1f6v zoPf8>oPVIp>4U`g47Qu`wE9|np>u~Ki@igK`G6fYO)Rhu2ZzBChwB>vm$JYC5|Bgr zOXHW7lfV5U!%GGYW1a(E93;TMe)xl!M*>raHq~}M4e`SaVwj-{d!GY+Bcqm(M1F5gk55&eOTb+iBCZA%-Rgr1CQPsoaN(y zU(MGL_xbuL?=>iga6Je}HnQrwoI$W}yPPju{c$4#$axpY@@RNtIWHuF=h^>5YY=xx z;7i4?gl~UwVW`{ngG%=Av1mvh(tPwR3bSz68=RwX^sWm-y^-GT0cQmKihp~p$y$o z7_QjALo}lU8+dT+tx;~V;81i!$9w$2-W9>(TdOnrV0+qkzQ!A;_w}-Y&s)M~-D@K) z#lPP)@EBjegOgUYsk**pIw5I{QjXd0S{y2xX>@a_R?f z?rZRb!@L_v@ANI?t_$$nTLWwq4Qc;a=e?zYs_8eU9OpMqv3pdh2P)qLdBB=*H^YSD zIM6c#5Y?>Bn0K$OO>qF9`kT0oHz$L;mp23ccT@x$Qf8sqC#N3Nux?)FidN9>FO%e= zCa`5gxd?d_5+{BJ9tO6c!}R))+rE-9qq-<%{rdwqS*iJrhu<`Sv(yKX6|T=aAbPwJ zh=lgduknfmndo9ZX)HKj8ayp-qX9WJzuI|DG$SJrkOAcW9QJ?=DXgfPfa8r~ z+G$Nae)0i3u)JSf3}R}%_MXC~j$ruI*Pe736}e*+AzQ83axWif+!^q`^N4PSE+>VX zfUdysN_$J&NTaYoRJ2q?w57#kz9{gK}Q|rHYr(Oj#K`}gU^JWhu@v^d+Ef5(+SX?n|2P=G#rXBDY6eNnn z4}#|3>HXIS^t+^{2mE6yU|>x|j`*>?-~9;a`Nuu|kunGTN$#Shi5T-c1P^FRK- z{~a*%@2CBdwtrLdPXhF}l>AAl{+5!zrQ}Z(_*+W;qn|nmAO7|@e|wxi1V4Y$o4=*x z|AuJ)MV!Aq&Y$e<-?rqxgyX-(qZTT1>!fxo5X@3`den!+E-Sby8eKUs;tz3Ja} z@^3r&x1IdkPX4|y|0kR9cW(OM$;N+w`2Y8&M--y>cX!!x3QYgvfk)uiL-fLxKaE84 zpyCymd5<&xd#3#h8yD4szObsVsXN2&{r5}!Z$2a!(;lg|aIt<&Uv@Kt^Y%_x)bPLl^6!^9qOC0Mqb!^E z_TMf3rzMnaz@=R8`SLM`zebY7g5dZtIbQc)Zm;~o{QQ|G$&%opOWu7PbL~$X`FFbx zqGAEpG9KI)`q#7DfB(4Nn1d@9vTHjBcd!2U#QYivNW#FM8TnVG^56iO-TN;JrI|7y z3Ejtm_J98_|9YV4kpWKnZ4gy8y#M;kzZFsOWI&R`?RM7xdvXBU`7=HRQzQl&^-S-% zRFe&SH@l<<;N;Eqg9})-xv7|_1kj;7a6+l0LC$Dzo7MJc7eW{E$ z!)eck=dl^5u5art~3m>B@GlD^BzD;|Q$wXnNqOdS_~LJoj2_!V1fmtLZ9B#N1^E*XJ6?_5TLIVQB$l>^ zP2!sI9=2XC^ZJkPfJTMHS6vF5y^aM8hK%ZKhd)98l07nD`^Ci>OAY|tbI+ax{j{oM zwzrh25h@B1Jm6K0sQgE8n~@>C%;~R)zT7RY8*Sl`eX|ajJRs%gT{yrDxd*Tx?@D%x z-weP2NlDsjKJRkSl9B;>L}V#woLVN9HtLbvlG@7%+K5c-;qJA+^2ApLKf{JiH5imU z;CCZGfSc*$tA4v1>?+RbNsJE@!F57kASDL+ez7LJf_!2X-;01qO6plC(MAYKoRGWz z|CGBw8~1208V zrl)^0k?Oj#@=+&A^a7E103`4XT*1r3_9_MKNcgb!LZUH1IoiRJi7 z*nmTR%}|m~$+p8nv}Je6ZdQ86GK8L2`X>dnXGS8c_ZbK=I=Y4;paIn4WFXFfT9m~^@3(MN4l z&?PzW+ualDF*`-Wl)d3NJ8;8$Dds4cMd04~p7oJg&{fcP^-)8bL_kx>(u$OE_ob!G zmW4YGPqCGtS4q4}I~qTf;SmS4LyajhKu&S{yOv$$QpVlQZfO_Lm-!NyxX#`&Uc&$~ z=m=~jUQOAEb{f*(gmg)+SBum^Sp8NDC7KE;PYvwmboxQd*+}N_PRWMymdFq%0$xSP z*jn?hlg}&NfmKNnS{oR^z2eH^l>k%c-0J0QJAh5#vikubb_h*)%!Jt?rgsg#$h;!< ztAy9`)a>`)wR?`QsS^`(C|?!IuYSlbKNEuQ54G#AnD1=aGji{mcrt>kj{+^Y6qtRX zDZnK1*9g7px28lPXat~}V2j4o)V{$9VsBb#|*EeEJ1*at+?%V`a5;>k?Xvjo=fWgsE+*r>1Kzq$}I_ z4v1LQILPdyXR1cPY}0!-n4mhA<5f$544gc9=0cPJ~1n9Ix>d^y*pwF{_|&{ zy-uGz8Z}iJTBXPj<7c_QqDGe;PT2k^iR>o*{J5Up5}LfiYUrFWgf@GwYtp}Rg+j*H z4WvgI#ghX%(7eZaMfKFPI7vU|37>~;p&AhEEjfzx!hGNp%qC;^es6Q!=aUrB1IkAr zJ8mN6$uXjP7+S)MhgDtlFM*aaq@Kz0=^ z-b4FUrHPLW?7yT}<*nCFx926r`#(mt7*uQ$#Qf}(AzWoeA|3xJ3JJ2);kuE+$L_5@ zT(_w@$$jOZ~BpWYamxCg)4jrAcQ8R^E(gcLdkZ;;ZA+)Z*{G> zMa8bj<(2X4R?H0~6ioTFe^`rCp}XjYI?E$&KY4WM>7kHU6r@dz}%x1>^o3$Hm5--nWEK zXDi9f5ebFH-b6Kkk=f?lBVFmf5kxoJ2?WY9cJoQtr=<={jko@}^xu@mwk{X;fTm~L zfd#thH?5oyV4n^bW>+Jg=5Jl)I9!%OWzeUv*{w&j2or0SSB{Hwy!Nau;{E4TZlsx; z?8s^vk;4w#6lI%y^(n(i4{=$+^~62W`urPS-q+>Ryn+m>w6pY{st=xIq>e665?7^1 zShzJ5B&0OH7piMphyBDj7WaJ0zx76~xlh;7f4gKNvnuHavAApW!Thu1qS3_jIxd{P zi}lDhr%jQvRXv>v_kg_!`A(DdOfG7$jjW(0={e$&j8%D%E*fv*)PLu-X5<7pQt zykb`#)XxSj8+w4@yPS72lXe=|Rl@DNL2I~#CC5EH+8b?E#in<1B4EskfW02O zn%cf((NkyqiF9GCR@{6$Fi_5yw5la8i^xZ_B3xZ>mI$2WZE?jXxcC>J>4Ez%nx2Q{P($RvkwD_|3l!^$Rg)bQL&9(QtTI&^;8DlR>O)BM;mAkDJ-4$yK?J+hg zy_UT=06KP?ULV3pPpE%Adc=m6C<5_J=q39TLkO=0oUjQWZGJ4AbwnTycMmvvKZ2GP30 z$`foY5Y_A5lLp#h2=HPCKA0S6D@@&7I%Su4)wV+vWwbZGP#5hI1^-w-`^aVXmajuG zE85MJh*>UeVvU0L99ybc$&Gl$HW-tcWWKirFbp!~Rm1P2nDyVcqHdkyzha`BMZJA6Y-b##W?Kw$|F#qd#Ng4Y{eiTBj$0t{l;y$)L>6X|L#a3ugDMQC0HbX)ZJLz1jI>dzg>VnUQa<%R1@zXA0L3-bjR5PYs9+bzfMuEc*8yfDK2+g ztgx64c{j@e!%S=&`OJXPtamlS&PRb}w4tr=I`l(`0vAgJaSVm*W|p45In~y*3#FZs z5%^9Q;SiMvx_3u7lL8C^YsvO4=5&Ip`)4R3P4F)fs%rqF5ObYV09KC%1 zA=Z3l{=CcTUN1|20>GBj4n#2UVN-Yn7rOP_i_UE>rY!-?q}G<9BTd6s9c$-w3%?*) zb;97J9Mjo+-yZ=jJsygaN#_rO`n{byd>L6Bwf*fv3y0wGpVOKw>-Gsf{a^}8gi@nw zIw320+#a^or`mruld_0mc+@1*)I>{iVpJo8taGk#e^)ArAMzt_thBv6WO-{K;9ZM6 z@)L|gC$*aWk;9boWG_4*TFFDDl_CUN9oeoddgir?N62I1KbevhjeBZ#r;ji3*(5|R zMDHH|1|bHNu2kr{j6ZGI_Az-qCq1&&V3)?=G`@US zi&*6bN>;33B`S2e_^uQZA|LHj+$zcb^y{#jhM~Zu7v9)ABZ=kZa4M9l#TY`YaGpZ% z-@>ZqO4kNKis<^L&yS-<_htxQrj)Fc%=k|*!dRDd`teYg588)asd15O9rdq^e zpkp#kPq))c_eNXy_vfoky;&e9(DbLH@=ow-+}WOL9bk9;aZz^TTt#GS{#APhrTqtT zD{na$=9b-+wdAAs+l9n3RXGC+G*O$DnpUn$=~eLJrvopEgvRI4!ur;k?NVrWu9OkG zCHXN{1k(`W_mKJ2TUPyAe(G~dD`Oz=`|!MTJ6yUF4tqZmvW-s<*&2X~li%=>_Cq-w5YFKz2QL8q>3{A6^rs>~=~DD~y!f{-nwPKfVnjl?=J%jn#kFCzGl>0C zTI?>P>V*kU+BOh?f953r{8+skC z+Cyxu=|r8EmhlQ?dgJCM-SZy*6#AQD#QSG_i(bYloM!Ro^!piPM3T*BA4X+y`*|^% zg|S|58+D^FP9v5J!bX*~)z>u8%S4aK3M|#np^_$D!_2#)l}{c39JC!pOmOCqiyV4g zB-*cc7~jJesUo(9Ic$(N+!)-{a7vb+b45Pj@d7&y(sT`9S0&uU;)>OwuUa2b^e}m~ zvIP zg12SfzM)R@mS{*@WS&y}EdP@;=u@0dXj1Kv&e2LEZ%ogw*N$O`OBE+bU8ctd@EG6h zGMB0~-4{!$*G>(1*Cdx~vPvX;5ckCRPVekyHnTL560_muD`f6a;Sa3*Aumor9j<*f z9E(~s+>$V0&We9f9c2R0^5Ta>jUH%gn3VG?%Zxb|&vo8^5wX(HV=XRw>|*UhW_8S$ z$oly!0IelNuwAhfl#b@Abu>B}-5b~*Wy!o^U2`hD?qeceLA9cs$e+4O0?hoxw~Eg# zusA2Z*2cc-hil^-fQK^Gw{mlx(aR7%Nb!Af-8aQpSoAslHiEVqe-t)RQ5+eI;)MY8 z9L}yOQdg~pHe#j}#j4|#d! zp=DO`>aHVipSxJaf7}#p0iU+oZ)CCz-Bve!VI0*NF#_U6!#Z0Ok%5JXds--_!Ahyq zp%I+vss@SWeEzB3dI5BYDN{kyCquUD(|WL(zweB}b2|QoGH1nfqHk5D(rc3|=yi9tbWUipQc!I1NewSlSy#fD zJm6(#Ssc>bocv2?$5Q|h9^ZUc?>Rkw=#N4%j48!e@`BH&f_S%UYX+J`t zDrY2L=RGA{-&Q??^Y_xuCg@lE8}8S}W7Er_yNAA`&D`Kb-LcHRw9o<{%`oZgQKX5V zNQ1Wqc_*1BVrI9l;0$Gyl`n$6dxupWF{3cvzVldfuwp+pI1!S34aV6>l+Si*DGXS} z@=5K>1;#m7N*Eg%HAy?TS}0WS{xlj3a2txLc=*JBdwtaU+ynxnQZ6;h&7984q*&}5fc4Boo z>Shq|3{%qd0%7I;^iBQhs1DY#{pR<<3+-d3LXbe|V>epph|$N>pxfKKa>2GO%j?8LN{4B3!xj}no9dQ%@(Jo;>O*35`+ZM{`iRrH#2K-LJId?=8-O40|31v zJOhG+vG%*Z#*Y!Q^Xj4D2HC@NM=ZfX#F6a7KB?u)?Lz$rdAI@498kY_#FKzuF`av0 zOL{!4?_Fcmhl=O2PYRD1^MMlZS&fEh?n9^mMh?UiG^p!*5F!tWGO^sv7u`FZQla9M z4lqHICIea&B%qIW-*P5R+7@0N1Le7f5GIEa3x7RhSD(tAQ6+DfR%DNKl`r>ivq zmFt~uQ%^TJy*s6G6BAx&9+BGJ-v~RhN{aG$_fqa3l@pmLF}C%c%`dLdjSBi2l`+Z+ z-P~z+c$tqoBYPP6mJcP%9=y%ZGkm4Crt-=3x4Y3OwZfT@qnj`^>3#r-ijHG^>saQl zI7^E$O%%`9ajj6n8j9eJQqoCY25t28v5ygQZ>nmEt?#_}fZimOZg z?A|a$^950ZFzLP7phz1LSHl1T{}GQBP?5Qbqv$d5=1+9LtW&Ie3ZIDA)%PqdA)S&R zf<&SZyRKgF{lRFrGcCk4-5xs}%496F^Sxc!MVRUOMi->aXLvf8%~XVObBGU8;bh=| z!Fws1z-IR9Ork`qwmvYM4m`PCh?z8~pg15)y~vdxCqKE&5f(yo;->BEqleEK6ZCX- zl57%v28J2r$|H5=tpQg|J*{gm435sIec5AW<8CyyHJG40^*53|Gqo!7cv^^iXWSv_ zDtdo&IDgdtKPFen;na-B-aZS!x@=k__^&W)-WGpWWyp#izwnY{WlVX#Yk7Dg%FJ!{ zX!Bd2k|~tka6W2>90@(O8mmN-pt}+d+1WiPfmZD-nYiGuJunJzfSo0aO7{+Lf6Nzx zpV9$&?VAP$MHx=M_w{dt?~m*;sUuR;GyN!-{a!k${kpBbE{HC&Y%U3eZGMy*Z#MIZ zHh09_sgEfWIIxx|~X>RVYcG8>DCC|KM=2KcQj;%C*;8E+#ZEd0e~O<-&J@EAQd zs#%a(74c6%xN9`4v6gXIzY+|j<|a8ih<<^TMlYoj%5={Wz_tymxwGn-G!7n;7>UFz zC=u-{SGwihX{Q;O%^S0J*;!nGUes>kQ*ZfImqFs$nQ-{~pMajO)9N#2Vs&F9ch|CU#zlG zp1ItF4VnR!=&l?gq0}9lxKdJf-Gy2u%7`o>`mC&5pV7tAfSAd(D7`05ZY>ELT}UD8 zWm7i20V6oc)cv+R#A^Hd5y5DM2mbP)HsL-us<<;QAI2}}8a0KLU5J;w;I}xXh*1j= z&7LIhZVlit^nNNVKWj_Au&A%)g)>GgE%4ba;O9k?hVzr(*oMy@%5v?f8 ziE_QDtfBWZGT&~_MmA~Cv|hJX>RS`MdM`UQn|N+XYs@LB8B9p={TW2utY*$qRR%tdM=d@mLD_b7chf@yfK}vg5 z47dj3Dt@q}_r~#IvHlrSEltSGSVdZa1@nz@^Ol7E_MF`Q(zV*$%oXT0=~sf$>?2kD zm(F1drVTqBLI=0`qS^HmToRuc`2y50T;i4)f3DI*0> z97ZtLLiW2JlmTe$()2FqV~JU2 zoet-dO8}7Y$T;vT{LkA8V_veF$k1&)PAG*9c4nEKx0ZLT9@RyUvhic3G0unrjMFd&ksXJdh4r+l%Q>$^AJ8ebW zPiR>2f`a|cI@G0kQnpW(89Cx@CVe&stiKSl-d1mlCf)5|wjOaXe6f{kvANl!6vc^T z-~|wp&t-+rY9I@y)gqiwUdDNohzI7{!(nZH2L&{F%>D>6D)Gs9Vbe^{!m$GLAGsF} z^3WfW)Cr7-*7LSYy7q=uUIQmjmc*}eN(uDEICOKdg`86>Ku+rvnrE9eNtr;^{3WZb;mIZaj4I-tTQRmc=n1-@3f4RKE=Gg5V zdtW8N#!qOOx(1t&f{pg|7cb*#v*zE7Dr1kL_jS7@UC?iDgfnjW{Uj6J>N~-71BsKI zwaTNGJvDCTojBUkl{eJxHKqJAXI@Ho=mJQ~xEvnSAuU4}013|7ZrwhNI9F;#p5Mh` zaSL@J@gt#PHPO>?sI;U)jWCdTpWqD_-YdJU=~sj*!}7*4`^0$TUc66{C#fo_n`@V~ zjzNQ(`8m#AoYTB3I&wA3=)5{YVVvE)Qy-bJ)D!1YDZy!T_&xM2smCzRnJ+QR9(c1D ze)U}dvLheHp;+1C&!3cgQj${Kx(l6@G|+k0))y72cVU$4siS198E)*<1UWb1Gm6ky zW{1JoqQ*AE*5XZHD5i}9F7+hsDE<73gxWuEt6JNMOue!3!MJB|^0k=}&Fm+BL3+3k zYGPBXu=bIQcGEs(r~9y4HaEIqoAvU^{J*2;sc!VSmnmO`c)BgTX1F0emlBc90ZmePO35cff?(!Uu+0_D*0*32Ze&Y_AY zUxVlfaMz0pg%6K1ar*BDotJ-H!o~;N7Wk+Vkw*rz6Dp)l;9Ym4)iOlB%&Mu2I*qZ4 z7+Bd=GL%;iF+uIxma!=~L#Bwkdm_^vYjr(qCz~&S1f$G-j!Fe2zM2d$SWkXVneD;9 zQ^~!^-E7eEhOjv=+t#M%S$b*tRoIP40i`Hm{b_k!+m{Yi`WkX8(eHCR6R&kBDtNp$ z^%%RLh_TL6DHl*K2a_n0`;WWr3?DuIbG} z<%Poox_8&)SE{kEwW`KS(QRvE=j9*X8n!$~eLC?bcRLl(a#dm$Q0@uD+xpVgla{ z0LQ|>ZmLyH!e>5a`?o_-nK2jkgk@n(Eca(=~ zo}tT$q0YyK1diV_=i+Eo1y%*Yd{0@xgFh7Q|~TWHD5@Mug$L`j|L;`tGIYOBDG)J6{W8DlJ^O3 zpq`!b6968%`b-{IyEYUu(;g|LB_b-tDN%9egNQUw6hjCX?{LxgpK-!rk~#zroK>hd zyx9rh1S8jtNhJI0?9QXPF;)8^IS-wd!PO^tg`TNTMRat${oxn_I)E54VfSZr)z=2{zsSa93Hb#HD7rK3As{)jG)&h@Z1F7Ciwl(uePaNaAioB1v#P4SqE zv_ysPF$vk*L%(Hu-kVR&q8n?qNyLf0M&TDDA9|5j(uQ2E_B`r3=7%a~r$wV!VPE#~ zb>t-z*ftn_l9KrT3&I;rp(D>J<2f!6Z&m3n*JheH8H?78hYq(P?okTQD%d6)I*BRO zwj>{&u0#m@FJ+sGe)d(M%7ahzl{X`J*V=O`S#!2r@@tmKc6Ta{DOWcr9QH9uneCT8 z?)j=my=gX`mD_t=(VN)C?3K}5tRA|b$bn+3bjpnPt!x`6`lMW8;=Ds_RpDnv8GDaS zT!4*Zn^cAnLp*n+j5S-0JZ3kz*o5NU@@u4d1^9Ao@QORa)3q<1BJ$2B>DBmpqR^ap zyhXw1@3u!RiXMi|jeHh5ILueGfsP@sGJ00}2o>A(xE(w6@n(km4Jh%`;gaD=;_mt$ z6H5e30m`^5?0UkRNDC$x(#*Z}{Mj4oWViO_*`Gh0_lLPKyoR4vd~g{MNhSUWZUKEa zT#bhTTDGApNq)GoiyHORHK^|W3zlNWh|7Z~ zeK&#%>_&UI3>Fr8u+v#m<>^GsC-rLMcBiK63hg)4b;DmB<-H{2uLETWlR9OuyW5lg`pWpxHR{Z!A(jRJGxuZaI zq8r=Sp4&ezS~PXk3-{Y>)sgY1j|F*!&fE)%a68jaEAgtbA=7F&h+%xa?p4X0dIF~tGfRk8*fjDq%B73R2QwJu z-)l0E!8+t)-B-|UtB60r@2FvG$(wXt^b?cUlC_>y(H)C~g1phlP98!Xg=o6|;okl% z6MnL4eHU{|arKG!_r8`(%m1gn>xyb}+t%A&P*JLiG^K31AVs=T4FphnN01%@O7CnG zq-{WHp+`zUT95z{5<-+B2Bb)D0g=!W2m}bd+<)IY#y#iUhjSf!+{c@zJS3S}bIrNd z{Jy!?|Mh8HP4(g3Wh>i(Np!&^0^s`jq$Aq=bQlJy^9I>;c9<9bq$ zOEv`9p-0YSm_U7Xf~lP&MlVMekgs;voKGKudGsgG5oA0@`>?75;TIyl725z0qRa`P z`Fh6i&GHCHpx#nh7qcrDF{Xvyzdr<<3P!r7c$;&nm`p2R4V(;xP0E+Y>!5H#xxC#u zN%;$g%C3A?z7IZ!Cvt)F&>kx@)QpjS>YeDM83*iWP> z(!8dS+u?y)jsqSjB9>JGkHaXO15-B7?MpSnvd_zL5D)xnFKb??Y~>1Ti%92zfu39> z-=fq=E>}md+pj9_Bfw`&!g%wfM;zAKGp;N8f4hzyHNyg92@HCyY-X6w^N9PPR24g$ zq{_SGjtL@;VN2~Yz?<_an0xS-;CCi zdcp(teH>;jIZD4Ib3hipglLi$5_J>w5zMJw7%2IK)LP_zZt(5A@Gllr#)#j?89?8+ z$lpuSmV6ZbHxsL|VK@i%hfzg_Qplc%=@nR8%1sNeOb?w$cfE!u+h|=3?KChNSR7uT zs?o4c*9)rYbmX>Nm^uoOmweJIOMl)~w-_$v`qaKO3Rr813I@eg>vsx8%1h#8-hO5}Pva^JEh>QSHS&4Vqo{>7lDf6_*EmTYN&DO;+)} zc~(7c%N>GRZ;S1i94xbAp22tLR=24MhA;z###eSux(S3@XRuu3 z$F=)Ep~Kr+Y>ygniR5Pa__iO7Y^O6pPx{<_HgF`RFq-Zk_LvnC6G+VzkQ3af&6%{b#kc zJz3k!0_+LjbcWNSt9=dP$`qITiofdJE&l0zM<5|?^nFy!<8pt^1(6c#3vI$WKTH^3 z89RN#9THR86MV8W4~{}s6$pvJk5^G$NGi!lUrd(eL6h>#iGF8oT`V%h!IRWsqzxrzYG(k> zc%e2Sw0U=1E|gIm(Iz6MVmruD;RT;+R{uPseQPPixqW0TZT0xD7f%$Cz>}));dsht zwaS^sGhJ}?!JEr@?lQ+Ok?ekmR1t)A+&0i(%fGz;WMW$bTn{`kJ@o1Nf$Oo_*eW$7 zzH+N4;&|3Jd`VMPf*sc%Z`{NFzhQ&_1`kS+cqNY$DYC-2my7-r(Csv1Y4Sz~n@Wjy zYoZ)h!A~wJFjr(+w0Xm$ja0+dy!AG^+AS^QOz+&BQwCVk_bZR?c;2l0aOIq5bA3qD z1vk9Q9hNTsw?>79kCme-(J6Y$_Bo3S^GvBS>u9YXrj4``tI+EwZ(<0 zAF2xvx-(Rl*X~Td)#l7ISB@pHikNtRBu?FNGF-Dd4jgbJmYY;yfLdpBA|?oEpe7R6 zyf)rW$Hm`a<|WEvR$Sov{=G?|U%Uneim{GMU&uj)T)&US62_s)6WIM{VnXCFgiT+9 zXuBB-9<{jm_yi~TqJFxuD6R3>ChTypQ3rfPu8<(6CMU1C6^(BUHfcLyq|RT&@augev6aO)IJL)=suXX44;c*12-y zLZ)V(9T**6VS1Q;vI_Pazov*JrZ`1JGRSBG{q!hwdp^gj*yAUro|1dooBsH%BNBCd zbgm(z%2JRxKO!su;H!$}ZHo!?O3D?%Ygham_+bV)TU9o%B78aZ<-6@5VZrpZg|>DZ zalK2FtHX@&nC2Um(9S7guvO0cF{=M+Ha#2;RV6kav6|wK4$lQ~j0gn773=G6M&&Shj z>?{rYXIak1*$j?pMNdiYzV92S09ws9c*PLKT^ZVwQJ=Y-_GEDm$z9;^ZNRq0j~N5i zL*sAH5=J$?7>DFrdbq8jkjwRzYZI`M%Q2 zZ1f~5Y|p{$oa>#eHejTuY@^B#dFz)tljaMBh`}{y5<4X>BAQ|e-IjHz&5fG{7CCfg zN%=EW9u^4A!UaC-KmDwi1)?C41`;(|3I(x`VEl60FyDidROZbCz81vrXGC96K7V#{ zU|P)X2shDTXl+n0ZN|z!I~6gFv(-`TE~IaxV-EwLNTECjQxu9EyhpvPeHkVohv%pq zKQhFuvgxTz3GQ7o^?@t z7Twqx0m_((%d=kOVz9k}nFEU4k)Z6;==q=XSE49-*t&xB5iChKo3*R3eNuX;*ofo5R7OJSP$d3xI@Gr$585Ka3 zhxT@NeGY2g=j*fE{bVllGr(i*?Cku?*#n3Yug!lp_YAnIHQF}EWG+@7_bsY~(}za* zR-UFHiJ~#T8r$z2Pgdjh;s+iL4T;@)>`pEgV+Fw^tb37Y|px71vxVa*2+z*wSod{5nOKwmG`_oo6dee2u(1sg(2?v$$ zGjH)}u56%0kaY>~fXheQvNzui*!cY?$$>wIm*u}U@8%(#%P=aAt_w8qfSr7tNf ze1?=ARzw5<6!v!_pn{&IpGnxYN#Gv2*N>r34*26e*hUZg|%>&m8^r1uXNTN#O?l0~6;IwC5IKUDd%`KE#| z^vfd(HB9+yovli&EU9;O?MBw&lHRA3I? z$cd6K$HQ$T=t?%Ya#{UFssXF}!U>~1sjgPjxns#TwCppj$x8?XRQ3{Yf7iYrXy#FMSA3?QIFUCC0*R!k^tW|wM0>gOFECVM;;4eB(&_t+l^a&VsX@ZGiyNo46^{|a9e?s zj_-MIjV&n9A2T>1F5@Ka56rjQ(}eQ35ipw>`6bJUodRBceAZSeAH|pRv|1j}VoO)9 z6^^bBRr~kM>wi~QJdaPFI1^7C`k0(Ld)459e*IWluc{n=9)ve9L+gArA*6fFizFNn zOu-o&bXb8pvwoKKm1sWCk3=m&JwwWf5#D?DOQIjgaP{_5eV&3{${PGOw%1k4s^I=t zBF*uKtFm%1o!~lslb~?=o~O8^#bwHi4(L>kLRqU&_~usMD8QUjI@?yH=%O=gUk8Fl zTTZcyn*Z>%_GXh24xT*omJ#vhG2V8r6G@RF=4x1^uk#4>cEeXP#B7+}@Ev+Q^UTg| zM*WV-$M2T(C4NI6Wz6#l|7IjkthA_Yg50PsYEImldiU^@YDhle&^xB^uN0Mm4EZPC zl#7#v)au_6fc;^`zVxj1h|EH%G8_|k7~7l39NcbQ=eGX*^JIk2cNDOiH;RB;s%(o~ zH~p@r@?S*S){mFo)@_D(d^sMMfe;UNH$qo`1O34%nl6_g-xN$2-X3H&7zL>qVQDAr zfUc0|$psuO1ib%X+-jEG-4%e6uiQ z0e?*EXh^>hzN9k(L5kh}O}IYz10qXj(B!*bX@*UmLJ!a54m%wkZ0}V9_m&_U$jwHk zVEg5!+IBiTBGPN1WOn@HP`|&((<$i!@B|bd0i{xt0YS7@eS#<6Qxr@ zfY?TkV(DxUt-Zau6p}2v(@B~W6qC1}JIh>{{wNppcI_|xwr4^|*-lgKg4rIShPz_> ze@HaE_fcyejt?F)TgNcH@sk*C-n{jl;Z2e*K3!)symVS8Ww(R{_ox5;xjMbEH0Uoh zIQ}!u@QNodGKcJy2_C!%z#eJ&h>;OaJa*)sDP^1y8{<(|v=^J#1GEDQJ@RPnnO3s@ zMe|FD*Fn(B-HKN3pCJj|Aq>=1KHW3ep*>BH%M_Q58?5p7KwvI<%ZBGqLGBz;n*n0~ zA-WA&Nau4d$-2Kpx)S%UuUkl98(&eq{csDVK^_o$E}h0B5VN|Z!YVpiyRCJ>%JxSe z@2k9%tH#3F@2p3(nqU>EnU2dx+eV}1@uWGRS0cn@Y01?_l9^Z1hnu3Vi>g*Z&mO^5 z`$Uhyc?v`O`WBw^X0YjjuhzX7{Emiq2x*zXYm&3EzTTvbpa`m}s=5jL1YJ$FLc2d} zb{&hI&U&s1)>j9q<$DG)1-^Q~M$}+G;*H^&zk+t0=-arB0rC<$f%XyfTl|q4#X2Vu zr>BX6Ybc8)B)lx(0+s1398RA8#2voF`)x}uCsi?*e6+xL{ER?ojgKW*x=|-Xw|_>_ zJbRYM;-G_Cpw80#@YgWL{b`~EZ_yTcK<=%%aF$O?)Qe`b=wfTSenXMVs)lm*n?D7g zcp+_`2LE_%2v9q%jH>-@3(75(x8d=ih+V`5+fIfFAy(r;T9!-R>=8gI4EsFOzxKp{ zHI2`aZR{bbt5rRwVQkokcfk8FQEp5Rare87$DMf{nZt2U^O=AFDNrX+T!hxlers3Z ze~t&BHrUaQD|<$jUxv$G+1{TB-M+mcH`mpHPL>mmR#0j)j_K(@uZ%aQ8mJ&L9pUcW zjclp)aO-+Kzr*}CN6zZgqh`=YR|p?50a1n1{=LfE-Z5jlcP!*>H$UV$#*w_5X|Gpz zu4Yj33qn#~clW*Fq@~22uY^2rvQdASWXc&FThVL;E`$y?ylApKwt@EVB0^TLWh__O zK3&ogSlL~e@RH{@NB~V^_x6(*mdHci_1fFM1OoZdwRjDxY1Kra7Qqlcl(PcW9f|1u z>qN&T^=qg2@!Wo!HJYzWAAqk!?L_@zX_zJ!*}=_0Z9WPv=T^p0>WNZQW24`TCbhZ4 z77x$G)qh{Z_XAXx)>pHJxssMACAFOPHg~2CvhROCcUy}nC(qzr%x4N1mJHWe*a@%Q z;TI!r_)U_H#o6tDOfU`Cp>#CeZjnIuF+<_YJ^{O6!>-sE5>{ot!WMwI7(IGaX zfzQ+0Ny6Af#sf&}W$$9>k`gjWroT_&w)u zYe&XzA{7?3C9u@FlR|-#EW74R=?gh_H`KIRQEQEecE{*GS?H9Mv`a$hZ2^~98^J+u z=A$$vOpAueVPL%K^sso+VjO$5xUhiTXj!eDXh`_m_5j_T3KwO4KHvhjsd?dw6yz1x zC8@Q0LMc{5Tb=%Izmk&CW`!%0jXsApj+SCLFBYNd~26VJvbDHMz~+9NCC6J^d!%DZGFbHVe%c+l`2UEGWmQJg4QE@%6>@TG?L zhyLM+L`_cN3~?KG3HFNRDT|K$bDF8^x(Wh*zUIyoruF+VOc|+uu0n1h84rK88d;<8 zd?;(Su(*|{#I)2qn*aM`rp6g>2y{2wOe#xiyo(O&dR|L)jx`U!;aWW7-31sKYk+_>vfN$84I+(3v}z1gf)D2% zUjgRouBCQezdNM{*~_gKWf1LGCG&^2~!Ut1`Oa|s2(5qe1TRx zDSADCZ)#GK5b^>vBEu)(;d=y-mMt#09>|R7W7rD>p2iBWEI%ykJZ6Q>$_&MmSOEJG zXWK|pXTkJeq_F?xf28T26fr|SzlYB;6`$C$ax<=FtFoq(WjecOcm!ZH177urDvM)Q z5l`sZhgXN#Mnv7_MK@%YlgqS=3!k?OK&r@A~J- z|EF2`_isN{=YLXQ2<+~K&kZ9jHY!vz)}Q}oQf}&($RX#KUSTZ6*e%o#xaao$os<7E z?*HYa#6Ld!nC%Gw*+5|-DyerH$RyF)*v1{tz|ZE^p3W| zxu;uw^iQiKH8}I^Y>T4j?p1%AK4E#(7 literal 0 HcmV?d00001 diff --git a/modules/ROOT/pages/kubernetes/configuration.adoc b/modules/ROOT/pages/kubernetes/configuration.adoc index 07fbe15bd..afe9873bf 100644 --- a/modules/ROOT/pages/kubernetes/configuration.adoc +++ b/modules/ROOT/pages/kubernetes/configuration.adoc @@ -577,7 +577,7 @@ Instead, the Neo4j configuration is set in the Helm deployment's _values.yaml_ f The `config` object should contain a string map of _neo4j.conf_ setting name to value. For example, this `config` object configures the Neo4j metrics: -[source, properties] +[source, yaml] ---- # Neo4j configuration (yaml format) config: @@ -614,7 +614,7 @@ You can set an initial password for accessing Neo4j in the _values.yaml_ file. If no initial password is set, the Neo4j helm chart will automatically generate one. In cluster deployments, the same password must be set for all cluster members. -[source, properties] +[source, yaml] ---- neo4j: # If not set or empty a random password will be generated @@ -641,14 +641,14 @@ Once you change the password in Neo4j, the password stored in _Kubernetes Secret [[configure-ssl]] == Configure SSL -The Neo4j xref:security/ssl-framework.adoc[SSL Framework] can be used with Neo4j Helm chart. -SSL policy objects can be specified for `bolt`, `https`, `cluster`, and `backup`. +The Neo4j xref:security/ssl-framework.adoc[SSL Framework] can be used with Neo4j Helm charts. +You can specify SSL policy objects for `bolt`, `https`, `cluster`, and `backup`. SSL public certificates and private keys to use with a Neo4j Helm deployment must be stored in _Kubernetes Secrets_. To enable Neo4j SSL policies, configure the `ssl.` object in the Neo4j Helm deployment's _values.yaml_ file to reference the _Kubernetes Secrets_ containing the SSL certificates and keys to use. This example shows how to configure the `bolt` SSL policy: -[source, properties] +[source, yaml] ---- ssl: bolt: @@ -669,6 +669,458 @@ Unencrypted `http` is not disabled automatically when `https` is enabled. If `https` is enabled, add `server.http.enabled: "false"` to the `config` object to disable `http`. ==== +For more information on configuring SSL policies, see xref:security/ssl-framework.adoc#ssl-framework-configuration[SSL Framework configuration]. + +The following examples show how to deploy a Neo4j cluster with configured SSL policies. + +[[configure-ssl-with-self-signed-certificates]] + +=== Create a self-signed certificate + +If you do not have a self-signed certificate to use, follow the steps to create one: + +. Create a new folder for the self-signed certificate. +This example uses the _/neo4j-ssl_ folder. ++ +[source, shell] +---- +mkdir neo4j-ssl +cd neo4j-ssl +---- +. Create the `private.key` and `public.crt` for the self-signed certificate by using the `openssl` command and passing all the values in the `subj` argument: ++ +[source, shell] +---- +openssl req -newkey rsa:2048 -nodes -keyout private.key -x509 -days 365 -out public.crt -subj "/C=GB/ST=London/L=London/O=Neo4j/OU=IT Department" +---- +. Verify that the _private.key_ and _public.crt_ files are created: ++ +[source, shell] +---- +ls -lst +---- ++ +.Example output +---- +-rw-r--r-- 1 user staff 1679 28 Dec 15:00 private.key +-rw-r--r-- 1 user staff 1679 28 Dec 15:00 public.crt +---- + +== Create a `neo4j` namespace and configure it to be used in the current context + +[source, shell] +---- +kubectl create namespace neo4j +kubectl config set-context --current --namespace=neo4j +---- + +=== Configure an SSL policy using a `tls` Kubernetes secret + +This example shows how to configure an SSL policy for intra-cluster communication using a self-signed certificate stored in a `tls` Kubernetes secret. + +. Create a Kubernetes TSL secret using the _public.crt_ and _private.key_ files: ++ +[NOTE] +You must have a Kubernetes cluster running and the `kubectl` command installed. +For more information, see xref:kubernetes/quickstart-cluster/prerequisites.adoc[Prerequisites]. + +.. To create a TLS secret, use the `tls` option and a secret name, e.g., `neo4j-tls`: ++ +[source, shell] +---- +kubectl create secret tls neo4j-tls --cert=/path/to/neo4j-ssl/public.crt --key=/path/to/neo4j-ssl/private.key +---- +.. Verify that the secret is created: ++ +[source, shell] +---- +kubectl get secret +---- ++ +.Example output +---- +NAME TYPE DATA AGE +neo4j-tls kubernetes.io/tls 2 4s +---- +.. Verify that the secret contains the _public.crt_ and _private.key_ files: ++ +[source, shell] +---- +kubectl get secret neo4j-tls -o yaml +---- ++ +.Example output +[source, yaml] +---- +apiVersion: v1 +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURLakNDQWhJQ0NRRGRYYVg1Y29mczdEQU5CZ2txaGtpRzl3MEJBUXNGQURCWE1Rc3dDUVlEVlFRR0V3SkgKUWpFUE1BMEdBMVVFQ0F3R1RHOXVaRzl1TVE4d0RRWURWUVFIREFaTWIyNWtiMjR4RGpBTUJnTlZCQW9NQlU1bApielJxTVJZd0ZBWURWUVFMREExSlZDQkVaWEJoY25SdFpXNTBNQjRYRFRJeU1USXlPREl4TURjeU5sb1hEVEl6Ck1USXlPREl4TURjeU5sb3dWekVMTUFrR0ExVUVCaE1DUjBJeER6QU5CZ05WQkFnTUJreHZibVJ2YmpFUE1BMEcKQTFVRUJ3d0dURzl1Wkc5dU1RNHdEQVlEVlFRS0RBVk9aVzgwYWpFV01CUUdBMVVFQ3d3TlNWUWdSR1Z3WVhKMApiV1Z1ZERDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTDBRc0c2Ukwrd3hxZSt3CjJGSWljZldVaUFtdmNqeVdlS0lKaThuT2tBSGIvSTYzUUU2L3ZpR3RNeEI3S28xdUJLNlVPZXBaeU91UzE2bUMKaitpMDAwbmFnWkR3RGNyRXd3UUE1cTBGMC90VXB5UHBaL1p3clhEaGFDOXhzVnFnVms0TXl5aUtTNzRIOUc2UgprUUV4dHBaNFArcTlaRHVFVk1KVGVaL2pQNGZoTkg2MUpSTVdORTJ3NjNUWkx2ZGMyUitXL2U5N3h2TGQ5Y0FnCjlqTm9FMHo5UHRmczB2L2lyUGhuUHpzWHQ5bzE0MWlnOVFZNjNtMzBxQ0NaYnpMRlR6WFgvdTUvTSsycFB3WXoKcUNOTUZYYW1ITlAxdlRPWFlRTG1iYW1JdVplYnVPNEVlUHZ6WUVXSmEyUi9oTmhtUDNvM2tRVFAzdmF1UEFjZQpSQlJZS09NQ0F3RUFBVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBWVh6SkIzNU55cExDUEdvQXVJdGt5dHBFCk1ZeSs5YnlrV3BEVnhRaXZLUHQ3d1NUaWZjNU1QdW5NUy9xYmxnaWprWm5IaWVLeEdoU3lQL283QndtMzJDSnAKQUFsSjJ3RjhIVXVSSGpYcUU5dkNQeFdtVlVJS2ExOWN5V0tUYWhySWU1eWZkQWNkbUJmRzJNWnY0dEdFeWxsUgo0Vk81STdRNjVWZDlGQnB0U3JjS3R1WUtBUzg2RTBHZmlmMWxCakdUZTFZbkhvK1RZTVpoVEUvN3RlNHZ1M251CjA4Y1BmbS9RYThSNFBXZDZNbXVDaTJYcDduWVlEMmp3WklCSENtMUU3U1RrdS9JRk5kOWFWRW91VG5KR1pCWFcKeWVzWG9OMXhOb3kvMXZFdElhV2xXZW1GcGo4clJ6VGJQekQ1TEpiNDBSRFVOTXN3NytLUXczV3BBMjVKUHc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktZd2dnU2lBZ0VBQW9JQkFRQzlFTEJ1a1Mvc01hbnYKc05oU0luSDFsSWdKcjNJOGxuaWlDWXZKenBBQjIveU90MEJPdjc0aHJUTVFleXFOYmdTdWxEbnFXY2pya3RlcApnby9vdE5OSjJvR1E4QTNLeE1NRUFPYXRCZFA3VktjajZXZjJjSzF3NFdndmNiRmFvRlpPRE1zb2lrdStCL1J1CmtaRUJNYmFXZUQvcXZXUTdoRlRDVTNtZjR6K0g0VFIrdFNVVEZqUk5zT3QwMlM3M1hOa2ZsdjN2ZThieTNmWEEKSVBZemFCTk0vVDdYN05MLzRxejRaejg3RjdmYU5lTllvUFVHT3Q1dDlLZ2dtVzh5eFU4MTEvN3VmelB0cVQ4RwpNNmdqVEJWMnBoelQ5YjB6bDJFQzVtMnBpTG1YbTdqdUJIajc4MkJGaVd0a2Y0VFlaajk2TjVFRXo5NzJyandICkhrUVVXQ2pqQWdNQkFBRUNnZ0VBTmF6OVNnYXlJazVmUG90b2Zya0V2WUh6dFR3NEpIZGJ2RFVWbUsrcU5yenIKME9DNXd5R3dxd0x2RW1qRlJlM01Lbnd1alJmOGNOVDVvVWhON3ZVWFgwcEhxb3hjZmdxcWl3SnVld1RDa0FJUwppYUdFUUhUdzZMRTEwUEpvTmFCN29DRUZ0SGErMWk2UCtLd2ZETVcrWHEyNUI3M0pMUlIrczhUYkxNZHBpL3VvCjRmTFNJV0xDV09MZThUTlU0ck5vVDQ0enY0eUhUOXAyV3liSUNrL3F5bVV3bTlhRHFnYzRJRzk4YXVVNG5JYVQKenk2T3NBODdONW9FME0rcHlUdEFJcmxRZFBXUzBBZ28xZUJCcWplL1I3MTI4TmdHVzhOTzVMWDBtNit2YzhyVgpaTHh0N1d0NThucXR2WlI3QTF5SU9lbWtocHl2Q3hrNVRxSmZQRlJxRVFLQmdRRGlOL3NBZncrZ1dvTFpLbTNyCm50WVkyRW9TOTBkQ0wwd293SGFGa0lsL2hIWXduQi9qaWlnMU5ZbEhDNzNPVDdDc2UycS9tS0xhMzZBVHlpTHcKZjN1T0J3NmNFZ2RJZlU5aDBtZjJCNFZXdEVEeDJMSU94MEtZU2VrYldTTVZQZ2w2SkhNb3hLdjNMbEx5R1RiMApZQmtKVmpRdkVLS1dpa1FLMUdPYnZtdzFWUUtCZ1FEVjlJLzc5WFJuN1EzZ3M4Z2JqZWhDejRqNHdtNWdpNFM2CkVsVzVJWkFidDh3QWZPdVIzUm4wQW41NFl0ZW1HUk1seDF0L1ZUM1IzK0J5bmVTZEgzbUJ6eVJEQysvRGhBTlYKNVZPckk5SFhnVTRMSElVMmNwVVZxYVo3N1J1b2JnTmlDenBmOVZPVkNadzdmQzRPYkFqcTMzQ3RtT2taR0hRbAo2dkJtNm1ubFZ3S0JnQ2FnOW95TUplZjA3TGtXcExTQ1ovN1FHRDRLMmJFMGtHVzVEOFFZL1ZHNEZkS1JKbVRkCmQ2WTJZUjJ2cEpheFJ2TDlGQ3BwYncyKzkvL0pHWlJGd0p4dEdoS09oWTNjVUF6ZE9BRnNJVm0vNkFNa1JLdC8KWFNEU0ppc1VXb2hMRXFVM3lpNWcveGh6WVppVHM2MmhKMFZQNGhOVFhPQWw5aDUvVEE4UlFqc05Bb0dBTm84Twp5R2xuTGJrOWVMZGZwK2NmK3ltQS9DNVloellNdW9aQ1pkc3hMR0JLSFRXOXZJeHRPZFFJL0JuNGM5cWhEMWt1CjgrR0F5aXdVeUNXTFRxWGdEa0lNTlN5dUQyVnlsRXpPY1MzSkxQTkVPNEVpVnlnUTdGMCtud3R2cWh1anNUUzcKeGd5Qks5Z3ZodHU3d3VHNXhHc0dDTDZkY2xEU0RYbERwSHJTVmpFQ2dZQWx0STNjMzJxaG5KU2xHSGhjdW1wRwpReGpvYnJBUUxUa3dyOWk2TkNuS0EyNVR1SVFXa1NiN2JUWWtuUi80WDhOT2w2U2EvYm9QK2dncWNJM0haSk05CkxJRnpPUTFWT1luQ2ZYZVd0SmlHQklwUExadFdobnA3NGVhdmJKYW9udlhVVGNZcm5qcytIWGhpaFhjOUhENWsKeEJEaWJKYUlEbXg2T1FpVWI2RndJZz09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K +kind: Secret +metadata: + creationTimestamp: "2023-01-04T13:53:14Z" + managedFields: + - apiVersion: v1 + fieldsType: FieldsV1 + fieldsV1: + f:data: + .: {} + f:tls.crt: {} + f:tls.key: {} + f:type: {} + manager: kubectl + operation: Update + time: "2023-01-04T13:53:14Z" + name: neo4j-tls + namespace: neo4j + resourceVersion: "212009" + uid: b1be45dd-4cbe-41c9-a6e5-c814c5e39c25 +type: kubernetes.io/tls +---- +. Configure `ssl` object in the _ssl-values.yaml_ file using the created secret: ++ +[source, yaml] +---- +ssl: +# setting per "connector" matching neo4j config + bolt: + privateKey: + secretName: neo4j-tls + subPath: tls.key + publicCertificate: + secretName: neo4j-tls + subPath: tls.crt + https: + privateKey: + secretName: neo4j-tls + subPath: tls.key + publicCertificate: + secretName: neo4j-tls + subPath: tls.crt + trustedCerts: + sources: + - secret: + name: neo4j-tls + items: + - key: tls.crt + path: public.crt + cluster: + privateKey: + secretName: neo4j-tls + subPath: tls.key + publicCertificate: + secretName: neo4j-tls + subPath: tls.crt + trustedCerts: + sources: + - secret: + name: neo4j-tls + items: + - key: tls.crt + path: public.crt + revokedCerts: + sources: [ ] +---- + +Now you are ready to <> using the configured _ssl-values.yaml_ file and the Neo4j Helm charts. + +=== Configure an SSL policy using a `generic` Kubernetes secret + +This example shows how to configure an SSL policy for intra-cluster communication using a self-signed certificate stored in a `generic` Kubernetes secret. + +. Create a Kubernetes `generic` secret using the _public.crt_ and _private.key_ files: ++ +[NOTE] +You must have a Kubernetes cluster running and the `kubectl` command installed. +For more information, see xref:kubernetes/quickstart-cluster/prerequisites.adoc[Prerequisites]. + +.. Get the Base64-encoded value of your _public.crt_ and _private.key_: ++ +[source, shell] +---- +cat public.crt| base64 +---- ++ +[source, shell] +---- +cat private.key| base64 +---- +.. Using the Base64-encoded values of your _public.crt_ and _private.key_, create a _secret.yaml_ file: ++ +[source, yaml] +---- +apiVersion: v1 +data: + public.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURLakNDQWhJQ0NRRGRYYVg1Y29mczdEQU5CZ2txaGtpRzl3MEJBUXNGQURCWE1Rc3dDUVlEVlFRR0V3SkgKUWpFUE1BMEdBMVVFQ0F3R1RHOXVaRzl1TVE4d0RRWURWUVFIREFaTWIyNWtiMjR4RGpBTUJnTlZCQW9NQlU1bApielJxTVJZd0ZBWURWUVFMREExSlZDQkVaWEJoY25SdFpXNTBNQjRYRFRJeU1USXlPREl4TURjeU5sb1hEVEl6Ck1USXlPREl4TURjeU5sb3dWekVMTUFrR0ExVUVCaE1DUjBJeER6QU5CZ05WQkFnTUJreHZibVJ2YmpFUE1BMEcKQTFVRUJ3d0dURzl1Wkc5dU1RNHdEQVlEVlFRS0RBVk9aVzgwYWpFV01CUUdBMVVFQ3d3TlNWUWdSR1Z3WVhKMApiV1Z1ZERDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTDBRc0c2Ukwrd3hxZSt3CjJGSWljZldVaUFtdmNqeVdlS0lKaThuT2tBSGIvSTYzUUU2L3ZpR3RNeEI3S28xdUJLNlVPZXBaeU91UzE2bUMKaitpMDAwbmFnWkR3RGNyRXd3UUE1cTBGMC90VXB5UHBaL1p3clhEaGFDOXhzVnFnVms0TXl5aUtTNzRIOUc2UgprUUV4dHBaNFArcTlaRHVFVk1KVGVaL2pQNGZoTkg2MUpSTVdORTJ3NjNUWkx2ZGMyUitXL2U5N3h2TGQ5Y0FnCjlqTm9FMHo5UHRmczB2L2lyUGhuUHpzWHQ5bzE0MWlnOVFZNjNtMzBxQ0NaYnpMRlR6WFgvdTUvTSsycFB3WXoKcUNOTUZYYW1ITlAxdlRPWFlRTG1iYW1JdVplYnVPNEVlUHZ6WUVXSmEyUi9oTmhtUDNvM2tRVFAzdmF1UEFjZQpSQlJZS09NQ0F3RUFBVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBWVh6SkIzNU55cExDUEdvQXVJdGt5dHBFCk1ZeSs5YnlrV3BEVnhRaXZLUHQ3d1NUaWZjNU1QdW5NUy9xYmxnaWprWm5IaWVLeEdoU3lQL283QndtMzJDSnAKQUFsSjJ3RjhIVXVSSGpYcUU5dkNQeFdtVlVJS2ExOWN5V0tUYWhySWU1eWZkQWNkbUJmRzJNWnY0dEdFeWxsUgo0Vk81STdRNjVWZDlGQnB0U3JjS3R1WUtBUzg2RTBHZmlmMWxCakdUZTFZbkhvK1RZTVpoVEUvN3RlNHZ1M251CjA4Y1BmbS9RYThSNFBXZDZNbXVDaTJYcDduWVlEMmp3WklCSENtMUU3U1RrdS9JRk5kOWFWRW91VG5KR1pCWFcKeWVzWG9OMXhOb3kvMXZFdElhV2xXZW1GcGo4clJ6VGJQekQ1TEpiNDBSRFVOTXN3NytLUXczV3BBMjVKUHc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + private.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktZd2dnU2lBZ0VBQW9JQkFRQzlFTEJ1a1Mvc01hbnYKc05oU0luSDFsSWdKcjNJOGxuaWlDWXZKenBBQjIveU90MEJPdjc0aHJUTVFleXFOYmdTdWxEbnFXY2pya3RlcApnby9vdE5OSjJvR1E4QTNLeE1NRUFPYXRCZFA3VktjajZXZjJjSzF3NFdndmNiRmFvRlpPRE1zb2lrdStCL1J1CmtaRUJNYmFXZUQvcXZXUTdoRlRDVTNtZjR6K0g0VFIrdFNVVEZqUk5zT3QwMlM3M1hOa2ZsdjN2ZThieTNmWEEKSVBZemFCTk0vVDdYN05MLzRxejRaejg3RjdmYU5lTllvUFVHT3Q1dDlLZ2dtVzh5eFU4MTEvN3VmelB0cVQ4RwpNNmdqVEJWMnBoelQ5YjB6bDJFQzVtMnBpTG1YbTdqdUJIajc4MkJGaVd0a2Y0VFlaajk2TjVFRXo5NzJyandICkhrUVVXQ2pqQWdNQkFBRUNnZ0VBTmF6OVNnYXlJazVmUG90b2Zya0V2WUh6dFR3NEpIZGJ2RFVWbUsrcU5yenIKME9DNXd5R3dxd0x2RW1qRlJlM01Lbnd1alJmOGNOVDVvVWhON3ZVWFgwcEhxb3hjZmdxcWl3SnVld1RDa0FJUwppYUdFUUhUdzZMRTEwUEpvTmFCN29DRUZ0SGErMWk2UCtLd2ZETVcrWHEyNUI3M0pMUlIrczhUYkxNZHBpL3VvCjRmTFNJV0xDV09MZThUTlU0ck5vVDQ0enY0eUhUOXAyV3liSUNrL3F5bVV3bTlhRHFnYzRJRzk4YXVVNG5JYVQKenk2T3NBODdONW9FME0rcHlUdEFJcmxRZFBXUzBBZ28xZUJCcWplL1I3MTI4TmdHVzhOTzVMWDBtNit2YzhyVgpaTHh0N1d0NThucXR2WlI3QTF5SU9lbWtocHl2Q3hrNVRxSmZQRlJxRVFLQmdRRGlOL3NBZncrZ1dvTFpLbTNyCm50WVkyRW9TOTBkQ0wwd293SGFGa0lsL2hIWXduQi9qaWlnMU5ZbEhDNzNPVDdDc2UycS9tS0xhMzZBVHlpTHcKZjN1T0J3NmNFZ2RJZlU5aDBtZjJCNFZXdEVEeDJMSU94MEtZU2VrYldTTVZQZ2w2SkhNb3hLdjNMbEx5R1RiMApZQmtKVmpRdkVLS1dpa1FLMUdPYnZtdzFWUUtCZ1FEVjlJLzc5WFJuN1EzZ3M4Z2JqZWhDejRqNHdtNWdpNFM2CkVsVzVJWkFidDh3QWZPdVIzUm4wQW41NFl0ZW1HUk1seDF0L1ZUM1IzK0J5bmVTZEgzbUJ6eVJEQysvRGhBTlYKNVZPckk5SFhnVTRMSElVMmNwVVZxYVo3N1J1b2JnTmlDenBmOVZPVkNadzdmQzRPYkFqcTMzQ3RtT2taR0hRbAo2dkJtNm1ubFZ3S0JnQ2FnOW95TUplZjA3TGtXcExTQ1ovN1FHRDRLMmJFMGtHVzVEOFFZL1ZHNEZkS1JKbVRkCmQ2WTJZUjJ2cEpheFJ2TDlGQ3BwYncyKzkvL0pHWlJGd0p4dEdoS09oWTNjVUF6ZE9BRnNJVm0vNkFNa1JLdC8KWFNEU0ppc1VXb2hMRXFVM3lpNWcveGh6WVppVHM2MmhKMFZQNGhOVFhPQWw5aDUvVEE4UlFqc05Bb0dBTm84Twp5R2xuTGJrOWVMZGZwK2NmK3ltQS9DNVloellNdW9aQ1pkc3hMR0JLSFRXOXZJeHRPZFFJL0JuNGM5cWhEMWt1CjgrR0F5aXdVeUNXTFRxWGdEa0lNTlN5dUQyVnlsRXpPY1MzSkxQTkVPNEVpVnlnUTdGMCtud3R2cWh1anNUUzcKeGd5Qks5Z3ZodHU3d3VHNXhHc0dDTDZkY2xEU0RYbERwSHJTVmpFQ2dZQWx0STNjMzJxaG5KU2xHSGhjdW1wRwpReGpvYnJBUUxUa3dyOWk2TkNuS0EyNVR1SVFXa1NiN2JUWWtuUi80WDhOT2w2U2EvYm9QK2dncWNJM0haSk05CkxJRnpPUTFWT1luQ2ZYZVd0SmlHQklwUExadFdobnA3NGVhdmJKYW9udlhVVGNZcm5qcytIWGhpaFhjOUhENWsKeEJEaWJKYUlEbXg2T1FpVWI2RndJZz09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K +kind: Secret +metadata: + name: neo4j-tls + namespace: neo4j +type: Opaque +---- +.. Create the generic secret using the `kubectl create` command and the _secret.yaml_ file: ++ +[source, shell] +---- +kubectl create -f /path/to/secret.yaml +---- ++ +.Example output +---- +secret/neo4j-tls created +---- +.. Verify that the secret is created: ++ +[source, shell] +---- +kubectl get secret +---- ++ +.Example output +---- +NAME TYPE DATA AGE +neo4j-tls Opaque 2 85s +---- + +. Configure the `ssl` object in the _ssl-values.yaml_ file using the created secret: ++ +[source, yaml] +---- +ssl: +# setting per "connector" matching neo4j config + bolt: + privateKey: + secretName: neo4j-tls + subPath: private.key + publicCertificate: + secretName: neo4j-tls + subPath: public.crt + https: + privateKey: + secretName: neo4j-tls + subPath: private.key + publicCertificate: + secretName: neo4j-tls + subPath: public.crt + trustedCerts: + sources: + - secret: + name: neo4j-tls + items: + - key: public.crt + path: public.crt + cluster: + privateKey: + secretName: neo4j-tls + subPath: private.key + publicCertificate: + secretName: neo4j-tls + subPath: public.crt + trustedCerts: + sources: + - secret: + name: neo4j-tls + items: + - key: public.crt + path: public.crt + revokedCerts: + sources: [ ] +---- + +Now you are ready to deploy the Neo4j cluster using the _ssl-values.yaml_ file and the Neo4j Helm charts. + +[[deploy-neo4j-cluster-ssl]] +=== Deploy a Neo4j cluster with SSL certificates + +Deploy a Neo4j cluster using the Neo4j Helm chart and the _ssl-values.yaml_ file. + +. Install the server-1: ++ +[source, shell] +---- +helm install server-1 neo4j/neo4j --namespace neo4j --set neo4j.acceptLicenseAgreement=yes --set neo4j.password=my-password --set neo4j.name="my-cluster" --set neo4j.minimumClusterSize=3 --set neo4j.edition="enterprise" --set volumes.data.mode=defaultStorageClass -f ~/Documents/neo4j-ssl/ssl-values.yaml +---- +. Repeat the command from the previous step for `server-2` and `server-3`. +. Verify that the Neo4j cluster is running: ++ +[source, shell] +---- +kubectl get pods +---- ++ +.Example output +---- +NAME READY STATUS RESTARTS AGE +server-1-0 1/1 Running 0 2m +server-2-0 1/1 Running 0 2m +server-3-0 1/1 Running 0 2m +---- +. Connect to one of the servers and verify that the _/certificates/cluster_ directory contains the certificates: ++ +[source, shell] +---- +kubectl exec -it server-1-0 -- bash +---- ++ +[source, shell] +---- +neo4j@server-1-0:~$ cd certificates/ +neo4j@server-1-0:~/certificates$ ls -lst +---- ++ +.Example output +---- +total 12 +4 drwxr-xr-x 2 root root 4096 Jan 4 13:55 bolt +4 drwxr-xr-x 3 root root 4096 Jan 4 13:55 cluster +4 drwxr-xr-x 3 root root 4096 Jan 4 13:55 https +---- ++ +[source, shell] +---- +neo4j@server-1-0:~/certificates$ cd cluster/ +neo4j@server-1-0:~/certificates/cluster$ ls -lst +---- ++ +.Example output +---- +total 8 +0 drwxrwsrwt 3 root neo4j 100 Jan 4 13:56 trusted +4 -rw-r--r-- 1 root neo4j 1704 Jan 4 13:56 private.key +4 -rw-r--r-- 1 root neo4j 1159 Jan 4 13:56 public.crt +---- ++ +[source, shell] +---- +neo4j@server-1-0:~/certificates/cluster$ cd trusted/ +neo4j@server-1-0:~/certificates/cluster/trusted$ ls -lst +---- ++ +.Example output +---- +total 0 +0 lrwxrwxrwx 1 root neo4j 17 Jan 4 13:56 public.crt -> ..data/public.crt +---- +. Exit the pod: ++ +[source, shell] +---- +exit +---- +. Check that the LoadBalancer service is available using the `neo4j.name` used for the installation: ++ +[source, shell] +---- +export NEO4J_NAME=my-cluster +kubectl get service ${NEO4J_NAME}-lb-neo4j +---- ++ +.Example output +---- +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +my-cluster-lb-neo4j LoadBalancer 10.0.134.210 20.237.50.207 7474:31168/TCP,7473:31045/TCP,7687:32708/TCP 3m30s +---- +. Connect to the Neo4j cluster using one of the following options: ++ +* Neo4j Browser: +.. Open a web browser and type _https://lb-EXTERNAL_IP:7473_ (in this example, https://20.237.50.207:7473/browser/). +You should see the Neo4j browser. +.. Authenticate using the user `neo4j` and the password you set when deploying the cores, in this example, `my-password`. +.. Verify that the cluster is online by running `:sysinfo` or `SHOW SERVERS`: ++ +image::cluster-sysinfo.png[Cluster sysinfo] +.. Run `CALL dbms.listConfig('ssl') YIELD name, value` to verify that the configuration is deployed as expected. + +* Cypher Shell: +.. Open a terminal and connect to one of the cluster pods: ++ +[source, shell] +---- +kubectl exec -it server-1-0 -- bash +---- +.. Navigate to the _bin_ directory and connect to server-1 using `cypher-shell`: ++ +[source, shell] +---- +neo4j@server-1-0:~$ cd bin +neo4j@server-1-0:~/bin$ ./cypher-shell -u neo4j -p my-password -a neo4j+ssc://server-1.neo4j.svc.cluster.local:7687 +---- ++ +.Example output +---- +Connected to Neo4j using Bolt protocol version 5.3 at neo4j+ssc://server-1.neo4j.svc.cluster.local:7687 as user neo4j. +Type :help for a list of available commands or :exit to exit the shell. +Note that Cypher queries must end with a semicolon. +neo4j@neo4j> +---- +.. Verify that the cluster is online by running `SHOW SERVERS`: ++ +[source, shell] +---- +neo4j@server-1-0:~/bin$ SHOW SERVERS; +---- ++ +.Example output +---- ++-----------------------------------------------------------------------------------------------------------------------------------+ +| name | address | state | health | hosting | ++-----------------------------------------------------------------------------------------------------------------------------------+ +| "1c5946b1-0eb5-43b9-a549-5601087c57f2" | "server-3.neo4j.svc.cluster.local:7687" | "Enabled" | "Available" | ["neo4j", "system"] | +| "ba63cd32-3e7d-4042-9935-c8eba925a98f" | "server-1.neo4j.svc.cluster.local:7687" | "Enabled" | "Available" | ["neo4j", "system"] | +| "cbad7ed6-0c13-4ba7-b6a1-f20c5552dfcd" | "server-2.neo4j.svc.cluster.local:7687" | "Enabled" | "Available" | ["neo4j", "system"] | ++-----------------------------------------------------------------------------------------------------------------------------------+ +---- +.. Run `CALL dbms.listConfig('ssl') YIELD name, value;` to verify that the configuration is deployed as expected. ++ +.Example output +---- ++----------------------------------------------------------------------------------------------------+ +| name | value | ++----------------------------------------------------------------------------------------------------+ +| "dbms.netty.ssl.provider" | "JDK" | +| "dbms.ssl.policy.bolt.base_directory" | "/var/lib/neo4j/certificates/bolt" | +| "dbms.ssl.policy.bolt.ciphers" | "No Value" | +| "dbms.ssl.policy.bolt.client_auth" | "NONE" | +| "dbms.ssl.policy.bolt.enabled" | "true" | +| "dbms.ssl.policy.bolt.private_key" | "/var/lib/neo4j/certificates/bolt/private.key" | +| "dbms.ssl.policy.bolt.private_key_password" | "No Value" | +| "dbms.ssl.policy.bolt.public_certificate" | "/var/lib/neo4j/certificates/bolt/public.crt" | +| "dbms.ssl.policy.bolt.revoked_dir" | "/var/lib/neo4j/certificates/bolt/revoked" | +| "dbms.ssl.policy.bolt.tls_versions" | "TLSv1.2" | +| "dbms.ssl.policy.bolt.trust_all" | "false" | +| "dbms.ssl.policy.bolt.trusted_dir" | "/var/lib/neo4j/certificates/bolt/trusted" | +| "dbms.ssl.policy.bolt.verify_hostname" | "false" | +| "dbms.ssl.policy.cluster.base_directory" | "/var/lib/neo4j/certificates/cluster" | +| "dbms.ssl.policy.cluster.ciphers" | "No Value" | +| "dbms.ssl.policy.cluster.client_auth" | "REQUIRE" | +| "dbms.ssl.policy.cluster.enabled" | "true" | +| "dbms.ssl.policy.cluster.private_key" | "/var/lib/neo4j/certificates/cluster/private.key" | +| "dbms.ssl.policy.cluster.private_key_password" | "No Value" | +| "dbms.ssl.policy.cluster.public_certificate" | "/var/lib/neo4j/certificates/cluster/public.crt" | +| "dbms.ssl.policy.cluster.revoked_dir" | "/var/lib/neo4j/certificates/cluster/revoked" | +| "dbms.ssl.policy.cluster.tls_versions" | "TLSv1.2" | +| "dbms.ssl.policy.cluster.trust_all" | "false" | +| "dbms.ssl.policy.cluster.trusted_dir" | "/var/lib/neo4j/certificates/cluster/trusted" | +| "dbms.ssl.policy.cluster.verify_hostname" | "false" | +| "dbms.ssl.policy.https.base_directory" | "/var/lib/neo4j/certificates/https" | +| "dbms.ssl.policy.https.ciphers" | "No Value" | +| "dbms.ssl.policy.https.client_auth" | "NONE" | +| "dbms.ssl.policy.https.enabled" | "true" | +| "dbms.ssl.policy.https.private_key" | "/var/lib/neo4j/certificates/https/private.key" | +| "dbms.ssl.policy.https.private_key_password" | "No Value" | +| "dbms.ssl.policy.https.public_certificate" | "/var/lib/neo4j/certificates/https/public.crt" | +| "dbms.ssl.policy.https.revoked_dir" | "/var/lib/neo4j/certificates/https/revoked" | +| "dbms.ssl.policy.https.tls_versions" | "TLSv1.2" | +| "dbms.ssl.policy.https.trust_all" | "false" | +| "dbms.ssl.policy.https.trusted_dir" | "/var/lib/neo4j/certificates/https/trusted" | +| "dbms.ssl.policy.https.verify_hostname" | "false" | ++----------------------------------------------------------------------------------------------------+ + +37 rows +ready to start consuming query after 212 ms, results consumed after another 11 ms +---- + [[configure-sso]] == Configure SSO @@ -680,7 +1132,7 @@ And then, you configure the Neo4j helm deployment to use that identity provider For more information on how to configure your identity provider and what settings you should define, see xref:tutorial/tutorial-sso-configuration.adoc[Neo4j Single Sign-On (SSO) configuration]. .An example of configuring Neo4j to use Azure SSO for authentication -[source, properties] +[source, yaml] ---- config: server.security.oidc.azure.audience: "00f3a7d3-d855-4849-9e3c-57d7b6e12794" @@ -714,7 +1166,7 @@ The resources (CPU, memory) for the Neo4j container are configured by setting `n In the resource _requests_, you can specify how much CPU and memory the Neo4j container needs, while in the resource _limits_, you can set a limit on these resources in case the container tries to use more resources than its _requests_ allow. //For more information, see link:https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/[the Kubernetes container resources documentation]. + -[source, properties] +[source, yaml] ---- neo4j: resources: @@ -728,7 +1180,7 @@ neo4j: + If no resource _requests_ and resource _limits_ are specified, the values set in the `resources` object are used for both the Neo4j container's resource _requests_ and resource _limits_. + -[source, properties] +[source, yaml] ---- neo4j: resources: @@ -756,7 +1208,7 @@ Therefore, it is recommended to allow an additional 1GB of memory headroom so th + For example, a 5GB container could be configured like this: + -[source, properties] +[source, yaml] ---- neo4j: resources: @@ -782,7 +1234,7 @@ To configure the Neo4j pod to use a Kubernetes service account, set `podSpec.ser For example: -[source, properties] +[source, yaml] ---- # neo4j-values.yaml neo4j: @@ -826,7 +1278,7 @@ Instead, you can configure the helm deployment to use APOC core by upgrading the . Configure APOC core: + -[source, properties] +[source, yaml] ---- config: server.directories.plugins: "/var/lib/neo4j/labs" @@ -837,7 +1289,7 @@ config: + . Under `apoc_config`, configure the APOC settings you want, for example: + -[source, properties] +[source, yaml] ---- apoc_config: apoc.trigger.enabled: "true" @@ -880,7 +1332,7 @@ If licenses are required for the plugins, you must provide the licenses in a sec GDS Community Edition does not require a license. To add the GSD CE, configure the Neo4j _values.yaml_ and set the `env` to download the plugins: -[source, properties] +[source, yaml] ---- neo4j: name: licenses @@ -908,7 +1360,7 @@ kubectl create secret generic --from-file=gds.license,bloom.license gds-bloom-l ---- . Configure the Neo4j _values.yaml_ file using the secret as the _/licenses_ volume mount, and set the `env` to download the plugins: + -[source, properties] +[source, yaml] ---- neo4j: name: licenses @@ -1003,7 +1455,7 @@ To obtain a valid license, reach out to your Neo4j account representative or use The simplest way to set up a persistent `plugins` volume is to share the Persistent Volume that is used for storing Neo4j data. This example shows how to configure that in the Neo4j Helm deployment _values.yaml_ file: -[source, properties] +[source, yaml] ---- # neo4j-values.yaml volumes: @@ -1042,5 +1494,3 @@ kubectl rollout restart statefulset/ # Verify plugins are still present after restart kubectl exec -- ls /plugins ---- - -// Neo4j Browser, Data Import, composite databases? From 5784b0569cfdf7b6216683248dc42446bafdcb4c Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 4 Jan 2023 16:16:54 +0000 Subject: [PATCH 060/876] Fix the ssl k8s example structure (#301) --- modules/ROOT/pages/kubernetes/configuration.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/kubernetes/configuration.adoc b/modules/ROOT/pages/kubernetes/configuration.adoc index afe9873bf..848429e29 100644 --- a/modules/ROOT/pages/kubernetes/configuration.adoc +++ b/modules/ROOT/pages/kubernetes/configuration.adoc @@ -706,7 +706,7 @@ ls -lst -rw-r--r-- 1 user staff 1679 28 Dec 15:00 public.crt ---- -== Create a `neo4j` namespace and configure it to be used in the current context +=== Create a `neo4j` namespace and configure it to be used in the current context [source, shell] ---- @@ -935,7 +935,7 @@ Now you are ready to deploy the Neo4j cluster using the _ssl-values.yaml_ file a Deploy a Neo4j cluster using the Neo4j Helm chart and the _ssl-values.yaml_ file. -. Install the server-1: +. Install server-1: + [source, shell] ---- From 2225f96598a7934ae863a63c24dcffd677ceba5b Mon Sep 17 00:00:00 2001 From: Tobias Johansson Date: Thu, 5 Jan 2023 12:25:16 +0100 Subject: [PATCH 061/876] Remove comparison between Remote aliases and Fabric (#298) There is no longer a feature called Fabric so it shouldn't be mentioned in this way. The replacement, composite databases, is based on local and remote aliases, and so, a comparison is not needed. --- .../pages/manage-databases/remote-alias.adoc | 28 ------------------- 1 file changed, 28 deletions(-) diff --git a/modules/ROOT/pages/manage-databases/remote-alias.adoc b/modules/ROOT/pages/manage-databases/remote-alias.adoc index 936a80ab7..061aa7737 100644 --- a/modules/ROOT/pages/manage-databases/remote-alias.adoc +++ b/modules/ROOT/pages/manage-databases/remote-alias.adoc @@ -39,34 +39,6 @@ _Carol_ can use her own regular credentials to access the remote database `Db1` This configuration will also allow _Carol_ to access `Db2` in **DBMS B**. If the administrators decide this should not be the case, then _Bob_ must define the appropriate privileges (see link:https://neo4j.com/docs/cypher-manual/current/access-control/[Cypher manual -> Access control] for further information). -== Fabric vs remote alias database - -Here is a comparison between a link:https://neo4j.com/docs/operations-manual/current/fabric/[Fabric database] and a remote alias database, so you can take a more informed decision about which one to use: - -[options="header",cols="<,<,<"] -|=== -| -| Fabric -| Remote alias database - -| *Authentication* -| Identical user credentials in both DBMSs. -| Authenticates with defined user on remote DBMS for anyone using the alias. - -| *Credentials* -| In memory. -| Stored encrypted. - -| *Configuration* -| Manually set per instance. -| Secret key for encryption set per instance. + -Created aliases are synchronized across cluster instances. - -| *Restarting when creating or altering endpoints* -| Yes -| No -|=== - == Configuration of a remote DBMS (_Bob_) In the suggested example, there are two administrators: _Alice_ and _Bob_. From ac7044c0a15485aa6068684477dcd41fb7deecb0 Mon Sep 17 00:00:00 2001 From: JPryce-Aklundh Date: Thu, 5 Jan 2023 13:24:46 +0100 Subject: [PATCH 062/876] add missing procedures, create new removed procedures table --- modules/ROOT/pages/reference/procedures.adoc | 807 ++++++------------- 1 file changed, 260 insertions(+), 547 deletions(-) diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index 4c5ca9954..b0d1a7951 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -59,80 +59,26 @@ For more information, see link:{neo4j-docs-base-uri}/cypher-manual/{neo4j-versio | label:yes[] | label:admin-only[] -| xref:reference/procedures.adoc#procedure_db_constraints[`db.constraints()`] -| label:yes[] -| label:yes[] -| label:removed[] + -Replaced by: `SHOW CONSTRAINTS` - -| xref:reference/procedures.adoc#procedure_db_createindex[`db.createIndex()`] -| label:yes[] -| label:yes[] -| label:removed[] + -Replaced by: `OPTIONS` of the `CREATE INDEX` command. - | xref:reference/procedures.adoc#procedure_db_createlabel[`db.createLabel()`] | label:yes[] | label:yes[] | -| xref:reference/procedures.adoc#procedure_db_createnodekey[`db.createNodeKey()`] -| label:no[] -| label:yes[] -| label:removed[] + -Replaced by: `CREATE CONSTRAINT ... IS NODE KEY`. - | xref:reference/procedures.adoc#procedure_db_createproperty[`db.createProperty()`] | label:yes[] | label:yes[] | -| xref:reference/procedures.adoc#procedure_db_createuniquepropertyconstraint[`db.createPropertyConstraint()`] -| label:yes[] -| label:yes[] -| label:removed[] + -Replaced by: `OPTIONS` of the `CREATE CONSTRAINT ... IS UNIQUE` command - | xref:reference/procedures.adoc#procedure_db_createrelationshiptype[`db.createRelationshipType()`] | label:yes[] | label:yes[] | -| xref:reference/procedures.adoc#procedure_db_indexes[`db.indexes()`] -| label:yes[] -| label:yes[] -| label:removed[] + -Replaced by: `SHOW INDEXES` command - -| xref:reference/procedures.adoc#procedure_db_indexDetails[`db.indexDetails()`] -| label:yes[] -| label:yes[] -| label:removed[] + -Replaced by: `SHOW INDEXES YIELD*` - | xref:reference/procedures.adoc#procedure_db_index_fulltext_awaiteventuallyconsistentindexrefresh[`db.index.fulltext.awaitEventuallyConsistentIndexRefresh()`] | label:yes[] | label:yes[] | -| xref:reference/procedures.adoc#procedure_db_index_fulltext_createnodeindex[`db.index.fulltext.createNodeIndex()`] -| label:yes[] -| label:yes[] -| label:removed[] + -Replaced by: `CREATE FULLTEXT INDEX ...` - -| xref:reference/procedures.adoc#procedure_db_index_fulltext_createrelationshipindex[`db.index.fulltext.createRelationshipIndex()`] -| label:yes[] -| label:yes[] -| label:removed[] + -Replaced by: `CREATE FULLTEXT INDEX ...` - -| xref:reference/procedures.adoc#procedure_db_index_fulltext_drop[`db.index.fulltext.drop()`] -| label:yes[] -| label:yes[] -| label:removed[] + -Replaced by: `DROP INDEX ...` - | xref:reference/procedures.adoc#procedure_db_index_fulltext_listavailableanalyzers[`db.index.fulltext.listAvailableAnalyzers()`] | label:yes[] | label:yes[] @@ -204,13 +150,7 @@ In 4.2, signature changed to `db.listLocks() :: (mode :: STRING?, resourceType : | xref:reference/procedures.adoc#procedure_db_schema_reltypeproperties[`db.schema.relTypeProperties()`] | label:yes[] | label:yes[] -| - -| xref:reference/procedures.adoc#procedure_db_schema_statements[`db.schema.statements()`] -| label:yes[] -| label:yes[] -| label:removed[] + -Replaced by: `SHOW INDEXES YIELD *` and `SHOW CONSTRAINTS YIELD *` +| | xref:reference/procedures.adoc#procedure_db_schema_visualization[`db.schema.visualization()`] | label:yes[] @@ -280,14 +220,6 @@ Replaced by: `SHOW INDEXES YIELD *` and `SHOW CONSTRAINTS YIELD *` | label:yes[] | label:admin-only[] -// New in 4.0 -// com.neo4j.causaulclustering.discovery.procedures.ClusterOverviewProcedure -| xref:reference/procedures.adoc#procedure_dbms_cluster_overview[`dbms.cluster.overview()`] -| label:no[] -| label:yes[] -| label:removed[] + -Replaced by: `SHOW SERVERS`. - // New in 4.0 // com.neo4j.causaulclustering.discovery.procedures.InstalledProtocolsProcedure | xref:reference/procedures.adoc#procedure_dbms_cluster_protocols[`dbms.cluster.protocols()`] @@ -295,14 +227,6 @@ Replaced by: `SHOW SERVERS`. | label:yes[] | -// New in 4.2 -// com.neo4j.dbms.procedures.QuarantineProcedure -| xref:reference/procedures.adoc#procedure_dbms_cluster_quarantinedatabase[`dbms.cluster.quarantineDatabase()`] -| label:no[] -| label:yes[] -| label:removed[] + -Replaced by: `dbms.quarantineDatabase()`. - // New in 4.2 // com.neo4j.causaulclustering.discovery.procedures.ReadReplicaToggleProcedure | xref:reference/procedures.adoc#procedure_dbms_cluster_readreplicatoggle[`dbms.cluster.readReplicaToggle()`] @@ -317,24 +241,6 @@ Replaced by: `dbms.quarantineDatabase()`. | label:yes[] | -// New in 4.0 -// Removed in 5.0 -// com.neo4j.causaulclustering.discovery.procedures.RoleProcedure -| xref:reference/procedures.adoc#procedure_dbms_cluster_role[`dbms.cluster.role()`] -| label:no[] -| label:yes[] -| label:removed[] + -Replaced by: `SHOW DATABASES`. - -// New in 4.1 -// Removed in 5.0 -// com.neo4j.dbms.procedures.ClusterSetDefaultDatabaseProcedure -| xref:reference/procedures.adoc#procedure_dbms_cluster_setdefaultdatabase[`dbms.cluster.setDefaultDatabase()`] -| label:no[] -| label:yes[] -| label:removed[] + -Replaced by: `dbms.setDefaultDatabase` - | xref:reference/procedures.adoc#procedure_dbms_cluster_uncordonServer[`dbms.cluster.uncordonServer()`] | label:no[] | label:yes[] @@ -345,19 +251,6 @@ Replaced by: `dbms.setDefaultDatabase` | label:yes[] | -// Removed in 5.0 -| xref:reference/procedures.adoc#procedure_dbms_database_state[`dbms.database.state()`] -| label:yes[] -| label:yes[] -| label:removed[] + -Replaced by: `SHOW DATABASES` - -| xref:reference/procedures.adoc#procedure_dbms_functions[`dbms.functions()`] -| label:yes[] -| label:yes[] -| label:removed[] + -Replaced by: `SHOW FUNCTIONS` - | xref:reference/procedures.adoc#procedure_dbms_info[`dbms.info()`] | label:yes[] | label:yes[] @@ -375,35 +268,23 @@ Replaced by: `SHOW FUNCTIONS` | label:yes[] | -| xref:reference/procedures.adoc#procedure_dbms_killtransaction[`dbms.killTransaction()`] -| label:yes[] -| label:yes[] -| label:removed[] + -Replaced by: `TERMINATE TRANSACTIONS` - -| xref:reference/procedures.adoc#procedure_dbms_killtransactions[`dbms.killTransactions()`] -| label:yes[] -| label:yes[] -| label:removed[] + -Replaced by: `TERMINATE TRANSACTIONS` - | xref:reference/procedures.adoc#procedure_dbms_listactivelocks[`dbms.listActiveLocks()`] | label:yes[] | label:yes[] | -| xref:reference/procedures.adoc#procedure_dbms_listconfig[`dbms.listConfig()`] +| xref:reference/procedures.adoc#procedure_dbms_listcapabilities[`dbms.listCapabilities()`] | label:yes[] | label:yes[] -| label:admin-only[] +| -| xref:reference/procedures.adoc#procedure_dbms_listcapabilities[`dbms.listCapabilities()`] +| xref:reference/procedures.adoc#procedure_dbms_listconfig[`dbms.listConfig()`] | label:yes[] | label:yes[] -| +| label:admin-only[] | xref:reference/procedures.adoc#procedure_dbms_listconnections[`dbms.listConnections()`] -| label:yes[Available since 4.2] +| label:yes[] | label:yes[] | @@ -413,25 +294,6 @@ Replaced by: `TERMINATE TRANSACTIONS` | label:yes[] | -| xref:reference/procedures.adoc#procedure_dbms_listqueries[`dbms.listQueries()`] -| label:yes[] -| label:yes[] -| label:removed[] + -Replaced by: `SHOW TRANSACTIONS` - -| xref:reference/procedures.adoc#procedure_dbms_listtransactions[`dbms.lisTransactions()`] -| label:yes[] -| label:yes[] -| label:removed[] + -Replaced by: `SHOW TRANSACTIONS` - - -| xref:reference/procedures.adoc#procedure_dbms_procedures[`dbms.procedures()`] -| label:no[] -| label:yes[] -| label:removed[] + -Replaced by: `SHOW PROCEDURES` - // New in 4.3 | xref:reference/procedures.adoc#procedure_dbms_quarantineDatabase[`dbms.quarantineDatabase()`] | label:no[] @@ -470,6 +332,217 @@ Replaced by: `SHOW PROCEDURES` | label:yes[] | label:admin-only[] +| xref:reference/procedures.adoc#procedure_dbms_setconfigvalue[`dbms.setConfigValue()`] +| label:no[] +| label:yes[] +| label:admin-only[] + +| xref:reference/procedures.adoc#procedure_dbms_setDatabaseAllocator[`dbms.setDatabaseAllocator()`] +| label:no[] +| label:yes[] +| label:admin-only[] + +| xref:reference/procedures.adoc#procedure_dbms_setDefaultAllocationNumbers[`dbms.setDefaultAllocationNumbers()`] +| label:no[] +| label:yes[] +| label:admin-only[] + +| xref:reference/procedures.adoc#procedure_dbms_setDefaultDatabase[`dbms.setDefaultDatabase()`] +| label:no[] +| label:yes[] +| label:admin-only[] + + +| xref:reference/procedures.adoc#procedure_dbms_showcurrentuser[`dbms.showCurrentUser()`] +| label:yes[] +| label:yes[] +| + +| xref:reference/procedures.adoc#procedure_dbms_showTopologyGraphConfig[`dbms.showTopologyGraphConfig()`] +| label:no[] +| label:yes[] +| label:admin-only[] + +// New in 4.1 +| xref:reference/procedures.adoc#procedure_dbms_upgrade[`dbms.upgrade()`] +| label:yes[] +| label:yes[] +| label:admin-only[] + +// New in 4.1 +| xref:reference/procedures.adoc#procedure_dbms_upgradestatus[`dbms.upgradeStatus()`] +| label:yes[] +| label:yes[] +| label:admin-only[] + +| xref:reference/procedures.adoc#procedure_jwt_security_requestAccess[`jwt.security.requestAccess()`] +| label:yes[] +| label:yes[] +| + +| xref:reference/procedures.adoc#procedure_tx_getmetadata[`tx.getMetaData()`] +| label:yes[] +| label:yes[] +| + +| xref:reference/procedures.adoc#procedure_tx_setmetadata[`tx.setMetaData()`] +| label:yes[] +| label:yes[] +| + +|=== + + +== List of removed procedures + + +.Removed Neo4j procedures +[options=header,cols="3m,1,1,3"] +|=== +| Name +| Community Edition +| Enterprise Edition +| Comment +| xref:reference/procedures.adoc#procedure_db_constraints[`db.constraints()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `SHOW CONSTRAINTS` + +| xref:reference/procedures.adoc#procedure_db_createindex[`db.createIndex()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `OPTIONS` of the `CREATE INDEX` command. + +| xref:reference/procedures.adoc#procedure_db_createnodekey[`db.createNodeKey()`] +| label:no[] +| label:yes[] +| label:removed[] + +Replaced by: `CREATE CONSTRAINT ... IS NODE KEY`. + +| xref:reference/procedures.adoc#procedure_db_createuniquepropertyconstraint[`db.createPropertyConstraint()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `OPTIONS` of the `CREATE CONSTRAINT ... IS UNIQUE` command + +| xref:reference/procedures.adoc#procedure_db_indexes[`db.indexes()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `SHOW INDEXES` command + +| xref:reference/procedures.adoc#procedure_db_indexDetails[`db.indexDetails()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `SHOW INDEXES YIELD*` + +| xref:reference/procedures.adoc#procedure_db_index_fulltext_createnodeindex[`db.index.fulltext.createNodeIndex()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `CREATE FULLTEXT INDEX ...` + +| xref:reference/procedures.adoc#procedure_db_index_fulltext_createrelationshipindex[`db.index.fulltext.createRelationshipIndex()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `CREATE FULLTEXT INDEX ...` + +| xref:reference/procedures.adoc#procedure_db_index_fulltext_drop[`db.index.fulltext.drop()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `DROP INDEX ...` + +| xref:reference/procedures.adoc#procedure_db_schema_statements[`db.schema.statements()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `SHOW INDEXES YIELD *` and `SHOW CONSTRAINTS YIELD *` + +// New in 4.0 +// com.neo4j.causaulclustering.discovery.procedures.ClusterOverviewProcedure +| xref:reference/procedures.adoc#procedure_dbms_cluster_overview[`dbms.cluster.overview()`] +| label:no[] +| label:yes[] +| label:removed[] + +Replaced by: `SHOW SERVERS`. + + +// New in 4.2 +// com.neo4j.dbms.procedures.QuarantineProcedure +| xref:reference/procedures.adoc#procedure_dbms_cluster_quarantinedatabase[`dbms.cluster.quarantineDatabase()`] +| label:no[] +| label:yes[] +| label:removed[] + +Replaced by: `dbms.quarantineDatabase()`. + + +// New in 4.0 +// Removed in 5.0 +// com.neo4j.causaulclustering.discovery.procedures.RoleProcedure +| xref:reference/procedures.adoc#procedure_dbms_cluster_role[`dbms.cluster.role()`] +| label:no[] +| label:yes[] +| label:removed[] + +Replaced by: `SHOW DATABASES`. + +// New in 4.1 +// Removed in 5.0 +// com.neo4j.dbms.procedures.ClusterSetDefaultDatabaseProcedure +| xref:reference/procedures.adoc#procedure_dbms_cluster_setdefaultdatabase[`dbms.cluster.setDefaultDatabase()`] +| label:no[] +| label:yes[] +| label:removed[] + +Replaced by: `dbms.setDefaultDatabase` + +// Removed in 5.0 +| xref:reference/procedures.adoc#procedure_dbms_database_state[`dbms.database.state()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `SHOW DATABASES` + +| xref:reference/procedures.adoc#procedure_dbms_functions[`dbms.functions()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `SHOW FUNCTIONS` + +| xref:reference/procedures.adoc#procedure_dbms_killtransaction[`dbms.killTransaction()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `TERMINATE TRANSACTIONS` + +| xref:reference/procedures.adoc#procedure_dbms_killtransactions[`dbms.killTransactions()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `TERMINATE TRANSACTIONS` + +| xref:reference/procedures.adoc#procedure_dbms_listqueries[`dbms.listQueries()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `SHOW TRANSACTIONS` + +| xref:reference/procedures.adoc#procedure_dbms_listtransactions[`dbms.lisTransactions()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `SHOW TRANSACTIONS` + + +| xref:reference/procedures.adoc#procedure_dbms_procedures[`dbms.procedures()`] +| label:no[] +| label:yes[] +| label:removed[] + +Replaced by: `SHOW PROCEDURES` + // Removed in 5.0 | xref:reference/procedures.adoc#procedure_dbms_security_activateuser[`dbms.security.activateUser()`] | label:no[] @@ -557,93 +630,34 @@ Replaced by: `SHOW USERS`. | label:yes[] | label:removed[] label:admin-only[] + In 4.1, mode changed to `read`. + -Replaced by: `SHOW USERS`. - -// Removed in 5.0 -| xref:reference/procedures.adoc#procedure_dbms_security_listusersforrole[`dbms.security.listUsersForRole()`] -| label:no[] -| label:yes[] -| label:removed[] label:admin-only[] + -In 4.1, mode changed to `read`. + -Replaced by: `SHOW ROLES WITH USERS`. - -// Removed in 5.0 -| xref:reference/procedures.adoc#procedure_dbms_security_removerolefromuser[`dbms.security.removeRoleFromUser()`] -| label:no[] -| label:yes[] -| label:removed[] label:admin-only[] + -In 4.1, mode changed to `write`. + -Replaced by: `REVOKE ROLE FROM USER`. - -// Removed in 5.0 -| xref:reference/procedures.adoc#procedure_dbms_security_suspenduser[`dbms.security.suspendUser()`] -| label:no[] -| label:yes[] -| label:removed[] label:admin-only[] + -In 4.1, mode changed to `write`. + -Replaced by: `ALTER USER`. - -| xref:reference/procedures.adoc#procedure_dbms_setconfigvalue[`dbms.setConfigValue()`] -| label:no[] -| label:yes[] -| label:admin-only[] - -| xref:reference/procedures.adoc#procedure_dbms_setDatabaseAllocator[`dbms.setDatabaseAllocator()`] -| label:no[] -| label:yes[] -| label:admin-only[] - -| xref:reference/procedures.adoc#procedure_dbms_setDefaultAllocationNumbers[`dbms.setDefaultAllocationNumbers()`] -| label:no[] -| label:yes[] -| label:admin-only[] - -| xref:reference/procedures.adoc#procedure_dbms_setDefaultDatabase[`dbms.setDefaultDatabase()`] -| label:no[] -| label:yes[] -| label:admin-only[] - - -| xref:reference/procedures.adoc#procedure_dbms_showcurrentuser[`dbms.showCurrentUser()`] -| label:yes[] -| label:yes[] -| - -| xref:reference/procedures.adoc#procedure_dbms_showTopologyGraphConfig[`dbms.showTopologyGraphConfig()`] -| label:no[] -| label:yes[] -| label:admin-only[] - -// New in 4.1 -| xref:reference/procedures.adoc#procedure_dbms_upgrade[`dbms.upgrade()`] -| label:yes[] -| label:yes[] -| label:admin-only[] - -// New in 4.1 -| xref:reference/procedures.adoc#procedure_dbms_upgradestatus[`dbms.upgradeStatus()`] -| label:yes[] -| label:yes[] -| label:admin-only[] +Replaced by: `SHOW USERS`. -| xref:reference/procedures.adoc#procedure_jwt_security_requestaccess[`jwt.requestAccess()`] -| label:yes[] +// Removed in 5.0 +| xref:reference/procedures.adoc#procedure_dbms_security_listusersforrole[`dbms.security.listUsersForRole()`] +| label:no[] | label:yes[] -| label:admin-only[] +| label:removed[] label:admin-only[] + +In 4.1, mode changed to `read`. + +Replaced by: `SHOW ROLES WITH USERS`. -| xref:reference/procedures.adoc#procedure_tx_getmetadata[`tx.getMetaData()`] -| label:yes[] +// Removed in 5.0 +| xref:reference/procedures.adoc#procedure_dbms_security_removerolefromuser[`dbms.security.removeRoleFromUser()`] +| label:no[] | label:yes[] -| +| label:removed[] label:admin-only[] + +In 4.1, mode changed to `write`. + +Replaced by: `REVOKE ROLE FROM USER`. -| xref:reference/procedures.adoc#procedure_tx_setmetadata[`tx.setMetaData()`] -| label:yes[] +// Removed in 5.0 +| xref:reference/procedures.adoc#procedure_dbms_security_suspenduser[`dbms.security.suspendUser()`] +| label:no[] | label:yes[] -| +| label:removed[] label:admin-only[] + +In 4.1, mode changed to `write`. + +Replaced by: `ALTER USER`. |=== - == Procedure descriptions @@ -1244,24 +1258,6 @@ m|DBMS // m|reader, editor, publisher, architect, admin |=== - -[[procedure_dbms_cluster_overview]] -.dbms.cluster.overview() label:enterprise-edition[] label:removed[] -[cols="<15s,<85"] -|=== -| Description -a| Overview of all currently accessible cluster members, their databases and roles. -| Signature -m|dbms.cluster.overview() :: (id :: STRING?, addresses :: LIST? OF STRING?, databases :: MAP?, groups :: LIST? OF STRING?) -| Mode -m|READ -// | Default roles -// m|reader, editor, publisher, architect, admin -| Replaced by -a| `SHOW SERVERS` -|=== - - [[procedure_dbms_cluster_protocols]] .dbms.cluster.protocols() label:enterprise-edition[] [cols="<15s,<85"] @@ -1279,25 +1275,6 @@ m|READ // m|reader, editor, publisher, architect, admin |=== - -[[procedure_dbms_cluster_quarantinedatabase]] -.dbms.cluster.quarantineDatabase() label:enterprise-edition[] label:removed[] -[cols="<15s,<85"] -|=== -| Description -a| -Place a database in quarantine or remove thereof. -| Signature -m|dbms.cluster.quarantineDatabase(databaseName :: STRING?, setStatus :: BOOLEAN?, reason = No reason given :: STRING?) :: (databaseName :: STRING?, quarantined :: BOOLEAN?, result :: STRING?) -| Mode -m|DBMS -// | Default roles -// m|admin -| Replaced by -a| xref:reference/procedures.adoc#procedure_dbms_quarantineDatabase[`dbms.quarantineDatabase()`] -|=== - - [[procedure_dbms_cluster_readreplicatoggle]] .dbms.cluster.readReplicaToggle() label:enterprise-edition[] label:admin-only[] [cols="<15s,<85"] @@ -1346,48 +1323,6 @@ m|READ // m|admin |=== - -[[procedure_dbms_cluster_role]] -.dbms.cluster.role() label:enterprise-edition[] label:removed[] -[cols="<15s,<85"] -|=== -| Description -a| -The role of this instance in the cluster for the specified database. -| Signature -m|dbms.cluster.role(database :: STRING?) :: (role :: STRING?) -| Mode -m|READ -| Replaced by - a| `SHOW DATABASES`, but the classical roles (`leader`, `follower` , `standalone`, and `read_replica`) are no longer available. -// | Default roles -// m|reader, editor, publisher, architect, admin -|=== - - -[[procedure_dbms_cluster_setdefaultdatabase]] -.dbms.cluster.setDefaultDatabase() label:enterprise-edition[] label:removed[] -[cols="<15s,<85"] -|=== -| Description -a| -Change the default database to the provided value. - -The database must exist and the old default database must be stopped. - -For more information see <>. - -Note that this can only be executed on a cluster core member. -| Signature -m|dbms.cluster.setDefaultDatabase(databaseName :: STRING?) :: (result :: STRING?) -| Mode -m|WRITE -| Replaced by - a|`dbms.setDefaultDatabase` -// | Default roles -// m|admin -|=== - [[procedure_dbms_cluster_uncordonServer]] .dbms.cluster.uncordonServer() label:enterprise-edition[] label:admin-only[] [cols="<15s,<85"] @@ -1416,25 +1351,6 @@ m|DBMS // m|reader, editor, publisher, architect, admin |=== - -[[procedure_dbms_database_state]] -.dbms.database.state() label:removed[] -[cols="<15s,<85"] -|=== -| Description -a| -The actual status of the database with the provided name on this neo4j instance. -| Signature -m|dbms.database.state(databaseName :: STRING?) :: (role :: STRING?, address :: STRING?, status :: STRING?, error :: STRING?) -| Mode -m|READ -| Replaced by - a|`SHOW DATABASES` -// | Default roles -// m|reader, editor, publisher, architect, admin -|=== - - [[procedure_dbms_info]] .dbms.info() [cols="<15s,<85"] @@ -1541,6 +1457,19 @@ m|DBMS // m|reader, editor, publisher, architect, admin |=== +[[procedure_dbms_listcapabilities]] +.dbms.listCapabilities() +[cols="<15s,<85"] +|=== +| Description +a| +List capabilities. +| Signature +m|dbms.listCapabilities() :: (name :: STRING?, description :: STRING?, value :: ANY?) +| Mode +m|DBMS +|=== + [[procedure_dbms_listpools]] .dbms.listPools() label:enterprise-edition[] @@ -1691,71 +1620,6 @@ m|DBMS // m|admin |=== - -[[procedure_dbms_security_activateuser]] -.dbms.security.activateUser() label:enterprise-edition[] label:admin-only[] label:removed[] -[cols="<15s,<85"] -|=== -| Description -a| -Activate a suspended user. -| Signature -m| dbms.security.activateUser(username :: STRING?, requirePasswordChange = true :: BOOLEAN?) :: VOID -| Mode -m| WRITE -//| Default roles -//m| admin -|=== - - -[[procedure_dbms_security_addroletouser]] -.dbms.security.addRoleToUser() label:enterprise-edition[] label:admin-only[] label:removed[] -[cols="<15s,<85"] -|=== -| Description -a| -Assign a role to the user. -| Signature -m| dbms.security.addRoleToUser(roleName :: STRING?, username :: STRING?) :: VOID -| Mode -m| WRITE -//| Default roles -//m| admin -|=== - - -[[procedure_dbms_security_changepassword]] -.dbms.security.changePassword() label:admin-only[] label:removed[] -[cols="<15s,<85"] -|=== -| Description -a| -Change the current user's password. -| Signature -m| dbms.security.changePassword(password :: STRING?, requirePasswordChange = false :: BOOLEAN?) :: VOID -| Mode -m| WRITE -//| Default roles -//m| reader, editor, publisher, architect, admin -|=== - - -[[procedure_dbms_security_changeuserpassword]] -.dbms.security.changeUserPassword() label:enterprise-edition[] label:admin-only[] label:removed[] -[cols="<15s,<85"] -|=== -| Description -a| -Change the given user's password. -| Signature -m| dbms.security.changeUserPassword(username :: STRING?, newPassword :: STRING?, requirePasswordChange = true :: BOOLEAN?) :: VOID -| Mode -m| WRITE -//| Default roles -//m| admin -|=== - - [[procedure_dbms_security_clearauthcache]] .dbms.security.clearAuthCache() label:enterprise-edition[] label:admin-only[] [cols="<15s,<85"] @@ -1771,168 +1635,6 @@ m|DBMS // m|admin |=== - -[[procedure_dbms_security_createrole]] -.dbms.security.createRole() label:enterprise-edition[] label:admin-only[] label:removed[] -[cols="<15s,<85"] -|=== -| Description -a| -Create a new role. -| Signature -m| dbms.security.createRole(roleName :: STRING?) :: VOID -| Mode -m| WRITE -//| Default roles -//m| admin -|=== - - -[[procedure_dbms_security_createuser]] -.dbms.security.createUser() label:admin-only[] label:removed[] -[cols="<15s,<85"] -|=== -| Description -a| -Create a new user. -| Signature -m| dbms.security.createUser(username :: STRING?, password :: STRING?, requirePasswordChange = true :: BOOLEAN?) :: VOID -| Mode -m| WRITE -//| Default roles -//m| admin -|=== - - -[[procedure_dbms_security_deleterole]] -.dbms.security.deleteRole() label:enterprise-edition[] label:admin-only[] label:removed[] -[cols="<15s,<85"] -|=== -| Description -a| -Delete the specified role. -Any role assignments will be removed. -| Signature -m| dbms.security.deleteRole(roleName :: STRING?) :: VOID -| Mode -m| WRITE -//| Default roles -//m| admin -|=== - - -[[procedure_dbms_security_deleteuser]] -.dbms.security.deleteUser() label:admin-only[] label:removed[] -[cols="<15s,<85"] -|=== -| Description -a| -Delete the specified user. -| Signature -m| dbms.security.deleteUser(username :: STRING?) :: VOID -| Mode -m| WRITE -//| Default roles -//m| admin -|=== - - -[[procedure_dbms_security_listroles]] -.dbms.security.listRoles() label:enterprise-edition[] label:admin-only[] label:removed[] -[cols="<15s,<85"] -|=== -| Description -a| -List all available roles. -| Signature -m| dbms.security.listRoles() :: (role :: STRING?, users :: LIST? OF STRING?) -| Mode -m| READ -//| Default roles -//m| admin -|=== - - -[[procedure_dbms_security_listrolesforuser]] -.dbms.security.listRolesForUser() label:enterprise-edition[] label:removed[] -[cols="<15s,<85"] -|=== -| Description -a| -List all roles assigned to the specified user. -| Signature -m| dbms.security.listRolesForUser(username :: STRING?) :: (value :: STRING?) -| Mode -m| READ -//| Default roles -//m| admin -|=== - - -[[procedure_dbms_security_listusers]] -.dbms.security.listUsers() label:admin-only[] label:removed[] -[cols="<15s,<85"] -|=== -| Description -a| -List all native users. -| Signature -m| dbms.security.listUsers() :: (username :: STRING?, roles :: LIST? OF STRING?, flags :: LIST? OF STRING?) -| Mode -m| READ -//| Default roles -//m| admin -|=== - - -[[procedure_dbms_security_listusersforrole]] -.dbms.security.listUsersForRole() label:enterprise-edition[] label:admin-only[] label:removed[] -[cols="<15s,<85"] -|=== -| Description -a| -List all users currently assigned the specified role. -| Signature -m| dbms.security.listUsersForRole(roleName :: STRING?) :: (value :: STRING?) -| Mode -m| READ -//| Default roles -//m| admin -|=== - - -[[procedure_dbms_security_removerolefromuser]] -.dbms.security.removeRoleFromUser() label:enterprise-edition[] label:admin-only[] label:removed[] -[cols="<15s,<85"] -|=== -| Description -a| -Unassign a role from the user. -| Signature -m| dbms.security.removeRoleFromUser(roleName :: STRING?, username :: STRING?) :: VOID -| Mode -m| WRITE -//| Default roles -//m| admin -|=== - - -[[procedure_dbms_security_suspenduser]] -.dbms.security.suspendUser() label:enterprise-edition[] label:admin-only[] label:removed[] -[cols="<15s,<85"] -|=== -| Description -a| -Suspend the specified user. -| Signature -m| dbms.security.suspendUser(username :: STRING?) :: VOID -| Mode -m| WRITE -//| Default roles -//m| admin -|=== - - [[procedure_dbms_setconfigvalue]] .dbms.setConfigValue() label:enterprise-edition[] label:admin-only[] [cols="<15s,<85"] @@ -2010,6 +1712,17 @@ m|READ // m|admin |=== +[[procedure_jwt_security_requestAccess]] +.jwt.securityAccess() +[cols="<15s,<85"] +|=== +| Description +a| +| Signature +m|jwt.security.requestAccess(application :: STRING?) :: (token :: STRING?) +| Mode +m|DBMS +|=== [[procedure_tx_getmetadata]] .tx.getMetaData() From dd6975c3cdc2ccaa1b19f7318e5daebbf4e88fa4 Mon Sep 17 00:00:00 2001 From: JPryce-Aklundh Date: Thu, 5 Jan 2023 14:31:30 +0100 Subject: [PATCH 063/876] remove mention of jwt. plugin --- modules/ROOT/pages/reference/procedures.adoc | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index b0d1a7951..560bc7f25 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -375,11 +375,6 @@ In 4.2, signature changed to `db.listLocks() :: (mode :: STRING?, resourceType : | label:yes[] | label:admin-only[] -| xref:reference/procedures.adoc#procedure_jwt_security_requestAccess[`jwt.security.requestAccess()`] -| label:yes[] -| label:yes[] -| - | xref:reference/procedures.adoc#procedure_tx_getmetadata[`tx.getMetaData()`] | label:yes[] | label:yes[] @@ -1712,18 +1707,6 @@ m|READ // m|admin |=== -[[procedure_jwt_security_requestAccess]] -.jwt.securityAccess() -[cols="<15s,<85"] -|=== -| Description -a| -| Signature -m|jwt.security.requestAccess(application :: STRING?) :: (token :: STRING?) -| Mode -m|DBMS -|=== - [[procedure_tx_getmetadata]] .tx.getMetaData() [cols="<15s,<85"] From dcdc46130ac1b22f555d4263c1e1d18c1a4326f3 Mon Sep 17 00:00:00 2001 From: Nick Giles Date: Fri, 6 Jan 2023 10:10:50 +0000 Subject: [PATCH 064/876] Small rewording of explanation of alter database limitation Just an attempt to make the sentence read more easily --- modules/ROOT/pages/clustering/databases.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/clustering/databases.adoc b/modules/ROOT/pages/clustering/databases.adoc index b9a658791..0192e7544 100644 --- a/modules/ROOT/pages/clustering/databases.adoc +++ b/modules/ROOT/pages/clustering/databases.adoc @@ -41,7 +41,7 @@ When there is more than one possible permutation of the specified topology, Neo4 This normally happens when the cluster is configured with more servers than the sum of the number of primaries and secondaries for any one database. It is not possible to automatically transition to or from a topology with a single primary host. -This limitation is due to a non-existing Raft replication when only a single server is running, i.e. the server is running in _standalone_ or _single mode_. +This limitation is due to Raft replication not being present when only a single server is running, i.e. the server is running in _standalone_ or _single mode_. Attempting to do so results in an error. However, it is possible to _manually_ do this transition. From 4212b1ed52034a563c0669d6086a595b6ba81122 Mon Sep 17 00:00:00 2001 From: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> Date: Mon, 9 Jan 2023 11:46:08 +0100 Subject: [PATCH 065/876] =?UTF-8?q?Adding=20information=20that=20Fabric=20?= =?UTF-8?q?was=20replaced=20by=20composite=20databases=20(#=E2=80=A6=20(#3?= =?UTF-8?q?07)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit …235) This PR will be followed up by another PR including an admonition on 4.4 and previous versions to communicate the same change. -> https://github.com/neo4j/docs-operations/pull/236 Co-authored-by: AlexicaWright <49636617+AlexicaWright@users.noreply.github.com> Co-authored-by: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> --- modules/ROOT/pages/composite-databases/introduction.adoc | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/composite-databases/introduction.adoc b/modules/ROOT/pages/composite-databases/introduction.adoc index 441c40ac9..83261c923 100644 --- a/modules/ROOT/pages/composite-databases/introduction.adoc +++ b/modules/ROOT/pages/composite-databases/introduction.adoc @@ -7,8 +7,10 @@ [[composite-databases-overview]] == Overview -Composite databases allow queries that access multiple graphs at once. -This is a function that enables: +As of Neo4j 5, the Fabric technology has been extended by _composite databases_ and, as such, these replace what was known as Fabric in Neo4j 4.x. +Composite databases is a functionality which allows queries that access multiple graphs at once. + +Composite databases enable: * *Data Federation*: the ability to access data available in distributed sources in the form of *disjointed graphs*. * *Data Sharding*: the ability to access data available in distributed sources in the form of a *common graph partitioned on multiple databases*. From e0de2539ccc21b189d2f9b7e9045c4375586834e Mon Sep 17 00:00:00 2001 From: JPryce-Aklundh Date: Mon, 9 Jan 2023 13:16:47 +0100 Subject: [PATCH 066/876] post review corrections --- modules/ROOT/pages/reference/procedures.adoc | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index 560bc7f25..c5386a642 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -408,7 +408,7 @@ Replaced by: `SHOW CONSTRAINTS` | label:yes[] | label:yes[] | label:removed[] + -Replaced by: `OPTIONS` of the `CREATE INDEX` command. +Replaced by: `CREATE INDEX`. | xref:reference/procedures.adoc#procedure_db_createnodekey[`db.createNodeKey()`] | label:no[] @@ -416,17 +416,17 @@ Replaced by: `OPTIONS` of the `CREATE INDEX` command. | label:removed[] + Replaced by: `CREATE CONSTRAINT ... IS NODE KEY`. -| xref:reference/procedures.adoc#procedure_db_createuniquepropertyconstraint[`db.createPropertyConstraint()`] +| xref:reference/procedures.adoc#procedure_db_createuniquepropertyconstraint[`db.createUniquePropertyConstraint()`] | label:yes[] | label:yes[] | label:removed[] + -Replaced by: `OPTIONS` of the `CREATE CONSTRAINT ... IS UNIQUE` command +Replaced by: `CREATE CONSTRAINT ... IS UNIQUE` | xref:reference/procedures.adoc#procedure_db_indexes[`db.indexes()`] | label:yes[] | label:yes[] | label:removed[] + -Replaced by: `SHOW INDEXES` command +Replaced by: `SHOW INDEXES` | xref:reference/procedures.adoc#procedure_db_indexDetails[`db.indexDetails()`] | label:yes[] @@ -507,6 +507,18 @@ Replaced by: `SHOW DATABASES` | label:removed[] + Replaced by: `SHOW FUNCTIONS` +| xref:reference/procedures.adoc#procedure_dbms_killqueries[`dbms.killQueries()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `TERMINATE TRANSACTIONS` + +| xref:reference/procedures.adoc#procedure_dbms_killquery[`dbms.killQuery()`] +| label:yes[] +| label:yes[] +| label:removed[] + +Replaced by: `TERMINATE TRANSACTIONS` + | xref:reference/procedures.adoc#procedure_dbms_killtransaction[`dbms.killTransaction()`] | label:yes[] | label:yes[] From 42ad412ab2b69f3ca899203ca65ce0a2731d391d Mon Sep 17 00:00:00 2001 From: JPryce-Aklundh Date: Mon, 9 Jan 2023 13:30:33 +0100 Subject: [PATCH 067/876] fix full stops --- modules/ROOT/pages/reference/procedures.adoc | 36 ++++++++++---------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index c5386a642..5a8f3cc8d 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -402,7 +402,7 @@ In 4.2, signature changed to `db.listLocks() :: (mode :: STRING?, resourceType : | label:yes[] | label:yes[] | label:removed[] + -Replaced by: `SHOW CONSTRAINTS` +Replaced by: `SHOW CONSTRAINTS`. | xref:reference/procedures.adoc#procedure_db_createindex[`db.createIndex()`] | label:yes[] @@ -420,43 +420,43 @@ Replaced by: `CREATE CONSTRAINT ... IS NODE KEY`. | label:yes[] | label:yes[] | label:removed[] + -Replaced by: `CREATE CONSTRAINT ... IS UNIQUE` +Replaced by: `CREATE CONSTRAINT ... IS UNIQUE`. | xref:reference/procedures.adoc#procedure_db_indexes[`db.indexes()`] | label:yes[] | label:yes[] | label:removed[] + -Replaced by: `SHOW INDEXES` +Replaced by: `SHOW INDEXES`. | xref:reference/procedures.adoc#procedure_db_indexDetails[`db.indexDetails()`] | label:yes[] | label:yes[] | label:removed[] + -Replaced by: `SHOW INDEXES YIELD*` +Replaced by: `SHOW INDEXES YIELD*`. | xref:reference/procedures.adoc#procedure_db_index_fulltext_createnodeindex[`db.index.fulltext.createNodeIndex()`] | label:yes[] | label:yes[] | label:removed[] + -Replaced by: `CREATE FULLTEXT INDEX ...` +Replaced by: `CREATE FULLTEXT INDEX ...`. | xref:reference/procedures.adoc#procedure_db_index_fulltext_createrelationshipindex[`db.index.fulltext.createRelationshipIndex()`] | label:yes[] | label:yes[] | label:removed[] + -Replaced by: `CREATE FULLTEXT INDEX ...` +Replaced by: `CREATE FULLTEXT INDEX ...`. | xref:reference/procedures.adoc#procedure_db_index_fulltext_drop[`db.index.fulltext.drop()`] | label:yes[] | label:yes[] | label:removed[] + -Replaced by: `DROP INDEX ...` +Replaced by: `DROP INDEX ...`. | xref:reference/procedures.adoc#procedure_db_schema_statements[`db.schema.statements()`] | label:yes[] | label:yes[] | label:removed[] + -Replaced by: `SHOW INDEXES YIELD *` and `SHOW CONSTRAINTS YIELD *` +Replaced by: `SHOW INDEXES YIELD *` and `SHOW CONSTRAINTS YIELD *`. // New in 4.0 // com.neo4j.causaulclustering.discovery.procedures.ClusterOverviewProcedure @@ -492,63 +492,63 @@ Replaced by: `SHOW DATABASES`. | label:no[] | label:yes[] | label:removed[] + -Replaced by: `dbms.setDefaultDatabase` +Replaced by: `dbms.setDefaultDatabase`. // Removed in 5.0 | xref:reference/procedures.adoc#procedure_dbms_database_state[`dbms.database.state()`] | label:yes[] | label:yes[] | label:removed[] + -Replaced by: `SHOW DATABASES` +Replaced by: `SHOW DATABASES`. | xref:reference/procedures.adoc#procedure_dbms_functions[`dbms.functions()`] | label:yes[] | label:yes[] | label:removed[] + -Replaced by: `SHOW FUNCTIONS` +Replaced by: `SHOW FUNCTIONS`. | xref:reference/procedures.adoc#procedure_dbms_killqueries[`dbms.killQueries()`] | label:yes[] | label:yes[] | label:removed[] + -Replaced by: `TERMINATE TRANSACTIONS` +Replaced by: `TERMINATE TRANSACTIONS`. | xref:reference/procedures.adoc#procedure_dbms_killquery[`dbms.killQuery()`] | label:yes[] | label:yes[] | label:removed[] + -Replaced by: `TERMINATE TRANSACTIONS` +Replaced by: `TERMINATE TRANSACTIONS`. | xref:reference/procedures.adoc#procedure_dbms_killtransaction[`dbms.killTransaction()`] | label:yes[] | label:yes[] | label:removed[] + -Replaced by: `TERMINATE TRANSACTIONS` +Replaced by: `TERMINATE TRANSACTIONS`. | xref:reference/procedures.adoc#procedure_dbms_killtransactions[`dbms.killTransactions()`] | label:yes[] | label:yes[] | label:removed[] + -Replaced by: `TERMINATE TRANSACTIONS` +Replaced by: `TERMINATE TRANSACTIONS`. | xref:reference/procedures.adoc#procedure_dbms_listqueries[`dbms.listQueries()`] | label:yes[] | label:yes[] | label:removed[] + -Replaced by: `SHOW TRANSACTIONS` +Replaced by: `SHOW TRANSACTIONS`. | xref:reference/procedures.adoc#procedure_dbms_listtransactions[`dbms.lisTransactions()`] | label:yes[] | label:yes[] | label:removed[] + -Replaced by: `SHOW TRANSACTIONS` +Replaced by: `SHOW TRANSACTIONS`. | xref:reference/procedures.adoc#procedure_dbms_procedures[`dbms.procedures()`] | label:no[] | label:yes[] | label:removed[] + -Replaced by: `SHOW PROCEDURES` +Replaced by: `SHOW PROCEDURES`. // Removed in 5.0 | xref:reference/procedures.adoc#procedure_dbms_security_activateuser[`dbms.security.activateUser()`] From 30ed8d29b196a6c65756165d4f558a20245d654a Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Tue, 10 Jan 2023 09:13:39 +0000 Subject: [PATCH 068/876] Add the information available in the security log in JSON (#292) --- modules/ROOT/pages/monitoring/logging.adoc | 42 ++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/modules/ROOT/pages/monitoring/logging.adoc b/modules/ROOT/pages/monitoring/logging.adoc index f13f1ebd0..422f60392 100644 --- a/modules/ROOT/pages/monitoring/logging.adoc +++ b/modules/ROOT/pages/monitoring/logging.adoc @@ -490,6 +490,48 @@ If many programmatic interactions are expected, it is advised to disable the log dbms.security.log_successful_authentication=false ---- +The following information is available in the JSON format: + +.JSON format log entries +[cols="1m,3a", options="header"] +|=== +| Name +| Description + +| time +| The timestamp of the log message. + +| level +| The log level. + +| type +| It is always `security`. + +| source +| Connection details. + +| database +| The database name the command is executed on. + +| username +| The user connected to the security event. +This field is deprecated by `executingUser`. + +| executingUser +| The name of the user triggering the security event. +Either same as `authenticatedUser` or an impersonated user. + +| authenticatedUser +| The name of the user who authenticated and is connected to the security event. + +| message +| The log message. + +| stacktrace +| Included if there is a stacktrace associated with the log message. + +|=== + An example of the security log in a plain format: [source, plain format, role="noheader"] From 3d0d79076374cdd702f63f86dfed7b81e77716c6 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Tue, 10 Jan 2023 09:17:31 +0000 Subject: [PATCH 069/876] Add a step that requires users to accept the license before running EE (#281) --- .../ROOT/pages/installation/linux/tarball.adoc | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/modules/ROOT/pages/installation/linux/tarball.adoc b/modules/ROOT/pages/installation/linux/tarball.adoc index 5ddeccd6e..4ba564d80 100644 --- a/modules/ROOT/pages/installation/linux/tarball.adoc +++ b/modules/ROOT/pages/installation/linux/tarball.adoc @@ -11,19 +11,29 @@ Before you install Neo4j on Linux from a tarball and run it as a console applica . Download the latest release from {neo4j-download-center-uri}[Neo4j Download Center]. + Select the appropriate tar.gz distribution for your platform. -. Make sure to download Neo4j from {neo4j-download-center-uri}[Neo4j Download Center] and always check that the SHA hash of the downloaded file is correct: +. Check that the SHA hash of the downloaded file is correct: .. To find the correct SHA hash, go to Neo4j Download Center and click on `SHA-256` which will be located below your downloaded file. .. Using the appropriate commands for your platform, display the `SHA-256` hash for the file that you downloaded. .. Ensure that the two are identical. . Extract the contents of the archive, using `tar -xf` . For example, `tar -xf neo4j-community-{neo4j-version-exact}-unix.tar.gz`. . Place the extracted files in a permanent home on your server. -The top level directory is referred to as NEO4J_HOME. +The top-level directory is referred to as `NEO4J_HOME`. +. label:enterprise[Enterprise Edition] Accept the license agreement using one of the following options: ++ +* Using the environment variable `NEO4J_ACCEPT_LICENSE_AGREEMENT=yes`. +* By running `/bin/neo4j-admin license --accept-commercial`. ++ +[NOTE] +==== +From Neo4j v5.4 onwards, you are required to accept the license before running the Neo4j Enterprise Edition from the tarball. +==== +. Start Neo4j: .. To run Neo4j as a console application, use: `/bin/neo4j console`. .. To run Neo4j in a background process, use: `/bin/neo4j start`. . Visit http://localhost:7474 in your web browser. -. Connect using the username 'neo4j' with default password 'neo4j'. -You'll then be prompted to change the password. +. Connect using the username `neo4j` with the default password `neo4j`. +You will then be prompted to change the password. . Stop the server by typing `Ctrl-C` in the console. From f9c7aa005b28576e3cec2fd8d9ebe2a6d2189102 Mon Sep 17 00:00:00 2001 From: Neil Dewhurst Date: Tue, 10 Jan 2023 13:07:02 +0100 Subject: [PATCH 070/876] Dev-remove-not-in-nav (#258) Deletes pages from the repo that aren't in the navigation. Also adds a script to check for unlisted pages to prevent them from being published. --- modules/ROOT/images/routing-decisions.svg | 12 - .../pages/backup-restore/prepare-restore.adoc | 66 -- .../pages/clustering-advanced/embedded.adoc | 17 - .../ROOT/pages/clustering-advanced/index.adoc | 22 - .../pages/clustering-advanced/lifecycle.adoc | 220 ------ .../multi-data-center/configuration.adoc | 231 ------ .../multi-data-center/design.adoc | 203 ----- .../multi-data-center/disaster-recovery.adoc | 95 --- .../multi-data-center/index.adoc | 43 -- .../multi-data-center/load-balancing.adoc | 245 ------ modules/ROOT/pages/clustering/deploy.adoc | 439 ----------- modules/ROOT/pages/clustering/discovery.adoc | 93 --- modules/ROOT/pages/clustering/internals.adoc | 210 ----- .../clustering/intra-cluster-encryption.adoc | 155 ---- .../configuration/network-architecture.adoc | 13 - .../community-edition.adoc | 154 ---- .../enterprise-edition.adoc | 717 ----------------- .../deprecated-security-procedures/index.adoc | 20 - modules/ROOT/pages/fabric/configuration.adoc | 273 ------- modules/ROOT/pages/fabric/considerations.adoc | 43 -- modules/ROOT/pages/fabric/index.adoc | 14 - modules/ROOT/pages/fabric/introduction.adoc | 76 -- modules/ROOT/pages/fabric/queries.adoc | 221 ------ .../ROOT/pages/fabric/sharding-with-copy.adoc | 105 --- .../causal-cluster/http-endpoints.adoc | 236 ------ .../monitoring/causal-cluster/index.adoc | 20 - .../monitoring/causal-cluster/procedures.adoc | 156 ---- .../monitoring/individual-db-states.adoc | 177 ----- modules/ROOT/pages/routing-decisions.adoc | 52 -- modules/ROOT/pages/tools/cli-commands.adoc | 96 --- .../tutorial/causal-backup-restore-db.adoc | 357 --------- .../ROOT/pages/tutorial/fabric-tutorial.adoc | 723 ------------------ .../pages/tutorial/local-causal-cluster.adoc | 311 -------- package.json | 1 + preview.yml | 1 + publish.yml | 1 + 36 files changed, 3 insertions(+), 5815 deletions(-) delete mode 100644 modules/ROOT/images/routing-decisions.svg delete mode 100644 modules/ROOT/pages/backup-restore/prepare-restore.adoc delete mode 100644 modules/ROOT/pages/clustering-advanced/embedded.adoc delete mode 100644 modules/ROOT/pages/clustering-advanced/index.adoc delete mode 100644 modules/ROOT/pages/clustering-advanced/lifecycle.adoc delete mode 100644 modules/ROOT/pages/clustering-advanced/multi-data-center/configuration.adoc delete mode 100644 modules/ROOT/pages/clustering-advanced/multi-data-center/design.adoc delete mode 100644 modules/ROOT/pages/clustering-advanced/multi-data-center/disaster-recovery.adoc delete mode 100644 modules/ROOT/pages/clustering-advanced/multi-data-center/index.adoc delete mode 100644 modules/ROOT/pages/clustering-advanced/multi-data-center/load-balancing.adoc delete mode 100644 modules/ROOT/pages/clustering/deploy.adoc delete mode 100644 modules/ROOT/pages/clustering/discovery.adoc delete mode 100644 modules/ROOT/pages/clustering/internals.adoc delete mode 100644 modules/ROOT/pages/clustering/intra-cluster-encryption.adoc delete mode 100644 modules/ROOT/pages/configuration/network-architecture.adoc delete mode 100644 modules/ROOT/pages/deprecated-security-procedures/community-edition.adoc delete mode 100644 modules/ROOT/pages/deprecated-security-procedures/enterprise-edition.adoc delete mode 100644 modules/ROOT/pages/deprecated-security-procedures/index.adoc delete mode 100644 modules/ROOT/pages/fabric/configuration.adoc delete mode 100644 modules/ROOT/pages/fabric/considerations.adoc delete mode 100644 modules/ROOT/pages/fabric/index.adoc delete mode 100644 modules/ROOT/pages/fabric/introduction.adoc delete mode 100644 modules/ROOT/pages/fabric/queries.adoc delete mode 100644 modules/ROOT/pages/fabric/sharding-with-copy.adoc delete mode 100644 modules/ROOT/pages/monitoring/causal-cluster/http-endpoints.adoc delete mode 100644 modules/ROOT/pages/monitoring/causal-cluster/index.adoc delete mode 100644 modules/ROOT/pages/monitoring/causal-cluster/procedures.adoc delete mode 100644 modules/ROOT/pages/monitoring/individual-db-states.adoc delete mode 100644 modules/ROOT/pages/routing-decisions.adoc delete mode 100644 modules/ROOT/pages/tools/cli-commands.adoc delete mode 100644 modules/ROOT/pages/tutorial/causal-backup-restore-db.adoc delete mode 100644 modules/ROOT/pages/tutorial/fabric-tutorial.adoc delete mode 100644 modules/ROOT/pages/tutorial/local-causal-cluster.adoc diff --git a/modules/ROOT/images/routing-decisions.svg b/modules/ROOT/images/routing-decisions.svg deleted file mode 100644 index eb62ab714..000000000 --- a/modules/ROOT/images/routing-decisions.svg +++ /dev/null @@ -1,12 +0,0 @@ - - - - - - - - - - - - diff --git a/modules/ROOT/pages/backup-restore/prepare-restore.adoc b/modules/ROOT/pages/backup-restore/prepare-restore.adoc deleted file mode 100644 index 356099120..000000000 --- a/modules/ROOT/pages/backup-restore/prepare-restore.adoc +++ /dev/null @@ -1,66 +0,0 @@ -[role=enterprise-edition] -[[prepare-restore]] -= Prepare a database for restoring -:description: This section describes how to apply the latest transactions pulled at the backup time but not yet applied to the store. - -[[prepare-restore-command]] -== Command - -If the `--prepare-restore` option is disabled when you xref:backup-restore/online-backup.adoc[back up your database], your store may not contain the latest transactions pulled at backup time. -In this case, you have to run the `--neo4j-admin prepare-restore` command to apply those transactions to the store, before you can restore your data. - -[[prepare-restore-syntax]] -=== Syntax - -[source,role=noheader] ----- -neo4j-admin prepare-restore --target=[,...]... - [--verbose] - [--expand-commands] - [--parallel-recovery] ----- - -[[prepare-restore-options]] -=== Options - -[options="header",cols="m,m,a"] -|=== -| Option -| Default -| Description - -| --target -| -| A path to the backup that is going to be prepared for restoring. -A path can contain asterisks or question marks in the last subpath but must not contain commas. -Multiple paths are separated by a comma. - -| --verbose -| -| Enable verbose output. - -| --expand-commands -| -| Allow command expansion in config value evaluation. - -| --parallel-recovery -| false -| Allow multiple threads to apply transactions to a backup in parallel. -For some databases and workloads, this may reduce execution times significantly. -[NOTE] -==== -`parallel-recovery` is an experimental option. -Consult Neo4j support before use. -==== -|=== - - -[[prepare-restore-example]] -== Example - -The following is an example of preparing your database backup, created in the section xref:backup-restore/online-backup.adoc#online-backup-example[Back up an online database], for restoring, using the `neo4j-admin prepare-restore` command. - -[source,shell] ----- -bin/neo4j-admin prepare-restore --target=/mnt/backups/neo4j ----- diff --git a/modules/ROOT/pages/clustering-advanced/embedded.adoc b/modules/ROOT/pages/clustering-advanced/embedded.adoc deleted file mode 100644 index 297f346bf..000000000 --- a/modules/ROOT/pages/clustering-advanced/embedded.adoc +++ /dev/null @@ -1,17 +0,0 @@ -[role=enterprise-edition] -[[causal-clustering-embedded]] -= Embedded usage -:description: This section describes how to embed a Neo4j Causal Cluster in your application. - -For users coming to Causal Clustering from Neo4j HA embedded, there are a small number of changes required. -The Neo4j routing driver is used for routing and load balancing queries in server deployments (other setups are possible with 3rd party load balancers). - -The driver also handles bookmarks, which are essential for causal consistency, and as such is a fundamental part of the Causal Clustering architecture. -In an embedded deployment the driver can be used either for routing queries externally from another application into the embedded cluster, or using an embedded driver internally within the cluster. - -The workload must be comprised, in its entirety, of Cypher statements. -If your workload depends on the Java Core API for writing, then you have to package those pieces as procedures which are (remotely) invoked using Cypher, via the driver. -Read-only queries can still access the Core API directly. - -[NOTE] -For a detailed tutorial on how to embed Neo4j in your Java application, see link:{neo4j-docs-base-uri}/java-reference/4.4/java-embedded/setup#java-embedded-setup[Neo4j Java Reference -> Including Neo4j in your project]. diff --git a/modules/ROOT/pages/clustering-advanced/index.adoc b/modules/ROOT/pages/clustering-advanced/index.adoc deleted file mode 100644 index 994928e13..000000000 --- a/modules/ROOT/pages/clustering-advanced/index.adoc +++ /dev/null @@ -1,22 +0,0 @@ -[appendix] -[role=enterprise-edition] -[[clustering-advanced]] -= Advanced Causal Clustering -:description: This appendix describes advanced features of Neo4j Causal Clustering. - -This section includes information about advanced deployments and configuration options for multi-data center operations. - -* xref:clustering-advanced/lifecycle.adoc[Causal Clustering lifecycle] -- A walk-through of the lifecycle of a cluster. -* xref:clustering-advanced/multi-data-center/index.adoc[Multi-data center] -- Overview of the multi-data center section. -** xref:clustering-advanced/multi-data-center/index.adoc#multi-dc-licensing[Licensing for multi-data center operations] -- Information about licensing for multi-data center operations. -** xref:clustering-advanced/multi-data-center/design.adoc[Multi-data center design] -- Patterns for multi-data center deployments. -** xref:clustering-advanced/multi-data-center/configuration.adoc[Multi-data center operations] -- Configuration options for multi-data center deployments. -** xref:clustering-advanced/multi-data-center/load-balancing.adoc[Multi-data center load balancing] -- Configuration options for making client applications aware of multi-data center topologies. -** xref:clustering-advanced/multi-data-center/disaster-recovery.adoc[Data center disaster recovery] -- How to recover a cluster to full working capability after data center loss. -* xref:clustering-advanced/embedded.adoc[Embedded usage] -- How to embed a Neo4j Causal Cluster in your application. - -For details on the configuration and operation of a Neo4j Causal Cluster, see xref:clustering/index.adoc[Clustering]. - -For descriptions of settings related to running a Neo4j Causal Cluster, see xref:clustering/settings.adoc[Settings reference]. - - diff --git a/modules/ROOT/pages/clustering-advanced/lifecycle.adoc b/modules/ROOT/pages/clustering-advanced/lifecycle.adoc deleted file mode 100644 index 681b3505a..000000000 --- a/modules/ROOT/pages/clustering-advanced/lifecycle.adoc +++ /dev/null @@ -1,220 +0,0 @@ -[role=enterprise-edition] -[[causal-clustering-lifecycle]] -= Causal Clustering lifecycle -:description: This section describes the lifecycle of a Neo4j Causal Cluster. - -This section includes: - -* xref:clustering-advanced/lifecycle.adoc#causal-clustering-lifecycle-introduction[Introduction] -* xref:clustering-advanced/lifecycle.adoc#causal-clustering-discovery-protocol[Discovery protocol] -* xref:clustering-advanced/lifecycle.adoc#causal-clustering-lifecycle-core-membership[Core membership] -* xref:clustering-advanced/lifecycle.adoc#causal-clustering-lifecycle-rr-membership[Read Replica membership] -* xref:clustering-advanced/lifecycle.adoc#causal-clustering-transacting-via-raft-protocol[Transacting via the Raft protocol] -* xref:clustering-advanced/lifecycle.adoc#causal-clustering-catchup-protocol[Catchup protocol] -* xref:clustering-advanced/lifecycle.adoc#causal-clustering-rr-shutdown[Read Replica shutdown] -* xref:clustering-advanced/lifecycle.adoc#causal-clustering-core-shutdown[Core shutdown] - - -[[causal-clustering-lifecycle-introduction]] -== Introduction - -In this section we will develop some deeper knowledge of how the cluster operates. -By developing our understanding of how the cluster works we will be better equipped to design, deploy, and troubleshoot our production systems. - -Our in-depth tour will follow the lifecycle of a cluster. -We will boot a Core cluster and pick up key architectural foundations as the cluster forms and transacts. -We will then add in Read Replicas and show how they bootstrap join the cluster and then catchup and remain caught up with the Core Servers. -We will then see how backup is used in live cluster environments before shutting down Read Replicas and Core Servers. - - -[[causal-clustering-discovery-protocol]] -== Discovery protocol - -The discovery protocol is the first step in forming a Causal Cluster. -It takes in some information about existing _Core_ cluster servers, and uses this to initiate a network join protocol. - -image::causal-clustering-discovery.svg[title="Causal Cluster discovery protocol: Core-to-Core or Read Replica-to-Core only.", role="middle"] - -Using this information, the server will either join an existing cluster or form one of its own. - -[NOTE] -==== -The discovery protocol targets Core Servers only regardless of whether it is a Core Server or Read Replica performing discovery. -It is because we expect Read Replicas to be both numerous and, relatively speaking, transient whereas Core Servers will likely be fewer in number and relatively stable over time. -==== - -The discovery protocol takes information from `xref:reference/configuration-settings.adoc#config_causal_clustering.initial_discovery_members[causal_clustering.initial_discovery_members]` in xref:configuration/file-locations.adoc[_neo4j.conf_], which lists which IP addresses and ports that form the cluster on startup. -Detailed information about discovery and discovery configuration options is given in the xref:clustering/discovery.adoc[Initial discovery of cluster members] section. -When consuming this information, the server will try to handshake with the other listed servers. -On successful handshake with another server (or servers), the current server will discover the whole current topology. - -The discovery protocol continues to run throughout the lifetime of the Causal Cluster and is used to maintain the current state of available servers and to help clients route queries to an appropriate server via the client-side xref:introduction.adoc#intro-drivers[drivers]. - -//=== Discovery protocol implementation - -//The discovery service is implemented using one out of two third-party middleware systems: https://hazelcast.org/documentation/[_Hazelcast_] or https://akka.io/docs/[_Akka_]. - -//Only the Akka-based implementation supports <> of the discovery protocol. -//Causal Clusters running a version of Neo4j prior to v3.5.0 can only use the Hazelcast-based implementation. - -//It is possible to switch from one implementation to the other. -//This requires the cluster to be taken offline and the configuration parameter to be changed, before starting up the cluster again. -//For new clusters, the Akka-based implementation is recommended. - -//The implementation can be selected using the `<>` parameter. -//Valid values are: `hazelcast` (default) and `akka`. - - -[[causal-clustering-lifecycle-core-membership]] -== Core membership - -If it is a Core Server that is performing discovery, once it has made a connection to the one of the existing Core Servers, it then joins the Raft protocol. -Each database is replicated by a logically separate Raft group, so the process below is repeated for every one. - -[NOTE] -==== -Raft is a distributed algorithm for maintaining a consistent log across multiple shared-nothing servers designed by Diego Ongaro for his 2014 Ph.D. thesis. -See the https://raft.github.io/slides/linkedin2014.pdf[Raft thesis] for details. -==== - -Raft handles cluster membership by making it a normal part of keeping a distributed log in sync. -Joining a cluster involves the insertion of a cluster membership entry into the Raft log which is then reliably replicated around the existing cluster. -Once that entry is applied to enough members of the Raft consensus group (those machines running the specific instance of the algorithm), they update their view of the cluster to include the new server. -Thus membership changes benefit from the same safety properties as other data transacted via Raft (see xref:clustering-advanced/lifecycle.adoc#causal-clustering-transacting-via-raft-protocol[Transacting via the Raft protocol] for more information). - -The new Core Server must also catch up its own Raft logs with respect to the other Core Servers as it initializes its internal Raft instance. -This is the normal case when a cluster is first booted and has performed few operations. -There will be a delay before the new Core Server becomes available if it also needs to catch up (as per xref:clustering-advanced/lifecycle.adoc#causal-clustering-catchup-protocol[Catchup protocol]) graph data from other servers. -This is the normal case for a long lived cluster where the servers holds a great deal of graph data. - -Where a joining Neo4j instance has databases whose names match databases which already exist in the cluster, the database stores on the joining instance must be the same as their counterparts on cluster members (although they are allowed to be in previous states). -For example, if a cluster contains a database named _products_, a new instance may join with a backup of _products_, but not a database named _products_ with different contents. -A new instance may also join a cluster if it does not contain any matching databases. - -The described catchup process is repeated for each database which exists in the cluster. - -[[causal-clustering-lifecycle-rr-membership]] -== Read Replica membership - -When a Read Replica performs discovery, once it has made a connection to any of the available Core clusters it proceeds to add itself into a shared whiteboard. - -image::read-replica-discovery.svg[title="All Read Replicas registered with shared whiteboard.", role="middle"] - -This whiteboard provides a view of all live Read Replicas and is used both for routing requests from database drivers that support end-user applications and for monitoring the state of the cluster. - -The Read Replicas are not involved in the Raft protocol, nor are they able to influence cluster topology. -Hence a shared whiteboard outside of Raft comfortably scales to very large numbers of Read Replicas. - -The whiteboard is kept up to date as Read Replicas join and leave the cluster, even if they fail abruptly rather than leaving gracefully. - - -[[causal-clustering-transacting-via-raft-protocol]] -== Transacting via the Raft protocol - -Once bootstrapped, each Core Server spends its time processing database transactions. -Updates are reliably replicated around Core Servers via the Raft protocol. -Updates appear in the form of a (committed) Raft log entry containing transaction commands which is subsequently applied to update the database. - -[NOTE] -==== -One of Raft's primary design goals is to be easily understandable so that there are fewer places for tricky bugs to hide in implementations. -As a side-effect, it is also possible for database operators to reason about their Core Servers in their Causal Clusters. -==== - -The Raft Leader for the current term (a logical clock) appends the transaction (an 'entry' in Raft terminology) to the head of its local log and asks the other instances to do the same. -When the Leader can see that a majority instances have appended the entry, it can be considered committed into the Raft log. -The client application can now be informed that the transaction has safely committed since there is sufficient redundancy in the system to tolerate any (non-pathological) faults. - -[NOTE] -==== -The Raft protocol describes three roles that an instance can be playing: _Leader_, _Follower_, and _Candidate_. -These are transient roles and any Core Server can expect to play them throughout the lifetime of a cluster. -While it is interesting from a computing science point of view to understand those states, operators should not be overly concerned: they are an implementation detail. -==== - -[NOTE] -==== -As each database operates within a logically separate Raft group, a core server can have multiple roles: one for each database. -For example, it may be the _Leader_ for database `system` and at the same time be a _Follower_ for database `neo4j`. - -==== - -For safety, within any Raft protocol instance there is only one Leader able to make forward progress in any given term. -The Leader bears the responsibility for imposing order on Raft log entries and driving the log forward with respect to the _Followers_. - -Followers maintain their logs with respect to the current Leader's log. -Should any participant in the cluster suspect that the Leader has failed (not receiving new entries or heartbeats), then they can instigate a leadership election by entering the _Candidate_ state. -In Neo4j Core Servers this failure detection window is set by default above 20s to enable more stable leaders. - -Whichever instance is in the best state (including the existing Leader, if it remains available) can emerge from the election as Leader. -The "best state" for a Leader is decided by highest term, then by longest log, then by highest committed entry. - -The ability to fail over roles without losing data allows forward progress even in the event of faults. -Even where Raft instances fail, the protocol can rapidly piece together which of the remaining instances is best placed to take over from the failed instance (or instances) *without data loss*. -This is the essence of a _non-blocking_ consensus protocol which allows Neo4j Causal Clustering to provide continuous availability to applications. - - -[[causal-clustering-catchup-protocol]] -== Catchup protocol - -Read Replicas spend their time concurrently processing graph queries and applying a stream of transactions from the Core Servers to update their local graph store. - -image::read-replica-tx-polling.svg[title="Transactions shipped from Core to Read Replica.", role="middle"] - -Updates from Core Servers to Read Replicas are propagated by transaction shipping. -Transaction shipping is instigated by Read Replicas frequently _polling_ any of the Core Servers specifying the ID of the last transaction they received and processed. -The frequency of polling is an operational choice. - -[NOTE] -==== -Neo4j transaction IDs are strictly monotonic integer values (they always increase). -This makes it possible to determine whether or not a transaction has been applied to a Read Replica by comparing its last processed transaction ID with that of a Core Server. -==== - -If there is a large difference between an Read Replica's transaction history and that of a Core Server, polling may not result in any transactions being shipped. -This is quite expected, for example when a new Read Replica is introduced to a long-running cluster or where a Read Replica has been down for some significant period of time. -In such cases the catchup protocol will realize the gap between the Core Servers and Read Replica is too large to fill via transaction shipping and will fall back to copying the database store directly from Core Server to Read Replica. -Since we are working with a live system, at the end of the database store copy the Core Server's database is likely to have changed. -The Read Replica completes the catchup by asking for any transactions missed during the copy operation before becoming available. - -[NOTE] -==== -A very slow database store copy could conceivably leave the Read Replica too far behind to catch up via transaction log shipping as the Core Server has substantially moved on. -In such cases the Read Replica server repeats the catchup protocol. -In pathological cases the operator can intervene to snapshot, restore, or file copy recent store files from a fast backup. -==== - - -[[causal-clustering-rr-shutdown]] -== Read Replica shutdown - -On clean shutdown, a Read Replica will invoke the discovery protocol to remove itself from the shared whiteboard overview of the cluster. -It will also ensure that the database is cleanly shutdown and consistent, immediately ready for future use. - -On an unclean shutdown such as a power outage, the Core Servers maintaining the overview of the cluster will notice that the Read Replica's connection has been abruptly been cut. -The discovery machinery will initially hide the Read Replica's whiteboard entry, and if the Read Replica does not reappear quickly its modest memory use in the shared whiteboard will be reclaimed. - -On unclean shutdown it is possible the Read Replica will not have entirely consistent store files or transaction logs. -On subsequent reboot the Read Replica will rollback any partially applied transactions such that the database is in a consistent state. - - -[[causal-clustering-core-shutdown]] -== Core shutdown - -A shutdown of a Core Server, like Core Server booting, is handled via the Raft protocol. -When a member is shutdown, either cleanly or by force, it will eventually be voted out from the Raft group. -All remaining instances accept that the cluster has grown smaller, and is therefore less fault tolerant. -For any databases where the leaver was playing the _Leader_ role, each of those leaderships will be transferred to other Core Servers. -Once the new Leader is established, the Core cluster continues albeit with less redundancy. - -If more members than the current fault tolerance leaves the cluster within a very short time period, the cluster cannot proceed and will lose quorum. -However, if members are gradually lost, the cluster may have time to reduce the size of the cluster. -A Core cluster of 5 members reduced to 3 can still continue operate normally with a fault tolerance reduced from 2 to 0. -After the Raft protocol votes out the lost members which reduces the cluster size to 3, our fault tolerance has been increased from 0 to 1, and can lose yet another member and keep operating. -This is because the Raft protocol has had time to vote out the lost members, and changed the cluster size of 5 (fault tolerance of 2) to 3 (fault tolerance of 1). - -[NOTE] -==== -Raft may only reduce a cluster size to the configured xref:reference/configuration-settings.adoc#config_causal_clustering.minimum_core_cluster_size_at_runtime[causal_clustering.minimum_core_cluster_size_at_runtime]. -Once the cluster has reached this size, it will stop voting out members. -==== diff --git a/modules/ROOT/pages/clustering-advanced/multi-data-center/configuration.adoc b/modules/ROOT/pages/clustering-advanced/multi-data-center/configuration.adoc deleted file mode 100644 index 9c1e8f936..000000000 --- a/modules/ROOT/pages/clustering-advanced/multi-data-center/configuration.adoc +++ /dev/null @@ -1,231 +0,0 @@ -[role=enterprise-edition] -[[multi-dc-configuration]] -= Multi-data center operations -:description: This section shows how to configure Neo4j servers so that they are topology/data center-aware. It describes the precise configuration needed to achieve a scalable multi-data center deployment. - -This section describes the following: - -* xref:clustering-advanced/multi-data-center/configuration.adoc#multi-dc-configuration-enable-multi-data-center-operations[Enable multi-data center operations] -* xref:clustering-advanced/multi-data-center/configuration.adoc#causal-clustering-multi-dc-server-groups[Server groups] -* xref:clustering-advanced/multi-data-center/configuration.adoc#multi-dc-configuration-strategy-plugins[Strategy plugins] -** xref:clustering-advanced/multi-data-center/configuration.adoc#programmatically-specify-rules[Configuring upstream selection strategy using pre-defined strategies] -** xref:clustering-advanced/multi-data-center/configuration.adoc#configuration-user-defined-strategy[Configuring user-defined strategies] -** xref:clustering-advanced/multi-data-center/configuration.adoc#build-your-own-strategy-plugin[Building upstream strategy plugins using Java] -** xref:clustering-advanced/multi-data-center/configuration.adoc#favoring-data-centers[Favoring data centers] - - -[[multi-dc-configuration-enable-multi-data-center-operations]] -== Enable multi-data center operations - -Before doing anything else, we must enable the multi-data center functionality. -This is described in xref:clustering-advanced/multi-data-center/index.adoc#multi-dc-licensing[Licensing for multi-data center operations]. - -[NOTE] -.Licensing for multi-data center -==== -The multi-data center functionality is separately licensed and must be specifically enabled. -==== - -[[causal-clustering-multi-dc-server-groups]] -== Server groups - -In order to optimize the use of our Causal Cluster servers according to our specific requirements, we sort them into _Server Groups_. -Server Group membership can map to data centers, availability zones, or any other significant topological elements from the operator's domain. -Server Groups can also overlap. - -Server Groups are defined as a key that maps onto a set of servers in a Causal Cluster. -Server Group membership is defined on each server using the `xref:reference/configuration-settings.adoc#config_causal_clustering.server_groups[causal_clustering.server_groups]` parameter in _neo4j.conf_. -Each server in a Causal Cluster can belong to zero or more server groups. - -.Definition of Server Group membership -==== - -The membership of a server group or groups can be set in _neo4j.conf_ as in the following examples: - -[source, properties] ----- -# Add the current instance to the groups `us` and `us-east` -causal_clustering.server_groups=us,us-east ----- - -[source, properties] ----- -# Add the current instance into the group `london` -causal_clustering.server_groups=london ----- -[source, properties] ----- -# Add the current instance into the group `eu` -causal_clustering.server_groups=eu ----- - -We must be aware that membership of each server group is explicit. -For example, a server in the `gb-london` group is not automatically part of some `gb` or `eu` group unless that server is explicitly added to those groups. -That is, any (implied) relationship between groups is reified only when those groups are used as the basis for requesting data from upstream systems. -==== - -Server Groups are not mandatory, but unless they are present, we cannot set up specific upstream transaction dependencies for servers. -In the absence of any specified server groups, the cluster defaults to its most pessimistic fall-back behavior: each Read Replica will catch up from a random Core Server. - - -[[multi-dc-configuration-strategy-plugins]] -== Strategy plugins - -_Strategy plugins_ are sets of rules that define how Read Replicas contact servers in the cluster in order to synchronize transaction logs. -Neo4j comes with a set of pre-defined strategies, and also provides a Design Specific Language, _DSL_, to flexibly create user-defined strategies. -Finally, Neo4j supports an API which advanced users may use to enhance upstream recommendations. - - -Once a strategy plugin resolves a satisfactory upstream server, it is used for pulling transactions to update the local Read Replica for a single synchronization. -For subsequent updates, the procedure is repeated so that the most preferred available upstream server is always resolved. - - -[[programmatically-specify-rules]] -=== Configuring upstream selection strategy using pre-defined strategies - -Neo4j ships with the following pre-defined strategy plugins. -These provide coarse-grained algorithms for choosing an upstream instance: - -[options="header",width="100%",cols="1,1"] -|=== -| Plugin name | Resulting behavior -| `connect-to-random-core-server` | Connect to any *Core Server* selecting at random from those currently available. -| `typically-connect-to-random-read-replica` | Connect to any available *Read Replica*, but around 10% of the time connect to any random Core Server. -| `connect-randomly-to-server-group` | Connect at random to any available *Read Replica* in any of the server groups specified in the comma-separated list `causal_clustering.connect-randomly-to-server-group`. -| `leader-only` | Connect only to the current Raft leader of the Core Servers. -| [deprecated]#`connect-randomly-within-server-group`# | [deprecated]#Connect at random to any available *Read Replica* in any of the server groups to which this server belongs. - Deprecated, please use `connect-randomly-to-server-group`.# -|=== - -Pre-defined strategies are used by configuring the xref:reference/configuration-settings.adoc#config_causal_clustering.upstream_selection_strategy[`causal_clustering.upstream_selection_strategy`] option. -Doing so allows us to specify an ordered preference of strategies to resolve an upstream provider of transaction data. -We provide a comma-separated list of strategy plugin names with preferred strategies earlier in that list. -The upstream strategy is chosen by asking each of the strategies in list-order whether they can provide an upstream server from which transactions can be pulled. - -.Define an upstream selection strategy -==== -Consider the following configuration example: - -[source, properties] ----- -causal_clustering.upstream_selection_strategy=connect-randomly-to-server-group,typically-connect-to-random-read-replica ----- - -With this configuration the instance will first try to connect to any other instance in the group(s) specified in `causal_clustering.connect-randomly-to-server-group`. -Should we fail to find any live instances in those groups, then we will connect to a random Read Replica. - -[[img-pipeline-of-strategies]] -image::pipeline-of-strategies.svg[title="The first satisfactory response from a strategy will be used.", role="middle"] - -To ensure that downstream servers can still access live data in the event of upstream failures, the last resort of any instance is always to contact a random Core Server. -This is equivalent to ending the `causal_clustering.upstream_selection_strategy` configuration with `connect-to-random-core-server`. - -==== - - -[[configuration-user-defined-strategy]] -=== Configuring user-defined strategies - -Neo4j Causal Clusters support a small DSL for the configuration of xref:clustering-advanced/multi-data-center/load-balancing.adoc[client-cluster load balancing]. -This is described in detail in xref:clustering-advanced/multi-data-center/load-balancing.adoc#causal-clustering-multi-dc-policy-definitions[Policy definitions] and xref:clustering-advanced/multi-data-center/load-balancing.adoc#causal-clustering-multi-dc-filters[Filters]. -The same DSL is used to describe preferences for how an instance binds to another instance to request transaction updates. - -The DSL is made available by selecting the `user-defined` strategy as follows: - -[source, properties] ----- -causal_clustering.upstream_selection_strategy=user-defined ----- - -Once the user-defined strategy has been specified, we can add configuration to the xref:reference/configuration-settings.adoc#config_causal_clustering.user_defined_upstream_strategy[`causal_clustering.user_defined_upstream_strategy`] setting based on the server groups that have been set for the cluster. - -We will describe this functionality with two examples: - -.Defining a user-defined strategy -==== - -For illustrative purposes we propose four regions: `north`, `south`, `east`, and `west` and within each region we have a number of data centers such as `north1` or `west2`. -We configure our server groups so that each data center maps to its own server group. -Additionally we will assume that each data center fails independently from the others and that a region can act as a supergroup of its constituent data centers. -So an instance in the `north` region might have configuration like `causal_clustering.server_groups=north2,north` which puts it in two groups that match to our physical topology as shown in the diagram below. - -[[img-nesw-regions-and-dcs]] -image::nesw-regions-and-dcs.svg[title="Mapping regions and data centers onto server groups", role="middle"] - -Once we have our server groups, our next task is to define some upstream selection rules based on them. -For our design purposes, let's say that any instance in one of the `north` region data centers prefers to catchup within the data center if it can, but will resort to any northern instance otherwise. -To configure that behavior we add: - -[source, properties] ----- -causal_clustering.user_defined_upstream_strategy=groups(north2); groups(north); halt() ----- - -The configuration is in precedence order from left to right. -The `groups()` operator yields a server group from which to catch up. -In this case only if there are no servers in the `north2` server group will we proceed to the `groups(north)` rule which yields any server in the `north` server group. -Finally, if we cannot resolve any servers in any of the previous groups, then we will stop the rule chain via `halt()`. - -Note that the use of `halt()` will end the rule chain explicitly. -If we don't use `halt()` at the end of the rule chain, then the `all()` rule is implicitly added. -`all()` is expansive: it offers up all servers and so increases the likelihood of finding an available upstream server. -However `all()` is indiscriminate and the servers it offers are not guaranteed to be topologically or geographically local, potentially increasing the latency of synchronization. - -==== - -The example above shows a simple hierarchy of preferences. -But we can be more sophisticated if we so choose. -For example we can place conditions on the server groups from which we catch up. - -.User-defined strategy with conditions -==== - -In this example we wish to roughly qualify cluster health before choosing from where to catch up. -For this we use the `min()` filter as follows: - -[source, properties] ----- -causal_clustering.user_defined_upstream_strategy=groups(north2)->min(3), groups(north)->min(3); all(); ----- - -`groups(north2)\->min(3)` states that we want to catch up from the `north2` server group if it has three available machines, which we here take as an indicator of good health. -If `north2` can't meet that requirement (is not healthy enough) then we try to catch up from any server across the `north` region provided there are at least three of them available as per `groups(north)\->min(3)`. -Finally, if we cannot catch up from a sufficiently healthy `north` region, then we'll (explicitly) fall back to the whole cluster with `all()`. - -The `min()` filter is a simple but reasonable indicator of server group health. -==== - - -[[build-your-own-strategy-plugin]] -=== Building upstream strategy plugins using Java - -Neo4j supports an API which advanced users may use to enhance upstream recommendations in arbitrary ways: load, subnet, machine size, or anything else accessible from the JVM. -In such cases we are invited to build our own implementations of `org.neo4j.causalclustering.readreplica.UpstreamDatabaseSelectionStrategy` to suit our own needs, and register them with the strategy selection pipeline just like the pre-packaged plugins. - -We have to override the `org.neo4j.causalclustering.readreplica.UpstreamDatabaseSelectionStrategy#upstreamDatabase()` method in our code. -Overriding that class gives us access to the following items: - -[options="header"] -|=== -| Resource | Description -| `org.neo4j.causalclustering.discovery.TopologyService` | This is a directory service which provides access to the addresses of all servers and server groups in the cluster. -| `org.neo4j.kernel.configuration.Config` | This provides the configuration from _neo4j.conf_ for the local instance. -Configuration for our own plugin can reside here. -| `org.neo4j.causalclustering.identity.MemberId` | This provides the unique cluster `MemberId` of the current instance. -|=== - -Once our code is written and tested, we have to prepare it for deployment. -`UpstreamDatabaseSelectionStrategy` plugins are loaded via the Java Service Loader. -This means when we package our code into a jar file, we'll have to create a file _META-INF.services/org.neo4j.causalclustering.readreplica.UpstreamDatabaseSelectionStrategy_ in which we write the fully qualified class name(s) of the plugins, e.g. `org.example.myplugins.PreferServersWithHighIOPS`. - -To deploy this jar into the Neo4j server we copy it into the xref:configuration/file-locations.adoc[_plugins_] directory and restart the instance. - -[[favoring-data-centers]] -=== Favoring data centers - -In a multi-DC scenario, while it remains a rare occurrence, it is possible to bias where writes for the specified database should be directed. -We can apply `causal_clustering.leadership_priority_group` to specify a group of servers which should have priority when selecting the leader for a given database. -The priority group can be set on one or multiple databases and it means that the cluster will attempt to keep the leadership for the configured database on an instance tagged with the configured server group. - -A database for which `leadership_priority_group` has been configured will be excluded from the automatic balancing of leaderships across a cluster. -It is therefore recommended to not use this configuration unless it is necessary. diff --git a/modules/ROOT/pages/clustering-advanced/multi-data-center/design.adoc b/modules/ROOT/pages/clustering-advanced/multi-data-center/design.adoc deleted file mode 100644 index 6862f27c8..000000000 --- a/modules/ROOT/pages/clustering-advanced/multi-data-center/design.adoc +++ /dev/null @@ -1,203 +0,0 @@ -[role=enterprise-edition] -[[multi-dc-design]] -= Multi-data center design -:description: This section describes common patterns for multi-data center deployments that can act as building blocks for your own multi-data center production environments. - -This section describes the following: - -* xref:clustering-advanced/multi-data-center/design.adoc#multi-dc-design-introduction[Introduction] -* xref:clustering-advanced/multi-data-center/design.adoc#multi-dc-core-server-deployment-scenarios[Core Server deployment scenarios] -* xref:clustering-advanced/multi-data-center/design.adoc#multi-dc-allowing-read-replicas-to-catch-up-from-other-read-replicas[Allowing Read Replicas to catch up from other Read Replicas] -** xref:clustering-advanced/multi-data-center/design.adoc#multi-dc-hierarchical-read-replica-deployment[Hierarchical Read Replica deployment] -** xref:clustering-advanced/multi-data-center/design.adoc#multi-dc-catch-up-from-peer-read-replicas[Catch up (mostly) from peer Read Replicas] -** xref:clustering-advanced/multi-data-center/design.adoc#multi-dc-maintaining-causal-consistency-in-scale-out-topologies[Maintaining causal consistency in scale-out topologies] - - -[[multi-dc-design-introduction]] -== Introduction - -This section is based on a series of examples to illustrate the different considerations we should take into account when designing our Causal Cluster for a multi-data center environment. -We'll come to understand the weaknesses and benefits of common multi-data center deployment scenarios. -Each scenario is presented at a high architectural level for clarity. -In subsequent sections we will go into more detail on how such deployments are configured. - - -[[multi-dc-core-server-deployment-scenarios]] -== Core Server deployment scenarios - -We will start with the conceptually simplest multi-data center scenario where we deploy the same number and kind of instances into each DC. -This is a _homogeneous_ deployment because each data center is identical to the other. - -.Homogeneous three data center deployment -==== - -[[img-3-dc-homogeneous]] -image::3-dc-homogeneous.svg[title="Homogeneous deployment across three data centers with one Core instance in each", role="middle"] - -In diagram above we have three data centers, each identically equipped with a single Core Server and a small number of Read Replicas. - -Since Raft only requires a majority of the instances to acknowledge a write before it is safely committed, the latency of the commit path for this pattern involves only the two fastest data centers. -As such the cost of committing to this setup is two WAN messages: one to send the transaction and one ACK message. -In a non-failure case the other data center will not be far behind and will apply the transaction as well. - -Within each of the data centers we can increase machine-level redundancy by adding more Core instances. -For example we could add two more machines in each data center so that we can tolerate the spontaneous loss of up to four machines anywhere in the cluster or a single data center as a whole. - - -[[img-3-dc-homogeneous-3-core]] -image::3-dc-homogeneous-3-core.svg[title="Homogeneous deployment across three data centers with three Core instances in each", role="middle"] - -To recap the strengths and weaknesses of this deployment pattern: - -* We can lose an entire data center without losing availability and, depending on the number of machines in each data center, we may still be able to tolerate the loss of individual servers regardless of which data center they are in. -* The commit path for transactions is short, just two WAN messages exchanged. -* While the loss of majority data centers will xref:clustering-advanced/multi-data-center/disaster-recovery.adoc[need to be recovered], the operational procedure is identical irrespective of which of the data centers are lost. - -==== - -As will be shown in xref:clustering-advanced/multi-data-center/configuration.adoc[the section on multi-data center configuration] the Read Replicas can be biased to catchup from their data center-local Core Servers to minimize catchup latency. -Data center-local client applications would also likely be routed to those same Read Replicas both for topological locality and scaling. -More details are available in the xref:clustering-advanced/multi-data-center/load-balancing.adoc[section on multi-data center load balancing]. - -In the two data center case, our first instinct is to balance the available servers for operational consistency. -An example of a homogeneous deployment across two data centers with two Core instances in each is illustrated in the diagram below: - -[[example-homogeneous-two-data-center-deployment]] -.Homogeneous two data center deployment -==== - -[[img-2-dc-homogeneous-2-core]] -image::2-dc-homogeneous-2-core.svg[title="Homogeneous deployment across two data centers", role="middle"] - -The problem with this configuration is that while architecturally simple, it does not play to the strengths of the Raft protocol which is based on majority consensus. -In the non-failure case, we incur two WAN messages to commit any transaction because a majority commit implies at least one response from the non-local data center instances. -Worse, if we lose either data center the cluster will become read-only because it is impossible to achieve a majority. -==== - -As seen in the example above, the homogeneous deployment over two data centers does not take full advantage of the strengths of Causal Clustering. -However it guarantees that the full Raft log will be present in either data center in the case of total data center loss. - -The opposite of spreading Core Servers around our data centers, is to have them all hosted in a single one. -This may be for technical or governance reasons, but either way has the advantage of LAN commit latencies for writes. - -While our Core Servers are colocated, we spread out our Read Replicas close to the client applications to enable fan-out scaling. - -.Core Servers and Read Replicas segregated by data center -==== - -The diagram below shows an example of a heterogeneous deployment directing writes to one data center, and reads to all. -This pattern provides high survivability for data because of geo-replication. -It also provides locality for client applications. -However, if the Core Server data center is lost, we must immediately instigate xref:clustering-advanced/multi-data-center/disaster-recovery.adoc[recovery] and turn one of the remaining Read Replica data centers into a new Core cluster. - -It is possible that none of the Read Replicas have received all of the confirmed transactions prior to losing Data Center 1. -While this is a convenient pattern for geo-replication, its semantics are best-effort. -Cluster designers must take this aspect under consideration when deciding on recovery strategy. - -[[img-3-dc-heterogeneous]] -image::3-dc-heterogeneous.svg[title="Heterogeneous deployment separating Read Replicas from the Core cluster", role="middle"] - -An operational tweak to this approach would be to host a Core Server in Data Center 2 and 3 as the starting point for recovery. -During normal operations, these extra Core Servers should be configured with xref:reference/configuration-settings.adoc#config_causal_clustering.refuse_to_be_leader[`causal_clustering.refuse_to_be_leader=true`]. -Should we lose Data Center 1, then we can use one of these Core Servers to quickly bootstrap a new Core cluster and return to full service rapidly. - -To recap the strengths of this deployment pattern: - -* Core Servers commit at LAN latencies if using the setup with Core Servers exclusively in one data center. -* Read Replicas provide scale and locality for client applications. -* Geo-replication provides high survivability for data. - -==== - - -[[multi-dc-allowing-read-replicas-to-catch-up-from-other-read-replicas]] -== Allowing Read Replicas to catch up from other Read Replicas - -With an understanding of the basic multi-data center patterns at our disposal, we can refine our deployment models to embrace local catchup within data centers. -This means that any server, including Read Replicas, can act as a source of transactions for Read Replica server. -// (caveat: Core Servers will always Raft transactions between themselves). -When catching up from data center-local instances we aim to amortize the cost of WAN traffic catchup across many local replications. - -Allowing Read Replicas to choose a data center-local Core Server or even another Read Replica gives us a great deal of design freedom, and importantly allows us to scale to truly huge numbers of Read Replicas. -Using this feature we might choose to fan-out Read Replicas so that the catchup load on the Core Servers grows (approximately) logarithmically rather than linearly. - - -[[multi-dc-hierarchical-read-replica-deployment]] -=== Hierarchical Read Replica deployment - -The primary motivation for Read Replicas catching up from other Read Replicas is to allow for fan-out scale. -To achieve a fan-out we arrange the Read Replicas in a hierarchy, with each layer of the hierarchy being broader than the one above. - -[[img-hierarchical-read-replicas]] -image::hierarchical-read-replicas.svg[title="Fan out from Core Servers for scale at log cost", role="middle"] - -An illustrative hierarchy is presented in the diagram above. -The Core Servers supply transactions to a relatively small number of Read Replicas at the first tier. -This results in a relatively modest load on the Core Servers, freeing up resources to focus on the commit path. -Those Read Replicas in the first tier in turn feed a larger number of Read Replicas in the second tier. -This pattern can be reasonably extended to several tiers to provide enormous fan-out. - -At each tier we expand the scalability of the Read Replicas, but we add another level of catchup latency. -By careful measurement we can ascertain the appropriate depth and breadth of the hierarchy to match the application requirements. - -We should also take care that each tier in the hierarchy has sufficient redundancy so that failures do not compromise transmission of data from the Core Servers. -A strategy for keeping Read Replicas current in the presence of failures is to occasionally have them subvert the hierarchy. -That is, if a given Read Replica occasionally goes to its grandparents or even directly to the Core Servers then we can avoid pathologically high replication latencies under fault conditions. - - -[[multi-dc-catch-up-from-peer-read-replicas]] -=== Catch up (mostly) from peer Read Replicas - -Another strategy for Read Replica catchup is to treat them all as peers and have peer-to-peer catchup. -This avoids the need to manage tiers of replicas to maintain availability since the Read Replicas catch up from one another in a mesh. - -[[img-peer-to-peer-read-replicas]] -image::peer-to-peer-read-replicas.svg[title="Peer-to-peer Read Replica catchup", role="middle"] - -Having a reduced load on the Core Servers allows us to scale out. -For example if only one in ten catchup requests goes to the Core Servers, we could expand the number of Read Replicas by approximately a factor of 10. - -To avoid groups of orphans in the mesh, Read Replicas will occasionally catch up directly from Core Servers. -Having Read Replicas catch up with Core Servers ensures that no Read Replica is left behind indefinitely, placing an upper bound on replication latency. -While this places some load on the Core Servers, it is far less than if all catch up attempts from Read Replicas were directed to a Core Server. - -The upper bound on replication latency for this mode of operation is the number of catchup attempts served by Read Replicas before trying core. -The average replication latency will be half the number of attempts to replicate. -This is because on average half the Read Replicas will be ahead and half behind any given Read Replica. - -[NOTE] -==== -Connecting to a random Core Server on failure to retrieve updates from other sources is the default behavior of Read Replicas. -==== - - -[[multi-dc-maintaining-causal-consistency-in-scale-out-topologies]] -=== Maintaining causal consistency in scale-out topologies - -Causal consistency is always maintained, even in extreme situations with chains of Read Replicas catching up from other upstream Read Replicas. -The key trade-off to understand, as so often in distributed systems, is that of latency for scale. - -In xref:clustering-advanced/multi-data-center/design.adoc#img-hierarchical-read-replicas[Fan out from Core Servers for scale at log cost", role="middle] we see that number of hops required for a transaction to propagate to the lowest tier is 2: the highest latency in this topology. -Equally we see how the bottommost tier has far more members than any other tier giving it scale advantages. - -Correspondingly, in the middle tier we have better latency (one hop) but less scale. -At the top most tier (Core Servers) we have very little latency (just the Raft commit path) but the fewest available servers. -This means we should target queries at the most appropriate tier based on latency, scale, and locality. - - -*Summary on latency versus scalability:* - -* Issuing read queries to a Core Server generally has the lowest latency in principle but may have the highest contention. -* Issuing read queries to a Read Replica topologically closest to Core Servers typically has higher latency but also higher scalability. -* Issuing read queries to a Read Replica topologically further from Core Servers typically has the highest latency but also the highest scalability. - -In large systems like xref:clustering-advanced/multi-data-center/design.adoc#img-hierarchical-read-replicas[the scale-out hierarchy above], we are conventionally used to having relaxed or _eventual_ consistency semantics. -With Neo4j multi-data center setups, that is also possible. -Where we don't care about causality we can read from any Read Replica and accept that we might see older values. -However the xref:clustering/introduction.adoc#causal-consistency-explained[causal consistency semantics] are maintained. - -[[img-many-hop-causal-consistency]] -image::many-hop-causal-consistency.svg[title="Each tier in the Read Replicas is further behind the source of truth, but offers greater scale-out", role="middle"] - -As we can see in diagram above, even if the client binds to a Read Replica that is multiple hops/data centers away from the source of truth, causal consistency is maintained. -While the query may be suspended while the necessary transaction propagates to the Read Replica, the benefit is that there will be more Read Replicas available and so overall client throughput is higher than with a single-tier configuration. diff --git a/modules/ROOT/pages/clustering-advanced/multi-data-center/disaster-recovery.adoc b/modules/ROOT/pages/clustering-advanced/multi-data-center/disaster-recovery.adoc deleted file mode 100644 index 256b29d8d..000000000 --- a/modules/ROOT/pages/clustering-advanced/multi-data-center/disaster-recovery.adoc +++ /dev/null @@ -1,95 +0,0 @@ -[role=enterprise-edition] -[[multi-dc-recovery]] -= Data center disaster recovery -:description: This section describes how to recover your Neo4j Causal Cluster following a data center failure. Specifically it covers safely turning a small number of surviving instances from a read-only state back into a fully operational cluster of read/write instances. - -This section describes the following: - -* xref:clustering-advanced/multi-data-center/disaster-recovery.adoc#multi-dc-recovery-data-center-loss-scenario[Data center loss scenario] -* xref:clustering-advanced/multi-data-center/disaster-recovery.adoc#multi-dc-recovery-procedure-for-recovering-from-data-center-loss[Procedure for recovering from data center loss] - - -[[multi-dc-recovery-data-center-loss-scenario]] -== Data center loss scenario - -This section describes how to recover a multi-data center deployment which owing to external circumstances has reduced the cluster below half of its members. -It is most easily typified by a 2x2 deployment with 2 data centers each containing two instances. -This deployment topology can either arise because of other data center failures, or be a deliberate choice to ensure the geographic survival of data for catastrophe planning. -However, by distributing an instance over three data centers instead, you could avoid having the cluster lose quorum through a single data center failure. -For example, in a _1x1x1_ deployment. - -Under normal operation this provides a stable majority quorum where the fastest three out of four machines will execute users' transactions, as we see highlighted in xref:clustering-advanced/multi-data-center/disaster-recovery.adoc#img-dc-recovery-1[Two Data Center Deployment with Four Core Instances", role="middle]. - -[[img-dc-recovery-1]] -image::dc-recovery-1.svg[title="Two Data Center Deployment with Four Core Instances", role="middle"] - -However if an entire data center becomes offline because of some disaster, then a _majority quorum_ cannot be formed in this case. - -[NOTE] -==== -Neo4j Core clusters are based on the Raft consensus protocol for processing transactions. -The Raft protocol requires a majority of cluster members to agree in order to ensure the safety of the cluster and data. -As such, the loss of a majority quorum results in a read-only situation for the remaining cluster members. -==== - -When data center is lost abruptly in a disaster rather than having the instances cleanly shut down, the surviving members still believe that they are part of a larger cluster. -This is different from even the case of rapid failures of individual instances in a live data center which can often be detected by the underlying cluster middleware, allowing the cluster to automatically reconfigure. - -Conversely if we lose a data center, there is no opportunity for the cluster to automatically reconfigure. -The loss appears instantaneous to other cluster members. -However, because each remaining machine has only a partial view of the state of the cluster (its own), it is not safe to allow any individual machine to make an arbitrary decision to reform the cluster. - -In this case we are left with two surviving machines which cannot form a quorum and thus make progress. - -[[img-dc-recovery-2]] -image::dc-recovery-2.svg[title="Data Center Loss Requires Guided Recovery", role="middle"] - -But, from a birds's eye view, it's clear we have surviving machines which are sufficient to allow a non-fault tolerant cluster to form under operator supervision. - -[NOTE] -==== -Groups of individual cluster members (e.g. those in a single data center) may become isolated from the cluster during network partition for example. -If they arbitrarily reformed a new, smaller cluster there is a risk of _split-brain_. -That is from the clients' point of view there may be _two_ or more smaller clusters that are available for reads and writes depending on the nature of the partition. -Such situations lead to divergence that is tricky and laborious to reconcile and so best avoided. -==== - -To be safe, an operator or other out-of-band agent (e.g. scripts triggered by well-understood, trustworthy alerts) that has a trusted view on the whole of the system estate must make that decision. -In the surviving data center, the cluster can be rebooted into a smaller configuration whilst retaining all data committed to that point. -While end users may experience unavailability during the switch over, no committed data will be lost. - - -[[multi-dc-recovery-procedure-for-recovering-from-data-center-loss]] -== Procedure for recovering from data center loss - -The following procedure for performing recovery of a data center should not be done lightly. -It assumes that we are completely confident that a disaster has occurred and our previously data center-spanning cluster has been reduced to a read-only cluster in a single data center, where there is no possible way to repair a connection to the lost instances. -Further it assumes that the remaining cluster members are fit to provide a seed from which a new cluster can be created from a data quality point of view. - -Having acknowledged the above, the procedure for returning the cluster to full availability following catastrophic loss of all but one data centers can be done using one of the following options, depending on your infrastructure. - -Please note that the main difference between the options is that Option 2 will allow read-availability during recovery. - -.Option 1. -If you are unable to add instances to the current data-center, and can only use the current read-only cluster, the following steps are recommended: - -. Verify that a catastrophe has occurred, and that access to the surviving members of the cluster in the surviving data center is possible. -Then for each instance: -.. Stop the instance with `bin/neo4j stop` or shut down the service. -.. Change the configuration in _neo4j.conf_ such that the `xref:reference/configuration-settings.adoc#config_causal_clustering.initial_discovery_members[causal_clustering.initial_discovery_members]` property contains the DNS names or IP addresses of the other surviving instances. -.. Optional: you may need to update `xref:reference/configuration-settings.adoc#config_causal_clustering.minimum_core_cluster_size_at_formation[causal_clustering.minimum_core_cluster_size_at_formation]`, depending on the current size of the cluster (in the current example, two cores). -.. Unbind the instance using `neo4j-admin unbind`. -.. Start the instance with `bin/neo4j start` or start the `neo4j` service. - -.Option 2. -If it is possible to create a new cluster while the previous read-only cluster is still running, then the following steps will enable you to keep read-availability during recovery: - - . Verify that a catastrophe has occurred, and that access to the surviving members of the cluster in the surviving data center is possible. -. Perform an online backup of the currently running, read-only, cluster. -. Seed a new cluster (in the current example, two new cores) using the backup from the read-only cluster, as described in xref:clustering/databases.adoc#cluster-seed[Seed a cluster]. -. When the new cluster is up, load balance your workload over to the new cluster. -. Shutdown the old, read-only, cluster. - -Once your chosen recovery procedure is completed for each instance, they will form a cluster that is available for reads and writes. -It recommended at this point that other cluster members are incorporated into the cluster to improve its load handling and fault tolerance. -See xref:clustering/deploy.adoc[Deploy a cluster] for details of how to configure instances to join the cluster from scratch. diff --git a/modules/ROOT/pages/clustering-advanced/multi-data-center/index.adoc b/modules/ROOT/pages/clustering-advanced/multi-data-center/index.adoc deleted file mode 100644 index 99546ad90..000000000 --- a/modules/ROOT/pages/clustering-advanced/multi-data-center/index.adoc +++ /dev/null @@ -1,43 +0,0 @@ -[role=enterprise-edition] -[[multi-dc]] -= Multi-data center -:description: This section introduces the multi-data center functionality in Neo4j. - -Some use cases present high needs for availability, redundancy, locality of client applications, or simply scale. -In these cases it is important that the cluster is aware of its physical topology so that it can optimize for workload. -This makes configuring a single cluster to span multiple data centers a necessary proposition. - -The following sections are dedicated to describing the different aspects of multi-data center operations of a Causal Cluster. - -* xref:clustering-advanced/multi-data-center/index.adoc#multi-dc-licensing[Licensing for multi-data center operations] -* xref:clustering-advanced/multi-data-center/design.adoc[Multi-data center design] -** xref:clustering-advanced/multi-data-center/design.adoc#multi-dc-design-introduction[Introduction] -** xref:clustering-advanced/multi-data-center/design.adoc#multi-dc-core-server-deployment-scenarios[Core Server deployment scenarios] -** xref:clustering-advanced/multi-data-center/design.adoc#multi-dc-allowing-read-replicas-to-catch-up-from-other-read-replicas[Allowing Read Replicas to catch up from other Read Replicas] -* xref:clustering-advanced/multi-data-center/configuration.adoc[Multi-data center operations] -** xref:clustering-advanced/multi-data-center/configuration.adoc#multi-dc-configuration-enable-multi-data-center-operations[Enable multi-data center operations] -** xref:clustering-advanced/multi-data-center/configuration.adoc#causal-clustering-multi-dc-server-groups[Server groups] -** xref:clustering-advanced/multi-data-center/configuration.adoc#multi-dc-configuration-strategy-plugins[Strategy plugins] -* xref:clustering-advanced/multi-data-center/load-balancing.adoc[Multi-data center load balancing] -** xref:clustering-advanced/multi-data-center/load-balancing.adoc#multi-dc-load-balancing-introduction[Introduction] -** xref:clustering-advanced/multi-data-center/load-balancing.adoc#multi-dc-load-balancing-prerequisite-configuration[Prerequisite configuration] -** xref:clustering-advanced/multi-data-center/load-balancing.adoc#multi-dc-load-balancing-the-load-balancing-framework[The load balancing framework] -** xref:clustering-advanced/multi-data-center/load-balancing.adoc#dsl-example[Load balancing examples] -* xref:clustering-advanced/multi-data-center/disaster-recovery.adoc[Data center disaster recovery] -** xref:clustering-advanced/multi-data-center/disaster-recovery.adoc#multi-dc-recovery-data-center-loss-scenario[Data center loss scenario] -** xref:clustering-advanced/multi-data-center/disaster-recovery.adoc#multi-dc-recovery-procedure-for-recovering-from-data-center-loss[Procedure for recovering from data center loss] - - -[[multi-dc-licensing]] -== Licensing for multi-data center operations - -Multi-data center functionality is intended for very demanding users of Neo4j who typically operate under a commercial database license. -As a result, multi-data center functionality is licensed separately from the single-data center Causal Clustering features. - -In order to confirm that you are operating under a suitable license, you must explicitly set the following in xref:configuration/file-locations.adoc[_neo4j.conf_]: - -xref:reference/configuration-settings.adoc#config_causal_clustering.multi_dc_license[`causal_clustering.multi_dc_license=true`] - -Without this configuration, all of the multi-data center features will remain disabled. - - diff --git a/modules/ROOT/pages/clustering-advanced/multi-data-center/load-balancing.adoc b/modules/ROOT/pages/clustering-advanced/multi-data-center/load-balancing.adoc deleted file mode 100644 index 6f8a5b6a9..000000000 --- a/modules/ROOT/pages/clustering-advanced/multi-data-center/load-balancing.adoc +++ /dev/null @@ -1,245 +0,0 @@ -[role=enterprise-edition] -[[multi-dc-load-balancing]] -= Multi-data center load balancing -:description: This section describes the topology-aware load balancing options available for client applications in a multi-data center Neo4j deployment. It describes how to configure the load balancing for the cluster so that client applications can direct its workload at the most appropriate cluster members, such as those nearby. - -This section describes the following: - -* xref:clustering-advanced/multi-data-center/load-balancing.adoc#multi-dc-load-balancing-introduction[Introduction] -* xref:clustering-advanced/multi-data-center/load-balancing.adoc#multi-dc-load-balancing-prerequisite-configuration[Prerequisite configuration] -** xref:clustering-advanced/multi-data-center/load-balancing.adoc#multi-dc-load-balancing-enable-multi-data-center-operations[Enable multi-data center operations] -** xref:clustering-advanced/multi-data-center/load-balancing.adoc#multi-dc-load-balancing-server-groups[Server groups] -** xref:clustering-advanced/multi-data-center/load-balancing.adoc#multi-dc-load-balancing-cores-for-reading[Cores for reading] -* xref:clustering-advanced/multi-data-center/load-balancing.adoc#multi-dc-load-balancing-the-load-balancing-framework[The load balancing framework] -** xref:clustering-advanced/multi-data-center/load-balancing.adoc#causal-clustering-multi-dc-policy-definitions[Policy definitions] -** xref:clustering-advanced/multi-data-center/load-balancing.adoc#multi-dc-load-balancing-policy-names[Policy names] -** xref:clustering-advanced/multi-data-center/load-balancing.adoc#causal-clustering-multi-dc-filters[Filters] -* xref:clustering-advanced/multi-data-center/load-balancing.adoc#dsl-example[Load balancing examples] - -[NOTE] -.Enabling load balancing -==== -The load balancing functionality is part of the separately licensed multi-data center package and must be specifically enabled. -See xref:clustering-advanced/multi-data-center/index.adoc#multi-dc-licensing[Licensing for multi-data center operations] for details. -==== - - -[[multi-dc-load-balancing-introduction]] -== Introduction - -When deploying a multi-data center cluster we often wish to take advantage of locality to reduce latency and improve performance. -For example, we would like our graph-intensive workloads to be executed in the local data center at LAN latencies rather than in a faraway data center at WAN latencies. -Neo4j's enhanced load balancing for multi-data center scenarios facilitates precisely this and can also be used to define fall-back behaviors. -This means that failures can be planned for upfront and persistent overload conditions be avoided. - -The load balancing system is a cooperative system where the driver asks the cluster on a recurring basis where it should direct the different classes of its workload (e.g. writes and reads). -This allows the driver to work independently for long stretches of time, yet check back from time to time to adapt to changes like for example a new server having been added for increased capacity. -There are also failure situations where the driver will ask again immediately, for example when it cannot use any of its allocated servers. - -This is mostly transparent from the perspective of a client. -On the server side we configure the load balancing behaviors and expose them under a named _load balancing policy_ which the driver can bind to. -All server-side configuration is performed on the Core Servers. - -[NOTE] -.Use load balancing from Neo4j drivers -==== -This chapter describes how to configure a Causal Cluster to use custom load balancing policies -Once enabled and configured, the custom load balancing feature is used by drivers to route traffic as intended. -See the link:{neo4j-docs-base-uri}[Neo4j Driver manuals] for instructions on how to configure drivers to use custom load balancing. -==== - - -[[multi-dc-load-balancing-prerequisite-configuration]] -== Prerequisite configuration - - -[[multi-dc-load-balancing-enable-multi-data-center-operations]] -=== Enable multi-data center operations - -In order to configure a cluster for load balancing we must enable the multi-data center functionality. -This is described in xref:clustering-advanced/multi-data-center/index.adoc#multi-dc-licensing[Licensing for multi-data center operations]. - - -[[multi-dc-load-balancing-server-groups]] -=== Server groups - -In common with xref:clustering-advanced/multi-data-center/configuration.adoc[server-to-server catchup], load balancing across multiple data centers is predicated on the _server group_ concept. -Servers can belong to one or more potentially overlapping server groups, and decisions about where to route requests from client to cluster member are parameterized based on that configuration. -For details on server group configuration, refer to xref:clustering-advanced/multi-data-center/configuration.adoc#causal-clustering-multi-dc-server-groups[Server groups]. - - -[[multi-dc-load-balancing-cores-for-reading]] -=== Cores for reading - -Depending on the deployment and the available number of servers in the cluster different strategies make sense for whether or not the reading workload should be routed to the Core Servers. -The following configuration will allow the routing of read workload to Core Servers. -Valid values are `true` and `false`. - -[source, properties] ----- -causal_clustering.cluster_allow_reads_on_followers=true ----- - - -[[multi-dc-load-balancing-the-load-balancing-framework]] -== The load balancing framework - -The load balancing system is based on a plugin architecture for future extensibility and for allowing user customizations. -The current version ships with exactly one such canned plugin called the _server policies_ plugin. - -The server policies plugin is selected by setting the following property: - -[source, properties] ----- -causal_clustering.load_balancing.plugin=server_policies ----- - -Under the server policies plugin, a number of load balancing policies can be configured server-side and be exposed to drivers under unique names. -The drivers, in turn, must on instantiation select an appropriate policy by specifying its name. -Common patterns for naming policies are after geographical regions or intended application groups. - -It is of crucial importance to define the exact same policies on all core machines since this is to be regarded as cluster-wide configuration and failure to do so will lead to surprising behavior. -Similarly, policies which are in active use should not be removed or renamed since it will break applications trying to use these policies. -It is perfectly acceptable and expected however that policies be modified under the same name. - -If a driver asks for a policy name which is not available, then it will not be able to use the cluster. -A driver which does not specify any name at all will get the behavior of the default policy as configured. -The default policy, if left unchanged, distributes the load across all servers. -It is possible to change the default policy to any behavior that a named policy can have. - -A misconfigured driver or load balancing policy will result in suboptimal routing choices or even prevent successful interactions with the cluster entirely. - -[NOTE] -==== -The details of how to write a custom plugin is not documented here. -Please get in contact with Neo4j Professional Services if you think that you need a custom plugin. -==== - - -[[causal-clustering-multi-dc-policy-definitions]] -=== Policy definitions - -The configuration of load balancing policies is transparent to client applications and expressed via a simple DSL. -The syntax consists of a set of rules which are considered in order. -The first rule to produce a non-empty result will be the final result. - -[source, properties] ----- -rule1; rule2; rule3 ----- - -Each rule in turn consists of a set of filters which limit the considered servers, starting with the complete set. -Note that the evaluation of each rule starts fresh with the complete set of available servers. - -There is a fixed set of filters which compose a rule and they are chained together using arrows - -[source, properties] ----- -filter1 -> filter2 -> filter3 ----- - -If there are any servers still left after the last filter then the rule evaluation has produced a result and this will be returned to the driver. -However, if there are no servers left then the next rule will be considered. -If no rule is able to produce a usable result then the driver will be signalled a failure. - - -[[multi-dc-load-balancing-policy-names]] -=== Policy names - -The policies are configured under the namespace of the _server policies_ plugin and named as desired. -Policy names can contain alphanumeric characters and underscores, and they are case sensitive. -Below is the property key for a policy with the name `mypolicy`. - -`causal_clustering.load_balancing.config.server_policies.mypolicy=` - -The actual policy is defined in the value part using the DSL. - -The `default` policy name is reserved for the default policy. -It is possible to configure this policy like any other and it will be used by driver clients which do not specify a policy. - -Additionally, any number of policies can be created using unique policy names. -The policy name can suggest a particular region or an application for which it is intended to be used. - - -[[causal-clustering-multi-dc-filters]] -=== Filters - -There are four filters available for specifying rules, detailed below. -The syntax is similar to a method call with parameters. - -* `groups(name1, name2, ...)` -** Only servers which are part of any of the specified groups will pass the filter. -** The defined names must match those of the _server groups_. -* `min(count)` -** Only the minimum amount of servers will be allowed to pass (or none). -** Allows overload conditions to be managed. -* `all()` -** No need to specify since it is implicit at the beginning of each rule. -** Implicitly the last rule (override this behavior using halt). -* `halt()` -** Only makes sense as the last filter in the last rule. -** Will stop the processing of any more rules. - -The groups filter is essentially an OR-filter, e.g. `groups(A,B)` which will pass any server in either A, B or both (the union of the server groups). -An AND-filter can also be created by chaining two filters as in `groups(A) \-> groups(B)`, which will only pass servers in both groups (the intersect of the server groups). - - -[[dsl-example]] -== Load balancing examples - -In xref:clustering-advanced/multi-data-center/configuration.adoc#configuration-user-defined-strategy[our discussion on multi-data center clusters] we introduced a four region, multi-data center setup. -We used the cardinal compass points for regions and numbered data centers within those regions. -We'll use the same hypothetical setup here too. - -image::nesw-regions-and-dcs.svg[title="Mapping regions and data centers onto server groups", role="middle"] - -We configure the behavior of the load balancer in the property `causal_clustering.load_balancing.config.server_policies.`. -The rules we specify will allow us to fine tune how the cluster routes requests under load. - -In the examples we will make use of the line continuation character `\` for better readability. -It is valid syntax in xref:configuration/file-locations.adoc[_neo4j.conf_] as well and it is recommended to break up complicated rule definitions using this and a new rule on every line. - -The most restrictive strategy would be to insist on a particular data center to the exclusion of all others: - -.Specific data center only -==== -[source, properties] ----- -causal_clustering.load_balancing.config.server_policies.north1_only=\ -groups(north1)->min(2); halt(); ----- - -In this case we're stating that we are only interested in sending queries to servers in the `north1` server group, which maps onto a specific physical data center, provided there are two of them available. -If we cannot provide at least two servers in `north1` then we should `halt()`, i.e. not try any other data center. -==== - -While the previous example demonstrates the basic form of our load balancing rules, we can be a little more expansive: - -.Specific data center preferably -==== -[source, properties] ----- -causal_clustering.load_balancing.config.server_policies.north1=\ -groups(north1)->min(2); ----- - -In this case if at least two servers are available in the `north1` data center then we will load balance across them. -Otherwise we will use any server in the whole cluster, falling back to the implicit, final `all()` rule. -==== - -The previous example considered only a single data center before resorting to the whole cluster. -If we have a hierarchy or region concept exposed through our server groups we can make the fall back more graceful: - -.Gracefully falling back to neighbors -==== -[source, properties] ----- -causal_clustering.load_balancing.config.server_policies.north_app1=\ -groups(north1,north2)->min(2);\ -groups(north);\ -all(); ----- - -In this case we're saying that the cluster should load balance across the `north1` and `north2` data centers provided there are at least two machines available across them. -Failing that, we'll resort to any instance in the `north` region, and if the whole of the north is offline we'll resort to any instances in the cluster. -==== diff --git a/modules/ROOT/pages/clustering/deploy.adoc b/modules/ROOT/pages/clustering/deploy.adoc deleted file mode 100644 index 36d8c4bc5..000000000 --- a/modules/ROOT/pages/clustering/deploy.adoc +++ /dev/null @@ -1,439 +0,0 @@ -[role=enterprise-edition] -[[causal-clustering-deploy]] -= Deploy a cluster -:description: How to deploy a new Neo4j Causal Cluster. - - -[[causal-clustering-new-cluster-introduction]] -== Introduction - -This section describes how to set up a new cluster. -Two scenarios are covered: - -. A four-instance cluster with one Single instance as Primary server and three Read Replica instances as Secondary servers. -This scenario is ideal for reporting and analytical workloads. -. A three-instance cluster with three Core instances as Primary servers. -This scenario is ideal for transactional workloads. - -Additionally, the process to turn a Secondary server into a standalone instance by detaching it from an existing cluster is also described. - - -[[clustering-new-single-and-replicas-cluster]] -== Configure a cluster with Single and Read Replica instances - -The following configuration settings are important to consider when deploying a new cluster with a Single instance as a Primary server. -See also xref:clustering/settings.adoc[Settings reference] for more detailed descriptions and examples. - -[IMPORTANT] -==== -This configuration is optimized for best scalability and it is recommended to be used for reporting and analytical workloads. -Clusters configured in this way do not provide automatic failover and fault tolerance. -In case of fault, if a cluster is not supported by appropriate external tooling, data may be lost. -==== - -[NOTE] -==== -In the current version of Neo4j, the clustering-related parameters use the `causal_clustering` namespace. -This will be replaced with a more suitable namespace in an upcoming release. -==== - -.Important settings for clusters with Single instance as Primary server -[options="header",cols="<3,<2,<4"] -|=== -| Option name -| Servers -| Description -| xref:reference/configuration-settings.adoc#config_dbms.default_advertised_address[`dbms.default_advertised_address`] -| All (Primary and Secondary) -| The address that other machines are told to connect to. -In the typical case, this should be set to the fully qualified domain name or the IP address of this server. -.2+| xref:reference/configuration-settings.adoc#config_dbms.mode[`dbms.mode`] -| Primary -| The operating mode of the server instance. -The Primary server is set as `SINGLE`. -| Secondary -| The operating mode of the server instance. -The Secondary servers are set as `READ_REPLICA`. -| xref:reference/configuration-settings.adoc#config_dbms.clustering.enable[`dbms.clustering.enable=true`] -| Primary -| Allows a single instance to form a cluster and is only evaluated when `dbms.mode=SINGLE`. -| xref:reference/configuration-settings.adoc#config_causal_clustering.initial_discovery_members[`causal_clustering.initial_discovery_members`] -| Secondary -| This setting needs to be specified on Read Replica instances and contains the network address for at least the primary instance, but can also include Secondary servers. -This parameter must be set to the same value on all cluster members. -The behavior of this setting can be modified by configuring the setting `causal_clustering.discovery_type`. -This is described in detail in xref:clustering/discovery.adoc[Discovery]. -|=== - -The following example shows how to set up a cluster with a Single instance as Primary server and three Read Replica instances as Secondary servers. - -[[clustering-new-cluster-example-configure-a-single-and-replicas-cluster]] -.Configure a cluster with a Single instance as Primary server -==== -In this example, one Primary server named single.example.com and three Secondary servers, `read_replica01.example.com`, `read_replica02.example.com` and `read_replica03.example.com` are configured. -All instances have Neo4j Enterprise Edition installed. -To form a cluster, the xref:configuration/file-locations.adoc[_neo4j.conf_] needs to be configured on each server. -The Primary server, set as Single instance, is configured as such: - -._neo4j.conf_ on single.example.com: -[source, properties] ----- -dbms.mode=SINGLE -dbms.clustering.enable=true -dbms.default_advertised_address=single.example.com ----- - -The _neo4j.conf_ on the Secondary servers, set as Read Replica instances, is identical across all instances: - -._neo4j.conf_ on read_replica01.example.com, read_replica02.example.com and read_replica03.example.com: -[source, properties] ----- -dbms.mode=READ_REPLICA -dbms.default_advertised_address=read_replica.example.com -causal_clustering.initial_discovery_members=single.example.com:5000 ----- - -Once all _neo4j.conf_ files have been configured, the instances can be started and the cluster is ready. -After the cluster has started, it is possible to connect to any of the instances and run `CALL dbms.cluster.overview()` to check the status of the cluster. -This shows information about each member of the cluster: - -[source, Cypher, role=noplay] ----- -CALL dbms.cluster.overview(); ----- - -[queryresult] ----- -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| id | addresses | databases | groups | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| "8e4133d7-4de1-469e-88ac-864571cb0a92" | ["bolt://read_replica1.example.com:7687", "http://read_replica1.example.com:7474"] | {neo4j: "READ_REPLICA", system: "READ_REPLICA"} | [] | -| "eb6a4e88-9a5f-405b-b230-5bbbd681ec9e" | ["bolt://read_replica2.example.com:7687", "http://read_replica2.example.com:7474"] | {neo4j: "READ_REPLICA", system: "READ_REPLICA"} | [] | -| "274e36db-d96f-4736-8a99-68851b1bbb0b" | ["bolt://read_replica3.example.com:7687", "http://read_replica3.example.com:7474"] | {neo4j: "READ_REPLICA", system: "READ_REPLICA"} | [] | -| "6fd05bc6-760e-4644-bf02-05117a5d777d" | ["bolt://single.example.com:7687", "http://single.example.com:7474"] | {neo4j: "LEADER", system: "LEADER"} | [] | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -4 rows available after 8 ms, consumed after another 3 ms ----- -==== - -[[clustering-new-core-instance-cluster]] -== Configure a cluster with Core instances - -The following configuration settings are important to consider when deploying a new cluster with Core instances as Primary servers. -See also xref:clustering/settings.adoc[Settings reference] for more detailed descriptions and examples. - -[IMPORTANT] -==== -This configuration is optimized for fault tolerance, automatic failover and best scalability, and it is recommended to be used for transactional workloads. -In many cases and when they are correctly configured, these clusters safeguard data and they do not require any particular external tooling. -==== - -.Important settings for clusters with Core instances as Primary servers -[options="header",cols="<3,<2,<4"] -|=== -| Option name -| Servers -| Description -| xref:reference/configuration-settings.adoc#config_dbms.default_listen_address[`dbms.default_listen_address`] -| All (Primary and Secondary) -| The address or network interface this machine uses to listen for incoming messages. -Setting this value to `0.0.0.0` makes Neo4j bind to all available network interfaces. -| xref:reference/configuration-settings.adoc#config_dbms.default_advertised_address[`dbms.default_advertised_address`] -| All (Primary and Secondary) -| The address that other machines are told to connect to. -In the typical case, this should be set to the fully qualified domain name or the IP address of this server. -.2+| xref:reference/configuration-settings.adoc#config_dbms.mode[`dbms.mode`] -| Primary -| The operating mode of the server instance. -The Primary servers are set as `CORE`. -| Secondary -| The operating mode of the server instance. -The Secondary servers are set as `READ_REPLICA`. -| xref:reference/configuration-settings.adoc#config_causal_clustering.minimum_core_cluster_size_at_formation[`causal_clustering.minimum_core_cluster_size_at_formation`] -| Primary -| The minimum number of Core instances in the cluster at formation. -A cluster will not form without the number of Cores defined by this setting, and this should in general be configured to the full and fixed amount. -| xref:reference/configuration-settings.adoc#config_causal_clustering.minimum_core_cluster_size_at_runtime[`causal_clustering.minimum_core_cluster_size_at_runtime`] -| Primary -| The minimum number of Core instances which will exist in the consensus group. -| xref:reference/configuration-settings.adoc#config_causal_clustering.initial_discovery_members[`causal_clustering.initial_discovery_members`] -| All (Primary and Secondary) -| The network addresses of an initial set of Core cluster members that are available to bootstrap this Core or Read Replica instance. -In the default case, the initial discovery members are given as a comma-separated list of address/port pairs, and the default port for the discovery service is `:5000`. -It is good practice to set this parameter to the same value on all Core Servers. - -The behavior of this setting can be modified by configuring the setting `causal_clustering.discovery_type`. -This is described in detail in xref:clustering/discovery.adoc[Discovery]. -|=== - -[CAUTION] -.Listen configuration -==== -Listening on 0.0.0.0 makes the ports publicly available. -Make sure you understand the security implications and strongly consider setting up encryption. -==== - -The following example shows how to set up a simple cluster with three Core servers: - -[[causal-clustering-new-cluster-example-configure-a-core-only-cluster]] -.Configure a Core-only cluster -==== - -In this example, three Core instances named `core01.example.com`, `core02.example.com` and `core03.example.com` are configured. -Neo4j Enterprise Edition is installed on all three servers. -They are configured by preparing xref:configuration/file-locations.adoc[_neo4j.conf_] on each server. -Note that they are all identical, except for the configuration of `dbms.default_advertised_address`: - -._neo4j.conf_ on core01.example.com: -[source, properties] ----- -dbms.default_listen_address=0.0.0.0 -dbms.default_advertised_address=core01.example.com -dbms.mode=CORE -causal_clustering.initial_discovery_members=core01.example.com:5000,core02.example.com:5000,core03.example.com:5000 ----- - -._neo4j.conf_ on core02.example.com: -[source, properties] ----- -dbms.default_listen_address=0.0.0.0 -dbms.default_advertised_address=core02.example.com -dbms.mode=CORE -causal_clustering.initial_discovery_members=core01.example.com:5000,core02.example.com:5000,core03.example.com:5000 ----- - -._neo4j.conf_ on core03.example.com: -[source, properties] ----- -dbms.default_listen_address=0.0.0.0 -dbms.default_advertised_address=core03.example.com -dbms.mode=CORE -causal_clustering.initial_discovery_members=core01.example.com:5000,core02.example.com:5000,core03.example.com:5000 ----- - -The Neo4j servers are ready to be started. -The startup order does not matter. - -After the cluster has started, it is possible to connect to any of the instances and run `CALL dbms.cluster.overview()` to check the status of the cluster. -This shows information about each member of the cluster: - -[source, cypher, role=noplay] ----- -CALL dbms.cluster.overview(); ----- - -[queryresult] ----- -+----------------------------------------------------------------------------------------------------------------------------------------+ -| id | addresses | databases | groups | -+----------------------------------------------------------------------------------------------------------------------------------------+ -| "8e07406b-90b3-4311-a63f-85c45af63583" | ["bolt://core1:7687", "http://core1:7474"] | {neo4j: "LEADER", system: "FOLLOWER"} | [] | -| "aeb6debe-d3ea-4644-bd68-304236f3813b" | ["bolt://core3:7687", "http://core3:7474"] | {neo4j: "FOLLOWER", system: "FOLLOWER"} | [] | -| "b99ff25e-dc64-4c9c-8a50-ebc1aa0053cf" | ["bolt://core2:7687", "http://core2:7474"] | {neo4j: "FOLLOWER", system: "LEADER"} | [] | -+----------------------------------------------------------------------------------------------------------------------------------------+ ----- -==== - -[TIP] -.Startup time -==== -The instance may appear unavailable while it is joining the cluster. -If you want to follow along with the startup, you can follow the messages in xref:configuration/file-locations.adoc[_neo4j.log_]. -==== - - -[[causal-clustering-add-core]] -== Add a Core Server to an existing cluster - -Core Servers are added to an existing cluster by starting a new Neo4j instance with the appropriate configuration. -The new server will join the existing cluster and become available once it has copied the data from its peers. -It may take some time for the new instance to perform the copy if the existing cluster contains large amounts of data. - -The setting `causal_clustering.initial_discovery_members` shall be updated on all the servers in the cluster to include the new server. - -.Add a Core Server to an existing cluster -==== - -In this example, a Core Server, `core04.example.com`, is added to the cluster created in xref:clustering/deploy.adoc#causal-clustering-new-cluster-example-configure-a-core-only-cluster[Configure a Core-only cluster]. - -Configure the following entries in xref:configuration/file-locations.adoc[_neo4j.conf_]: - -._neo4j.conf_ on core04.example.com: -[source, properties] ----- -dbms.default_listen_address=0.0.0.0 -dbms.default_advertised_address=core04.example.com -dbms.mode=CORE -causal_clustering.minimum_core_cluster_size_at_formation=3 -causal_clustering.minimum_core_cluster_size_at_runtime=3 -causal_clustering.initial_discovery_members=core01.example.com:5000,core02.example.com:5000,core03.example.com:5000,core04.example.com:5000 ----- - -Note that the configuration is very similar to that of the previous servers. -In this example, the new server is not intended to be a permanent member of the cluster, thus it is not included in `causal_clustering.initial_discovery_members` on the other Core members of the cluster. - -Now start the new Core Server and let it add itself to the existing cluster. -==== - - -[[clustering-add-secondary]] -== Add a Secondary server to an existing cluster - -In the {neo4j-version} version of Neo4j, all Secondary servers are Read Replica instances. -The initial configuration for Read Replica instances is provided via _neo4j.conf_, as mentioned above in xref:clustering/deploy.adoc#clustering-new-single-and-replicas-cluster[Configure a cluster with Single and Read Replica instances]. -Since Read Replicas do not participate in cluster quorum decisions, their configuration is shorter; they only need to know the addresses of at least one primary instance which they can bind to in order to discover the cluster. - -[NOTE] -==== -It is recommended to specify the addresses for _all_ existing primary instances in a cluster when adding a Read Replica. -They can then select an appropriate Primary server from which to copy data. -==== - - -.Add a Secondary server to an existing cluster with a Single instance as Primary server -==== - -In this example, a Read Replica instance, `replica04.example.com`, is added to the cluster created in xref:clustering/deploy.adoc#clustering-new-cluster-example-configure-a-single-and-replicas-cluster[Configure a cluster with a Single instance as Primary server]. - -Configure the following entries in xref:configuration/file-locations.adoc[_neo4j.conf_]: - -._neo4j.conf_ on replica01.example.com: -[source, properties] ----- -dbms.default_advertised_address=read_replica04.example.com -dbms.mode=READ_REPLICA -causal_clustering.initial_discovery_members=single.example.com:5000 ----- - -Now start the new Read Replica and let it add itself to the existing cluster. -==== - -.Add a Secondary server to an existing cluster with Core servers as Primary servers -==== - -In this example, a Read Replica, `replica05.example.com`, is added to the cluster created in xref:clustering/deploy.adoc#causal-clustering-new-cluster-example-configure-a-core-only-cluster[Configure a Core-only cluster]. - -Configure the following entries in _neo4j.conf_: - -._neo4j.conf_ on replica05.example.com: -[source, properties] ----- -dbms.default_advertised_address=read_replica05.example.com -dbms.mode=READ_REPLICA -causal_clustering.initial_discovery_members=core01.example.com:5000,core02.example.com:5000,core03.example.com:5000 ----- - -Now start the new Read Replica and let it add itself to the existing cluster. -==== - -[NOTE] -==== -When adding a Secondary server to an existing cluster, only _Primary_ servers need to be listed in `causal_clustering.initial_discovery_members`. -It is not necessary to include existing Secondary servers, i.e. other Read Replica instances. -==== - -[[clustering-detach-secondary-server]] -== Detach a Secondary server from an existing cluster - -It is possible to turn a Secondary server into a standalone instance that thus contains a snapshot of the data in the cluster. -This can, in theory, be done for a Core Server as well, but this is **not** recommended for performance and safety reasons. -As mentioned above, in the {neo4j-version} version of Neo4j, all Secondary servers are Read Replica instances. - -.Detach a Read Replica and turn it into a stand alone instance -==== - -In this example, a Read Replica, `replica01.example.com`, is detached from a cluster. -See xref:clustering/deploy.adoc#clustering-add-secondary[Add a Secondary server to an existing cluster] above on how to add a Read Replica to a cluster. - -First, check if the Read Replica is as up-to-date as desired. -Use `SHOW DATABASE` to see where the different members of the cluster are in terms of committed transactions compared to the leader. - -[source, cypher, role=noplay] ----- -neo4j@system> SHOW DATABASE test00 YIELD name,serverID,address,role,lastCommittedTxn,replicationLag; ----- - -Note that `SHOW DATABASES` uses `serverID` as it lists databases and there may be more than one database per server, while `dbms.cluster.overview()` uses only `id` as it is only concerned with servers. - - -[queryresult] ----- -+---------------------------------------------------------------------------------------------------------------------------+ -| name | serverID | address | role | lastCommittedTxn | replicationLag | -+---------------------------------------------------------------------------------------------------------------------------+ -| "test00" | "aeb6debe-d3ea-4644-bd68-304236f3813b" | "core3:7687" | "leader" | 21423 | 0 | -| "test00" | "8e07406b-90b3-4311-a63f-85c45af63583" | "core1:7687" | "follower" | 21422 | -1 | -| "test00" | "b99ff25e-dc64-4c9c-8a50-ebc1aa0053cf" | "core2:7687" | "follower" | 21423 | 0 | -| "test00" | "0bf3f6c1-0f48-47c2-a943-18fa8362c918" | "replica4:7687" | "read_replica" | 21409 | -14 | -| "test00" | "0e9c1b28-c8c0-4c65-a1f2-39d326411280" | "replica6:7687" | "read_replica" | 21421 | -2 | -| "test00" | "82524236-3058-48a2-b198-6580003475af" | "replica5:7687" | "read_replica" | 21413 | -10 | -+---------------------------------------------------------------------------------------------------------------------------+ ----- - -Based on the results, decide which Read Replica to detach and proceed to shut it down. - -Once the Read Replica is shut down, configure the following entry in xref:configuration/file-locations.adoc[_neo4j.conf_]: - -._neo4j.conf_ on replica01.example.com: -[source, properties] ----- -dbms.mode=SINGLE ----- -Start the instance again. -It is now a standalone instance containing the data committed to it at the time of shutdown. -==== - -[NOTE] -==== -There is always a chance that the Read Replica is behind the Core Servers at any time (see above on how to check the state of your cluster members). -If a transaction is being processed at the time of the shutdown of the Read Replica, this transaction is eventually reflected in the remaining Cluster, but not on the detached Read Replica. -A way to ensure that a Read Replica contains a snapshot of a database in the cluster at a point in time, is to pause the read Replica before shutting it down. -See xref:reference/procedures.adoc#procedure_dbms_cluster_readreplicatoggle[`dbms.cluster.readReplicaToggle()`] for more information. -==== - -[[causal-clustering-connect-to-a-read-replica]] -== Connect to a Read Replica - -It is important to use the correct URI scheme when connecting to a Read Replica since it only allows read sessions/transactions. -The following table illustrates the supported URI schemes (the `+s` indicates that TLS has been configured for the cluster): - -[cols="6", options="header"] -|=== -2+| -2+| SSR disabled -2+| SSR enabled - -| -| `bolt+s://` -| `neo4j+s://` read session/tx -| `neo4j+s://` write session/tx -| `neo4j+s://` read session/tx -| `neo4j+s://` write session/tx - -| Cypher Shell -| {check-mark} -| {cross-mark} -| {cross-mark} -| {cross-mark} -| {check-mark} - -| Browser -| {check-mark} -| {cross-mark} -| {cross-mark} -| {cross-mark} -| {check-mark} - -| Neo4j Driver -| {check-mark} -| {check-mark} -| {cross-mark} -| {check-mark} -| {check-mark} -|=== - -[NOTE] -==== -In addition to `dbms.routing.enabled=true`, the configuration setting `dbms.routing.default_router` needs to be set to `SERVER` in order to connect to a Read Replica, where applicable. -See xref:clustering/internals.adoc#causal-clustering-routing[Server-side routing] for more information. -==== diff --git a/modules/ROOT/pages/clustering/discovery.adoc b/modules/ROOT/pages/clustering/discovery.adoc deleted file mode 100644 index 63a0fb69a..000000000 --- a/modules/ROOT/pages/clustering/discovery.adoc +++ /dev/null @@ -1,93 +0,0 @@ -[role=enterprise-edition] -[[causal-clustering-discovery]] -= Discovery -:description: How members of a cluster discover each other. - - -[[causal-clustering-discovery-overview]] -== Overview - -In order to form or connect to a running cluster, a Core Server or a Read Replica needs to know the addresses of some of the Core Servers. -This information is used to bind to the Core Servers in order to run the discovery protocol and get the full information about the cluster. -The way in which this is best done depends on the configuration in each specific case. - -[NOTE] -==== -A Single instance used as a Primary server does not need to be configured for discovery. -However, `discovery_advertised_address` and `discovery_listen_address` can be configured if other addresses than the default are desired. -==== - -If the addresses of the other cluster members are known upfront, they can be listed explicitly. -This is convenient, but has limitations: - -* If Core instances are replaced and the new members have different addresses, the list will become outdated. -An outdated list can be avoided by ensuring that the new members can be reached via the same address as the old members, but this is not always practical. -* Under some circumstances the addresses are unknown when configuring the cluster. -This can be the case, for example, when using container orchestration to deploy a Causal Cluster. - -Additional mechanisms for using DNS are provided for the cases where it is not practical or possible to explicitly list the addresses of cluster members to discover. - -The discovery configuration is just used for initial discovery and a running cluster will continuously exchange information about changes to the topology. -The behavior of the initial discovery is determined by the parameters `xref:reference/configuration-settings.adoc#config_causal_clustering.discovery_type[causal_clustering.discovery_type]` and `xref:reference/configuration-settings.adoc#config_causal_clustering.initial_discovery_members[causal_clustering.initial_discovery_members]`, and is described in the following sections. - - -[[causal-clustering-discovery-list]] -=== Discovery using a list of server addresses - -If the addresses of the other cluster members are known upfront, they can be listed explicitly. -We use the default `causal_clustering.discovery_type=LIST` and hard code the addresses in the configuration of each machine. -This alternative is illustrated by xref:clustering/deploy.adoc#causal-clustering-new-cluster-example-configure-a-core-only-cluster[Configure a Core-only cluster]. - - -[[causal-clustering-discovery-dns]] -=== Discovery using DNS with multiple records - -When using initial discovery with DNS, a DNS record lookup is performed when an instance starts up. -Once an instance has joined a cluster, further membership changes are communicated amongst Core instances as part of the discovery service. - -The following DNS-based mechanisms can be used to get the addresses of Core instances for discovery: - -`causal_clustering.discovery_type=DNS`:: -With this configuration, the initial discovery members will be resolved from _DNS A_ records to find the IP addresses to contact. -The value of `causal_clustering.initial_discovery_members` should be set to a single domain name and the port of the discovery service. -For example: `causal_clustering.initial_discovery_members=cluster01.example.com:5000`. -The domain name should return an A record for every Core instance when a DNS lookup is performed. -Each A record returned by DNS should contain the IP address of the Core instance. -The configured Primary server will use all the IP addresses from the A records to join or form a cluster. -+ -The discovery port must be the same on all Core instances when using this configuration. -If this is not possible, consider using the discovery type `SRV` instead. - -`causal_clustering.discovery_type=SRV`:: -With this configuration, the initial discovery members will be resolved from _DNS SRV_ records to find the IP addresses/hostnames and discovery service ports to contact. -The value of `causal_clustering.initial_discovery_members` should be set to a single domain name and the port set to `0`. -For example: `causal_clustering.initial_discovery_members=cluster01.example.com:0`. -The domain name should return a single SRV record when a DNS lookup is performed. -The SRV record returned by DNS should contain the IP address or hostname, and the discovery port, for the Core Servers to be discovered. -The configured Primary server will use all the addresses from the SRV record to join or form a cluster. - - -[[causal-clustering-discovery-k8s]] -=== Discovery in Kubernetes - -A special case is when a cluster is running in https://kubernetes.io/[Kubernetes^] and each Primary server is running as a Kubernetes service. -Then, the addresses of the Core instances can be obtained using the List Service API, as described in the https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#list-service-v1-core[Kubernetes API documentation^]. - -The following settings are used to configure for this scenario: - -* Set `causal_clustering.discovery_type=K8S`. -* Set `xref:reference/configuration-settings.adoc#config_causal_clustering.kubernetes.label_selector[causal_clustering.kubernetes.label_selector]` to the label selector for the Causal Cluster services. -For more information, see the https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors[Kubernetes official documentation^]. -* Set `xref:reference/configuration-settings.adoc#config_causal_clustering.kubernetes.service_port_name[causal_clustering.kubernetes.service_port_name]` to the name of the service port used in the Kubernetes service definition for the Core's discovery port. -For more information, see the https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#serviceport-v1-core[Kubernetes official documentation^] - -With this configuration, `causal_clustering.initial_discovery_members` is not used and any value assigned to it will be ignored. - -[NOTE] -==== -* The pod running Neo4j must use a service account which has permission to list services. -For further information, see the Kubernetes documentation on https://kubernetes.io/docs/reference/access-authn-authz/rbac/[RBAC authorization^] or https://kubernetes.io/docs/reference/access-authn-authz/abac/[ABAC authorization^]. -* The configured `causal_clustering.discovery_advertised_address` must exactly match the Kubernetes-internal DNS name, which will be of the form `..svc.cluster.local`. -==== - -As with DNS-based methods, the Kubernetes record lookup is only performed at startup. diff --git a/modules/ROOT/pages/clustering/internals.adoc b/modules/ROOT/pages/clustering/internals.adoc deleted file mode 100644 index 6588af397..000000000 --- a/modules/ROOT/pages/clustering/internals.adoc +++ /dev/null @@ -1,210 +0,0 @@ -[role=enterprise-edition] -[[causal-clustering-internals]] -= Internals of clustering -:description: This section details a few selected internals of a Neo4j Causal Cluster. Understanding the internals is not vital but can be helpful in diagnosing and resolving operational issues. - - -[[causal-clustering-elections-and-leadership]] -== Elections and leadership - -The Core instances used as Primary servers in a cluster use the Raft protocol to ensure consistency and safety. -See xref:clustering-advanced/lifecycle.adoc#causal-clustering-lifecycle-core-membership[Advanced Causal Clustering] for more information on the Raft protocol. -An implementation detail of Raft is that it uses a _Leader_ role to impose an ordering on an underlying log with other instances acting as _Followers_ which replicate the leader's state. -Specifically in Neo4j, this means that writes to the database are ordered by the Core instance currently playing the _Leader_ role for the respective database. -If a Neo4j DBMS cluster contains multiple databases, each one of those databases operates within a logically separate Raft group, and therefore each has an individual leader. -This means that a Core instance may act both as _Leader_ for some databases, and as _Follower_ for other databases. - -If a follower has not heard from the leader for a while, then it can initiate an election and attempt to become the new leader. -The follower makes itself a _Candidate_ and asks other Cores to vote for it. -If it can get a majority of the votes, then it assumes the leader role. -Cores will not vote for a candidate which is less up-to-date than itself. -There can only be one leader at any time per database, and that leader is guaranteed to have the most up-to-date log. - -Elections are expected to occur during the normal running of a cluster and they do not pose an issue in and of itself. -If you are experiencing frequent re-elections and they are disturbing the operation of the cluster then you should try to figure out what is causing them. -Some common causes are environmental issues (e.g. a flaky networking) and work overload conditions (e.g. more concurrent queries and transactions than the hardware can handle). - - -[[causal-clustering-leadership-balancing]] -== Leadership balancing - -Write transactions will always be routed to the leader for the respective database. -As a result, unevenly distributed leaderships may cause write queries to be disproportionately directed to a subset of instances. -By default, Neo4j avoids this by automatically transferring database leaderships so that they are evenly distributed throughout the cluster. -Additionally, Neo4j will automatically transfer database leaderships away from instances where those databases are configured to be read-only using xref:reference/configuration-settings.adoc#config_dbms.databases.read_only[dbms.databases.read_only] or similar. - - -[[causal-clustering-multi-database-and-the-reconciler]] -== Multi-database and the reconciler - -Databases operate as independent entities in a Neo4j DBMS, both in standalone and in a cluster. -Since a cluster can consist of multiple independent server instances, the effects of administrative operations like creating a new database happen asynchronously and independently for each server. -However, the immediate effect of an administrative operation is to safely commit the desired state in the `system` database. - -The desired state committed in the `system` database gets replicated and is picked up by an internal component called the reconciler. -It runs on every instance and takes the appropriate actions required locally on that instance for reaching the desired state; creating, starting, stopping, and dropping databases. - -Every database runs in an independent Raft group and since there are two databases in a fresh cluster, `system` and `neo4j`, this means that it also has two Raft groups. -Every Raft group also has an independent leader and thus a particular Core instance could be the leader for one database and a follower for another. - -[NOTE] -==== -This does not apply to clusters where a Single instance is the Primary server. -In such clusters, the Single instance is the leader of all databases and there is no Raft at all. -==== - -[[causal-clustering-routing]] -== Server-side routing - -Server-side routing is a complement to the client-side routing, performed by a Neo4j Driver. - -In a Causal Cluster deployment of Neo4j, Cypher queries may be directed to a cluster member that is unable to run the given query. -With server-side routing enabled, such queries will be rerouted internally to a cluster member that is expected to be able to run it. -This situation can occur for write-transaction queries when they address a database for which the receiving cluster member is not the leader. - -The cluster role for core cluster members is per database. -Thus, if a write-transaction query is sent to a cluster member that is not the leader for the specified database (specified either via the Bolt Protocol or by the Cypher syntax: link:{neo4j-docs-base-uri}/cypher-manual/4.4/clauses/use[`USE` clause]), server-side routing will be performed if properly configured. - -Server-side routing is enabled by the DBMS, by setting xref:reference/configuration-settings.adoc#config_dbms.routing.enabled[`dbms.routing.enabled=true`] for each cluster member. -The listen address (xref:reference/configuration-settings.adoc#config_dbms.routing.listen_address[`dbms.routing.listen_address`]) and advertised address (xref:reference/configuration-settings.adoc#config_dbms.routing.advertised_address[`dbms.routing.advertised_address`]) also need to be configured for server-side routing communication. - -Client connections need to state that server-side routing should be used and this is available for Neo4j Drivers and HTTP API. - -[NOTE] -==== -Neo4j Drivers can only use server-side routing when the `neo4j://` URI scheme is used. -The Drivers will not perform any routing when the `bolt://` URI scheme is used, instead connecting directly to the specified host. - -On the cluster-side you must fulfil the following pre-requisites to make server-side routing available: - -* Set `dbms.routing.enabled=true` on each member of the cluster. -* Configure `dbms.routing.listen_address`, and provide the advertised address using `dbms.routing.advertised_address` on each member. -* Optionally, you can set `dbms.routing.default_router=SERVER` on each member of the cluster. - -The final pre-requisite enforces server-side routing on the clients by sending out a routing table with exactly one entry to the client. -Therefore, `dbms.routing.default_router=SERVER` configures a cluster member to make its routing table behave like a standalone instance. -The implication is that if a Neo4j Driver connects to this cluster member, then the Neo4j Driver sends all requests to that cluster member. -Please note that the default configuration for `dbms.routing.default_router` is `dbms.routing.default_router=CLIENT`. -See xref:reference/configuration-settings.adoc#config_dbms.routing.default_router[`dbms.routing.default_router`] for more information. - -The HTTP-API of each member will benefit from these settings automatically. -==== - -The table below shows the criteria by which server-side routing is performed: - -.Server-side routing criteria -[options="header", cols="^2,^1,^1,^1,^3,^1,^1"] -|=== -4+^| CLIENT - Neo4j Driver (Bolt Protocol) -3+^| SERVER - Neo4j Cluster member - -h|URI scheme -h|Client-side routing -h|Request server-side routing -h|Transaction type -h|Server - Instance > Role (per database) -h|Server-side routing enabled -h|Routes the query - -| `neo4j://` | {check-mark} | {check-mark} | write | Primary - Single | {check-mark} | {cross-mark} -| `neo4j://` | {check-mark} | {check-mark} | read | Primary - Single | {check-mark} | {cross-mark} -| `neo4j://` | {check-mark} | {check-mark} | write | Primary - Core > leader | {check-mark} | {cross-mark} -| `neo4j://` | {check-mark} | {check-mark} | read | Primary - Core > leader | {check-mark} | {cross-mark} -| `neo4j://` | {check-mark} | {check-mark} | write | Primary - Core > follower | {check-mark} | {check-mark} -| `neo4j://` | {check-mark} | {check-mark} | read | Primary - Core > follower | {check-mark} | {cross-mark} -| `neo4j://` | {check-mark} | {check-mark} | write | Secondary - Read Replica | {check-mark} | {check-mark} -| `neo4j://` | {check-mark} | {check-mark} | read | Secondary - Read Replica | {check-mark} | {cross-mark} - -| `bolt://` | {cross-mark} | {cross-mark}| write | Primary - Single | {check-mark} | {cross-mark} -| `bolt://` | {cross-mark} | {cross-mark}| read | Primary - Single | {check-mark} | {cross-mark} -| `bolt://` | {cross-mark} | {cross-mark}| write | Primary - Core > leader | {check-mark} | {cross-mark} -| `bolt://` | {cross-mark} | {cross-mark}| read | Primary - Core > leader | {check-mark} | {cross-mark} -| `bolt://` | {cross-mark} | {cross-mark}| write | Primary - Core > follower | {check-mark} | {cross-mark} -| `bolt://` | {cross-mark} | {cross-mark}| read | Primary - Core > follower | {check-mark} | {cross-mark} -| `bolt://` | {cross-mark} | {cross-mark}| write | Secondary - Read Replica | {check-mark} | {cross-mark} -| `bolt://` | {cross-mark} | {cross-mark}| read | Secondary - Read Replica | {check-mark} | {cross-mark} -|=== - - -Server-side routing connector configuration:: -Rerouted queries are communicated over the link:https://7687.org[Bolt Protocol] using a designated communication channel. -The receiving end of the communication is configured using the following settings: -+ -* xref:reference/configuration-settings.adoc#config_dbms.routing.enabled[`dbms.routing.enabled`] -* xref:reference/configuration-settings.adoc#config_dbms.routing.listen_address[`dbms.routing.listen_address`] -* xref:reference/configuration-settings.adoc#config_dbms.routing.advertised_address[`dbms.routing.advertised_address`] - -Server-side routing driver configuration:: -Server-side routing uses the Neo4j Java driver to connect to other cluster members. -This driver is configured with settings of the format: -+ -* xref:reference/configuration-settings.adoc#config_dbms.routing.driver.api[`dbms.routing.driver.*`] -+ -[NOTE] -==== -The configuration options described in _Configuration_ in the link:{neo4j-docs-base-uri}[Neo4j Driver manuals] have an equivalent in the server-side routing configuration. -==== - -Server-side routing encryption:: -Encryption of server-side routing communication is configured by the cluster SSL policy. -For more information, see xref:clustering/intra-cluster-encryption.adoc[Cluster Encryption]. - - -[[causal-clustering-store-copy]] -== Store copy - -Store copies are initiated when an instance does not have an up-to-date copy of the database. -For example, this is the case when a new instance is joining a cluster (without a seed). -It can also happen as a consequence of falling behind the rest of the cluster, for reasons such as connectivity issues or having been shut down. -Upon re-establishing connection with the cluster, an instance recognizes that it is too far behind and fetches a new copy from the rest of the cluster. - -A store copy is a major operation, which may disrupt the availability of instances in the cluster. -Store copies should not be a frequent occurrence in a well-functioning cluster, but rather be an exceptional operation that happens due to specific causes, e.g. network outages or planned maintenance outages. -If store copies happen during regular operation, then the configuration of the cluster, or the workload directed at it, might have to be reviewed so that all instances can keep up, and that there is enough of a buffer of Raft logs and transaction logs to handle smaller transient issues. - -The protocol used for store copies is robust and configurable. -The network requests are directed at an upstream member according to configuration and they are retried despite transient failures. -The maximum amount of time to retry every request can be configured with xref:reference/configuration-settings.adoc#config_causal_clustering.store_copy_max_retry_time_per_request[`causal_clustering.store_copy_max_retry_time_per_request`]. -If a request fails and the maximum retry time has elapsed then it stops retrying and the store copy fails. - -Use xref:reference/configuration-settings.adoc#config_causal_clustering.catch_up_client_inactivity_timeout[`causal_clustering.catch_up_client_inactivity_timeout`] to configure the inactivity timeout for any particular request. - -[NOTE] -==== -The xref:reference/configuration-settings.adoc#config_causal_clustering.catch_up_client_inactivity_timeout[`causal_clustering.catch_up_client_inactivity_timeout`] configuration is for all requests from the catchup client, including the pulling of transactions. -==== - -The default upstream strategy is not applicable to Single instances and it differs for Core and Read Replica instances. -Core instances always send the initial request to the leader to get the most up-to-date information about the store. -The strategy for the file and index requests for Core instances is to vary every other request to a random Read Replica instance and every other to a random Core instance. - -Read Replica instances use the same strategy for store copies as it uses for pulling transactions. -The default is to pull from a random Core instance. - -If you are running a multi-datacenter cluster, then upstream strategies for both Core and Read Replica instances can be configured. -Remember that for Read Replica instances, this also affects from where transactions are pulled. -See more in xref:clustering-advanced/multi-data-center/configuration.adoc[Configure for multi-data center operations]. - - -[WARNING] -==== -* Do not transform a Read Replica instance into a Core instance. -* Do not transform a Core instance into a Read Replica instance. -==== - -[[causal-clustering-on-disk-state]] -== On-disk state - -The on-disk state of cluster instances is different from that of standalone instances. -The biggest difference is the existence of an additional cluster state. -Most of the files there are relatively small, but the Raft logs can become quite large depending on the configuration and workload. - -It is important to understand that once a database has been extracted from a cluster and used in a standalone deployment, it must not be put back into an operational cluster. -This is because the cluster and the standalone deployment now have separate databases, with different and irreconcilable writes applied to them. - -[WARNING] -==== -If you try to reinsert a modified database back into the cluster, then the logs and stores will mismatch. -Operators should not try to merge standalone databases into the cluster in the optimistic hope that their data will become replicated. -That does not happen and instead, it likely leads to unpredictable cluster behavior. -==== diff --git a/modules/ROOT/pages/clustering/intra-cluster-encryption.adoc b/modules/ROOT/pages/clustering/intra-cluster-encryption.adoc deleted file mode 100644 index 267baa9f0..000000000 --- a/modules/ROOT/pages/clustering/intra-cluster-encryption.adoc +++ /dev/null @@ -1,155 +0,0 @@ -[role=enterprise-edition] -[[causal-clustering-intra-cluster-encryption]] -= Intra-cluster encryption -:description: How to secure the cluster communication between server instances. - -[CAUTION] -==== -Securing client to server communication is not covered in this chapter (e.g. Bolt, HTTPS, Backup). -==== - - -[[causal-clustering-intra-cluster-encryption-introduction]] -== Introduction - -The security solution for cluster communication is based on standard SSL/TLS technology (referred to jointly as SSL). -Encryption is in fact just one aspect of security, with the other cornerstones being authentication and integrity. -A secure solution will be based on a key infrastructure which is deployed together with a requirement of authentication. - -The SSL support in the platform is documented in detail in xref:security/ssl-framework.adoc[SSL framework]. -This section will cover the specifics as they relate to securing a cluster. - -Under SSL, an endpoint can authenticate itself using certificates managed by a xref:security/ssl-framework.adoc#term-ssl-pki[Public Key Infrastructure (_PKI_)]. - -It should be noted that the deployment of a secure key management infrastructure is beyond the scope of this manual, and should be entrusted to experienced security professionals. -The example deployment illustrated below is for reference purposes only. - - -[[causal-clustering-intra-cluster-encryption-example-deployment]] -== Example deployment - -The following steps will create an example deployment, and each step is expanded in further detail below. - - - Generate and install xref:security/ssl-framework.adoc#term-ssl-cryptographic-objects[cryptographic objects] - - Configure Causal Clustering with the SSL policy - - Validate the secure operation of the cluster - - -[[causal-clustering-intra-cluster-encryption-cryptographic]] -=== Generate and install cryptographic objects - -The generation of cryptographic objects is for the most part outside the scope of this manual. -It will generally require having a PKI with a xref:security/ssl-framework.adoc#term-ssl-certificate-authority[Certificate Authority (_CA_)] within the organization and they should be able to advise here. -Please note that the information in this manual relating to the PKI is mainly for illustrative purposes. - -When the certificates and private keys have been obtained they can be installed on each of the servers. -Each server will have a certificate of its own, signed by a CA, and the corresponding private key. -The certificate of the CA is installed into the `trusted` directory, and any certificate signed by the CA will thus be trusted. -This means that the server now has the capability of establishing trust with other servers. - -[CAUTION] -==== -Please be sure to exercise caution when using CA certificates in the `trusted` directory, as any certificates signed by that CA will then be trusted to join the cluster. -For this reason, never use a public CA to sign certificates for your cluster. -Instead, use an intermediate certificate or a CA certificate which originates from and is controlled by your organization. -==== - -In this example we will deploy a mutual authentication setup, which means that both ends of a channel have to authenticate. -To enable mutual authentication the SSL policy must have `client_auth` set to `REQUIRE` (which is the default). -Servers are by default required to authenticate themselves, so there is no corresponding server setting. - -If the certificate for a particular server is compromised it is possible to revoke it by installing a xref:security/ssl-framework.adoc#term-ssl-certificate-revocation-list[Certificate Revocation List (_CRL_)] in the `revoked` directory. -It is also possible to redeploy using a new CA. -For contingency purposes, it is advised that you have a separate intermediate CA specifically for the cluster which can be substituted in its entirety should it ever become necessary. -This approach would be much easier than having to handle revocations and ensuring their propagation. - -.Generate and install cryptographic objects -==== -In this example we assume that the private key and certificate file are named _private.key_ and _public.crt_, respectively. -If you want to use different names you may override the policy configuration for the key and certificate names/locations. -We want to use the default configuration for this server so we create the appropriate directory structure and install the certificate: - -[source, shell] ----- -$neo4j-home> mkdir certificates/cluster -$neo4j-home> mkdir certificates/cluster/trusted -$neo4j-home> mkdir certificates/cluster/revoked - -$neo4j-home> cp $some-dir/private.key certificates/cluster -$neo4j-home> cp $some-dir/public.crt certificates/cluster ----- -==== - - -[[causal-clustering-intra-cluster-encryption-ssl-config]] -=== Configure the cluster SSL policy - -By default, cluster communication is unencrypted. -To configure a Causal Cluster to encrypt its intra-cluster communication, set `dbms.ssl.policy.cluster.enabled` to `true`. - -An SSL policy utilizes the installed cryptographic objects and additionally allows parameters to be configured. -We will use the following parameters in our configuration: - -.Example settings -[options="header"] -|=== -| Setting suffix | Value | Comment -| `client_auth` | `REQUIRE` | Setting this to `REQUIRE` effectively enables mutual authentication for servers. -| `ciphers` | `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384` | -We can enforce a particular single strong cipher and remove any doubt about which cipher gets negotiated and chosen. -The cipher chosen above offers Perfect Forward Secrecy (PFS) which is generally desirable. -It also uses Advanced Encryption Standard (_AES_) for symmetric encryption which has great support for acceleration in hardware and thus allows performance to generally be negligibly affected. -| `tls_versions` | `TLSv1.2` | -Since we control the entire cluster we can enforce the latest TLS standard without any concern for backwards compatibility. -It has no known security vulnerabilities and uses the most modern algorithms for key exchanges, etc. -|=== - -In the following example we will create and configure an SSL policy that we will use in our cluster. - -.Configure the cluster SSL policy -==== -In this example we assume that the directory structure has been created, and certificate files have been installed, as per the previous example. - -We add the following content to our _neo4j.conf_ file: - -[source, properties] ----- -dbms.ssl.policy.cluster.enabled=true -dbms.ssl.policy.cluster.tls_versions=TLSv1.2 -dbms.ssl.policy.cluster.ciphers=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 -dbms.ssl.policy.cluster.client_auth=REQUIRE ----- - -Any user data communicated between instances will now be secured. -Please note that an instance which is not correctly setup would not be able to communicate with the others. -==== - -Note that the policy must be configured on every server with the same settings. -The actual cryptographic objects installed will be mostly different since they do not share the same private keys and corresponding certificates. -The trusted CA certificate will be shared however. - - -[[causal-clustering-intra-cluster-encryption-validate]] -=== Validate the secure operation of the cluster - -To make sure that everything is secured as intended it makes sense to validate using external tooling such as, for example, the open source assessment tools `nmap` or `OpenSSL`. - -.Validate the secure operation of the cluster -==== - -In this example we will use the `nmap` tool to validate the secure operation of our cluster. -A simple test to perform is a cipher enumeration using the following command: - -[source, shell] ----- -nmap --script ssl-enum-ciphers -p ----- - -The hostname and port have to be adjusted according to our configuration. -This can prove that TLS is in fact enabled and that the only the intended cipher suites are enabled. -All servers and all applicable ports should be tested. -==== - -For testing purposes we could also attempt to utilize a separate testing instance of Neo4j which, for example, has an untrusted certificate in place. -The expected result of this test is that the test server is not able to participate in replication of user data. -The debug logs will generally indicate an issue by printing an SSL or certificate-related exception. diff --git a/modules/ROOT/pages/configuration/network-architecture.adoc b/modules/ROOT/pages/configuration/network-architecture.adoc deleted file mode 100644 index 960dff731..000000000 --- a/modules/ROOT/pages/configuration/network-architecture.adoc +++ /dev/null @@ -1,13 +0,0 @@ -:description: A visual representation of the Neo4j network infrastructure. -[[network-architecture]] -= Network infrastructure - -The following diagrams provide a map of the Neo4j network infrastructure and how the Neo4j components interact together. - -== Network without a load balancer - -image::network-architecture1.png[title="A default Neo4j network architecture without a load balancer.", role="middle"] - -== Network with a load balancer - -image::network-architecture2.png[title="A default Neo4j network architecture with a load balancer.", role="middle"] diff --git a/modules/ROOT/pages/deprecated-security-procedures/community-edition.adoc b/modules/ROOT/pages/deprecated-security-procedures/community-edition.adoc deleted file mode 100644 index a2a028dbf..000000000 --- a/modules/ROOT/pages/deprecated-security-procedures/community-edition.adoc +++ /dev/null @@ -1,154 +0,0 @@ -[role=deprecated] -[[ref-user-management-ce]] -= Community Edition -:description: This section describes deprecated procedures for user and password management for Neo4j Community Edition. - -User and password management for Community Edition is a subset of the functionality available in Enterprise Edition. -The following is true for user management in Community Edition: - -* It is possible to create multiple users. -* All users assume the privileges of an `admin` for the available functionality. - -Users are managed by using built-in procedures through Cypher. -This section gives a list of all the security procedures for user management along with some simple examples. -Use Neo4j Browser or Neo4j Cypher Shell to run the examples provided. -Unless stated otherwise, all arguments to the procedures described in this section must be supplied. - -[options="header"] -|=== -| Name | Description -| xref:deprecated-security-procedures/community-edition.adoc#userauth-change-your-password-ce[dbms.security.changePassword]| Change the current user's password -| xref:deprecated-security-procedures/community-edition.adoc#userauth-add-user-ce[dbms.security.createUser]| Add a user -| xref:deprecated-security-procedures/community-edition.adoc#userauth-delete-user-ce[dbms.security.deleteUser]| Delete a user -| xref:deprecated-security-procedures/community-edition.adoc#userauth-list-all-users-ce[dbms.security.listUsers]| List all users -|=== - - -[[userauth-change-your-password-ce]] -== Change the current user's password - -[CAUTION] -The procedure `dbms.security.changePassword(newPassword, requirePasswordChange)` has been entirely removed since the corresponding Cypher administration command also requires the old password, and thus is more secure. -Please use `ALTER CURRENT USER SET PASSWORD FROM 'oldPassword' TO 'newPassword'`, documented in the link:{neo4j-docs-base-uri}/cypher-manual/4.4/access-control/manage-users#access-control-alter-password[Cypher Manual], instead. - - -[[userauth-add-user-ce]] -== Add a user - -The current user is able to add a user to the system. - -*Syntax:* - -`CALL dbms.security.createUser(_username_, _password_, _requirePasswordChange_)` - -*Arguments:* - -[options="header"] -|=== -| Name | Type | Description -| `username` | String | This is the user's username. -| `password` | String | This is the user's password. -| `requirePasswordChange` | Boolean | This is optional, with a default of `true`. If this is `true`, (i) the user will be forced to change their password when they log in for the first time, and (ii) until the user has changed their password, they will be forbidden from performing any other operation. -|=== - -*Exceptions:* - -|=== -| The username either contains characters other than the ASCII characters between `!` and `~`, or contains `:` and `,`. -| The username is already in use within the system. -| The password is the empty string. -|=== - -.Add a user -==== -The following example creates a user with the username '*johnsmith*' and password '*h6u4%kr*'. -When the user '*johnsmith*' logs in for the first time, he will be required to xref:deprecated-security-procedures/community-edition.adoc#userauth-change-your-password-ce[change his password]. - -[source, cypher] ----- -CALL dbms.security.createUser('johnsmith', 'h6u4%kr', true) ----- -==== - - -[[userauth-delete-user-ce]] -== Delete a user - -The current user is able to delete permanently a user from the system. - -*Syntax:* - -`CALL dbms.security.deleteUser(_username_)` - -*Arguments:* - -[options="header"] -|=== -| Name | Type | Description -| `username` | String | This is the username of the user to be deleted. -|=== - -*Exceptions:* - -|=== -| The username does not exist in the system. -| The username matches that of the current user (i.e. deleting the current user is not permitted). -|=== - -*Considerations:* - -|=== -| Deleting a user will terminate with immediate effect all of the user's sessions and roll back any running transactions. -| As it is not possible for the current user to delete themselves, there will always be at least one user in the system. -|=== - -.Delete a user -==== -The following example deletes a user with the username '*janebrown*'. - -[source, cypher] ----- -CALL dbms.security.deleteUser('janebrown') ----- -==== - - -[[userauth-list-all-users-ce]] -== List all native users - -The current user is able to view the details of every user in the system. - -*Syntax:* - -`CALL dbms.security.listUsers()` - -*Returns:* - -[options="header"] -|=== -| Name | Type | Description -| `username` | String | This is the user's username. -| `flags` | List | This is a flag indicating whether the user needs to change their password. -|=== - -.List all users -==== -The following example shows the username for each user in the system, and whether the user needs to change their password. - -[source, cypher] ----- -CALL dbms.security.listUsers() ----- - -[queryresult] ----- -+-----------------------------------------+ -| username | flags | -+-----------------------------------------+ -| "neo4j" | [] | -| "anne" | ["password_change_required"] | -| "bill" | [] | -+-----------------------------------------+ -3 rows ----- -==== diff --git a/modules/ROOT/pages/deprecated-security-procedures/enterprise-edition.adoc b/modules/ROOT/pages/deprecated-security-procedures/enterprise-edition.adoc deleted file mode 100644 index a5d34451b..000000000 --- a/modules/ROOT/pages/deprecated-security-procedures/enterprise-edition.adoc +++ /dev/null @@ -1,717 +0,0 @@ -[role=deprecated] -[[procedures-native-user-role-management]] -= Enterprise Edition -:description: This section describes deprecated procedures for native user and role management for Neo4j Enterprise Edition. - -//Check Mark -:check-mark: icon:check[] - -A subset of this functionality is also available in Community Edition. -The table below includes an indication of which functions this is valid for. -Refer to xref:deprecated-security-procedures/community-edition.adoc[Community Edition] for a complete description. - -In Neo4j, native user and role management are managed by using built-in procedures through Cypher. -This section gives a list of all the security procedures for user management along with some simple examples. -Use Neo4j Browser or Neo4j Cypher Shell to run the examples provided. - -The following table lists the available procedures: - -[options="header", cols="25m,20a,15m,^10a"] -|=== -| Procedure name -| Description -| Executable by role(s) -| Available in xref:deprecated-security-procedures/community-edition.adoc[Community Edition] - -| xref:deprecated-security-procedures/enterprise-edition.adoc#userauth-activate-user[dbms.security.activateUser] -| Activate a suspended user -| admin -| - -| xref:deprecated-security-procedures/enterprise-edition.adoc#user-roles-assign-role-to-user[dbms.security.addRoleToUser] -| Assign a role to the user -| admin -| - -| xref:deprecated-security-procedures/enterprise-edition.adoc#userauth-change-your-password[dbms.security.changePassword] -| Change the current user's password -| reader,editor,publisher,architect,admin -| {check-mark} - -| xref:deprecated-security-procedures/enterprise-edition.adoc#userauth-change-users-password[dbms.security.changeUserPassword] -| Change the given user's password -| admin -| - -| xref:deprecated-security-procedures/enterprise-edition.adoc#user-roles-create-role[dbms.security.createRole] -| Create a new role -| admin -| - -| xref:deprecated-security-procedures/enterprise-edition.adoc#userauth-add-user[dbms.security.createUser] -| Create a new user -| admin -| {check-mark} - -| xref:deprecated-security-procedures/enterprise-edition.adoc#user-roles-delete-role[dbms.security.deleteRole] -| Delete the specified role. -Any role assignments will be removed -| admin -| - -| xref:deprecated-security-procedures/enterprise-edition.adoc#userauth-delete-user[dbms.security.deleteUser] -| Delete the specified user -| admin -| {check-mark} - -| xref:deprecated-security-procedures/enterprise-edition.adoc#user-roles-list-all-roles[dbms.security.listRoles] -| List all available roles -| admin -| - -| xref:deprecated-security-procedures/enterprise-edition.adoc#user-roles-list-all-roles-for-user[dbms.security.listRolesForUser] -| List all roles assigned to the specified user -| admin -| - -| xref:deprecated-security-procedures/enterprise-edition.adoc#userauth-list-all-users[dbms.security.listUsers] -| List all local users -| admin -| {check-mark} - -| xref:deprecated-security-procedures/enterprise-edition.adoc#user-roles-list-all-users-for-role[dbms.security.listUsersForRole] -| List all users currently assigned the specified role -| admin -| - -| xref:deprecated-security-procedures/enterprise-edition.adoc#user-roles-remove-role-from-user[dbms.security.removeRoleFromUser] -| Unassign a role from the user -| admin -| - -| xref:deprecated-security-procedures/enterprise-edition.adoc#userauth-suspend-user[dbms.security.suspendUser] -| Suspend the specified user -| admin -| -|=== - - -[[userauth-activate-user]] -== Activate a suspended user - -An administrator is able to activate a suspended user so that the user is once again able to access the data in their original capacity. - -*Syntax:* - -`CALL dbms.security.activateUser(_username_, _requirePasswordChange_)` - -*Arguments:* - -[options="header"] -|=== -| Name | Type | Description -| `username` | String | This is the username of the user to be activated. -| `requirePasswordChange` | Boolean | This is optional, with a default of `true`. If this is `true`, (i) the user will be forced to change their password when they next log in, and (ii) until the user has changed their password, they will be forbidden from performing any other operation. -|=== - -*Exceptions:* - -|=== -| The current user is not an administrator. -| The username does not exist in the system. -| The username matches that of the current user (i.e. activating the current user is not permitted). -|=== - -*Considerations:* - -|=== -| This is an idempotent procedure. -|=== - - -.Activate a suspended user -==== -The following example activates a user with the username '*jackgreen*'. -When the user '*jackgreen*' next logs in, he will be required to xref:deprecated-security-procedures/enterprise-edition.adoc#userauth-change-your-password[change his password]. - -[source, cypher] ----- -CALL dbms.security.activateUser('jackgreen') ----- -==== - - -[[user-roles-assign-role-to-user]] -== Assign a role to the user - -An administrator is able to assign a role to any user in the system, -thus allowing the user to perform a series of actions upon the data. - -*Syntax:* - -`CALL dbms.security.addRoleToUser(_roleName_, _username_)` - -*Arguments:* - -[options="header"] -|=== -| Name | Type | Description -| `roleName` | String | This is the name of the role to be assigned to the user. -| `username` | String | This is the username of the user who is to be assigned the role. -|=== - -*Exceptions:* - -|=== -| The current user is not an administrator. -| The username does not exist in the system. -| The username contains characters other than alphanumeric characters and the ‘_’ character. -| The role name does not exist in the system. -| The role name contains characters other than alphanumeric characters and the ‘_’ character. -|=== - -*Considerations:* - -|=== -| This is an idempotent procedure. -|=== - -.Assign a role to the user -==== -The following example assigns the role `publisher` to the user with username '*johnsmith*'. - -[source, cypher] ----- -CALL dbms.security.addRoleToUser('publisher', 'johnsmith') ----- -==== - - -[[userauth-change-your-password]] -== Change the current user's password - -[CAUTION] -The procedure `dbms.security.changePassword(newPassword, requirePasswordChange)` has been entirely removed since the corresponding Cypher administration command also requires the old password, and thus is more secure. -Please use `ALTER CURRENT USER SET PASSWORD FROM 'oldPassword' TO 'newPassword'`, documented in the link:{neo4j-docs-base-uri}/cypher-manual/4.4/access-control/manage-users#access-control-alter-password[Cypher Manual], instead. - -[[userauth-change-users-password]] -== Change the given user's password - -An administrator is able to change the password of any user within the system. -Alternatively, the current user may change their own password. - -*Syntax:* - -`CALL dbms.security.changeUserPassword(_username_, _newPassword_, _requirePasswordChange_)` - -*Arguments:* - -[options="header"] -|=== -| Name | Type | Description -| `username` | String | This is the username of the user whose password is to be changed. -| `newPassword` | String | This is the new password for the user. -| `requirePasswordChange` | Boolean | This is optional, with a default of `true`. If this is `true`, (i) the user will be forced to change their password when they next log in, and (ii) until the user has changed their password, they will be forbidden from performing any other operation. -|=== - -*Exceptions:* - -|=== -| The current user is not an administrator and the username does not match that of the current user. -| The username does not exist in the system. -| The password is the empty string. -| The password is the same as the user's previous password. -|=== - -*Considerations:* - -|=== -| This procedure may be invoked by the current user to change their own password, irrespective of whether or not the current user is an administrator. -| This procedure may be invoked by an administrator to change another user's password. -| In addition to changing the user's password, this will terminate with immediate effect all of the user's sessions and roll back any running transactions. -|=== - -.Change a given user's password -==== -The following example changes the password of the user with the username '*joebloggs*' to '*h6u4%kr*'. -When the user '*joebloggs*' next logs in, he will be required to xref:deprecated-security-procedures/enterprise-edition.adoc#userauth-change-your-password[change his password]. - -[source, cypher] ----- -CALL dbms.security.changeUserPassword('joebloggs', 'h6u4%kr') ----- -==== - - -[[user-roles-create-role]] -== Create a new role - -An administrator is able to create custom roles in the system. - -*Syntax:* - -`CALL dbms.security.createRole(_roleName_)` - -*Arguments:* - -[options="header"] -|=== -| Name | Type | Description -| `roleName` | String | This is the name of the role to be created. -|=== - -*Exceptions:* - -|=== -| The current user is not an administrator. -| The role name already exists in the system. -| The role name is empty. -| The role name contains characters other than alphanumeric characters and the ‘_’ character. -| The role name matches one of the native roles: `reader`, `publisher`, `architect`, and `admin`. -|=== - -.Create a new role -==== -The following example creates a new custom role. - -[source, cypher] ----- -CALL dbms.security.createRole('operator') ----- -==== - - -[[userauth-add-user]] -== Create a new user - -An administrator is able to create a new user. -This action ought to be followed by assigning a role to the user, which is described xref:deprecated-security-procedures/enterprise-edition.adoc#user-roles-assign-role-to-user[here]. - -*Syntax:* - -`CALL dbms.security.createUser(_username_, _password_, _requirePasswordChange_)` - -*Arguments:* - -[options="header"] -|=== -| Name | Type | Description -| `username` | String | This is the user's username. -| `password` | String | This is the user's password. -| `requirePasswordChange` | Boolean | This is optional, with a default of `true`. If this is `true`, (i) the user will be forced to change their password when they log in for the first time, and (ii) until the user has changed their password, they will be forbidden from performing any other operation. -|=== - -*Exceptions:* - -|=== -| The current user is not an administrator. -| The username either contains characters other than the ASCII characters between `!` and `~`, or contains `:` and `,`. -| The username is already in use within the system. -| The password is the empty string. -|=== - - -.Create a new user -==== -The following example creates a user with the username '*johnsmith*' and password '*h6u4%kr*'. -When the user '*johnsmith*' logs in for the first time, he will be required to xref:deprecated-security-procedures/enterprise-edition.adoc#userauth-change-your-password[change his password]. - -[source, cypher] ----- -CALL dbms.security.createUser('johnsmith', 'h6u4%kr') ----- -==== - - -[[user-roles-delete-role]] -== Delete the specified role - -An administrator is able to delete roles from the system. - -*Syntax:* - -`CALL dbms.security.deleteRole(_roleName_)` - -*Arguments:* - -[options="header"] -|=== -| Name | Type | Description -| `roleName` | String | This is the name of the role to be deleted. -|=== - -*Exceptions:* - -|=== -| The current user is not an administrator. -| The role name does not exist in the system. -| The role name matches one of the native roles: `reader`, `publisher`, `architect`, and `admin`. -|=== - -*Considerations:* - -|=== -| Any role assignments will be removed. -|=== - -.Delete the specified role -==== -The following example deletes the custom role '*operator*' from the system. - -[source, cypher] ----- -CALL dbms.security.deleteRole('operator') ----- -==== - - -[[userauth-delete-user]] -== Delete the specified user - -An administrator is able to delete permanently a user from the system. -It is not possible to undo this action, so, if in any doubt, consider xref:deprecated-security-procedures/enterprise-edition.adoc#userauth-suspend-user[suspending the user] instead. - -*Syntax:* - -`CALL dbms.security.deleteUser(_username_)` - -*Arguments:* - -[options="header"] -|=== -| Name | Type | Description -| `username` | String | This is the username of the user to be deleted. -|=== - -*Exceptions:* - -|=== -| The current user is not an administrator. -| The username does not exist in the system. -| The username matches that of the current user (i.e. deleting the current user is not permitted). -|=== - -*Considerations:* - -|=== -| It is not necessary to remove any assigned roles from the user prior to deleting the user. -| Deleting a user will terminate with immediate effect all of the user's sessions and roll back any running transactions. -| As it is not possible for the current user to delete themselves, there will always be at least one administrator in the system. -|=== - -.Delete the specified user -==== -The following example deletes a user with the username '*janebrown*'. - -[source, cypher] ----- -CALL dbms.security.deleteUser('janebrown') ----- -==== - - -[[user-roles-list-all-roles]] -== List all available roles - -An administrator is able to view all assigned users for each role in the system. - -*Syntax:* - -`CALL dbms.security.listRoles()` - -*Returns:* - -[options="header"] -|=== -| Name | Type | Description -| `role` | String | This is the name of the role. -| `users` | List | This is a list of the usernames of all users who have been assigned the role. -|=== - -*Exceptions:* - -|=== -| The current user is not an administrator. -|=== - -.List all available roles -==== -The following example shows, for each role in the system, the name of the role and the usernames of all assigned users. - -[source, cypher] ----- -CALL dbms.security.listRoles() ----- - -[queryresult] ----- -+------------------------------+ -| role | users | -+------------------------------+ -| "reader" | ["bill"] | -| "architect" | [] | -| "admin" | ["neo4j"] | -| "publisher" | ["john","bob"] | -+------------------------------+ -4 rows ----- -==== - - -[[user-roles-list-all-roles-for-user]] -== List all roles assigned to the specified user - -Any active user is able to view all of their assigned roles. -An administrator is able to view all assigned roles for any user in the system. - -*Syntax:* - -`CALL dbms.security.listRolesForUser(_username_)` - -*Arguments:* - -[options="header"] -|=== -| Name | Type | Description -| `username` | String | This is the username of the user. -|=== - -*Returns:* - -[options="header"] -|=== -| Name | Type | Description -| `value` | String | This returns all roles assigned to the requested user. -|=== - -*Exceptions:* - -|=== -| The current user is not an administrator and the username does not match that of the current user. -| The username does not exist in the system. -|=== - -*Considerations:* - -|=== -| This procedure may be invoked by the current user to view their roles, irrespective of whether or not the current user is an administrator. -| This procedure may be invoked by an administrator to view the roles for another user. -|=== - -.List all roles assigned to the specified user -==== -The following example lists all the roles for the user with username '*johnsmith*', who has the roles `reader` and `publisher`. - -[source, cypher] ----- -CALL dbms.security.listRolesForUser('johnsmith') ----- - -[queryresult] ----- -+-------------+ -| value | -+-------------+ -| "reader" | -| "publisher" | -+-------------+ -2 rows ----- -==== - - -[[userauth-list-all-users]] -== List all local users - -An administrator is able to view the details of every user in the system. - -*Syntax:* - -`CALL dbms.security.listUsers()` - -*Returns:* - -[options="header"] -|=== -| Name | Type | Description -| `username` | String | This is the user's username. -| `roles` | List | This is a list of roles assigned to the user. -| `flags` | List | This is a series of flags indicating whether the user is suspended or needs to change their password. -|=== - -*Exceptions:* - -|=== -| The current user is not an administrator. -|=== - -.List all local users -==== -The following example shows, for each user in the system, the username, the roles assigned to the user, and whether the user is suspended or needs to change their password. - -[source, cypher] ----- -CALL dbms.security.listUsers() ----- - -[queryresult] ----- -+---------------------------------------------------------------------+ -| username | roles | flags | -+---------------------------------------------------------------------+ -| "neo4j" | ["admin"] | [] | -| "anne" | [] | ["password_change_required"] | -| "bill" | ["reader"] | ["is_suspended"] | -| "john" | ["architect","publisher"] | [] | -+---------------------------------------------------------------------+ -4 rows ----- -==== - - -[[user-roles-list-all-users-for-role]] -== List all users currently assigned the specified role - -An administrator is able to view all assigned users for a role. - -*Syntax:* - -`CALL dbms.security.listUsersForRole(_roleName_)` - -*Arguments:* - -[options="header"] -|=== -| Name | Type | Description -| `roleName` | String | This is the name of the role. -|=== - -*Returns:* - -[options="header"] -|=== -| Name | Type | Description -| `value` | String | This returns all assigned users for the requested role. -|=== - -*Exceptions:* - -|=== -| The current user is not an administrator. -| The role name does not exist in the system. -|=== - -.List all users currently assigned the specified role -==== -The following example lists all the assigned users - '*bill*' and '*anne*' - for the role `publisher`. - -[source, cypher] ----- -CALL dbms.security.listUsersForRole('publisher') ----- - -[queryresult] ----- -+--------+ -| value | -+--------+ -| "bill" | -| "anne" | -+--------+ -2 rows ----- -==== - - -[[user-roles-remove-role-from-user]] -== Unassign a role from the user - -An administrator is able to remove a role from any user in the system, -thus preventing the user from performing upon the data any actions prescribed by the role. - -*Syntax:* - -`CALL dbms.security.removeRoleFromUser(_roleName_, _username_)` - -*Arguments:* - -[options="header"] -|=== -| Name | Type | Description -| `roleName` | String | This is the name of the role which is to be removed from the user. -| `username` | String | This is the username of the user from which the role is to be removed. -|=== - -*Exceptions:* - -|=== -| The current user is not an administrator. -| The username does not exist in the system. -| The role name does not exist in the system. -| The username is that of the current user and the role is `admin`. -|=== - -*Considerations:* - -|=== -| If the username is that of the current user and the role name provided is `admin`, an error will be thrown; i.e. the current user may not be demoted from being an administrator. -| As it is not possible for the current user to remove the `admin` role from themselves, there will always be at least one administrator in the system. -| This is an idempotent procedure. -|=== - -.Unassign a role from the user -==== -The following example removes the role `publisher` from the user with username '*johnsmith*'. - -[source, cypher] ----- -CALL dbms.security.removeRoleFromUser('publisher', 'johnsmith') ----- -==== - - -[[userauth-suspend-user]] -== Suspend the specified user - -An administrator is able to suspend a user from the system. -The suspended user may be xref:deprecated-security-procedures/enterprise-edition.adoc#userauth-activate-user[activated] at a later stage. - -*Syntax:* - -`CALL dbms.security.suspendUser(_username_)` - -*Arguments:* - -[options="header"] -|=== -| Name | Type | Description -| `username` | String | This is the username of the user to be suspended. -|=== - -*Exceptions:* - -|=== -| The current user is not an administrator. -| The username does not exist in the system. -| The username matches that of the current user (i.e. suspending the current user is not permitted). -|=== - -*Considerations:* - -|=== -| Suspending a user will terminate with immediate effect all of the user's sessions and roll back any running transactions. -| All of the suspended user's attributes -- assigned roles and password -- will remain intact. -| A suspended user will not be able to log on to the system. -| As it is not possible for the current user to suspend themselves, there will always be at least one active administrator in the system. -| This is an idempotent procedure. -|=== - -.Suspend the specified user -==== -The following example suspends a user with the username '*billjones*'. - -[source, cypher] ----- -CALL dbms.security.suspendUser('billjones') ----- -==== diff --git a/modules/ROOT/pages/deprecated-security-procedures/index.adoc b/modules/ROOT/pages/deprecated-security-procedures/index.adoc deleted file mode 100644 index aa238ee07..000000000 --- a/modules/ROOT/pages/deprecated-security-procedures/index.adoc +++ /dev/null @@ -1,20 +0,0 @@ -[appendix] -[[appendix-deprecated-security-procedures]] -= Deprecated security procedures -:description: This appendix describes deprecated procedures for security management. - -This appendix describes deprecated procedures for security management: - -* xref:deprecated-security-procedures/enterprise-edition.adoc[Enterprise Edition] -* xref:deprecated-security-procedures/community-edition.adoc[Community Edition] - -[DEPRECATED] -==== -The procedures described in this appendix have been deprecated and will be removed in a future release. - -It is strongly recommended to migrate to the security features as described in link:{neo4j-docs-base-uri}/cypher-manual/4.4/access-control[Cypher Manual -> Access Control] - -See also a worked example in xref:authentication-authorization/access-control.adoc[Fine-grained access control]. -==== - - diff --git a/modules/ROOT/pages/fabric/configuration.adoc b/modules/ROOT/pages/fabric/configuration.adoc deleted file mode 100644 index 307fd671b..000000000 --- a/modules/ROOT/pages/fabric/configuration.adoc +++ /dev/null @@ -1,273 +0,0 @@ -[role=enterprise-edition] -[[fabric-configuration]] -= Configuration -:description: How to configure Neo4j Fabric. - - -[[fabric-setup]] -== Fabric database setup - -Fabric must be set on a standalone Neo4j DBMS: the settings in xref:configuration/file-locations.adoc[_neo4j.conf_] are identified by the `fabric` namespace. -The minimal requirements to setup Fabric are: - -* A *virtual database name*: this is the entry point used by the client applications to access the Fabric environment. -* One or more *Fabric graph URI and database*: this a reference of a URI and a database for each graph set in the Fabric environment. - - -=== Local development setup example - -Consider a standalone Neo4j DBMS, which has two databases, `db1` and `db2`. -Note that all databases except for the default and `system` must be created using the `CREATE DATABASE` command. - -Fabric is enabled by configuring: - -[source, properties] ----- -fabric.database.name=example ----- - -This configuration enables Fabric and exposes the feature under the virtual database with the name `example`, which is accessible using the default URI, _neo4j://localhost:7687_. -After connecting to the DBMS with the `example` database selected, you can run queries like the following: - -[source, cypher] ----- -USE db1 -MATCH (n) RETURN n - UNION -USE db2 -MATCH (n) RETURN n ----- - - -image::fabric-minimal-setting.png[title="Minimal local Fabric setting in a development setup", role="middle"] - -=== Remote development setup example - -This example consists of a setup with three standalone Neo4j DBMSs. -One instance acts as the Fabric proxy, configured to enable Fabric. -The other two instances contain the databases `db1` and `db2`. - -The following configuration enables Fabric on the proxy instance and allows it to access the databases in the other two instances. - -[source,properties] ----- -fabric.database.name=example -fabric.graph.0.uri=neo4j://hostname-of-instance1:7687 -fabric.graph.0.database=db1 - -fabric.graph.1.uri=neo4j://hostname-of-instance2:7687 -fabric.graph.1.database=db2 ----- - -This configuration enables Fabric and exposes the feature under the virtual database named example, which is accessible using the default URI, _neo4j://localhost:7687_. -The Fabric graphs are uniquely identified by their IDs, `0` and `1`. - -After connecting to the DBMS with the selected database set to "example", you can run queries like the following: - -[source,cypher] ----- -USE example.graph(0) -MATCH (n) RETURN n - UNION -USE example.graph(1) -MATCH (n) RETURN n ----- - -image::fabric-minimal-remote-setting.png[title="Minimal remote Fabric setting in a development setup", role="middle"] - -=== Naming graphs - -Graphs can be identified by their ID or by a name. A graph can be named by adding an extra configuration setting, `fabric.graph..name`. - -For example, if the given names are `graphA` (associated to `db1`) and `graphB` (associated to `db2`), the two additional settings will be: - -[source, properties] ----- -fabric.graph.0.name=graphA -fabric.graph.1.name=graphB ----- - -Giving names to graphs means you can refer to them by name in queries: - -[source, cypher] ----- -USE example.graphA -MATCH (n) RETURN n - UNION -USE example.graphB -MATCH (n) RETURN n ----- - -=== Cluster setup with no single point of failure example - -In this example, all components are redundant and data is stored in a Causal Cluster. -In addition to the settings described in the previous example, a setting with no single point of failure requires the use of the _routing servers_ parameter, which specifies a list of standalone Neo4j DBMSs that expose the same Fabric database and configuration. -This parameter is required in order to simulate the same connectivity that client applications use with Causal Cluster, which means, in case of fault of one instance, the client application may revert to another existing instance. - -Assume that in this example, the data is stored in three databases: `db1`, `db2` and `db3`. -The configuration of Fabric would be: - -[source, properties] ----- -dbms.mode=SINGLE - -fabric.database.name=example -fabric.routing.servers=server1:7687,server2:7687 - -fabric.graph.0.name=graphA -fabric.graph.0.uri=neo4j://core1:7687,neo4j://core2:7687,neo4j://core3:7687 -fabric.graph.0.database=db1 - -fabric.graph.1.name=graphB -fabric.graph.1.uri=neo4j://core1:7687,neo4j://core2:7687,neo4j://core3:7687 -fabric.graph.1.database=db2 - -fabric.graph.2.name=graphC -fabric.graph.2.uri=neo4j://core1:7687,neo4j://core2:7687,neo4j://core3:7687 -fabric.graph.2.database=db3 ----- - -The configuration above must be added to the xref:configuration/file-locations.adoc[_neo4j.conf_] file of the Neo4j DBMSs `server1` and `server2`. -The parameter `fabric.routing.servers` contains the list of available standalone Neo4j DBMSs hosting the Fabric database. -The parameter `fabric.graph..uri` can contain a list of URIs, so in case the first server does not respond to the request, the connection can be established to another server that is part of the cluster. -The URIs refer to the `neo4j://` schema so that Fabric can retrieve a routing table and can use one of the members of the cluster to connect. - -image::fabric-setting.png[title="Fabric setting with Causal Cluster and no single point of failure", role="middle"] - - -=== Cluster routing context - -The URIs in the graph settings may include routing contexts, which are described in the link:{neo4j-docs-base-uri}[Neo4j Driver manuals]. -This can be used to associate a Fabric graph with a filtered subset of Causal Cluster members, by selecting a xref:clustering-advanced/multi-data-center/load-balancing.adoc#multi-dc-load-balancing-the-load-balancing-framework[routing policy]. - -As an example, assuming you have a server policy called `read_replicas` defined in the configuration of the cluster you are targeting, -you might set up a Fabric graph that accesses only the read replicas of the cluster. - -[source, properties] ----- -fabric.graph.0.name=graphA -fabric.graph.0.uri=neo4j://core1:7687?policy=read_replicas -fabric.graph.0.database=db1 ----- - -This enables scenarios where queries executed through Fabric are explicitly offloaded to specific instances in clusters. - - -[[fabric-authentication-authorization]] -== Authentication and authorization - -=== Credentials - -Connections between the Fabric database and the Neo4j DBMSs hosting the data are created using the same credentials that are supplied in the client connection to the Fabric database. -It is recommended to maintain a set of user credentials on all the Neo4j DBMSs; if required, a subset of credentials may be set for local access on the remote DBMSs. - -=== User and role administration -User and role administration actions are not automatically propagated to the Fabric environment, therefore security settings must be executed on any DBMS that is part of Fabric. - -=== Privileges on the Fabric database -In order to use all Fabric features, users of Fabric databases need `ACCESS` and `READ` privileges. - - -[[fabric-important-settings]] -== Important settings - -This section provides general information about Fabric settings and describes the ones important for creating a fabric set-up. -For the full list of Fabric configuration options, see xref:reference/configuration-settings.adoc[Configuration settings]. - -Fabric settings are divided in the following categories: - -* *System Settings*: DBMS-level settings. -* *Graph Settings*: definition and configuration of Fabric graphs. -* *Drivers Settings*: configuration of drivers used to access Neo4j DBMSs and databases associated to Fabric graphs. - -=== System settings - -.Fabric system settings -[options="header"] -|=== -| Parameter | Description -| xref:reference/configuration-settings.adoc#config_fabric.database.name[`fabric.database.name`] | Name of the Fabric database. -Neo4j Fabric currently supports one Fabric database in a standalone Neo4j DBMS. -| xref:reference/configuration-settings.adoc#config_fabric.routing.servers[`fabric.routing.servers`] | A comma-separated list of Neo4j DBMSs that share the same Fabric configuration. -These DBMSs form a routing group. -A client application will route transactions through a Neo4j driver or connector to one of the members of the routing group. -A Neo4j DBMS is represented by its Bolt connector address. -Example: xref:reference/configuration-settings.adoc#config_fabric.routing.servers[`fabric.routing.servers=server1:7687,server2:7687`]. -|=== - -=== Graph settings - -[NOTE] --- -The `` in the following settings is the integer associated to each Fabric graph. --- - -.Fabric graph settings -[options="header"] -|=== -| Parameter | Description -| `fabric.graph..uri` | URI of the Neo4j DBMS hosting the database associated to the Fabric graph. -Example: `neo4j://somewhere:7687` -| `fabric.graph..database` | Name of the database associated to the Fabric graph. -| `fabric.graph..name` | Name assigned to the Fabric graph. -The name can be used in Fabric queries. -| `fabric.graph..driver.*` | Any specific driver setting, that means, any setting related to a connection to a specific Neo4j DBMS and database. -This setting overrides a global driver setting. -|=== - -[NOTE] --- -When configuring access to a remote DBMS, make sure that the remote is configured to advertise its address correctly, using either xref:reference/configuration-settings.adoc#config_dbms.default_advertised_address[`dbms.default_advertised_address`] or xref:reference/configuration-settings.adoc#config_dbms.connector.bolt.advertised_address[`dbms.connector.bolt.advertised_address`]. -Fabric reads the routing table from the remote DBMS and then connects back using an appropriate entry in that table. --- - -=== Drivers settings - -Fabric uses the Neo4j Java driver to connect to and access the data stored in Neo4j databases associated to Fabric graphs. -This section presents the most important parameters available to configure the driver. - -Drivers settings are configured with parameters with names of the format: - -`fabric.driver.` - -A setting can be global, i.e. be valid for all the drivers used in Fabric, or it can be specific for a given connection to a Neo4j database associated to a graph. -The graph-specific setting overrides the global configuration for that graph. - -.Global drivers setting versus graph-specific drivers setting -==== -A drivers setting for Fabric as the following is valid for all the connections established with the Neo4j DBMSs set in Fabric: - -[source, properties] ----- -fabric.driver.api=RX ----- - -A graph-specific connection for the database with `ID=6` will override the `fabric.driver.api` setting for that database: - -[source, properties] ----- -fabric.graph.6.driver.api=ASYNC ----- -==== - -[cols="1,2a", options="header"] -.Fabric drivers setting suffixes -|=== -| Parameter suffix -| Explanation -| `ssl_enabled` -| SSL for Fabric drivers is configured using the `fabric` SSL policy. -This setting can be used to instruct the driver not to use SSL even though the `fabric` SSL policy is configured. -The driver will use SSL if the `fabric` SSL policy is configured, and this setting is set to `true`. -This parameter can only be used in `fabric.graph..driver.ssl_enabled` and not `fabric.driver.ssl_enabled`. - -| `xref:reference/configuration-settings.adoc#config_fabric.driver.api[api]` -|Determine which driver API to be used. -Supported values are `RX` and `ASYNC`. - -|=== - -[NOTE] --- -Most driver options described in _Configuration_ in the link:{neo4j-docs-base-uri}[Neo4j Driver manuals] have an equivalent in Fabric configuration. --- diff --git a/modules/ROOT/pages/fabric/considerations.adoc b/modules/ROOT/pages/fabric/considerations.adoc deleted file mode 100644 index ba65556e2..000000000 --- a/modules/ROOT/pages/fabric/considerations.adoc +++ /dev/null @@ -1,43 +0,0 @@ -[role=enterprise-edition] -[[fabric-further-considerations]] -= Further considerations -:description: This section presents considerations about Fabric that developers and administrators must be aware of. - - -DBMS mode:: -The DBMS hosting the Fabric virtual database cannot be part of a Causal Cluster: it can only be a DBMS with `dbms.mode=SINGLE`. - -Sharding an existing database:: -An existing database can be sharded with the help of the `neo4j-admin copy` command. -See xref:fabric/sharding-with-copy.adoc[Sharding data with the copy command] for an example. - -Database compatibility:: - -Fabric is part of Neo4j DBMS and does not require any special installation or plugin. -Fabric databases can be associated to databases available on Neo4j DBMS version 4.1 or 4.2. - -Fabric configuration:: - -The Neo4j DBMSs that host the same Fabric virtual database must have the same configuration settings. -The configuration must be kept in-sync and applied by the Database Administrator. - -Security credentials:: - -The Neo4j DBMSs that host the same Fabric virtual database must have the same user credentials. -Any change of password on a machine that is part of Fabric, must be kept in-sync and applied to all the Neo4j DBMSs that are part of Fabric. - -// Transactions in Fabric:: -// In Fabric, ACID compliance is guaranteed at the shard or federated database level. -// This means that the current version of Fabric requires that CRUD operations work on one database at a time. -// Read transaction queries that span multiple shards or federated databases are allowed as well as subsequent CRUD operations to a single shard or federated database. - -Administration commands:: - -Fabric does not support running Cypher administration commands on or through the Fabric virtual database. -Any database management commands, index and constraint management commands, or user and security management commands must be issued directly to the DBMSs and databases that are part of the Fabric setup. - - -Neo4j embedded:: - -Fabric is not available when Neo4j is used as an embedded database in Java applications. -Fabric can be used only in a typical client/server mode, when users connect to a Neo4j DBMS from their client application or tool, via Bolt or HTTP protocol. diff --git a/modules/ROOT/pages/fabric/index.adoc b/modules/ROOT/pages/fabric/index.adoc deleted file mode 100644 index cdae0fce9..000000000 --- a/modules/ROOT/pages/fabric/index.adoc +++ /dev/null @@ -1,14 +0,0 @@ -[role=enterprise-edition] -[[fabric]] -= Fabric -:description: This chapter describes the configuration and operation of Neo4j Fabric. - -This chapter describes the following: - -* xref:fabric/introduction.adoc[Introduction] -* xref:fabric/configuration.adoc[Configuration] -* xref:fabric/queries.adoc[Queries] -* xref:fabric/considerations.adoc[Further Considerations] -* xref:fabric/sharding-with-copy.adoc[Sharding data with the `copy` command] - - diff --git a/modules/ROOT/pages/fabric/introduction.adoc b/modules/ROOT/pages/fabric/introduction.adoc deleted file mode 100644 index 33e472315..000000000 --- a/modules/ROOT/pages/fabric/introduction.adoc +++ /dev/null @@ -1,76 +0,0 @@ -[role=enterprise-edition] -[[fabric-introduction]] -= Introduction -:description: An introduction of Neo4j Fabric. - - -[[fabric-overview]] -== Overview - -Fabric, introduced in Neo4j 4.0, is a way to store and retrieve data in multiple databases, whether they are on the same Neo4j DBMS or in multiple DBMSs, using a single Cypher query. -Fabric achieves a number of desirable objectives: - -* a unified view of local and distributed data, accessible via a single client connection and user session -* increased scalability for read/write operations, data volume and concurrency -* predictable response time for queries executed during normal operations, a failover or other infrastructure changes -* High Availability and No Single Point of Failure for large data volume. - -In practical terms, Fabric provides the infrastructure and tooling for: - -* *Data Federation*: the ability to access data available in distributed sources in the form of *disjointed graphs*. -* *Data Sharding*: the ability to access data available in distributed sources in the form of a *common graph partitioned on multiple databases*. - -With Fabric, a Cypher query can store and retrieve data in multiple federated and sharded graphs. - -If you want to connect a single database to your DBMS that is shared over all instances of your DBMS, consider using xref:manage-databases/remote-alias.adoc[Remote Database Aliases] instead. - -[[fabric-fabric-concepts]] -== Fabric concepts - -=== The fabric database - -A Fabric setup includes a _Fabric virtual database_, which acts as the entry point to a federated or sharded graph infrastructure. -This database is the execution context in which multi-graph queries can be executed. -Drivers and client applications access and use the Fabric execution context by naming it as the selected database for a session. For more information, see _Databases and execution context_ in the link:{neo4j-docs-base-uri}[Neo4j Driver manuals]. - -The Fabric virtual database (execution context) differs from normal databases in that it cannot store any data, and only relays data stored elsewhere. The Fabric virtual database can be configured on a standalone Neo4j DBMS only, i.e. on a Neo4j DBMS where the configuration setting `xref:reference/configuration-settings.adoc#config_dbms.mode[dbms.mode]` must be set to `SINGLE`. - -[NOTE] -==== -The Neo4j Admin commands cannot be applied to the Fabric virtual database. -They must be run directly on the databases that are part of the Fabric setup. -==== - -=== Fabric graphs - -In a Fabric virtual database, data is organized in the form of graphs. -Graphs are seen by client applications as local logical structures, where physically data is stored in one or more databases. -Databases accessed as Fabric graphs can be local, i.e in the same Neo4j DBMS, or they can be located in external Neo4j DBMSes. The databases are also accessible by client applications from regular local connections in their respective Neo4j DBMSs. - -[[fabric-deployment-examples]] -== Deployment examples - -Fabric constitutes an extremely versatile environment that provides scalability and availability with no single point of failure in various topologies. -Users and developers may use applications that can work on a standalone DBMS as well on a very complex and largely distributed infrastructure without the need to apply any change to the queries accessing the Fabric graphs. - -=== Development deployment -In its simplest deployment, Fabric can be used on a single instance, where Fabric graphs are associated to local databases. -This approach is commonly used by software developers to create applications that will be deployed on multiple Neo4j DBMSs, or by power users who intend to execute Cypher queries against local disjoint graphs. - -image::fabric-single-instance.png[title="Fabric deployment in a single instance", role="middle"] - - -=== Cluster deployment with no single point of failure -In this deployment Fabric guarantees access to disjoint graphs in high availability with no single point of failure. -High availability is reached by creating redundant entry points for the Fabric Database (i.e. two standalone Neo4j DBMSs with the same Fabric configuration) and a minimum Causal Cluster of three members for data storage and retrieval. -This approach is suitable for production environments and it can be used by power users who intend to execute Cypher queries against disjoint graphs. - -image::fabric-deployment.png[title="Fabric deployment with no single point of failure", role="middle"] - - -=== Multi-cluster deployment -In this deployment Fabric provides high scalability and availability with no single point of failure. -Disjoint clusters can be sized according to the expected workload and Databases may be colocated in the same cluster or they can be hosted in their own cluster to provide higher throughput. -This approach is suitable for production environments where database can be sharded, federated or a combination of the two. - -image::fabric-deployment-scalable.png[title="Fabric deployment for scalability with no single point of failure", role="middle"] diff --git a/modules/ROOT/pages/fabric/queries.adoc b/modules/ROOT/pages/fabric/queries.adoc deleted file mode 100644 index 8d260004a..000000000 --- a/modules/ROOT/pages/fabric/queries.adoc +++ /dev/null @@ -1,221 +0,0 @@ -[role=enterprise-edition] -[[fabric-queries]] -= Queries -:description: Examples of Cypher queries and commands that can be used with Neo4j Fabric. - - -In this section we will look at a few example queries that show how to perform a range of different tasks. -//Make an image that sets up the example? -//The query examples assume that we have a setup similar to that in <>. - -The examples in this section make use of the two Cypher clauses: `USE` and `CALL {}`. -The syntax is explained in detail in the Cypher Manual: - -* See link:{neo4j-docs-base-uri}/cypher-manual/4.4/clauses/call-subquery[Cypher Manual -> CALL {}] for details about the `CALL {}` clause. -* See link:{neo4j-docs-base-uri}/cypher-manual/4.4/clauses/use[Cypher Manual -> USE] for details about the `USE` clause. - - -[[fabric-query-single-graph]] -== Query a single graph - -.Reading and returning data from a single graph. -==== - -[source, cypher] ----- -USE example.graphA -MATCH (movie:Movie) -RETURN movie.title AS title ----- -==== - -The `USE` clause at the beginning of the query causes the rest of the query to execute against the `example.graphA` graph. - - -[[fabric-query-multiple-graphs]] -== Query multiple graphs - -.Reading and returning data from two named graphs -==== - -[source, cypher] ----- -USE example.graphA -MATCH (movie:Movie) -RETURN movie.title AS title - UNION -USE example.graphB -MATCH (movie:Movie) -RETURN movie.title AS title ----- -==== - -The first part of the `UNION` query executes against the `example.graphA` graph and the second part executes against the `example.graphB` graph. - - -[[fabric-query-all-graphs]] -== Query all graphs - -.Reading and returning data from all graphs -==== - -[source, cypher] ----- -UNWIND example.graphIds() AS graphId -CALL { - USE example.graph(graphId) - MATCH (movie:Movie) - RETURN movie.title AS title -} -RETURN title ----- -==== -We call the built-in function `example.graphIds()` to get the graph IDs for all remote graphs in our Fabric setup. -We `UNWIND` the result of that function to get one record per graph ID. The `CALL {}` subquery is executed once per incoming record. -We use a `USE` clause in the subquery with a dynamic graph lookup, causing the subquery to execute once against each remote graph. -At the end of the main query we simply `RETURN` the title variable. - - -[[fabric-query-result-aggregation]] -== Query result aggregation - -.Getting the earliest release year of all movies in all graphs - -==== - -[source, cypher] ----- -UNWIND example.graphIds() AS graphId -CALL { - USE example.graph(graphId) - MATCH (movie:Movie) - RETURN movie.released AS released -} -RETURN min(released) AS earliest ----- -==== - -From each remote graph we return the released property of each movie. -At the end of the main query we aggregate across the full result to calculate the global minimum. - - -[[fabric-correlated-subquery]] -== Correlated subquery - -.Correlated subquery -==== -Assume that `graphA` contains American movies and `graphB` contains European movies. -Find all European movies released in the same year as the latest released American movie: - -[source, cypher] ----- -CALL { - USE example.graphA - MATCH (movie:Movie) - RETURN max(movie.released) AS usLatest -} -CALL { - USE example.graphB - WITH usLatest - MATCH (movie:Movie) - WHERE movie.released = usLatest - RETURN movie -} -RETURN movie ----- -==== - -We query the `example.graphA` and return the release year of the latest release. -We then query the `example.graphB`. -`WITH usLatest` is an import clause which lets us refer to the `usLatest` variable inside the subquery. -We find all the movies in this graph that fulfill our condition and return them. - -It is not possible to switch the current graph in a nested query. -For example, the following query is illegal: - -.Illegal correlated subquery -==== -[source, cypher] ----- -USE example.graphA -MATCH (movie:Movie) -WITH movie.title AS title -CALL { - USE example.graphB // Cannot swicth from example.graphA - WITH title - MATCH (otherMovie:Movie) - WHERE otherMovie.title STARTS WITH title - RETURN otherMovie.title AS otherTitle -} -RETURN title, otherTitle ----- -==== - -This limitation can be circumvented by having subqueries after one another, but without nesting them. - -[[fabric-updating-query]] -== Updating query - -.Create a new movie node - -==== - -[source, cypher] ----- -USE example.graphB -CREATE (m:Movie) -SET m.title = ‘Léon: The Professional’ -SET m.tagline = ‘If you want the job done right, hire a professional.’ -SET m.released = 1994 ----- -==== - - -[[fabric-query-mapping-functions]] -== Mapping functions - -Mapping functions are a common Fabric usage pattern. -In the previous examples, graphs were identified by providing static graph names in the query. -Fabric may be used in scenarios where graphs are identified by a mapping mechanism that can, for example, identify a key of an object contained in a graph. This can be achieved by using user-defined functions or other functions that may be already available. These functions ultimately return the ID of a graph in Fabric. - -Mapping functions are commonly used in sharding scenarios. In Fabric, shards are associated to graphs, hence mapping functions are used to identify a graph, i.e. a shard. - -[NOTE] -Refer to link:{neo4j-docs-base-uri}/java-reference/4.4/extending-neo4j/functions#extending-neo4j-functions[Java Reference -> User-defined functions] for details on how to create user-defined functions. - -Let’s assume that Fabric is setup in order to store and retrieve data associated to nodes with the label `user`. User nodes are partitioned in several graphs (shards) in Fabric. -Each `user` has a numerical `userId`, which is unique in all Fabric. -We decide on a simple scheme where each `user` is located on a graph determined by taking the `userId` modulo the number of graphs. -We create a link:{neo4j-docs-base-uri}/java-reference/4.4/extending-neo4j/functions#extending-neo4j-functions[user-defined function] which implements the following pseudo code: - -`sharding.userIdToGraphId(userId) = userId % NUM_SHARDS` - -Assuming we have supplied a query parameter `$userId` with the specific userId that we are interested in, we use our function in this way: - -[source, cypher] - ----- -USE example.graph( sharding.userIdToGraphId($userId) ) -MATCH (u:User) WHERE u.userId = $userId -RETURN u ----- - - -[[fabric-built-in-functions]] -== Fabric built-in functions - -Fabric functions are located in a namespace corresponding to a Fabric database in which they are used. -The following table provides a description of Fabric built-in functions: - -.Fabric built-in functions -[options="header", cols="m,"] -|=== -| Function -| Explanation -| .graphIds() -| Provides a list of IDs of all remote graph configured for the given Fabric database. -| .graph(graphId) -| Maps a graph ID to a Graph. - It accepts a graph ID as a parameter and returns a graph representation accepted by USE clause. - This function is supported only in `USE` clauses -|=== diff --git a/modules/ROOT/pages/fabric/sharding-with-copy.adoc b/modules/ROOT/pages/fabric/sharding-with-copy.adoc deleted file mode 100644 index bf80151fd..000000000 --- a/modules/ROOT/pages/fabric/sharding-with-copy.adoc +++ /dev/null @@ -1,105 +0,0 @@ -[[sharding-with-copy]] -= Sharding data with the `copy` command -:description: This section provides an example of how to use `neo4j-admin copy` to filter out data for Fabric. - -The `copy` command can be used to filter out data for a xref:fabric/index.adoc[Fabric installation]. -In the following example, a sample database is separated into 3 shards. - -.Use the `copy` command to filter out data for a Fabric installation. -==== -The sample database contains the following data: -[source, cypher] ----- -(p1 :Person :S2 {id:123, name: "Ava"}) -(p2 :Person :S2 {id:124, name: "Bob"}) -(p3 :Person :S3 {id:125, name: "Cat", age: 54}) -(p4 :Person :S3 {id:126, name: "Dan"}) -(t1 :Team :S1 :SAll {id:1, name: "Foo", mascot: "Pink Panther"}) -(t2 :Team :S1 :SAll {id:2, name: "Bar", mascot: "Cookie Monster"}) -(d1 :Division :SAll {name: "Marketing"}) -(p1)-[:MEMBER]->(t1) -(p2)-[:MEMBER]->(t2) -(p3)-[:MEMBER]->(t1) -(p4)-[:MEMBER]->(t2) ----- -The data has been prepared using queries to add the labels `:S1`,`:S2`, `:S3`, and `:SAll`, which denotes the target shard. -_Shard 1_ contains the team data. -_Shard 2_ and _Shard 3_ contain person data. - -. Create _Shard 1_ with: -+ -[source, shell] ----- -$neo4j-home> bin/neo4j-admin copy --from-database=neo4j \ - --to-database=shard1 \ - --keep-only-nodes-with-labels=S1,SAll \ #<1> - --skip-labels=S1,S2,S3,SAll #<2> ----- -+ -<1> The `--keep-only-node-with-labels` property is used to filter out everything that does not have the label `:S1` or `:SAll`. + -<2> The `--skip-labels` property is used to exclude the temporary labels you created for the sharding process. -+ -The resulting shard contains the following: -+ -[source, cypher, role=nocopy noplay] ----- -(t1 :Team {id:1, name: "Foo", mascot: "Pink Panther"}) -(t2 :Team {id:2, name: "Bar", mascot: "Cookie Monster"}) -(d1 :Division {name: "Marketing"}) ----- - -. Create _Shard 2_: -+ -[source, shell] ----- -$neo4j-home> bin/neo4j-admin copy --from-database=neo4j \ - --to-database=shard2 \ - --keep-only-nodes-with-labels=S2,SAll \ - --skip-labels=S1,S2,S3,SAll \ - --keep-only-node-properties=Team.id ----- -+ -In _Shard 2_, you want to keep the `:Team` nodes as proxy nodes, to be able to link together information from the separate shards. -The nodes will be included since they have the label `:SAll`, but you specify `--keep-only-node-properties` so as to not duplicate the team information from _Shard 1_. -+ -[source, cypher, role=nocopy noplay] ----- -(p1 :Person {id:123, name: "Ava"}) -(p2 :Person {id:124, name: "Bob"}) -(t1 :Team {id:1}) -(t2 :Team {id:2}) -(d1 :Division {name: "Marketing"}) -(p1)-[:MEMBER]->(t1) -(p2)-[:MEMBER]->(t2) ----- -+ -Observe that `--keep-only-node-properties` did not filter out `Person.name` since the `:Person` label was not mentioned in the filter. - -. Create _Shard 3_, but with the filter `--skip-node-properties`, instead of `--keep-only-node-properties`. -+ -[source, shell] ----- -$neo4j-home> bin/neo4j-admin copy --from-database=neo4j \ - --to-database=shard3 \ - --keep-only-nodes-with-labels=S3,SAll \ - --skip-labels=S1,S2,S3,SAll \ - --skip-node-properties=Team.name,Team.mascot ----- -+ -The result is: -+ -[source, cypher, role=nocopy noplay] ----- -(p3 :Person {id:125, name: "Cat", age: 54}) -(p4 :Person {id:126, name: "Dan"}) -(t1 :Team {id:1}) -(t2 :Team {id:2}) -(d1 :Division {name: "Marketing"}) -(p3)-[:MEMBER]->(t1) -(p4)-[:MEMBER]->(t2) ----- -+ -As demonstrated, you can achieve the same result with both `--skip-node-properties` and `--keep-only-node-properties`. -In this example, it is easier to use `--keep-only-node-properties` because only one property should be kept. -The relationship property filters works in the same way. -==== diff --git a/modules/ROOT/pages/monitoring/causal-cluster/http-endpoints.adoc b/modules/ROOT/pages/monitoring/causal-cluster/http-endpoints.adoc deleted file mode 100644 index 2278430fa..000000000 --- a/modules/ROOT/pages/monitoring/causal-cluster/http-endpoints.adoc +++ /dev/null @@ -1,236 +0,0 @@ -[[causal-clustering-http-endpoints]] -= Monitor cluster endpoints for status information -:description: This section describes HTTP endpoints for monitoring the health of a Neo4j Causal Cluster. - -A Causal Cluster exposes some HTTP endpoints which can be used to monitor the health of the cluster. -In this section we will describe these endpoints and explain their semantics. - - -[[causal-clustering-http-endpoints-adjusting-security-for-cc]] -== Adjusting security settings for Causal Clustering endpoints - -If authentication and authorization is enabled in Neo4j, the Causal Clustering status endpoints will also require authentication credentials. -The setting xref:reference/configuration-settings.adoc#config_dbms.security.auth_enabled[`dbms.security.auth_enabled`] controls whether the native auth provider is enabled. -For some load balancers and proxy servers, providing authentication credentials with the request is not an option. -For those situations, consider disabling authentication of the Causal Clustering status endpoints by setting xref:reference/configuration-settings.adoc#config_dbms.security.causal_clustering_status_auth_enabled[`dbms.security.causal_clustering_status_auth_enabled=false`] in xref:configuration/file-locations.adoc[_neo4j.conf_]. - - -[[causal-clustering-http-endpoints-unified]] -== Unified endpoints - -A unified set of endpoints exist, both on Core Servers and on Read Replicas, with the following behavior: - -* `/db//cluster/writable` -- Used to direct `write` traffic to specific instances. -* `/db//cluster/read-only` -- Used to direct `read` traffic to specific instances. -* `/db//cluster/available` -- Available for the general case of directing arbitrary request types to instances that are available for processing read transactions. -* `/db//cluster/status` -- Gives a detailed description of this instance's view of its status within the cluster, for the given database. -* `/dbms/cluster/status` -- Gives a detailed description of this instance's view of its status within the cluster, for all databases. -Useful for monitoring and coordinating rolling upgrades. -See xref:monitoring/causal-cluster/http-endpoints.adoc#causal-clustering-http-endpoints-status[Status endpoints] for further details. - -Every `/db//*` endpoint targets a specific database. -The `databaseName` path parameter represents the name of the database. -By default, a fresh Neo4j installation with two databases `system` and `neo4j` will have the following cluster endpoints: - -[source] --------------- -http://localhost:7474/dbms/cluster/status - -http://localhost:7474/db/system/cluster/writable -http://localhost:7474/db/system/cluster/read-only -http://localhost:7474/db/system/cluster/available -http://localhost:7474/db/system/cluster/status - -http://localhost:7474/db/neo4j/cluster/writable -http://localhost:7474/db/neo4j/cluster/read-only -http://localhost:7474/db/neo4j/cluster/available -http://localhost:7474/db/neo4j/cluster/status --------------- - -.Unified HTTP endpoint responses -[options="header", cols="<3a,1,<2a,<2a"] -|=== -| Endpoint | Instance state | Returned code | Body text -.3+<.^| `/db//cluster/writable` <| Leader | `200 OK` | `true` - <| Follower | `404 Not Found` | `false` - <| Read Replica | `404 Not Found` | `false` -.3+<.^| `/db//cluster/read-only` <| Leader | `404 Not Found` | `false` - <| Follower | `200 OK` | `true` - <| Read Replica | `200 OK` | `true` -.3+<.^| `/db//cluster/available` <| Leader | `200 OK` | `true` - <| Follower | `200 OK` | `true` - <| Read Replica | `200 OK` | `true` -.3+<.^| `/db//cluster/status` <| Leader | `200 OK` | JSON - See xref:monitoring/causal-cluster/http-endpoints.adoc#causal-clustering-http-endpoints-status[Status endpoint] for details. - <| Follower | `200 OK` | JSON - See xref:monitoring/causal-cluster/http-endpoints.adoc#causal-clustering-http-endpoints-status[Status endpoint] for details. - <| Read Replica | `200 OK` | JSON - See xref:monitoring/causal-cluster/http-endpoints.adoc#causal-clustering-http-endpoints-status[Status endpoint] for details. -.3+<.^| `/dbms/cluster/status` <| Leader | `200 OK` | JSON - See xref:monitoring/causal-cluster/http-endpoints.adoc#causal-clustering-http-endpoints-status[Status endpoint] for details. - <| Follower | `200 OK` | JSON - See xref:monitoring/causal-cluster/http-endpoints.adoc#causal-clustering-http-endpoints-status[Status endpoint] for details. - <| Read Replica | `200 OK` | JSON - See xref:monitoring/causal-cluster/http-endpoints.adoc#causal-clustering-http-endpoints-status[Status endpoint] for details. -|=== - - -.Use a Causal Clustering monitoring endpoint -==== -From the command line, a common way to ask those endpoints is to use `curl`. -With no arguments, `curl` will do an HTTP `GET` on the URI provided and will output the body text, if any. -If you also want to get the response code, just add the `-v` flag for verbose output. -Here are some examples: - -* Requesting `writable` endpoint on a Core Server that is currently elected leader with verbose output: - -[source, curl] --------------- -#> curl -v localhost:7474/db/neo4j/cluster/writable -* About to connect() to localhost port 7474 (#0) -* Trying ::1... -* connected -* Connected to localhost (::1) port 7474 (#0) -> GET /db/neo4j/cluster/writable HTTP/1.1 -> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5 -> Host: localhost:7474 -> Accept: */* -> -< HTTP/1.1 200 OK -< Content-Type: text/plain -< Access-Control-Allow-Origin: * -< Transfer-Encoding: chunked -< Server: Jetty(9.4.17) -< -* Connection #0 to host localhost left intact -true* Closing connection #0 --------------- -==== - - -[[causal-clustering-http-endpoints-status]] -=== Status endpoints - -The status endpoint, available at `/db//cluster/status`, is to be used to assist with rolling upgrades. -For more information, see link:{neo4j-docs-base-uri}/upgrade-migration-guide/upgrade/upgrade-4.4/causal-cluster/[Upgrade and Migration Guide -> Upgrade a Causal Cluster]. - -Typically, you will want to have some guarantee that a Core is safe to shutdown for each database before removing it from a cluster. -Counter intuitively, a core being safe to shutdown means that a majority of the *other* cores are healthy, caught up, and have recently heard from that database's leader. -The status endpoints provide the following information in order to help resolve such issues. - -[NOTE] -==== -Several of the fields in status endpoint responses refer to details of xref:clustering-advanced/lifecycle.adoc#causal-clustering-transacting-via-raft-protocol[Raft], the algorithm used in Neo4j Causal Clusters to provide highly available transactions. -When using multiple databases, each database implements Raft independently. -Therefore, details such as `leader` and `raftCommandsPerSecond` are database specific. -==== - -[[causal-clustering-http-endpoints-status-example]] -.Example status response -==== -[source, json] --------------- -{ - "lastAppliedRaftIndex":0, - "votingMembers":["30edc1c4-519c-4030-8348-7cb7af44f591","80a7fb7b-c966-4ee7-88a9-35db8b4d68fe","f9301218-1fd4-4938-b9bb-a03453e1f779"], - "memberId":"80a7fb7b-c966-4ee7-88a9-35db8b4d68fe", - "leader":"30edc1c4-519c-4030-8348-7cb7af44f591", - "millisSinceLastLeaderMessage":84545, - "participatingInRaftGroup":true, - "core":true, - "isHealthy":true, - "raftCommandsPerSecond":124 -} --------------- -==== - -.Status endpoint descriptions -[options="header", cols="2,1,1,2,4"] -|=== -| Field | Type |Optional| Example | Description -| `core` | boolean | no | `true` | Used to distinguish between Core Servers and Read Replicas. -| `lastAppliedRaftIndex` | number | no | `4321` | Every transaction in a cluster is associated with a raft index. - - Gives an indication of what the latest applied raft log index is. -| `participatingInRaftGroup` | boolean | no | `false` | A participating member is able to vote. - A Core is considered participating when it is part of the voter membership and has kept track of the leader. -| `votingMembers` | string[] | no | `[]` | A member is considered a voting member when the leader has been receiving communication with it. - - List of member's `memberId` that are considered part of the voting set by this Core. -| `isHealthy` | boolean | no | `true` | Reflects that the local database of this member has not encountered a critical error preventing it from writing locally. -| `memberId` | string | no | `30edc1c4-519c-4030-8348-7cb7af44f591` | Every member in a cluster has it's own unique member id to identify it. - Use `memberId` to distinguish between Core and Read Replica. -| `leader` | string | yes | `80a7fb7b-c966-4ee7-88a9-35db8b4d68fe` | Follows the same format as `memberId`, but if it is null or missing, then the leader is unknown. -| `millisSinceLastLeaderMessage` | number | yes | `1234` | The number of milliseconds since the last heartbeat-like leader message. - Not relevant to Read Replicas, and hence is not included. -| `raftCommandsPerSecond` | number | yes | `124` | An estimate of the average Raft state machine throughput over a sampling windown configurable via `causal_clustering.status_throughput_window` setting. -|=== - -After an instance has been switched on, you can access the status endpoint in order to make sure all the guarantees listed in the table below are met. - -To get the most accurate view of a cluster it is strongly recommended to access the _status endpoint_ on all core members and compare the result. -The following table explains how results can be compared. - -.Measured values, accessed via the status endpoint -[options="header", cols="<1,2,2"] -|=== -| Name of check | Method of calculation | Description -| `allServersAreHealthy` | Every Core's status endpoint indicates `isHealthy`==`true`. | We want to make sure the data across the entire cluster is healthy. - Whenever any Cores are false that indicates a larger problem. -| `allVotingSetsAreEqual` | For any 2 Cores (A and B), status endpoint A's `votingMembers`== status endpoint B's `votingMembers`. | When the voting begins, all the Cores are equal to each other, and you know all members agree on membership. -| `allVotingSetsContainAtLeastTargetCluster` | For all Cores (*S*), excluding Core Z (to be switched off), every member in *S* contains *S* in their voting set. - Membership is determined by using the `memberId` and `votingMembers` from the status endpoint. | Sometimes network conditions will not be perfect and it may make sense to switch off a different Core to the one we originally wanted to switch off. - If you run this check for all Cores, the ones that match this condition can be switched off (providing other conditions are also met). -| `hasOneLeader` | For any 2 Cores (A and B), `A.leader == B.leader && leader!=null`. | If the leader is different then there may be a partition (alternatively, this could also occur due to bad timing). - If the leader is unknown, that means the leader messages have actually timed out. -| `noMembersLagging` | For Core A with `lastAppliedRaftIndex` = `min`, and Core B with `lastAppliedRaftIndex` = `max`, `B.lastAppliedRaftIndex-A.lastAppliedRaftIndex/cluster/status` endpoint, you can use the `/dbms/cluster/status` instead. - -This endpoint returns a json array, the elements of which contain the same fields as the xref:monitoring/causal-cluster/http-endpoints.adoc#causal-clustering-http-endpoints-status-example[single database version], along with fields for for `databaseName` and `databaseUuid`. - -.Example combined status response -==== -[source, json] --------------- -[ - { - "databaseName": "neo4j", - "databaseUuid": "f4dacc01-f88a-4512-b3bf-68f7539c941e", - "databaseStatus": { - "lastAppliedRaftIndex": -1, - "votingMembers": [ - "0cff51ad-7cee-44cc-9102-538fc4544b95", - "90ff5df1-f5f8-4b4c-8289-a0e3deb2235c", - "99ca7cd0-6072-4387-bd41-7566a98c6afc" - ], - "memberId": "90ff5df1-f5f8-4b4c-8289-a0e3deb2235c", - "leader": "90ff5df1-f5f8-4b4c-8289-a0e3deb2235c", - "millisSinceLastLeaderMessage": 0, - "raftCommandsPerSecond": 0.0, - "core": true, - "participatingInRaftGroup": true, - "healthy": true - } - }, - { - "databaseName": "system", - "databaseUuid": "00000000-0000-0000-0000-000000000001", - "databaseStatus": { - "lastAppliedRaftIndex": 7, - "votingMembers": [ - "0cff51ad-7cee-44cc-9102-538fc4544b95", - "90ff5df1-f5f8-4b4c-8289-a0e3deb2235c", - "99ca7cd0-6072-4387-bd41-7566a98c6afc" - ], - "memberId": "90ff5df1-f5f8-4b4c-8289-a0e3deb2235c", - "leader": "90ff5df1-f5f8-4b4c-8289-a0e3deb2235c", - "millisSinceLastLeaderMessage": 0, - "raftCommandsPerSecond": 0.0, - "core": true, - "participatingInRaftGroup": true, - "healthy": true - } - } -] --------------- -==== diff --git a/modules/ROOT/pages/monitoring/causal-cluster/index.adoc b/modules/ROOT/pages/monitoring/causal-cluster/index.adoc deleted file mode 100644 index 69fd9b917..000000000 --- a/modules/ROOT/pages/monitoring/causal-cluster/index.adoc +++ /dev/null @@ -1,20 +0,0 @@ -[role=enterprise-edition] -[[causal-clustering-monitoring]] -= Monitor a Causal Cluster -:description: This section covers additional facilities available for monitoring a Neo4j Causal Cluster. - -In addition to specific metrics as described in previous sections, Neo4j Causal Clusters provide an infrastructure that operators will wish to monitor. -The procedures can be used to inspect the cluster state and to understand its current condition and topology. -Additionally, there are HTTP endpoints for checking health and status. - -This section describes the following: - -* xref:monitoring/causal-cluster/procedures.adoc[Procedures for monitoring a Causal Cluster] -** xref:monitoring/causal-cluster/procedures.adoc#dbms.cluster.role[Find out the role of a cluster member] -** xref:monitoring/causal-cluster/procedures.adoc#dbms.cluster.overview[Gain an overview over the instances in the cluster] -** xref:monitoring/causal-cluster/procedures.adoc#dbms.routing.getRoutingTable[Get routing recommendations] -* xref:monitoring/causal-cluster/http-endpoints.adoc[Endpoints for status information] -** xref:monitoring/causal-cluster/http-endpoints.adoc#causal-clustering-http-endpoints-adjusting-security-for-cc[Adjusting security settings for Causal Clustering endpoints] -** xref:monitoring/causal-cluster/http-endpoints.adoc[Unified endpoints] - - diff --git a/modules/ROOT/pages/monitoring/causal-cluster/procedures.adoc b/modules/ROOT/pages/monitoring/causal-cluster/procedures.adoc deleted file mode 100644 index d66da548d..000000000 --- a/modules/ROOT/pages/monitoring/causal-cluster/procedures.adoc +++ /dev/null @@ -1,156 +0,0 @@ -[[causal-clustering-monitoring-procedures]] -= Procedures for monitoring a Causal Cluster -:description: This section covers procedures for monitoring a Neo4j Causal Cluster. - -A number of procedures are available that provide information about a cluster. - - -[[dbms.cluster.role]] -== Find out the role of a cluster member - -The procedure `dbms.cluster.role(databaseName)` can be called on every instance in a Causal Cluster to return the role of the instance. -Each instance holds multiple databases and participates in multiple independent Raft groups. -The role returned by the procedure is for the database denoted by the `databaseName` parameter. - - -*Syntax:* - -`CALL dbms.cluster.role(databaseName)` - -*Arguments:* - -[options="header"] -|=== -| Name | Type | Description -| `databaseName` | String | The name of the database to get the cluster role for. -|=== - -*Returns:* - -[options="header"] -|=== -| Name | Type | Description -| `role` | String | This is the role of the current instance, which can be `LEADER`, `FOLLOWER`, or `READ_REPLICA`. -|=== - -*Considerations:* - -* While this procedure is useful in and of itself, it serves as basis for more powerful monitoring procedures. - -.Check the role of this instance -==== -The following example shows how to find out the role of the current instance for database `neo4j`, which in this case is `FOLLOWER`. - -[source, cypher] ----- -CALL dbms.cluster.role("neo4j") ----- - -[options="header"] -|=== -| role -| FOLLOWER -|=== -==== - - -[[dbms.cluster.overview]] -== Gain an overview over the instances in the cluster - -The procedure `dbms.cluster.overview()` provides an overview of cluster topology by returning details on all the instances in the cluster. - -*Syntax:* - -`CALL dbms.cluster.overview()` - -*Returns:* - -[options="header"] -|=== -| Name | Type | Description -| `id` | String | This is id of the instance. -| `addresses` | List | This is a list of all the addresses for the instance. -| `groups` | List | This is a list of all the xref:clustering-advanced/multi-data-center/configuration.adoc#causal-clustering-multi-dc-server-groups[server groups] which an instance is part of. -| `databases` | Map | This is a map of all databases with corresponding roles which the instance is hosting. -The keys in the map are database names. The values are roles of this instance in the corresponding Raft groups, which can be `LEADER`, `FOLLOWER`, or `READ_REPLICA`. -|=== - -.Get an overview of the cluster -==== -The following example shows how to explore the cluster topology. - -[source, cypher] ----- -CALL dbms.cluster.overview() ----- - -[options="header"] -|=== -| id | addresses | groups | databases -| 08eb9305-53b9-4394-9237-0f0d63bb05d5 | [+bolt://neo20:7687+, +http://neo20:7474+, +https://neo20:7473+] | [] | {system: LEADER, neo4j: FOLLOWER} -| cb0c729d-233c-452f-8f06-f2553e08f149 | [+bolt://neo21:7687+, +http://neo21:7474+, +https://neo21:7473+] | [] | {system: FOLLOWER, neo4j: FOLLOWER} -| ded9eed2-dd3a-4574-bc08-6a569f91ec5c | [+bolt://neo22:7687+, +http://neo22:7474+, +https://neo22:7473+] | [] | {system: FOLLOWER, neo4j: LEADER} -| 00000000-0000-0000-0000-000000000000 | [+bolt://neo34:7687+, +http://neo34:7474+, +https://neo34:7473+] | [] | {system: READ_REPLICA, neo4j: READ_REPLICA} -| 00000000-0000-0000-0000-000000000000 | [+bolt://neo28:7687+, +http://neo28:7474+, +https://neo28:7473+] | [] | {system: READ_REPLICA, neo4j: READ_REPLICA} -| 00000000-0000-0000-0000-000000000000 | [+bolt://neo31:7687+, +http://neo31:7474+, +https://neo31:7473+] | [] | {system: READ_REPLICA, neo4j: READ_REPLICA} -|=== -==== - - -[[dbms.routing.getRoutingTable]] -== Get routing recommendations - -From the application point of view it is not interesting to know about the role a member plays in the cluster. -Instead, the application needs to know which instance can provide the wanted service. -The procedure `dbms.routing.getRoutingTable(routingContext, databaseName)` provides this information. - -*Syntax:* - -`CALL dbms.routing.getRoutingTable(routingContext, databaseName)` - -*Arguments:* - -[options="header"] -|=== -| Name | Type | Description -| `routingContext` | Map | The routing context used for multi-data center deployments. -It should be used in combination with xref:clustering-advanced/multi-data-center/load-balancing.adoc[multi-data center load balancing]. -| `databaseName` | String | The name of the database to get the routing table for. -|=== - -.Get routing recommendations -==== -The following example shows how discover which instances in the cluster can provide which services for database `neo4j`. - -[source, cypher] ----- -CALL dbms.routing.getRoutingTable({}, "neo4j") ----- - -The procedure returns a map between a particular service, `READ`, `WRITE` and `ROUTE`, and the addresses of instances that provide this service. -It also returns a Time To Live (TTL) in seconds as a suggestion on how long the client could cache the response. - -The result is not primarily intended for human consumption. -Expanding it this is what it looks like. - -[source, json] ----- -{ - "ttl": 300, - "servers": [ - { - "addresses": ["neo20:7687"], - "role": "WRITE" - }, - { - "addresses": ["neo21:7687", "neo22:7687", "neo34:7687", "neo28:7687", "neo31:7687"], - "role": "READ" - }, - { - "addresses": ["neo20:7687", "neo21:7687", "neo22:7687"], - "role": "ROUTE" - } - ] -} ----- -==== diff --git a/modules/ROOT/pages/monitoring/individual-db-states.adoc b/modules/ROOT/pages/monitoring/individual-db-states.adoc deleted file mode 100644 index 3b9fef9e1..000000000 --- a/modules/ROOT/pages/monitoring/individual-db-states.adoc +++ /dev/null @@ -1,177 +0,0 @@ -[[show-databases-monitoring]] -= Monitor individual database states -:description: This section covers the use of `SHOW DATABASES`, and other related Cypher commands. - -In addition to the system-wide metrics and logs described in previous sections, operators may wish to monitor the state of individual databases being hosted within a Neo4j instance. -The `SHOW DATABASES` command may be used for this purpose. - - -[[show-databases-monitoring-listing]] -== Listing Databases - -First ensure that you are executing queries against the `system` database, either by running the command `:use system` (if using the xref:tools/cypher-shell.adoc[Cypher shell] or Neo4j Browser) or by creating a session against the `system` database using a Neo4j driver. -Subsequently, run the `SHOW DATABASES` command. - -*Syntax:* - -[source, cypher] ----- -SHOW DATABASES ----- - -*Returns:* - -[options="header", cols="m,a,a"] -|=== -| Name | Type | Description -| name | String | The human-readable name of the database. -| aliases | List | The names of any aliases the database may have. -| access | String | The database access mode, either `read-write` or `read-only`. -| address | String | The bolt address of the Neo4j instance hosting the database. -| role | String | The cluster role which the Neo4j instance fulfils for this database. -| requestedStatus | String | The state that an operator has requested the database to be in. -| currentStatus | String | The state the database is actually in on this Neo4j instance. -| error | String | Error encountered by the Neo4j instance when transitioning the database to `requestedStatus`, if any. -| default | Boolean | Whether this database is the default for this DBMS. -| home | Boolean | Whether this database is the home database for this user. -|=== - -.Listing databases in standalone Neo4j -==== -When executing `SHOW DATABASES` against a standalone instance of Neo4j, you should see output like the following: - -[options="header"] -|=== -| `name` | `aliases` | `access` | `address` | `role` | `requestedStatus` | `currentStatus` | `error` | `default` | `home` -| "neo4j" | [] | "read-write" | "localhost:7687" | "standalone" | "online" | "online" | "" | true | true -| "system" | [] | "read-write" | "localhost:7687" | "standalone" | "online" | "online" | "" | false | false -|=== - -Note that the `role` and `address` columns are primarily intended to distinguish between the states of a given database, across multiple Neo4j instances deployed in a xref:clustering/introduction.adoc[Causal Cluster]. -In a standalone deployment where you have a single Neo4j instance, your `address` field should be the same for every database, and your `role` field should always be "standalone". - -If an error occurred whilst creating (or stopping, dropping etc.) a database, you should see output like the following: - -[options="header"] -|=== -| `name` | `aliases` | `access` | `address` | `role` | `requestedStatus` | `currentStatus` | `error` | `default` | `home` -| "neo4j" | [] | "read-write" | "localhost:7687" | "standalone" | "online" | "online" | "" | true | true -| "system" | [] | "read-write" | "localhost:7687" | "standalone" | "online" | "online" | "" | false | false -| "foo" | [] | "read-write" | "localhost:7687" | "standalone" | "online" | "offline" | "An error occurred! Unable to start database ..." | false | false -|=== - -Note that for failed databases, the `currentStatus` and `requestedStatus` are different. -This can imply an error. -For example: - -* a database may take a while to transition from "offline" to "online", due to performing recovery. -* during normal operation, the `currentStatus` of a database may be transiently different from its `requestedStatus`, due to a necessary automatic process, such as one Neo4j instance copying store files from another. - -The possible statuses are "initial", "online", "offline", "store copying", and "unknown". -==== - -.Listing databases in a Neo4j Causal Cluster -==== -When running `SHOW DATABASES` against a Neo4j Causal Cluster you might see output like the following: - -[options="header"] -|=== -| `name` | `aliases` | `access` | `address` | `role` | `requestedStatus` | `currentStatus` | `error` | `default` | `home` -| "neo4j" | [] | "read-write" | "localhost:20031" | "follower" | "online" | "online" | "" | true | true -| "neo4j" | [] | "read-write" | "localhost:20010" | "follower" | "online" | "online" | "" | true | true -| "neo4j" | [] | "read-write" | "localhost:20005" | "leader" | "online" | "online" | "" | true | true -| "neo4j" | [] | "read-write" | "localhost:20034" | "read_replica" | "online" | "online" | "" | true | true -| "system" | [] | "read-write" | "localhost:20031" | "follower" | "online" | "online" | "" | false | false -| "system" | [] | "read-write" | "localhost:20010" | "follower" | "online" | "online" | "" | false | false -| "system" | [] | "read-write" | "localhost:20005" | "leader" | "online" | "online" | "" | false | false -| "system" | [] | "read-write" | "localhost:20034" | "read_replica" | "online" | "online" | "" | false | false -| "foo" | [] | "read-write" | "localhost:20031" | "leader" | "online" | "online" | "" | false | false -| "foo" | [] | "read-write" | "localhost:20010" | "follower" | "online" | "online" | "" | false | false -| "foo" | [] | "read-write" | "localhost:20005" | "follower" | "online" | "online" | "" | false | false -| "foo" | [] | "read-write" | "localhost:20034" | "read_replica" | "online" | "online" | "" | false | false -|=== - -Note that `SHOW DATABASES` does **not** return 1 row per database. -Instead, it returns 1 row per database, per Neo4j instance in the cluster. -Therefore, if you have a 4-instance cluster, hosting 3 databases, you will have 12 rows. - -If an error occurred whilst creating (or stopping, dropping etc.) a database, you should see output like the following: - -[options="header"] -|=== -| `name` | `aliases` | `access` | `address` | `role` | `requestedStatus` | `currentStatus` | `error` | `default` | `home` -| "neo4j" | [] | "read-write" | "localhost:20031" | "follower" | "online" | "online" | "" | true | true -| "neo4j" | [] | "read-write" | "localhost:20010" | "follower" | "online" | "online" | "" | true | true -| "neo4j" | [] | "read-write" | "localhost:20005" | "leader" | "online" | "online" | "" | true | true -| "neo4j" | [] | "read-write" | "localhost:20034" | "read_replica" | "online" | "online" | "" | true | true -| "system" | [] | "read-write" | "localhost:20031" | "follower" | "online" | "online" | "" | false | false -| "system" | [] | "read-write" | "localhost:20010" | "follower" | "online" | "online" | "" | false | false -| "system" | [] | "read-write" | "localhost:20005" | "leader" | "online" | "online" | "" | false | false -| "system" | [] | "read-write" | "localhost:20034" | "read_replica" | "online" | "online" | "" | false | false -| "foo" | [] | "read-write" | "localhost:20031" | "unknown" | "online" | "initial" | "An error occurred! Unable to start database ..." | false | false -| "foo" | [] | "read-write" | "localhost:20010" | "leader" | "online" | "online" | "" | false | false -| "foo" | [] | "read-write" | "localhost:20005" | "follower" | "online" | "online" | "" | false | false -| "foo" | [] | "read-write" | "localhost:20034" | "unknown" | "online" | "initial" | "An error occurred! Unable to start database ..." | false | false -|=== - -Note that different instances may have different roles for each database. - -If a database is offline on a particular Neo4j instance, either because it was stopped by an operator or an error has occurred, its cluster `role` is "unknown". -This is because the cluster role of a given instance/database combination cannot be assumed in advance. -This differs from standalone Neo4j instances, where the role of that instance for each database can always be assumed to be "standalone". - -The possible roles are "standalone", "leader", "follower", "read_replica", and "unknown". -==== - - -[[show-databases-monitoring-listing-single]] -== Listing a single database - -The number of rows returned by `SHOW DATABASES` can be quite large, especially when run in a cluster. -You can filter the rows returned by database name (e.g. "foo") by using the command `SHOW DATABASE foo`. - -*Syntax:* - -[source, cypher] ----- -SHOW DATABASE databaseName ----- - -*Arguments:* - -[options="header", cols="m,a,a"] -|=== -| Name | Type | Description -| databaseName | String | The name of the database whose status to report -|=== - -*Returns:* - -[options="header", cols="m,a,a"] -|=== -| Name | Type | Description -| name | String | The human-readable name of the database. -| aliases | List | The names of any aliases the database may have. -| access | String | The database access mode, either `read-write` or `read-only`. -| address | String | The bolt address of the Neo4j instance hosting the database. -| role | String | The cluster role which the Neo4j instance fulfils for this database. -| requestedStatus | String | The state that an operator has requested the database to be in. -| currentStatus | String | The state the database is actually in on this Neo4j instance. -| error | String | Error encountered by Neo4j instance when transitioning the database to `requestedStatus`, if any. -| default | Boolean | Whether this database is the default for this DBMS. -| home | Boolean | Whether this database is the home database for this user. -|=== - -.Listing statuses for database _foo_ -==== -When running `SHOW DATABASE foo` in a Neo4j Causal Cluster, you should see output like the following: - -[options="header"] -|=== -| `name` | `aliases` | `access` | `address` | `role` | `requestedStatus` | `currentStatus` | `error` | `default` | `home` -| "foo" | [] | "read-write" | "localhost:20031" | "unknown" | "online" | "initial" | "An error occurred! Unable to start database ..." | false | false -| "foo" | [] | "read-write" | "localhost:20010" | "leader" | "online" | "online" | "" | false | false -| "foo" | [] | "read-write" | "localhost:20005" | "follower" | "online" | "online" | "" | false | false -| "foo" | [] | "read-write" | "localhost:20034" | "unknown" | "online" | "initial" | "An error occurred! Unable to start database ..." | false | false -|=== -==== diff --git a/modules/ROOT/pages/routing-decisions.adoc b/modules/ROOT/pages/routing-decisions.adoc deleted file mode 100644 index c654fc1ee..000000000 --- a/modules/ROOT/pages/routing-decisions.adoc +++ /dev/null @@ -1,52 +0,0 @@ -[appendix] -[role=enterprise-edition] -[[appendix-routing-decisions]] -= Query routing decisions -:description: This appendix describes in detail how queries are routed to databases for execution. - - -[[appendix-routing-decisions-introduction]] -== Introduction - -A query that arrives at a Neo4j server, over the bolt protocol from a driver, undergoes _query routing_. -Query routing is the process of deciding with which Cypher executor (database) and at which physical location the query should be executed. - -[[appendix-routing-decisions-tree]] -== Routing decision tree - -Before the query is executed, these are the decisions taken during query routing: - -Step 1: Determine the name of the target database:: - Pick the first of these that has a value: -. link:{neo4j-docs-base-uri}/cypher-manual/4.4/clauses/use[Cypher `USE` clause] -** Note that link:{neo4j-docs-base-uri}/cypher-manual/4.4/databases[administration commands] implicitly have `USE system`. -. link:{neo4j-docs-base-uri}[Driver session database] -. xref:manage-databases/introduction.adoc#manage-databases-default[Home or default database] -Step 2: Reuse open transaction:: -* If there is an already open transaction to the target database, local or remote, then proceed to step 6. -* If not, then proceed to step 3. -Step 3: Determine the type of the target database (execution context type):: -* If the target database is a database in this DBMS, then the context type is _Internal_. -* If the target database is the xref:fabric/introduction.adoc#fabric-fabric-concepts[Fabric virtual database], then the context type is _Fabric_. -** This also allows the query to target multiple databases. -* If the target database is a xref:fabric/introduction.adoc#fabric-fabric-concepts[Fabric graph], then the context type is _External_. -Step 4: Determine the location of execution:: -* If context type is _Internal_, then ... -** if the URI scheme is `bolt://` (routing disabled), then location is _Local_. -** if transaction mode is `READ`, then location is _Local_. -** if transaction mode is `WRITE`, then ... -*** if the local member is the leader for the database, then location is _Local_. -*** if the another member is the leader for the database, then ... -**** if xref:clustering/internals.adoc#causal-clustering-routing[Server-side routing] is xref:reference/configuration-settings.adoc#config_fabric.database.name[enabled], then location is _Remote_ (using the xref:reference/configuration-settings.adoc#config_dbms.routing.advertised_address[routing advertised address] of that member). -**** if not, then fail. -* If context type is _Fabric_, then location is _Local_ (for this part of the query). -* If context type is _External_, then location is _Remote_ (using the xref:fabric/configuration.adoc#fabric-important-settings[URI and database] given in the configuration). -Step 5: Open a transaction:: -* If location is _Local_, then open a transaction to the database on this member. -* If location is _Remote_, then open a driver transaction to the database using the URI determined in step 4. -Step 6: Execute query:: -* Execute the query in the open transaction. - -[[appendix-routing-decisions-tree-illustrated]] -== Illustrated routing decision tree -image::routing-decisions.svg[width=800, title="Illustrated routing decision tree"] diff --git a/modules/ROOT/pages/tools/cli-commands.adoc b/modules/ROOT/pages/tools/cli-commands.adoc deleted file mode 100644 index 32e9ddea9..000000000 --- a/modules/ROOT/pages/tools/cli-commands.adoc +++ /dev/null @@ -1,96 +0,0 @@ -[[cli-commands]] -= Neo4j CLI tool -:description: This section describes the Neo4j database server CLI tool. - -The Neo4j CLI tool is a tool for managing a Neo4j database server. -It is a command-line tool that is installed as part of the product and can be executed with a number of commands. -Neo4j CLI tool is located in the xref:configuration/file-locations.adoc[_bin_] directory. - -== Syntax and commands - -*General synopsis* - -The `neo4j` tool has the following general synopsis: - -`neo4j ` - -*Available commands* - -[options="header", cols="40m,60a"] -|=== -| Command -| Description - -| console -| Start server in console. - -| start -| Start server as a daemon. - -| stop -| Stop the server daemon. - -| restart -| Restart the server daemon. - -| status -| Get the status of the server. - -| version, --version -| Print version information and exit. - -| help, --help -| Display help information about the specified command. - -For example, running `./bin/neo4j --help start` outputs the usage, description, and all available options of the `start` command: - -[queryresult] ----- -Usage: Neo4j start [--expand-commands] [--verbose] -Start server as a daemon. - --expand-commands Allow command expansion in config value evaluation. - --verbose Prints additional information. ----- -|=== - -[NOTE] -==== -Command expansion can be enabled by adding a customised script to the xref:configuration/neo4j-conf.adoc[neo4j.conf] file, and then including the `--expand-commands` argument to the Neo4j startup script. - -For more information, see xref:configuration/neo4j-conf.adoc#neo4j-conf-expand-commands[Command expansion]. -==== - -== Environment variables - -Neo4j CLI tool can also use the following environment variables: - -[options="header", cols="1m,3a"] -|=== -| Environment variable -| Description - -| NEO4J_DEBUG -| Set to anything to enable debug output. - -| NEO4J_HOME -| Neo4j home directory. - -| NEO4J_CONF -| Path to the directory that contains _neo4j.conf_. - -| HEAP_SIZE -| Set JVM maximum heap size during command execution. -Takes a number and a unit, for example, 512m. - -| JAVA_OPTS -| Additional JVM arguments. -Refer to JVM documentation about the exact format. -This variable is incompatible with `HEAP_SIZE` and takes precedence over `HEAP_SIZE`. - -|=== - -[NOTE] -==== -By default, `dbms.jvm.additional` settings specified in the configuration file are used when invoking `neo4j` CLI commands. -If set, `JAVA_OPTS` overrides all relevant settings specified in the configuration file. -==== diff --git a/modules/ROOT/pages/tutorial/causal-backup-restore-db.adoc b/modules/ROOT/pages/tutorial/causal-backup-restore-db.adoc deleted file mode 100644 index 1b2930d2f..000000000 --- a/modules/ROOT/pages/tutorial/causal-backup-restore-db.adoc +++ /dev/null @@ -1,357 +0,0 @@ -[role=enterprise-edition] -[[tutorial-cc-backup-restore-db]] -= Back up and restore a database in Causal Cluster -:description: This tutorial provides a detailed example of how to back up and restore a database in a running Causal Cluster. - -This tutorial provides an example that assumes that you want to restore a database backup, which has users and roles associated with it, in a running Causal Cluster with three core servers. -For more information on how to set up a Causal Cluster with three cores, see xref:tutorial/local-causal-cluster.adoc[Set up a local Causal Cluster]. - -[NOTE] -==== -In a Neo4j DBMS, every database is backed up individually. -Therefore, it is very important to plan your backup strategy for each of them. -For more detailed information on how to design an appropriate backup strategy for your setup, see xref:backup-restore/index.adoc[Backup and restore]. -==== - -[[tutorial-prepare-to-backup]] -== Prepare to back up your database - -Before you perform the backup, it is good to take a note of the data and metadata of the database that you want to restore. -You can use this information to later verify that the restore is successful and to recreate the database users and roles. -In this example, the database is called `movies1` and uses the Movie Graph dataset from the Neo4j Browser -> Favorites -> Example Graphs. - -[NOTE] -==== -This tutorial uses the Linux or macOS tarball installation. -It assumes that your current work directory is the __ directory of the tarball installation. -==== - -. In the Neo4j instance, where the database is running, log in to the Cypher Shell command-line console with your credentials. -For more information about the Cypher Shell command-line interface (CLI) and how to use it, see xref:tools/cypher-shell.adoc[Cypher Shell]. -+ -[source, shell, role=noplay] ----- -bin/cypher-shell -u neo4j -p ----- -+ -[queryresult] ----- -Connected to Neo4j at neo4j://localhost:7687 as user neo4j. -Type :help for a list of available commands or :exit to exit the shell. -Note that Cypher queries must end with a semicolon. ----- -+ -. Change the active database to `movies1`. -+ -[source, cypher, role=noplay] ----- -:use movies1 ----- - -. Run a query to count the number of nodes in the database. -+ -[source, cypher, role=noplay] ----- -MATCH (n) RETURN count(n) AS countNode; ----- -+ -[queryresult] ----- -+-----------+ -| countNode | -+-----------+ -| 171 | -+-----------+ - -1 row available after 22 ms, consumed after another 1 ms ----- -+ -. Run a query to count the number of relationships. -+ -[source, cypher, role=noplay] ----- -MATCH (n)-[r]->() RETURN count(r) AS countRelationships; ----- -+ -[queryresult] ----- -+--------------------+ -| countRelationships | -+--------------------+ -| 253 | -+--------------------+ - -1 row available after 29 ms, consumed after another 0 ms ----- -+ -. Change the active database to `system`, and run a query to see if there are any custom roles, associated with this database, and their privileges. -+ -[source, cypher, role=noplay] ----- -SHOW ALL PRIVILEGES AS COMMANDS; ----- -+ -[queryresult] ----- -+-------------------------------------------------------------+ -| command | -+-------------------------------------------------------------+ -| "GRANT ACCESS ON HOME DATABASE TO `PUBLIC`" | -| "GRANT EXECUTE FUNCTION * ON DBMS TO `PUBLIC`" | -| "GRANT EXECUTE PROCEDURE * ON DBMS TO `PUBLIC`" | -| "GRANT ACCESS ON DATABASE * TO `admin`" | -| "GRANT MATCH {*} ON GRAPH * NODE * TO `admin`" | -| "GRANT MATCH {*} ON GRAPH * RELATIONSHIP * TO `admin`" | -| "GRANT WRITE ON GRAPH * TO `admin`" | -| "GRANT NAME MANAGEMENT ON DATABASE * TO `admin`" | -| "GRANT INDEX MANAGEMENT ON DATABASE * TO `admin`" | -| "GRANT CONSTRAINT MANAGEMENT ON DATABASE * TO `admin`" | -| "GRANT START ON DATABASE * TO `admin`" | -| "GRANT STOP ON DATABASE * TO `admin`" | -| "GRANT TRANSACTION MANAGEMENT (*) ON DATABASE * TO `admin`" | -| "GRANT ALL DBMS PRIVILEGES ON DBMS TO `admin`" | -| "GRANT ACCESS ON DATABASE * TO `architect`" | -| "GRANT MATCH {*} ON GRAPH * NODE * TO `architect`" | -| "GRANT MATCH {*} ON GRAPH * RELATIONSHIP * TO `architect`" | -| "GRANT WRITE ON GRAPH * TO `architect`" | -| "GRANT NAME MANAGEMENT ON DATABASE * TO `architect`" | -| "GRANT INDEX MANAGEMENT ON DATABASE * TO `architect`" | -| "GRANT CONSTRAINT MANAGEMENT ON DATABASE * TO `architect`" | -| "GRANT ACCESS ON DATABASE * TO `publisher`" | -| "GRANT MATCH {*} ON GRAPH * NODE * TO `publisher`" | -| "GRANT MATCH {*} ON GRAPH * RELATIONSHIP * TO `publisher`" | -| "GRANT WRITE ON GRAPH * TO `publisher`" | -| "GRANT NAME MANAGEMENT ON DATABASE * TO `publisher`" | -| "GRANT ACCESS ON DATABASE * TO `editor`" | -| "GRANT MATCH {*} ON GRAPH * NODE * TO `editor`" | -| "GRANT MATCH {*} ON GRAPH * RELATIONSHIP * TO `editor`" | -| "GRANT WRITE ON GRAPH * TO `editor`" | -| "GRANT ACCESS ON DATABASE * TO `reader`" | -| "GRANT MATCH {*} ON GRAPH * NODE * TO `reader`" | -| "GRANT MATCH {*} ON GRAPH * RELATIONSHIP * TO `reader`" | -| "GRANT ACCESS ON DATABASE * TO `myrole`" | -| "GRANT MATCH {*} ON GRAPH * NODE * TO `myrole`" | -| "GRANT MATCH {*} ON GRAPH * RELATIONSHIP * TO `myrole`" | -| "GRANT WRITE ON GRAPH movies1 TO `myrole`" | -+-------------------------------------------------------------+ - -39 rows available after 868 ms, consumed after another 80 ms ----- -The result shows that there is one custom role `myrole`. -+ -. Run a query to see all users associated with this role. -+ -[source, cypher, role=noplay] ----- -SHOW USERS; ----- -+ -[queryresult] ----- -+---------------------------------------------------------------------+ -| user | roles | passwordChangeRequired | suspended | -+---------------------------------------------------------------------+ -| "neo4j" | ["admin", "PUBLIC"] | FALSE | FALSE | -| "user1" | ["myrole", "PUBLIC"] | TRUE | FALSE | -+---------------------------------------------------------------------+ - -2 rows available after 36 ms, consumed after another 2 ms ----- -. Exit the Cypher Shell command-line console. -+ -[source, shell, role=noplay] ----- -:exit ----- - -[[tutorial-backup-database]] -== Back up your database - -Now you are ready to back up the database. - -Run the following command to back up the database in your targeted folder. -If the folder where you want to place your backup does not exist, you have to create it. -In this example, it is called _/tmp/{neo4j-version-exact}_. - -To perform the backup, run the following command: - -[source, shell, subs=attributes, role=noplay] ----- -bin/neo4j-admin backup --backup-dir=/tmp/{neo4j-version-exact} --database=movies1 --include-metadata=all ----- - -The option `--include-metadata=all` creates a cypher script, which you can later use to restore the database's users, roles, and privileges. - -For details on performing a backup and the different command options, see xref:backup-restore/online-backup.adoc[Back up an online database]. - -[[tutorial-drop-database]] -== Delete the database that you want to replace - -Before you restore the database backup, you have to delete the database that you want to replace with that backup. -If you want to restore the backup as an _additional_ database in your DBMS, then you can proceed to xref:tutorial/causal-backup-restore-db.adoc#tutorial-restore-database[Restore the database backup on all cluster members] directly. - -On one of the cluster members, run the Cypher command `DROP DATABASE` to delete the database that you want to replace. -The command is automatically routed to the leader and from there to the other cluster members. - -[WARNING] -==== -Dropping a database also deletes the users and roles associated with it. -==== - -. In the Cypher Shell command-line console on one of the cluster members, change the active database to `system`, and run the command `DROP DATABASE` to delete the database that you want to replace. -In this example, the database is called `movies`. -+ -[source, cypher, role=noplay] ----- -DROP DATABASE movies; ----- -+ -[queryresult] ----- -0 rows available after 82 ms, consumed after another 0 ms ----- -+ -[WARNING] -==== -If you are unable to delete the database (e.g., because Neo4j is not running), you must run `neo4j-admin unbind` first instead. -If you fail to do this, the store files you have (post restore) will be out of sync with the cluster state you have for that database, leading to logical corruption. -==== -+ -. You can run `SHOW DATABASES` to verify that the database `movies` does not exist. -+ -[source, cypher, role=noplay] ----- -SHOW DATABASES; ----- -+ -[queryresult] ----- -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| name | type | aliases | access | address | role | writer | requestedStatus | currentStatus | statusMessage | default | home | constituents | -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| "neo4j" | "standard" | [] | "read-write" | "localhost:7687" | "primary" | FALSE | "online" | "online" | "" | TRUE | TRUE | [] | -| "neo4j" | "standard" | [] | "read-write" | "localhost:7688" | "primary" | TRUE | "online" | "online" | "" | TRUE | TRUE | [] | -| "neo4j" | "standard" | [] | "read-write" | "localhost:7689" | "primary" | FALSE | "online" | "online" | "" | TRUE | TRUE | [] | -| "system" | "system" | [] | "read-write" | "localhost:7687" | "primary" | FALSE | "online" | "online" | "" | FALSE | FALSE | [] | -| "system" | "system" | [] | "read-write" | "localhost:7688" | "primary" | FALSE | "online" | "online" | "" | FALSE | FALSE | [] | -| "system" | "system" | [] | "read-write" | "localhost:7689" | "primary" | TRUE | "online" | "online" | "" | FALSE | FALSE | [] | -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -6 rows available after 7 ms, consumed after another 3 ms ----- - -. Exit the Cypher Shell command-line console. -+ -[source, shell, role=noplay] ----- -:exit ----- - -[[tutorial-restore-database]] -== Restore the database backup on all cluster members - -On each cluster member, run the following command to restore the database backup. -For details on performing a restore and the different command options, see xref:backup-restore/restore-backup.adoc[Restore a database backup]. - -[source, shell, subs=attributes, role=noplay] ----- -bin/neo4j-admin restore --from=/tmp/{neo4j-version-exact}/movies1 --database=movies1 ----- - -[queryresult] ----- -You need to execute $HOME/path/to/core-member/data/scripts/movies1/restore_metadata.cypher. To execute the file use cypher-shell command with parameter `movies1` -restorePath=/tmp/{neo4j-version-exact}/movies1, restoreStatus=successful, reason= ----- - -Then, on each cluster member, run the following command to verify that the database `movies1` exists: - -[source, shell, role=noplay] ----- -ls -al data/databases ----- - -[queryresult] ----- -total 0 -drwxr-xr-x@ 7 username staff 224 17 Nov 15:50 . -drwxr-xr-x@ 8 username staff 256 17 Nov 15:50 .. -drwxr-xr-x 40 username staff 1280 17 Nov 15:50 movies1 -drwxr-xr-x 37 username staff 1184 16 Nov 15:00 neo4j --rw-r--r-- 1 username staff 0 16 Nov 15:00 store_lock -drwxr-xr-x 38 username staff 1216 16 Nov 15:00 system ----- - -However, restoring a database does not automatically create it. -Therefore, it will not be visible if you do `SHOW DATABASES` in Cypher Shell or Neo4j Browser. - -[[tutorial-create-database]] -== Create the database backup on the cluster leader - -You create the database backup *only on one of your cluster members* using the command `CREATE DATABASE`. -The command is automatically routed to the leader and from there to the other cluster members. - -. In the Cypher Shell command-line console on one of the cluster members, use the `system` database and create the database `movies1`. -+ -[source, cypher, role=noplay] ----- -CREATE DATABASE movies1; ----- -+ -[queryresult] ----- -0 rows available after 132 ms, consumed after another 0 ms ----- -+ -. Verify that the `movies1` database is online on all members. -+ -[source, cypher, role=noplay] ----- -SHOW DATABASES; ----- -+ -[queryresult] ----- -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| name | type | aliases | access | address | role | writer | requestedStatus | currentStatus | statusMessage | default | home | constituents | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| "movies1" | "standard" | [] | "read-write" | "localhost:7688" | "primary" | FALSE | "online" | "online" | "" | FALSE | FALSE | [] | -| "movies1" | "standard" | [] | "read-write" | "localhost:7687" | "primary" | TRUE | "online" | "online" | "" | FALSE | FALSE | [] | -| "movies1" | "standard" | [] | "read-write" | "localhost:7689" | "primary" | FALSE | "online" | "online" | "" | FALSE | FALSE | [] | -| "neo4j" | "standard" | [] | "read-write" | "localhost:7688" | "primary" | TRUE | "online" | "online" | "" | TRUE | TRUE | [] | -| "neo4j" | "standard" | [] | "read-write" | "localhost:7687" | "primary" | FALSE | "online" | "online" | "" | TRUE | TRUE | [] | -| "neo4j" | "standard" | [] | "read-write" | "localhost:7689" | "primary" | FALSE | "online" | "online" | "" | TRUE | TRUE | [] | -| "system" | "system" | [] | "read-write" | "localhost:7688" | "primary" | FALSE | "online" | "online" | "" | FALSE | FALSE | [] | -| "system" | "system" | [] | "read-write" | "localhost:7687" | "primary" | TRUE | "online" | "online" | "" | FALSE | FALSE | [] | -| "system" | "system" | [] | "read-write" | "localhost:7689" | "primary" | FALSE | "online" | "online" | "" | FALSE | FALSE | [] | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -9 rows available after 3 ms, consumed after another 1 ms ----- - -. Exit the Cypher Shell command-line console. -+ -[source, shell, role=noplay] ----- -:exit ----- - -[[tutorial-recreate-roles-privileges]] -== Recreate the database users and roles - -On one of the cluster members, run the restore cypher script _restore_metadata.cypher_ to create the database and recreate all users and roles of the database backup. -The command is automatically routed to the leader and from there to the other cluster members. - -*Using `cat` (UNIX)* -[source, shell, role=noplay] ----- -cat data/scripts/movies1/restore_metadata.cypher | bin/cypher-shell -u neo4j -p password -a localhost:7688 -d system --param "database => 'movies1'" ----- - -*Using `type` (Windows)* -[source, shell, role=noplay] ----- -type data\scripts\movies1\restore_metadata.cypher | bin\cypher-shell.bat -u neo4j -p password -a localhost:7688 -d system --param "database => 'movies1'" ----- - -Follow the steps from 1 to 6 of section xref:tutorial/causal-backup-restore-db.adoc#tutorial-prepare-to-backup[Prepare to back up your database] to verify that all data and metadata of the database backup have been successfully restored on all cluster members. diff --git a/modules/ROOT/pages/tutorial/fabric-tutorial.adoc b/modules/ROOT/pages/tutorial/fabric-tutorial.adoc deleted file mode 100644 index b8e56e54f..000000000 --- a/modules/ROOT/pages/tutorial/fabric-tutorial.adoc +++ /dev/null @@ -1,723 +0,0 @@ -[role=enterprise-edition] -[[tutorial-fabric]] -= Set up and use Fabric -:description: This tutorial walks through the basics of setting up and using Neo4j Fabric. - -Neo4j Fabric is a tool for storing and retrieving data in multiple databases, located in one or many Neo4j DBMS(s), with a single Cypher query. - -In this tutorial, you will learn how to: - -* xref:tutorial/fabric-tutorial.adoc#tutorial-fabric-model-data[Model your data for Fabric] -* xref:tutorial/fabric-tutorial.adoc#tutorial-fabric-config[Configure Fabric with three databases] -* xref:tutorial/fabric-tutorial.adoc#tutorial-fabric-import[Import data in your databases] -* xref:tutorial/fabric-tutorial.adoc#tutorial-fabric-get-results[Retrieve data with a single Cypher query] - -[TIP] -==== -For more information on how to manage multiple active databases in Neo4j, see xref:manage-databases/index.adoc[Manage databases]. + -For more details on Fabric, see xref:fabric/index.adoc[Fabric]. -==== - -[[tutorial-fabric-model-data]] -== Model your data for Fabric - - -[[tutorial-fabric-dataset]] -=== Northwind data - -image:fabric/northwind-logo.jpeg[width=100] The example data in this tutorial is based on the Northwind dataset, created by Microsoft. - -It contains the sales data of a fictitious small company called “Northwind Traders”. -The data includes customers, products, customer orders, warehouse stock, shipping, suppliers, employees, and sales territories. - -[TIP] -==== -For more information on how Northwind (a relational dataset) is modeled into a graph, run `:guide northwind-graph` in Neo4j Browser to play the built-in guide Northwind Graph. -See the link:https://neo4j.com/docs/browser-manual/current/visual-tour/#guides[Neo4j Browser documentation]. -==== - -[[tutorial-fabric-data-model]] -=== The model - -The Northwind graph model consists of the following data: - -* Node labels -** `:Product` -** `:Category` -** `:Supplier` -** `:Order` -** `:Customer` - -* Relationship types -** `:SUPPLIES` -** `:PART_OF` -** `:ORDERS` -** `:PURCHASED` - -image::fabric/northwind-datamodel.png[title="The Northwind data model", width=350] - - -[[tutorial-fabric-new-data-model]] -=== Remodeling the Northwind dataset - -In this scenario, you imagine that data privacy constraints require customers’ data to be stored in their original region. -For simplicity, there are two regions: the Americas (AME) and Europe (EU). -The first step is to remodel the Northwind dataset, so that customer data can be separated from the Product catalog, which has no privacy constraints. -You create two graphs: one for the Product catalog, which includes `:Product`, `:Category`, `:Supplier`, `:PART_OF`, `:SUPPLIES`, and one partitioned graph in two databases for the Customer orders in EU and AME, with `:Product`, `:Order`, `:Customer`, `:PURCHASED`, and `:ORDERS`. - -image::fabric/northwind-fabric-datamodel.png[title="The new data model", width=800, role=middle] - -*Data Federation* - -This way, the Product and Customer data are in two *disjointed graphs*, with different labels and relationship types. -This is called _Data Federation_. -To query across them, you have to federate the graphs, because relationships cannot span across them. -This is done by using a _proxy node_ modeling pattern: nodes with the `:Product` label must be present in both federated domains. -In the Product catalog graph, nodes with the `:Product` label contain all the data related to a product, while in the Customer graphs, the same label is associated to a proxy node, which only contains `productID`. -The `productID` property allows you to link data across the graphs in this federation. - -image::fabric/federation.png[title="Data Federation", width=350, role=middle] - -*Data Sharding* - -Since the Customer data is for two regions (EU and AME), you have to partition it into two databases. -The resulting two graphs have the same model (same labels, same relationship types), but different data. -This is called _Data Sharding_. - -image::fabric/sharding2.png[title="Data Sharding", width=450, role=middle] - -In general, there are a couple of main use cases that require sharding. -The most common is scalability, i.e., different shards can be deployed on different servers, splitting the load on different resources. -Another reason could be data regulations: different shards can be deployed on servers, residing in different locations, and managed independently. - -[[tutorial-fabric-config]] -== Configure Fabric with three databases - -Now that you have a new multi-database model defined, you can start to configure the Fabric infrastructure. - -[NOTE] -==== -This tutorial uses the Linux or macOS tarball installation. -It assumes that your current work directory is the __ directory of the tarball installation. -==== - -[[tutorial-fabric-create-databases]] -=== Create three databases - -You need three databases: `db0` for the Product catalog, `db1` for the EU customer data, and `db2` for the AME customers. - -. Start the Neo4j DBMS. -+ -[source, shell, role=noplay] ----- -bin/neo4j start ----- - -. Check all available databases. -+ -[source, shell, role=noplay] ----- -ls -al /data/databases/ ----- -+ -[queryresult] ----- -total 0 -drwxr-xr-x@ 5 username staff 160 9 Jun 12:53 . -drwxr-xr-x@ 5 username staff 160 9 Jun 12:53 .. -drwxr-xr-x 37 username staff 1184 9 Jun 12:53 neo4j --rw-r--r-- 1 username staff 0 9 Jun 12:53 store_lock -drwxr-xr-x 38 username staff 1216 9 Jun 12:53 system ----- - -. Connect to the Neo4j DBMS using `cypher-shell` with the default credentials and change the password when prompted. -For more information about the Cypher Shell command-line interface (CLI) and how to use it, see xref:tools/cypher-shell.adoc[Cypher Shell]. -+ -[source, shell, role=noplay] ----- -bin/cypher-shell -u neo4j -p neo4j ----- -+ -[queryresult] ----- -Password change required -new password: ***** -Connected to Neo4j 4.1.x at neo4j://localhost:7687 as user neo4j. -Type :help for a list of available commands or :exit to exit the shell. -Note that Cypher queries must end with a semicolon. ----- - -. Run the command `SHOW DATABASES` to list all available databases. -+ -[source, cypher, role=noplay] ----- -SHOW DATABASES; ----- -+ -[queryresult] ----- -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| name | type | aliases | access | address | role | writer | requestedStatus | currentStatus | statusMessage | default | home | constituents | -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| "neo4j" | "standard" | [] | "read-write" | "localhost:7687" | "primary" | TRUE | "online" | "online" | "" | TRUE | TRUE | [] | -| "system" | "system" | [] | "read-write" | "localhost:7687" | "primary" | TRUE | "online" | "online" | "" | FALSE | FALSE | [] | -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -2 rows available after 102 ms, consumed after another 11 ms ----- - -. Run the command `CREATE DATABASE ` to create the databases. -+ -[source, cypher, role=noplay] ----- -CREATE DATABASE db0; ----- -+ -[queryresult] ----- -0 rows available after 137 ms, consumed after another 0 ms ----- -+ -[source, cypher, role=noplay] ----- -CREATE DATABASE db1; ----- -+ -[queryresult] ----- -0 rows available after 14 ms, consumed after another 0 ms ----- -+ -[source, cypher, role=noplay] ----- -CREATE DATABASE db2; ----- -+ -[queryresult] ----- -0 rows available after 10 ms, consumed after another 0 ms ----- - -. Again run the command `SHOW DATABASES` to verify that the new databases have been created. -+ -[source, cypher, role=noplay] ----- -SHOW DATABASES; ----- -+ -[queryresult] ----- -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| name | type | aliases | access | address | role | writer | requestedStatus | currentStatus | statusMessage | default | home | constituents | -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| "db0" | "standard" | [] | "read-write" | "localhost:7687" | "primary" | TRUE | "online" | "online" | "" | FALSE | FALSE | [] | -| "db1" | "standard" | [] | "read-write" | "localhost:7687" | "primary" | TRUE | "online" | "online" | "" | FALSE | FALSE | [] | -| "db2" | "standard" | [] | "read-write" | "localhost:7687" | "primary" | TRUE | "online" | "online" | "" | FALSE | FALSE | [] | -| "neo4j" | "standard" | [] | "read-write" | "localhost:7687" | "primary" | TRUE | "online" | "online" | "" | TRUE | TRUE | [] | -| "system" | "system" | [] | "read-write" | "localhost:7687" | "primary" | TRUE | "online" | "online" | "" | FALSE | FALSE | [] | -+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -5 rows available after 8 ms, consumed after another 7 ms ----- - -. Exit the Cypher Shell command-line tool. -+ -[source, cypher, role=noplay] ----- -:exit ----- - -[discrete] -[[tutorial-fabric-fabric-config]] -=== Configure Fabric - -You set up Fabric by configuring the fabric database and the graph names and IDs in the _neo4j.conf_ file. -In this example, the Fabric database is called `fabricnw`. - -. Navigate to the _/conf/_ folder and open the _neo4j.conf_ file. - -. Add the following lines and save it. -+ ----- -#******************************************************************** -# Fabric tutorial -#******************************************************************** - -fabric.database.name=fabricnw - -fabric.graph.0.uri=neo4j://localhost:7687 -fabric.graph.0.name=product -fabric.graph.0.database=db0 - -fabric.graph.1.uri=neo4j://localhost:7687 -fabric.graph.1.name=customerEU -fabric.graph.1.database=db1 - -fabric.graph.2.uri=neo4j://localhost:7687 -fabric.graph.2.name=customerAME -fabric.graph.2.database=db2 - ----- - -. Navigate back to the __ folder and restart the Neo4j DBMS. -+ -[source, shell, role=noplay] ----- -bin/neo4j restart ----- - -. Connect to the Neo4j DBMS using `cypher-shell` and your credentials. -+ -[source, shell, role=noplay] ----- -bin/cypher-shell -u neo4j -p your-password ----- - -. Run the command `SHOW DATABASES` to verify that the Fabric database has been configured and is `online`. -+ -[source, cypher, role=noplay] ----- -SHOW DATABASES; ----- -+ -[queryresult] ----- -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| name | type | aliases | access | address | role | writer | requestedStatus | currentStatus | statusMessage | default | home | constituents | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| "db0" | "standard" | [] | "read-write" | "localhost:7687" | "primary" | TRUE | "online" | "online" | "" | FALSE | FALSE | [] | -| "db1" | "standard" | [] | "read-write" | "localhost:7687" | "primary" | TRUE | "online" | "online" | "" | FALSE | FALSE | [] | -| "db2" | "standard" | [] | "read-write" | "localhost:7687" | "primary" | TRUE | "online" | "online" | "" | FALSE | FALSE | [] | -| "fabricnw" | "standard" | [] | "read-write" | "localhost:7687" | "primary" | TRUE | "online" | "online" | "" | FALSE | FALSE | [] | -| "neo4j" | "standard" | [] | "read-write" | "localhost:7687" | "primary" | TRUE | "online" | "online" | "" | TRUE | TRUE | [] | -| "system" | "system" | [] | "read-write" | "localhost:7687" | "primary" | TRUE | "online" | "online" | "" | FALSE | FALSE | [] | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -6 rows available after 242 ms, consumed after another 18 ms ----- - -[[tutorial-fabric-import]] -== Import data in your databases - -You can use the command `LOAD CSV WITH HEADERS FROM` to import data in the databases. - -[discrete] -[[tutorial-fabric-import-product]] -=== Load the Product catalog in db0 - -. Run the following Cypher query to change the active database to `db0`, and add the product data. -+ -[source, cypher, role=noplay] ----- -:use db0; - -LOAD CSV WITH HEADERS FROM "http://data.neo4j.com/northwind/products.csv" AS row -CREATE (n:Product) -SET n = row, -n.unitPrice = toFloat(row.unitPrice), -n.unitsInStock = toInteger(row.unitsInStock), n.unitsOnOrder = toInteger(row.unitsOnOrder), -n.reorderLevel = toInteger(row.reorderLevel), n.discontinued = (row.discontinued <> "0"); - -LOAD CSV WITH HEADERS FROM "http://data.neo4j.com/northwind/categories.csv" AS row -CREATE (n:Category) -SET n = row; - -LOAD CSV WITH HEADERS FROM "http://data.neo4j.com/northwind/suppliers.csv" AS row -CREATE (n:Supplier) -SET n = row; - -CREATE INDEX FOR (p:Product) ON (p.productID); -CREATE INDEX FOR (c:Category) ON (c.categoryID); -CREATE INDEX FOR (s:Supplier) ON (s.supplierID); - -MATCH (p:Product),(c:Category) -WHERE p.categoryID = c.categoryID -CREATE (p)-[:PART_OF]->(c); - -MATCH (p:Product),(s:Supplier) -WHERE p.supplierID = s.supplierID -CREATE (s)-[:SUPPLIES]->(p); ----- - -. Press Enter. -. Verify that the product data is loaded in `db0`. -+ -[source, cypher, role=noplay] ----- -MATCH (s:Supplier)-[:SUPPLIES]->(p:Product)-[:PART_OF]->(c:Category) -RETURN s.companyName AS Supplier, p.productName AS Product, c.categoryName AS Category -LIMIT 5; ----- -+ -[queryresult] ----- -+--------------------------------------------------------------------------+ -| Supplier | Product | Category | -+--------------------------------------------------------------------------+ -| "Bigfoot Breweries" | "Sasquatch Ale" | "Beverages" | -| "Pavlova" | "Outback Lager" | "Beverages" | -| "Bigfoot Breweries" | "Laughing Lumberjack Lager" | "Beverages" | -| "Bigfoot Breweries" | "Steeleye Stout" | "Beverages" | -| "Aux joyeux ecclésiastiques" | "Côte de Blaye" | "Beverages" | -+--------------------------------------------------------------------------+ - -5 rows available after 202 ms, consumed after another 5 ms ----- - -[discrete] -[[tutorial-fabric-import-customerEU]] -=== Load EU customers and related orders in db1 - -. Run the following Cypher query to change the active database to `db1`, and add the EU customers and orders. -+ -[source, cypher, role=noplay] ----- -:use db1; - -:param europe => ['Germany', 'UK', 'Sweden', 'France', 'Spain', 'Switzerland', 'Austria', 'Italy', 'Portugal', 'Ireland', 'Belgium', 'Norway', 'Denmark', 'Finland']; - -LOAD CSV WITH HEADERS FROM "http://data.neo4j.com/northwind/customers.csv" AS row -WITH row -WHERE row.country IN $europe -CREATE (n:Customer) -SET n = row; - -CREATE INDEX FOR (c:Customer) ON (c.customerID); - -LOAD CSV WITH HEADERS FROM "http://data.neo4j.com/northwind/orders.csv" AS row -WITH row -MATCH (c:Customer) -WHERE row.customerID = c.customerID -CREATE (o:Order) -SET o = row; - -CREATE INDEX FOR (o:Order) ON (o.orderID); - -MATCH (c:Customer),(o:Order) -WHERE c.customerID = o.customerID -CREATE (c)-[:PURCHASED]->(o); - -LOAD CSV WITH HEADERS FROM "http://data.neo4j.com/northwind/products.csv" AS row -CREATE (n:Product) -SET n.productID = row.productID; - -CREATE INDEX FOR (p:Product) ON (p.productID); - -LOAD CSV WITH HEADERS FROM "http://data.neo4j.com/northwind/order-details.csv" AS row -MATCH (p:Product), (o:Order) -WHERE p.productID = row.productID AND o.orderID = row.orderID -CREATE (o)-[details:ORDERS]->(p) -SET details = row, details.quantity = toInteger(row.quantity); ----- - -. Press Enter. -. Verify that the EU Customer orders data is loaded in `db1`. -+ -[source, cypher, role=noplay] ----- -MATCH (c:Customer)-[:PURCHASED]->(o:Order)-[:ORDERS]->(p:Product) -RETURN c.companyName AS Customer, c.country AS CustomerCountry, o.orderID AS Order, p.productID AS Product -LIMIT 5; ----- -+ -[queryresult] ----- -+-------------------------------------------------------------+ -| Customer | CustomerCountry | Order | Product | -+-------------------------------------------------------------+ -| "Alfreds Futterkiste" | "Germany" | "10692" | "63" | -| "Alfreds Futterkiste" | "Germany" | "10835" | "77" | -| "Alfreds Futterkiste" | "Germany" | "10835" | "59" | -| "Alfreds Futterkiste" | "Germany" | "10702" | "76" | -| "Alfreds Futterkiste" | "Germany" | "10702" | "3" | -+-------------------------------------------------------------+ - -5 rows available after 47 ms, consumed after another 2 ms ----- - -[discrete] -[[tutorial-fabric-import-customerAME]] -=== Load AME customers and related orders in db2 - -. Run the following Cypher query to change the active database to `db2` and add the AME customers and orders. -+ -[source, cypher, role=noplay] ----- -:use db2; - -:param americas => ['Mexico', 'Canada', 'Argentina', 'Brazil', 'USA', 'Venezuela']; - -LOAD CSV WITH HEADERS FROM "http://data.neo4j.com/northwind/customers.csv" AS row -WITH row -WHERE row.country IN $americas -CREATE (n:Customer) -SET n = row; - -CREATE INDEX FOR (c:Customer) ON (c.customerID); - -LOAD CSV WITH HEADERS FROM "http://data.neo4j.com/northwind/orders.csv" AS row -WITH row -MATCH (c:Customer) -WHERE row.customerID = c.customerID -CREATE (o:Order) -SET o = row; - -CREATE INDEX FOR (o:Order) ON (o.orderID); - -MATCH (c:Customer),(o:Order) -WHERE c.customerID = o.customerID -CREATE (c)-[:PURCHASED]->(o); - -LOAD CSV WITH HEADERS FROM "http://data.neo4j.com/northwind/products.csv" AS row -CREATE (n:Product) -SET n.productID = row.productID; - -CREATE INDEX FOR (p:Product) ON (p.productID); - -LOAD CSV WITH HEADERS FROM "http://data.neo4j.com/northwind/order-details.csv" AS row -MATCH (p:Product), (o:Order) -WHERE p.productID = row.productID AND o.orderID = row.orderID -CREATE (o)-[details:ORDERS]->(p) -SET details = row, -details.quantity = toInteger(row.quantity); ----- - -. Press Enter. -. Verify that the AME Customer orders data is loaded in `db2`. -+ -[source, cypher, role=noplay] ----- -MATCH (c:Customer)-[:PURCHASED]->(o:Order)-[:ORDERS]->(p:Product) -RETURN c.companyName AS Customer, c.country AS CustomerCountry, o.orderID AS Order, p.productID AS Product -LIMIT 5; ----- -+ -[queryresult] ----- -+----------------------------------------------------------------------------+ -| Customer | CustomerCountry | Order | Product | -+----------------------------------------------------------------------------+ -| "Ana Trujillo Emparedados y helados" | "Mexico" | "10759" | "32" | -| "Ana Trujillo Emparedados y helados" | "Mexico" | "10926" | "72" | -| "Ana Trujillo Emparedados y helados" | "Mexico" | "10926" | "13" | -| "Ana Trujillo Emparedados y helados" | "Mexico" | "10926" | "19" | -| "Ana Trujillo Emparedados y helados" | "Mexico" | "10926" | "11" | -+----------------------------------------------------------------------------+ - -5 rows available after 42 ms, consumed after another 1 ms - ----- - - -[[tutorial-fabric-get-results]] -== Retrieve data with a single Cypher query - -Fabric allows you to retrieve data from all your databases with a single Cypher query. - -As the databases `db0`, `db1`, `db2` in this tutorial are part of the same Neo4j DBMS, you can also access them directly, using their database names. -This is especially useful when you want to set up Fabric locally for development or testing purposes. -In this case, you only have to add `fabric.database.name=fabricnw` to the _neo4j.conf_ file, and use queries as the following one. - -[source, cypher, role=noplay] ----- -:use fabricnw ----- - -[source, cypher, role=noplay] ----- -USE db1 -MATCH (c:Customer) -WHERE c.customerID STARTS WITH 'A' -RETURN c.customerID AS name, c.country AS country - UNION -USE db2 -MATCH (c:Customer) -WHERE c.customerID STARTS WITH 'A' -RETURN c.customerID AS name, c.country AS country -LIMIT 5; ----- - -[queryresult] ----- -+---------------------+ -| name | country | -+---------------------+ -| "ALFKI" | "Germany" | -| "AROUT" | "UK" | -| "ANATR" | "Mexico" | -| "ANTON" | "Mexico" | -+---------------------+ - -4 rows available after 404 ms, consumed after another 1 ms ----- - -However, if your databases `db0`, `db1`, `db2` are located in other Neo4j DBMSs, on completely different servers for example, then you must update the URI settings to connect to them. - -In this tutorial, you will try the Fabric capabilities as if the data is deployed on different servers. - -[discrete] -[[tutorial-fabric-query-product]] -=== Query a single database - -You can retrieve data from a single database by using the cypher clause `USE` and the name of the Fabric graph. -When querying a single database, you do not have to change the active database to Fabric. - -[source, cypher, role=noplay] ----- -USE fabricnw.product -MATCH (p:Product) -RETURN p.productName AS product -LIMIT 5; ----- - -[queryresult] ----- -+--------------------------------+ -| product | -+--------------------------------+ -| "Chai" | -| "Chang" | -| "Aniseed Syrup" | -| "Chef Anton's Cajun Seasoning" | -| "Chef Anton's Gumbo Mix" | -+--------------------------------+ - -5 rows available after 6 ms, consumed after another 21 ms ----- - -[discrete] -[[tutorial-fabric-query-shards]] -=== Query across multiple shards -Use Fabric to query both shards and get customers whose name starts with A. - -When you want to retrieve data from multiple databases, you have to change the active database to `fabricnw`. - -[source, cypher, role=noplay] ----- -:use fabricnw ----- - -[source, cypher, role=noplay] ----- -USE fabricnw.customerAME -MATCH (c:Customer) -WHERE c.customerID STARTS WITH 'A' -RETURN c.customerID AS name, c.country AS country - UNION -USE fabricnw.customerEU -MATCH (c:Customer) -WHERE c.customerID STARTS WITH 'A' -RETURN c.customerID AS name, c.country AS country -LIMIT 5; ----- - -[queryresult] ----- -+---------------------+ -| name | country | -+---------------------+ -| "ANATR" | "Mexico" | -| "ANTON" | "Mexico" | -| "ALFKI" | "Germany" | -| "AROUT" | "UK" | -+---------------------+ - -4 rows available after 25 ms, consumed after another 56 ms ----- - -Or, using a more common Fabric idiom: - -[source, cypher, role=noplay] ----- -UNWIND [1,2]AS gid -CALL { - USE fabricnw.graph(gid) - MATCH (c:Customer) - WHERE c.customerID STARTS WITH 'A' - RETURN c.customerID AS name, c.country AS country -} -RETURN name, country -LIMIT 5; ----- - -[queryresult] ----- -+---------------------+ -| name | country | -+---------------------+ -| "ANATR" | "Mexico" | -| "ANTON" | "Mexico" | -| "ALFKI" | "Germany" | -| "AROUT" | "UK" | -+---------------------+ - -4 rows available after 61 ms, consumed after another 8 ms ----- - -[discrete] -[[tutorial-fabric-query-all-dbs]] -=== Query across federation and shards - -Finally, a more complex query that uses all 3 databases to find all customers who have bought discontinued products in the Meat/Poultry category. - -[source, cypher, role=noplay] ----- -CALL { -USE fabricnw.product -MATCH (p:Product{discontinued:true})-[:PART_OF]->(c:Category{categoryName:'Meat/Poultry'}) - RETURN COLLECT(p.productID) AS pids -} -WITH *, [g IN fabricnw.graphIds() WHERE g<>0] AS gids -UNWIND gids AS gid -CALL { - USE fabricnw.graph(gid) - WITH pids - UNWIND pids as pid - MATCH (p:Product{productID:pid})<-[:ORDERS]-(:Order)<-[:PURCHASED]-(c:Customer) - RETURN DISTINCT c.customerID AS customer, c.country AS country -} -RETURN customer, country -LIMIT 20; ----- - -[queryresult] ----- -+--------------------------+ -| customer | country | -+--------------------------+ -| "RICSU" | "Switzerland" | -| "PERIC" | "Mexico" | -| "WARTH" | "Finland" | -| "WELLI" | "Brazil" | -| "DRACD" | "Germany" | -| "RATTC" | "USA" | -| "HUNGO" | "Ireland" | -| "QUEDE" | "Brazil" | -| "SEVES" | "UK" | -| "ANTON" | "Mexico" | -| "BERGS" | "Sweden" | -| "SAVEA" | "USA" | -| "AROUT" | "UK" | -| "FAMIA" | "Brazil" | -| "WANDK" | "Germany" | -| "WHITC" | "USA" | -| "ISLAT" | "UK" | -| "LONEP" | "USA" | -| "QUICK" | "Germany" | -| "HILAA" | "Venezuela" | -+--------------------------+ - -20 rows available after 51 ms, consumed after another 2 ms ----- - -[TIP] -First, `fabricnw` calls database `db0` to retrieve all discontinued products in the Meat/Poultry category. -Then, using the returned product IDs, it queries both `db1` and `db2` *in parallel* and gets the customers who have purchased these products and their country. - - -[discrete] -[[tutorial-fabric-end]] -== The end - -You have just learned how to store and retrieve data from multiple databases using a single Cypher query. + -For more details on the Neo4j Fabric, see xref:fabric/index.adoc[Fabric]. diff --git a/modules/ROOT/pages/tutorial/local-causal-cluster.adoc b/modules/ROOT/pages/tutorial/local-causal-cluster.adoc deleted file mode 100644 index 526dd17aa..000000000 --- a/modules/ROOT/pages/tutorial/local-causal-cluster.adoc +++ /dev/null @@ -1,311 +0,0 @@ -[role=enterprise-edition] -[[tutorial-local-cluster]] -= Set up a local Causal Cluster -:description: This tutorial walks through the basics of setting up a Neo4j Causal Cluster. The result is a local cluster of six instances: three Cores and three Read Replicas. - -In this tutorial, you will learn how to deploy a Causal Cluster locally on a single machine. - -[NOTE] -==== -Keep in mind that a cluster on a single machine has no fault tolerance and is therefore not suitable for production use. -==== - -A typical Causal Cluster consists of three Core instances and three Read Replicas. -The Core instances are responsible for keeping the data safe, and the Read Replicas are responsible for scaling the capacity of the cluster. -For details on the number of servers required for a Causal Cluster, see xref:clustering/introduction.adoc#clustering-primary-servers[Primary servers]. - -The Core of the Causal Cluster is intended to remain stable over time. -The roles within the Core may change as needed, but the Core itself is long-lived and stable. + -Read Replicas live at the edge of the cluster and can be brought up and taken down without affecting the Core. -They can be added as needed to increase the operational capacity of the cluster as a whole. - -For more information about Causal Clustering architecture, configuration, and operation, see xref:clustering/index.adoc[Clustering]. - -[[tutorial-local-cluster-download-neo4j]] -== Download Neo4j - -You download Neo4j and prepare your local environment. - -. Create a local working directory. -. Download a copy of the Neo4j Enterprise Edition from https://neo4j.com/download/other-releases/#releases[the Neo4j download site]. -. Unpack Neo4j in the working directory. - -[[tutorial-local-cluster-configure-cores]] -== Set up the Core servers -You create and configure three Core instances. - -[discrete] -[[tutorial-local-cluster-configure-core01]] -=== Configure and start the first Core instance - -You create and configure the first Core instance. - -. Make a copy of the _neo4j-enterprise-{neo4j-version-exact}_ directory and name it _core-01_. + -You have to keep the original directory for setting up the other Core instances and Read Replicas. -The _core-01_ directory will contain the first Core instance. -. Open the Neo4j configuration file, xref:configuration/neo4j-conf.adoc[_conf/neo4j.conf_], and configure the following settings: -+ -[TIP] -==== -If you cannot find the configuration file, see xref:configuration/file-locations.adoc[File locations]. -==== -.. Locate and uncomment the setting `dbms.mode=CORE`. -.. Locate and uncomment the setting `causal_clustering.minimum_core_cluster_size_at_formation=3`. -.. Locate and uncomment the setting `causal_clustering.minimum_core_cluster_size_at_runtime=3`. -.. Locate and uncomment the setting `causal_clustering.initial_discovery_members=localhost:5000,localhost:5001,localhost:5002`. -.. Locate and uncomment the setting `causal_clustering.discovery_listen_address=:5000`. -.. Locate and uncomment the setting `causal_clustering.transaction_listen_address=:6000`. -.. Locate and uncomment the setting `causal_clustering.raft_listen_address=:7000`. -.. Locate and uncomment the setting `dbms.connector.bolt.listen_address=:7687`. -.. Locate and uncomment the setting `dbms.connector.http.listen_address=:7474`. -.. Locate and uncomment the setting `dbms.connector.https.listen_address`, and change the value to `:6474`. -.. Locate and uncomment the setting `dbms.backup.listen_address=0.0.0.0:6362`. -. Save the file. -. Open a command-line tool and navigate to _core-01_ directory. -. Run the following command to start _core-01_: -+ -[source, shell] ----- -core-01$ ./bin/neo4j start ----- - -[discrete] -[[tutorial-local-cluster-configure-core02]] -=== Create and configure the second Core instance - -You create and configure the second Core instance. - -. Make a new copy of the _neo4j-enterprise-{neo4j-version-exact}_ directory and name it _core-02_. -. Overwrite _core-02/conf/neo4j.conf_ with the just modified _core-01/conf/neo4j.conf_. Then in the new _core-02_ directory, open -the _conf/neo4j.conf_ file and configure the following settings: -.. Locate the setting `causal_clustering.discovery_listen_address` and change the value to `:5001`. -.. Locate the setting `causal_clustering.transaction_listen_address` and change the value to `:6001`. -.. Locate the setting `causal_clustering.raft_listen_address` and change the value to `:7001`. -.. Locate the setting `dbms.connector.bolt.listen_address` and change the value to `:7688`. -.. Locate the setting `dbms.connector.http.listen_address` and change the value to `:7475`. -.. Locate the setting `dbms.connector.https.listen_address` and change the value to `:6475`. -.. Locate the setting `dbms.backup.listen_address` and change the value to `0.0.0.0:6363`. -. Save the file. -. Open a command-line tool and navigate to _core-02_ directory. -. Run the following command to start _core-02_: -+ -[source, shell] ----- -core-02$ ./bin/neo4j start ----- - -[discrete] -[[tutorial-local-cluster-configure-core03]] -=== Create and configure the third Core instance - -You create and configure the third Core instance. - -. Make a new copy of the _neo4j-enterprise-{neo4j-version-exact}_ directory and name it _core-03_. -. Overwrite _core-03/conf/neo4j.conf_ with the just modified _core-02/conf/neo4j.conf_. Then in the new _core-03_ directory, open -the _conf/neo4j.conf_ file and configure the following settings: -.. Locate the setting `causal_clustering.discovery_listen_address` and change the value to `:5002`. -.. Locate the setting `causal_clustering.transaction_listen_address` and change the value to `:6002`. -.. Locate the setting `causal_clustering.raft_listen_address` and change the value to `:7002`. -.. Locate the setting `dbms.connector.bolt.listen_address` and change the value to `:7689`. -.. Locate the setting `dbms.connector.http.listen_address` and change the value to `:7476`. -.. Locate the setting `dbms.connector.https.listen_address` and change the value to `:6476`. -.. Locate the setting `dbms.backup.listen_address` and change the value to `0.0.0.0:6364`. -. Save the file. -. Open a command-line tool and navigate to _core-03_ directory. -. Run the following command to start _core-03_: -+ -[source, shell] ----- -core-03$ ./bin/neo4j start ----- - -[TIP] -.Startup Time -==== -To follow along with the startup of a server, check the messages in _/logs/neo4j.log_: - -* On a Unix system, run the command `tail -n100 logs/neo4j.log`. -* On Windows Server, run `Get-Content .\logs\neo4j.log -Tail 10 -Wait`. - -While an instance is joining the cluster, the server may appear unavailable. -In the case where an instance is joining a cluster with lots of data, it may take a number of minutes for the new instance to download the data from the cluster and become available. -==== - - -[[tutorial-local-cluster-check-status]] -== Check the status of the cluster - -The minimal cluster of three Core servers is operational and is ready to serve requests. - -Connect to any of the three Core instances to check the cluster status. - -. Open _core-01_ at http://localhost:7474[http://localhost:7474^]. -. Authenticate with the default `neo4j/neo4j` credentials, and set a new password when prompted. -. Check the status of the cluster by running the following in Neo4j Browser: -+ -[source, cypher] ----- -:sysinfo ----- -+ -.A cluster of three Core instances. -==== -[options="header"] -|=== -| Name | Address | Role | Status | Default | Error -| neo4j | localhost:7689 | follower | online | true | - -| neo4j | localhost:7688 | follower | online | true | - -| neo4j | localhost:7687 | leader | online | true | - -| system | localhost:7689 | follower | online | - | - -| system | localhost:7688 | follower | online | - | - -| system | localhost:7687 | leader` | online | - | - - -|=== -==== -+ -. Run the following query to create nodes and relationships. -+ -[source, cypher] ----- -UNWIND range(0, 100) AS value -MERGE (person1:Person {id: value}) -MERGE (person2:Person {id: toInteger(100.0 * rand())}) -MERGE (person1)-[:FRIENDS]->(person2) ----- -+ -. Open a new tab and point your web browser to a follower, for example, _core-02_ at http://localhost:7475[http://localhost:7475^]. -. Authenticate with the credentials you have set up for _core-01_. -. Run the following query to verify that the data has been replicated: -+ -[source, cypher] ----- -MATCH path = (person:Person)-[:FRIENDS]-(friend) -RETURN path -LIMIT 10 ----- - - -[[tutorial-local-cluster-configure-read-replicas]] -== Set up the Read Replicas - -Because the Read Replicas do not participate in quorum decisions, their configuration is simpler than the configuration of the Core servers. - -You configure a Read Replica by setting the address of a Core instance that it can bind to in order to discover the cluster. -For details, see xref:clustering-advanced/lifecycle.adoc#causal-clustering-discovery-protocol[Discovery protocol]. + -After the initial discovery, the Read Replicas can choose a Core instance from which to catch up. -For details, see xref:clustering-advanced/lifecycle.adoc#causal-clustering-catchup-protocol[Catchup protocol]. - -[discrete] -[[tutorial-local-cluster-configure-read-replica01]] -=== Configure and start the first Read Replica - -You create and configure the first Read Replica. - -. Make a copy of the _neo4j-enterprise-{neo4j-version-exact}_ directory and name it _replica-01_. -. In the new _replica-01_ directory, open the _conf/neo4j.conf_ file and configure the following settings: -.. Locate and uncomment the setting `dbms.mode`, and change the value to `READ_REPLICA`. -.. Locate and uncomment the setting `causal_clustering.initial_discovery_members=localhost:5000,localhost:5001,localhost:5002`. -.. Locate and uncomment the setting `causal_clustering.discovery_listen_address`, and change the value to `:5003`. -.. Locate and uncomment the setting `causal_clustering.transaction_listen_address`, and change the value to `:6003`. -.. Locate and uncomment the setting `dbms.connector.bolt.listen_address`, and change the value to `:7690`. -.. Locate and uncomment the setting `dbms.connector.http.listen_address`, and change the value to `:7477`. -.. Locate and uncomment the setting `dbms.connector.https.listen_address`, and change the value to `:6477`. -.. Locate and uncomment the setting `dbms.backup.listen_address`, and change the values to `0.0.0.0:6365`. -. Save the file. -. Open a command-line tool and navigate to _replica-01_ directory. -. Run the following command to start _replica-01_: -+ -[source, shell] ----- -replica-01$ ./bin/neo4j start ----- - -[discrete] -[[tutorial-local-cluster-configure-read-replica02]] -=== Configure and start the second Read Replica - -You create and configure the second Read Replica. - -. Make a new copy of the _neo4j-enterprise-{neo4j-version-exact}_ directory and name it _replica-02_. -. Overwrite _replica-02/conf/neo4j.conf_ with the just modified _replica-01/conf/neo4j.conf_. Then in the new _replica-02_ directory, open -the _conf/neo4j.conf_ file and configure the following settings: -.. Locate the setting `causal_clustering.discovery_listen_address` and change the value to `:5004`. -.. Locate the setting `causal_clustering.transaction_listen_address` and change the value to `:6004`. -.. Locate the setting `dbms.connector.bolt.listen_address` and change the value to `:7691`. -.. Locate the setting `dbms.connector.http.listen_address` and change the value to `:7478`. -.. Locate the setting `dbms.connector.https.listen_address` and change the value to `:6478`. -.. Locate the setting `dbms.backup.listen_address` and change the value to `0.0.0.0:6366`. -. Save the file. -. Open a command-line tool and navigate to _replica-02_ directory. -. Run the following command to start _replica-02_: -+ -[source, shell] ----- -replica-02$ ./bin/neo4j start ----- - -[discrete] -[[tutorial-local-cluster-configure-read-replica03]] -=== Configure and start the third Read Replica - -You create and configure the third Read Replica. - -. Make a new copy of the _neo4j-enterprise-{neo4j-version-exact}_ directory and name it _replica-03_. -. Overwrite _replica-03/conf/neo4j.conf_ with the just modified _replica-02/conf/neo4j.conf_. Then in the new _replica-03_ directory, open -the _conf/neo4j.conf_ file and configure the following settings: -.. Locate the setting `causal_clustering.discovery_listen_address` and change the value to `:5005`. -.. Locate the setting `causal_clustering.transaction_listen_address` and change the value to `:6005`. -.. Locate the setting `dbms.connector.bolt.listen_address` and change the value to `:7692`. -.. Locate the setting `dbms.connector.http.listen_address` and change the value to `:7479`. -.. Locate the setting `dbms.connector.https.listen_address` and change the value to `:6479`. -.. Locate the setting `dbms.backup.listen_address` and change the value to `0.0.0.0:6367`. -. Save the file. -. Open a command-line tool and navigate to _replica-03_ directory. -. Run the following command to start _replica-03_: -+ -[source, shell] ----- -replica-03$ ./bin/neo4j start ----- - -[[tutorial-local-cluster-test-with-read-replicas]] -== Check the status of the cluster - -Your cluster of three Core servers and three Read Replicas is operational and is ready to serve requests. - -In your _core-01_ browser, check the cluster status by running the following in Neo4j Browser: -[source, cypher] ----- -:sysinfo ----- - -.A cluster of three Core instances and three Read Replicas. -==== -[options="header"] -|=== -| Name | Address | Role | Status | Default | Error -| neo4j | localhost:7689 | follower | online | true | - -| neo4j | localhost:7688 | follower | online | true | - -| neo4j | localhost:7687 | leader | online | true | - -| neo4j | localhost:7692 | read_replica | online | true | - -| neo4j | localhost:7691 | read_replica | online | true | - -| neo4j | localhost:76890 | read_replica | online | true | - -| system | localhost:7689 | follower | online | - | - -| system | localhost:7688 | follower | online | - | - -| system | localhost:7687 | leader | online | - | - -| system | localhost:7692 | read_replica | online | - | - -| system | localhost:7691 | read_replica | online | - | - -| system | localhost:7690 | read_replica | online | - | - -|=== -==== - -. Open a new tab and point your web browser to a Read Replica, for example, _replica-01_ at http://localhost:7477[http://localhost:7477^]. -. Login with `neo4j` and the previously set password and *use the `bolt://` schema*. -. Run the following query to verify that the data has been replicated: -+ -[source, cypher] ----- -MATCH path = (person:Person)-[:FRIENDS]-(friend) -RETURN path -LIMIT 10 ----- diff --git a/package.json b/package.json index bb56d0817..40d333981 100644 --- a/package.json +++ b/package.json @@ -25,6 +25,7 @@ "@neo4j-antora/antora-modify-sitemaps": "^0.4.4", "@neo4j-antora/antora-page-roles": "^0.3.1", "@neo4j-antora/antora-table-footnotes": "^0.3.2", + "@neo4j-antora/antora-unlisted-pages": "^0.1.0", "@neo4j-documentation/macros": "^1.0.2", "@neo4j-documentation/remote-include": "^1.0.0" }, diff --git a/preview.yml b/preview.yml index d8586a81e..e321c5f74 100644 --- a/preview.yml +++ b/preview.yml @@ -27,6 +27,7 @@ antora: sitemap_version: '5' sitemap_loc_version: 'current' move_sitemaps_to_components: true + - require: "@neo4j-antora/antora-unlisted-pages" asciidoc: extensions: diff --git a/publish.yml b/publish.yml index 08121f3e1..e218ade0d 100644 --- a/publish.yml +++ b/publish.yml @@ -28,6 +28,7 @@ antora: sitemap_version: '5' sitemap_loc_version: 'current' move_sitemaps_to_components: true + - require: "@neo4j-antora/antora-unlisted-pages" asciidoc: extensions: From c5798ac7f85d7e985577e7a3b049a1a8b70a6446 Mon Sep 17 00:00:00 2001 From: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> Date: Tue, 10 Jan 2023 14:32:47 +0100 Subject: [PATCH 071/876] made space for content on monitoring clustering endpoints (#320) (#321) --- modules/ROOT/content-nav.adoc | 1 + modules/ROOT/pages/clustering/monitoring/endpoints.adoc | 4 ++++ 2 files changed, 5 insertions(+) create mode 100644 modules/ROOT/pages/clustering/monitoring/endpoints.adoc diff --git a/modules/ROOT/content-nav.adoc b/modules/ROOT/content-nav.adoc index 02aeb5460..59c440a85 100644 --- a/modules/ROOT/content-nav.adoc +++ b/modules/ROOT/content-nav.adoc @@ -94,6 +94,7 @@ ** Monitoring *** xref:clustering/monitoring/show-servers-monitoring.adoc[] *** xref:clustering/monitoring/show-databases-monitoring.adoc[] +*** xref:clustering/monitoring/endpoints.adoc[] ** xref:clustering/disaster-recovery.adoc[] //** xref:clustering/internals.adoc[] ** xref:clustering/settings.adoc[] diff --git a/modules/ROOT/pages/clustering/monitoring/endpoints.adoc b/modules/ROOT/pages/clustering/monitoring/endpoints.adoc new file mode 100644 index 000000000..8978a414b --- /dev/null +++ b/modules/ROOT/pages/clustering/monitoring/endpoints.adoc @@ -0,0 +1,4 @@ +:description: This section desxcribes how to monitor cluster endpoints +[role=enterprise-edition] +[[monitoring-endpoints]] += Monitor cluster endpoints From 621c6d7f2b0463e9274b9561cf048451e0647578 Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Thu, 12 Jan 2023 09:20:23 +0100 Subject: [PATCH 072/876] Update formatting of the table (#323) --- modules/ROOT/pages/introduction.adoc | 56 ++++++++++++++-------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/modules/ROOT/pages/introduction.adoc b/modules/ROOT/pages/introduction.adoc index 9ed07a5fa..6b8fa8d38 100644 --- a/modules/ROOT/pages/introduction.adoc +++ b/modules/ROOT/pages/introduction.adoc @@ -128,9 +128,9 @@ See the link:{download-center-drivers}[Neo4j Download Center - Drivers] for more a| link:https://www.gnu.org/licenses/quick-guide-gplv3.html[Open source under GPLv3] |{check-mark} -|{cross-mark} +| -| *Native Graph* +^s| Native Graph | | @@ -147,7 +147,7 @@ a| Standard and Aligned store format (link:https://neo4j.com/docs/operations-man | {check-mark} a| High_limit (link:https://neo4j.com/docs/operations-manual/current/tools/neo4j-admin/neo4j-admin-store-info/#neo4j-admin-store-high-limit[1 Quadrillion Nodes & Relationships]) -| {cross-mark} +| | {check-mark} | ACID-compliant transactions @@ -159,15 +159,15 @@ a| High_limit (link:https://neo4j.com/docs/operations-manual/current/tools/neo4j | {check-mark} | _Slotted_ Cypher runtime -| {check-mark} +| | {check-mark} | _Pipelined_ Cypher runtime (faster) -| {cross-mark} +| | {check-mark} | Listing and terminating running queries -| {cross-mark} +| | {check-mark} | High-performance caching @@ -178,7 +178,7 @@ a| High_limit (link:https://neo4j.com/docs/operations-manual/current/tools/neo4j | {check-mark} | {check-mark} -| *Clients and APIs* +^s| Clients and APIs | | @@ -211,10 +211,10 @@ a| APOC 450+ link:https://neo4j.com/docs/apoc/5/[Core Procedures and Functions] | {check-mark} | Support for Neo4j Graph Data Science Enterprise Edition footnote:sepinstall[] -| {cross-mark} +| | {check-mark} -| *Indexes and constraints* +^s| Indexes and constraints | | @@ -231,43 +231,43 @@ a| APOC 450+ link:https://neo4j.com/docs/apoc/5/[Core Procedures and Functions] | {check-mark} | Property-existence constraints -| {cross-mark} +| | {check-mark} | Node Key constraints -| {cross-mark} +| | {check-mark} -| *Security* +^s| Security | | | Role-based access control -| {cross-mark} +| | {check-mark} | Sub-graph access control -| {cross-mark} +| | {check-mark} | LDAP and Active Directory integration -| {cross-mark} +| | {check-mark} | Kerberos security option -| {cross-mark} +| | {check-mark} -| *Data management* +^s| Data management | | | Offline import -| {cross-mark} +| | {check-mark} | Offline incremental import -| {cross-mark} +| | {check-mark} | Auto-reuse of space @@ -275,43 +275,43 @@ a| APOC 450+ link:https://neo4j.com/docs/apoc/5/[Core Procedures and Functions] | {check-mark} | Store copy -| {cross-mark} +| | {check-mark} | Offline backup (dump) | {check-mark} | {check-mark} -| *Scale and availability* +^s| Scale and availability | | | Online back-up and restore -| {cross-mark} +| | {check-mark} | Multiple databases (beyond the `system` and default databases) -| {cross-mark} +| | {check-mark} | Autonomous clustering -| {cross-mark} +| | {check-mark} | Sharded and federated Composite databases -| {cross-mark} +| | {check-mark} -| *Monitoring and management* +^s| Monitoring and management | | | Endpoints and metrics for monitoring via Prometheus -| {cross-mark} +| | {check-mark} | Neo4j Operations Manager -| {cross-mark} +| | {check-mark} |=== From 23e6385984a973db7d6e7db595b7e65cac3b4800 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 12 Jan 2023 08:59:48 +0000 Subject: [PATCH 073/876] Clarify the Neo4j deployment on AWS (#318) https://trello.com/c/tMMaMPJs/4624-aws-deployment-doc-update-requested Co-authored-by: David Oliver --- .../pages/cloud-deployments/neo4j-aws.adoc | 24 ++++++++----------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc b/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc index 443be542e..63ac495fd 100644 --- a/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc +++ b/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc @@ -3,26 +3,22 @@ [[aws]] = Neo4j on AWS -You can deploy Neo4j on Amazon Web Services (AWS) directly from the AWS Marketplace or by using the Neo4j CloudFormation templates hosted on GitHub. +You can deploy Neo4j Enterprise Edition on Elastic Compute Cloud (EC2) instances in AWS directly from the link:https://aws.amazon.com/marketplace/pp/prodview-akmzjikgawgn4?sr=0-1&ref_=beagle&applicationId=AWSMPContessa[AWS Marketplace]. -The AWS Marketplace represents a straightforward method to deploy Neo4j on Elastic Compute Cloud (EC2) instances in AWS. +The listing uses the https://github.com/neo4j-partners/amazon-cloud-formation-neo4j/tree/main/marketplace/neo4j.template.yaml[Neo4j CloudFormation template] (hosted in a public GitHub repository), which can be customized to meet more complex use cases. -The Neo4j Enterprise Edition listings (for both Neo4j 5 and 4.4) on the AWS Marketplace can be found at link:https://aws.amazon.com/marketplace/pp/prodview-akmzjikgawgn4[Neo4j Enterprise Edition on the AWS Marketplace]. +CloudFormation templates for Neo4j v4.4 are also supported, as well as some custom templates that serve other commonly requested use cases. - -In addition to the AWS Marketplace listings, Neo4j provides several CloudFormation templates, which can be customized to meet more complex use cases. -These templates are hosted in a public GitHub repository and can be found at link:https://github.com/neo4j-partners/amazon-cloud-formation-neo4j[Neo4j CloudFormation templates on GitHub]. - -Further custom templates, which serve other commonly requested use cases, can be on the same repository in the link:https://github.com/neo4j-partners/amazon-cloud-formation-neo4j/tree/main/custom-templates[custom-templates] directory. -These custom templates are also freely available but are not part of the Neo4j official AWS Marketplace offering. - -[TIP] +[NOTE] ==== -The link:https://github.com/neo4j-partners/amazon-cloud-formation-neo4j[main] branch hosts the CodeFormation templates for Neo4j 5. -A link:https://github.com/neo4j-partners/amazon-cloud-formation-neo4j/tree/4.4[separate] branch is maintained for the templates for Neo4j 4.4. +Note that Neo4j does not provide AMIs with a pre-installed version of the product. +The Neo4j Marketplace listings and custom listings on Github leverage CloudFormation templates and user-data scripting to deploy Neo4j. ==== -The official Neo4j AWS Marketplace listing uses the link:https://github.com/neo4j-partners/amazon-cloud-formation-neo4j/tree/main/marketplace/neo4j.template.yaml[marketplace] template to deploy Neo4j. +For more information, see the following links: + +* link:https://github.com/neo4j-partners/amazon-cloud-formation-neo4j[All CloudFormation templates for Neo4j v5]. +* link:https://github.com/neo4j-partners/amazon-cloud-formation-neo4j/tree/Neo4j-4.4[All CloudFormation templates for Neo4j v4.4]. == Neo4j CloudFormation template From 69abc4e1fdd7494810a94c8cdee933ed02a2a5dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louise=20S=C3=B6derstr=C3=B6m?= Date: Fri, 13 Jan 2023 09:33:48 +0100 Subject: [PATCH 074/876] Update documentation around loading and unrestricting. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Improve Securing extensions page. Following the principle of least privilege, we should not recommend to load or unrestrict all apoc procedures. Co-authored-by: Jens Pryce-Åklundh <112686610+JPryce-Aklundh@users.noreply.github.com> Co-authored-by: Daniel Leaver --- .../ROOT/pages/kubernetes/configuration.adoc | 13 +++--- .../pages/security/securing-extensions.adoc | 40 ++++++++++++++++--- 2 files changed, 42 insertions(+), 11 deletions(-) diff --git a/modules/ROOT/pages/kubernetes/configuration.adoc b/modules/ROOT/pages/kubernetes/configuration.adoc index 848429e29..df2f0bc9a 100644 --- a/modules/ROOT/pages/kubernetes/configuration.adoc +++ b/modules/ROOT/pages/kubernetes/configuration.adoc @@ -1274,17 +1274,18 @@ image: APOC core is shipped with Neo4j, but it is not installed in the Neo4j _plugins_ directory. If APOC core is the _only_ plugin that you want to add to Neo4j, it is not necessary to perform plugin installation as described in xref:kubernetes/configuration.adoc#operations-installing-plugins[Install Plugins]. -Instead, you can configure the helm deployment to use APOC core by upgrading the deployment with this additional setting in the _values.yaml_ file: +Instead, you can configure the helm deployment to use APOC core by upgrading the deployment with these additional settings in the _values.yaml_ file: -. Configure APOC core: +. Configure APOC core by loading and unresticting the functions and procedures you need (for more details see link:{neo4j-docs-base-uri}/apoc/{page-version}/installation/#restricted[APOC installation guide]). +For example: + [source, yaml] ---- config: server.directories.plugins: "/var/lib/neo4j/labs" - dbms.security.procedures.unrestricted: "apoc.*" + dbms.security.procedures.unrestricted: "apoc.cypher.doIt" server.config.strict_validation.enabled: "false" - dbms.security.procedures.allowlist: "gds.*,apoc.*" + dbms.security.procedures.allowlist: "apoc.math.maxInteger,apoc.cypher.doIt" ---- + . Under `apoc_config`, configure the APOC settings you want, for example: @@ -1344,7 +1345,7 @@ volumes: env: NEO4J_PLUGINS: '["graph-data-science"]' config: - dbms.security.procedures.unrestricted: "gds.*,apoc.*" + dbms.security.procedures.unrestricted: "gds.*" ---- ==== Install GDS Enterprise Edition (EE) and Bloom plugins @@ -1383,7 +1384,7 @@ env: NEO4J_PLUGINS: '["graph-data-science", "bloom"]' config: gds.enterprise.license_file: "/licenses/gds.license" - dbms.security.procedures.unrestricted: "gds.*,apoc.*,bloom.*" + dbms.security.procedures.unrestricted: "gds.*,bloom.*" server.unmanaged_extension_classes: "com.neo4j.bloom.server=/bloom,semantics.extension=/rdf" dbms.security.http_auth_allowlist: "/,/browser.*,/bloom.*" dbms.bloom.license_file: "/licenses/bloom.license" diff --git a/modules/ROOT/pages/security/securing-extensions.adoc b/modules/ROOT/pages/security/securing-extensions.adoc index 2c36fad53..5f139bbe9 100644 --- a/modules/ROOT/pages/security/securing-extensions.adoc +++ b/modules/ROOT/pages/security/securing-extensions.adoc @@ -1,6 +1,6 @@ [[securing-extensions]] = Securing extensions -:description: This page describes how to use allow listing to ensure the security of custom-written additions in Neo4j. +:description: This page describes how to use allow listing and unrestricting to ensure the security of custom-written additions in Neo4j. Neo4j can be extended by writing custom code which can be invoked directly from Cypher, as described in link:{neo4j-docs-base-uri}/java-reference/{page-version}/extending-neo4j/procedures#extending-neo4j-procedures[Java Reference -> User-defined procedures] and link:{neo4j-docs-base-uri}/java-reference/{page-version}/extending-neo4j/functions#extending-neo4j-functions[Java Reference -> User-defined functions]. This page describes how to ensure the security of these additions. @@ -10,21 +10,23 @@ This page describes how to ensure the security of these additions. == Allow listing Allow listing can be used to allow the loading of only a few extensions from a larger library. +It is recommended to load extensions using the principle of least privilege. +This principle dictates that you only load the procedures and functions necessary to execute your queries. -The configuration setting xref:reference/configuration-settings.adoc#config_dbms.security.procedures.allowlist[`dbms.security.procedures.allowlist`] is used to name certain procedures that should be available from a library. -It defines a comma-separated list of procedures that are to be loaded. +The configuration setting xref:reference/configuration-settings.adoc#config_dbms.security.procedures.allowlist[`dbms.security.procedures.allowlist`] is used to name certain procedures and functions that should be available from a library. +It defines a comma-separated list of procedures and functions that are to be loaded. The list may contain both fully qualified procedure names, and partial names with the wildcard `*`. .Allow listing ==== -In this example we wish to allow the use of the method `apoc.load.json` as well as all the methods under `apoc.coll`. +In this example, we need to allow the use of the method `apoc.load.json` as well as all the methods under `apoc.coll`. We do not want to make available any additional extensions from the `apoc` library, other than the ones matching these criteria. [source, properties] ---- # Example allow listing -dbms.security.procedures.allowlist=apoc.coll.*,apoc.load.* +dbms.security.procedures.allowlist=apoc.coll.*,apoc.load.json ---- ==== @@ -32,5 +34,33 @@ There are a few things that should be noted about `dbms.security.procedures.allo * If using this setting, no extensions other than those listed will be loaded. In particular, if it is set to the empty string, no extensions will be loaded. + +[WARNING] +==== +// tag::warnings[] * The default of the setting is `*`. This means that if you do not explicitly give it a value (or no value), all libraries in the xref:configuration/file-locations.adoc[_plugins_] directory will be loaded. +// end::warnings[] +==== + +[[unrestricting]] +== Unrestricting + +For security reasons, procedures and functions that use internal APIs are disabled by default. +In this case, it is also recommended to use the principle of least privilege and only unrestrict those procedures and functions which you are certain to use. + +Procedures and functions can be unrestricted using the configuration setting xref:reference/configuration-settings.adoc#config_dbms.security.procedures.unrestricted[`dbms.security.procedures.unrestricted`]. +It defines a comma-separated list of procedures and functions that are to be unrestricted. +The list may contain both fully qualified procedure and function names, and partial names with the wildcard (`*`) expression. + +.Unrestricting +==== + +In this example, we need to unrestict the use of the procedures `apoc.cypher.runFirstColumn` and `apoc.cypher.doIt`. + +[source, properties] +---- +# Example unrestricting +dbms.security.procedures.unrestricted=apoc.cypher.runFirstColumn,apoc.cypher.doIt +---- +==== From 3ec4260054569795da877e2ea6e03d9860ae5ccb Mon Sep 17 00:00:00 2001 From: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> Date: Fri, 13 Jan 2023 11:15:04 +0100 Subject: [PATCH 075/876] remove diagram mentioning core and rr (#315) (#316) --- modules/ROOT/pages/clustering/introduction.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/clustering/introduction.adoc b/modules/ROOT/pages/clustering/introduction.adoc index 4a8e994b3..fb549d012 100644 --- a/modules/ROOT/pages/clustering/introduction.adoc +++ b/modules/ROOT/pages/clustering/introduction.adoc @@ -104,7 +104,7 @@ This simplifies interaction with large clusters, allowing clients to treat them Causal consistency makes it possible to write to databases hosted on servers in primary mode (where data is safe) and read those writes from databases hosted on servers in secondary mode (where graph operations are scaled out). For example, causal consistency guarantees that the write which created a user account is present when that same user subsequently attempts to log in. -image::causal-clustering-drivers.svg[title="Cluster setup with causal consistency via Neo4j drivers", role="middle"] +//image::causal-clustering-drivers.svg[title="Cluster setup with causal consistency via Neo4j drivers", role="middle"] On executing a transaction, the client can ask for a bookmark which it then presents as a parameter to subsequent transactions. Using that bookmark, the cluster can ensure that only servers which have processed the client's bookmarked transaction will run its next transaction. From af416bdedb9f167ad39017a1df5b9465ece459d8 Mon Sep 17 00:00:00 2001 From: Tony Butterfield <1846725+tonbut@users.noreply.github.com> Date: Fri, 13 Jan 2023 10:31:18 +0000 Subject: [PATCH 076/876] copy from 4.4 --- .../clustering/monitoring/endpoints.adoc | 243 +++++++++++++++++- 1 file changed, 241 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/clustering/monitoring/endpoints.adoc b/modules/ROOT/pages/clustering/monitoring/endpoints.adoc index 8978a414b..62abbd203 100644 --- a/modules/ROOT/pages/clustering/monitoring/endpoints.adoc +++ b/modules/ROOT/pages/clustering/monitoring/endpoints.adoc @@ -1,4 +1,243 @@ :description: This section desxcribes how to monitor cluster endpoints [role=enterprise-edition] -[[monitoring-endpoints]] -= Monitor cluster endpoints + += Monitor cluster endpoints for status information + +[abstract] +-- +This section describes HTTP endpoints for monitoring the health of a Neo4j Causal Cluster. +-- + +A Causal Cluster exposes some HTTP endpoints which can be used to monitor the health of the cluster. +In this section we will describe these endpoints and explain their semantics. + + +[[causal-clustering-http-endpoints-adjusting-security-for-cc]] +== Adjusting security settings for Causal Clustering endpoints + +If authentication and authorization is enabled in Neo4j, the Causal Clustering status endpoints will also require authentication credentials. +The setting <> controls whether the native auth provider is enabled. +For some load balancers and proxy servers, providing authentication credentials with the request is not an option. +For those situations, consider disabling authentication of the Causal Clustering status endpoints by setting <> in <>. + + +[[causal-clustering-http-endpoints-unified]] +== Unified endpoints + +A unified set of endpoints exist, both on Core Servers and on Read Replicas, with the following behavior: + +* `/db//cluster/writable` -- Used to direct `write` traffic to specific instances. +* `/db//cluster/read-only` -- Used to direct `read` traffic to specific instances. +* `/db//cluster/available` -- Available for the general case of directing arbitrary request types to instances that are available for processing read transactions. +* `/db//cluster/status` -- Gives a detailed description of this instance's view of its status within the cluster, for the given database. +* `/dbms/cluster/status` -- Gives a detailed description of this instance's view of its status within the cluster, for all databases. +Useful for monitoring and coordinating rolling upgrades. +See <> for further details. + +Every `/db//*` endpoint targets a specific database. +The `databaseName` path parameter represents the name of the database. +By default, a fresh Neo4j installation with two databases `system` and `neo4j` will have the following cluster endpoints: + +[source] +-------------- +http://localhost:7474/dbms/cluster/status + +http://localhost:7474/db/system/cluster/writable +http://localhost:7474/db/system/cluster/read-only +http://localhost:7474/db/system/cluster/available +http://localhost:7474/db/system/cluster/status + +http://localhost:7474/db/neo4j/cluster/writable +http://localhost:7474/db/neo4j/cluster/read-only +http://localhost:7474/db/neo4j/cluster/available +http://localhost:7474/db/neo4j/cluster/status +-------------- + +.Unified HTTP endpoint responses +[options="header", cols="<3a,1,<2a,<2a"] +|=== +| Endpoint | Instance state | Returned code | Body text +.3+<.^| `/db//cluster/writable` <| Leader | `200 OK` | `true` + <| Follower | `404 Not Found` | `false` + <| Read Replica | `404 Not Found` | `false` +.3+<.^| `/db//cluster/read-only` <| Leader | `404 Not Found` | `false` + <| Follower | `200 OK` | `true` + <| Read Replica | `200 OK` | `true` +.3+<.^| `/db//cluster/available` <| Leader | `200 OK` | `true` + <| Follower | `200 OK` | `true` + <| Read Replica | `200 OK` | `true` +.3+<.^| `/db//cluster/status` <| Leader | `200 OK` | JSON - See <> for details. + <| Follower | `200 OK` | JSON - See <> for details. + <| Read Replica | `200 OK` | JSON - See <> for details. +.3+<.^| `/dbms/cluster/status` <| Leader | `200 OK` | JSON - See <> for details. + <| Follower | `200 OK` | JSON - See <> for details. + <| Read Replica | `200 OK` | JSON - See <> for details. +|=== + + +.Use a Causal Clustering monitoring endpoint +==== +From the command line, a common way to ask those endpoints is to use `curl`. +With no arguments, `curl` will do an HTTP `GET` on the URI provided and will output the body text, if any. +If you also want to get the response code, just add the `-v` flag for verbose output. +Here are some examples: + +* Requesting `writable` endpoint on a Core Server that is currently elected leader with verbose output: + +[source, curl] +-------------- +#> curl -v localhost:7474/db/neo4j/cluster/writable +* About to connect() to localhost port 7474 (#0) +* Trying ::1... +* connected +* Connected to localhost (::1) port 7474 (#0) +> GET /db/neo4j/cluster/writable HTTP/1.1 +> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5 +> Host: localhost:7474 +> Accept: */* +> +< HTTP/1.1 200 OK +< Content-Type: text/plain +< Access-Control-Allow-Origin: * +< Transfer-Encoding: chunked +< Server: Jetty(9.4.17) +< +* Connection #0 to host localhost left intact +true* Closing connection #0 +-------------- +==== + + +[[causal-clustering-http-endpoints-status]] +=== Status endpoints + +The status endpoint, available at `/db//cluster/status`, is to be used to assist with rolling upgrades. +For more information, see link:{upgrade-current-uri}/upgrade/upgrade-4.4/causal-cluster/[Upgrade and Migration Guide -> Upgrade a Causal Cluster]. + +Typically, you will want to have some guarantee that a Core is safe to shutdown for each database before removing it from a cluster. +Counter intuitively, a core being safe to shutdown means that a majority of the *other* cores are healthy, caught up, and have recently heard from that database's leader. +The status endpoints provide the following information in order to help resolve such issues. + +[NOTE] +==== +Several of the fields in status endpoint responses refer to details of <>, the algorithm used in Neo4j Causal Clusters to provide highly available transactions. +When using multiple databases, each database implements Raft independently. +Therefore, details such as `leader` and `raftCommandsPerSecond` are database specific. +==== + +[[causal-clustering-http-endpoints-status-example]] +.Example status response +==== +[source, json] +-------------- +{ + "lastAppliedRaftIndex":0, + "votingMembers":["30edc1c4-519c-4030-8348-7cb7af44f591","80a7fb7b-c966-4ee7-88a9-35db8b4d68fe","f9301218-1fd4-4938-b9bb-a03453e1f779"], + "memberId":"80a7fb7b-c966-4ee7-88a9-35db8b4d68fe", + "leader":"30edc1c4-519c-4030-8348-7cb7af44f591", + "millisSinceLastLeaderMessage":84545, + "participatingInRaftGroup":true, + "core":true, + "isHealthy":true, + "raftCommandsPerSecond":124 +} +-------------- +==== + +.Status endpoint descriptions +[options="header", cols="2,1,1,2,4"] +|=== +| Field | Type |Optional| Example | Description +| `core` | boolean | no | `true` | Used to distinguish between Core Servers and Read Replicas. +| `lastAppliedRaftIndex` | number | no | `4321` | Every transaction in a cluster is associated with a raft index. + + Gives an indication of what the latest applied raft log index is. +| `participatingInRaftGroup` | boolean | no | `false` | A participating member is able to vote. + A Core is considered participating when it is part of the voter membership and has kept track of the leader. +| `votingMembers` | string[] | no | `[]` | A member is considered a voting member when the leader has been receiving communication with it. + + List of member's `memberId` that are considered part of the voting set by this Core. +| `isHealthy` | boolean | no | `true` | Reflects that the local database of this member has not encountered a critical error preventing it from writing locally. +| `memberId` | string | no | `30edc1c4-519c-4030-8348-7cb7af44f591` | Every member in a cluster has it's own unique member id to identify it. + Use `memberId` to distinguish between Core and Read Replica. +| `leader` | string | yes | `80a7fb7b-c966-4ee7-88a9-35db8b4d68fe` | Follows the same format as `memberId`, but if it is null or missing, then the leader is unknown. +| `millisSinceLastLeaderMessage` | number | yes | `1234` | The number of milliseconds since the last heartbeat-like leader message. + Not relevant to Read Replicas, and hence is not included. +| `raftCommandsPerSecond` | number | yes | `124` | An estimate of the average Raft state machine throughput over a sampling windown configurable via `causal_clustering.status_throughput_window` setting. +|=== + +After an instance has been switched on, you can access the status endpoint in order to make sure all the guarantees listed in the table below are met. + +To get the most accurate view of a cluster it is strongly recommended to access the _status endpoint_ on all core members and compare the result. +The following table explains how results can be compared. + +.Measured values, accessed via the status endpoint +[options="header", cols="<1,2,2"] +|=== +| Name of check | Method of calculation | Description +| `allServersAreHealthy` | Every Core's status endpoint indicates `isHealthy`==`true`. | We want to make sure the data across the entire cluster is healthy. + Whenever any Cores are false that indicates a larger problem. +| `allVotingSetsAreEqual` | For any 2 Cores (A and B), status endpoint A's `votingMembers`== status endpoint B's `votingMembers`. | When the voting begins, all the Cores are equal to each other, and you know all members agree on membership. +| `allVotingSetsContainAtLeastTargetCluster` | For all Cores (*S*), excluding Core Z (to be switched off), every member in *S* contains *S* in their voting set. + Membership is determined by using the `memberId` and `votingMembers` from the status endpoint. | Sometimes network conditions will not be perfect and it may make sense to switch off a different Core to the one we originally wanted to switch off. + If you run this check for all Cores, the ones that match this condition can be switched off (providing other conditions are also met). +| `hasOneLeader` | For any 2 Cores (A and B), `A.leader == B.leader && leader!=null`. | If the leader is different then there may be a partition (alternatively, this could also occur due to bad timing). + If the leader is unknown, that means the leader messages have actually timed out. +| `noMembersLagging` | For Core A with `lastAppliedRaftIndex` = `min`, and Core B with `lastAppliedRaftIndex` = `max`, `B.lastAppliedRaftIndex-A.lastAppliedRaftIndex/cluster/status` endpoint, you can use the `/dbms/cluster/status` instead. + +This endpoint returns a json array, the elements of which contain the same fields as the <>, along with fields for for `databaseName` and `databaseUuid`. + +.Example combined status response +==== +[source, json] +-------------- +[ + { + "databaseName": "neo4j", + "databaseUuid": "f4dacc01-f88a-4512-b3bf-68f7539c941e", + "databaseStatus": { + "lastAppliedRaftIndex": -1, + "votingMembers": [ + "0cff51ad-7cee-44cc-9102-538fc4544b95", + "90ff5df1-f5f8-4b4c-8289-a0e3deb2235c", + "99ca7cd0-6072-4387-bd41-7566a98c6afc" + ], + "memberId": "90ff5df1-f5f8-4b4c-8289-a0e3deb2235c", + "leader": "90ff5df1-f5f8-4b4c-8289-a0e3deb2235c", + "millisSinceLastLeaderMessage": 0, + "raftCommandsPerSecond": 0.0, + "core": true, + "participatingInRaftGroup": true, + "healthy": true + } + }, + { + "databaseName": "system", + "databaseUuid": "00000000-0000-0000-0000-000000000001", + "databaseStatus": { + "lastAppliedRaftIndex": 7, + "votingMembers": [ + "0cff51ad-7cee-44cc-9102-538fc4544b95", + "90ff5df1-f5f8-4b4c-8289-a0e3deb2235c", + "99ca7cd0-6072-4387-bd41-7566a98c6afc" + ], + "memberId": "90ff5df1-f5f8-4b4c-8289-a0e3deb2235c", + "leader": "90ff5df1-f5f8-4b4c-8289-a0e3deb2235c", + "millisSinceLastLeaderMessage": 0, + "raftCommandsPerSecond": 0.0, + "core": true, + "participatingInRaftGroup": true, + "healthy": true + } + } +] +-------------- +==== + From 1b6873f4a6dff87a6e4762846b89f244510787c1 Mon Sep 17 00:00:00 2001 From: Tony Butterfield <1846725+tonbut@users.noreply.github.com> Date: Fri, 13 Jan 2023 12:36:02 +0000 Subject: [PATCH 077/876] Deprecated raftCommandsPerSecond and replaced obsolete language --- .../clustering/monitoring/endpoints.adoc | 86 +++++++++---------- 1 file changed, 43 insertions(+), 43 deletions(-) diff --git a/modules/ROOT/pages/clustering/monitoring/endpoints.adoc b/modules/ROOT/pages/clustering/monitoring/endpoints.adoc index 62abbd203..6169a781e 100644 --- a/modules/ROOT/pages/clustering/monitoring/endpoints.adoc +++ b/modules/ROOT/pages/clustering/monitoring/endpoints.adoc @@ -5,26 +5,26 @@ [abstract] -- -This section describes HTTP endpoints for monitoring the health of a Neo4j Causal Cluster. +This section describes HTTP endpoints for monitoring the health of a Neo4j Cluster. -- -A Causal Cluster exposes some HTTP endpoints which can be used to monitor the health of the cluster. +A cluster exposes some HTTP endpoints which can be used to monitor the health of the cluster. In this section we will describe these endpoints and explain their semantics. -[[causal-clustering-http-endpoints-adjusting-security-for-cc]] -== Adjusting security settings for Causal Clustering endpoints +[[clustering-http-endpoints-adjusting-security-for-cc]] +== Adjusting security settings for clustering endpoints -If authentication and authorization is enabled in Neo4j, the Causal Clustering status endpoints will also require authentication credentials. +If authentication and authorization is enabled in Neo4j, the clustering status endpoints will also require authentication credentials. The setting <> controls whether the native auth provider is enabled. For some load balancers and proxy servers, providing authentication credentials with the request is not an option. -For those situations, consider disabling authentication of the Causal Clustering status endpoints by setting <> in <>. +For those situations, consider disabling authentication of the clustering status endpoints by setting <> in <>. -[[causal-clustering-http-endpoints-unified]] +[[clustering-http-endpoints-unified]] == Unified endpoints -A unified set of endpoints exist, both on Core Servers and on Read Replicas, with the following behavior: +A unified set of endpoints exist, both on Primary and Secondary Servers, with the following behavior: * `/db//cluster/writable` -- Used to direct `write` traffic to specific instances. * `/db//cluster/read-only` -- Used to direct `read` traffic to specific instances. @@ -32,7 +32,7 @@ A unified set of endpoints exist, both on Core Servers and on Read Replicas, wit * `/db//cluster/status` -- Gives a detailed description of this instance's view of its status within the cluster, for the given database. * `/dbms/cluster/status` -- Gives a detailed description of this instance's view of its status within the cluster, for all databases. Useful for monitoring and coordinating rolling upgrades. -See <> for further details. +See <> for further details. Every `/db//*` endpoint targets a specific database. The `databaseName` path parameter represents the name of the database. @@ -59,30 +59,30 @@ http://localhost:7474/db/neo4j/cluster/status | Endpoint | Instance state | Returned code | Body text .3+<.^| `/db//cluster/writable` <| Leader | `200 OK` | `true` <| Follower | `404 Not Found` | `false` - <| Read Replica | `404 Not Found` | `false` + <| Secondary | `404 Not Found` | `false` .3+<.^| `/db//cluster/read-only` <| Leader | `404 Not Found` | `false` <| Follower | `200 OK` | `true` - <| Read Replica | `200 OK` | `true` + <| Secondary | `200 OK` | `true` .3+<.^| `/db//cluster/available` <| Leader | `200 OK` | `true` <| Follower | `200 OK` | `true` - <| Read Replica | `200 OK` | `true` -.3+<.^| `/db//cluster/status` <| Leader | `200 OK` | JSON - See <> for details. - <| Follower | `200 OK` | JSON - See <> for details. - <| Read Replica | `200 OK` | JSON - See <> for details. -.3+<.^| `/dbms/cluster/status` <| Leader | `200 OK` | JSON - See <> for details. - <| Follower | `200 OK` | JSON - See <> for details. - <| Read Replica | `200 OK` | JSON - See <> for details. + <| Secondary | `200 OK` | `true` +.3+<.^| `/db//cluster/status` <| Leader | `200 OK` | JSON - See <> for details. + <| Follower | `200 OK` | JSON - See <> for details. + <| Secondary | `200 OK` | JSON - See <> for details. +.3+<.^| `/dbms/cluster/status` <| Leader | `200 OK` | JSON - See <> for details. + <| Follower | `200 OK` | JSON - See <> for details. + <| Secondary | `200 OK` | JSON - See <> for details. |=== -.Use a Causal Clustering monitoring endpoint +.Use a clustering monitoring endpoint ==== From the command line, a common way to ask those endpoints is to use `curl`. With no arguments, `curl` will do an HTTP `GET` on the URI provided and will output the body text, if any. If you also want to get the response code, just add the `-v` flag for verbose output. Here are some examples: -* Requesting `writable` endpoint on a Core Server that is currently elected leader with verbose output: +* Requesting `writable` endpoint on a Primary Server that is currently elected leader with verbose output: [source, curl] -------------- @@ -108,24 +108,24 @@ true* Closing connection #0 ==== -[[causal-clustering-http-endpoints-status]] +[[clustering-http-endpoints-status]] === Status endpoints The status endpoint, available at `/db//cluster/status`, is to be used to assist with rolling upgrades. -For more information, see link:{upgrade-current-uri}/upgrade/upgrade-4.4/causal-cluster/[Upgrade and Migration Guide -> Upgrade a Causal Cluster]. +For more information, see link:{upgrade-current-uri}/upgrade/upgrade-4.4/cluster/[Upgrade and Migration Guide -> Upgrade a cluster]. -Typically, you will want to have some guarantee that a Core is safe to shutdown for each database before removing it from a cluster. -Counter intuitively, a core being safe to shutdown means that a majority of the *other* cores are healthy, caught up, and have recently heard from that database's leader. +Typically, you will want to have some guarantee that a Primary is safe to shutdown for each database before removing it from a cluster. +Counter intuitively, a primary being safe to shutdown means that a majority of the *other* primaries are healthy, caught up, and have recently heard from that database's leader. The status endpoints provide the following information in order to help resolve such issues. [NOTE] ==== -Several of the fields in status endpoint responses refer to details of <>, the algorithm used in Neo4j Causal Clusters to provide highly available transactions. +Several of the fields in status endpoint responses refer to details of <>, the algorithm used in Neo4j clusters to provide highly available transactions. When using multiple databases, each database implements Raft independently. Therefore, details such as `leader` and `raftCommandsPerSecond` are database specific. ==== -[[causal-clustering-http-endpoints-status-example]] +[[clustering-http-endpoints-status-example]] .Example status response ==== [source, json] @@ -148,51 +148,51 @@ Therefore, details such as `leader` and `raftCommandsPerSecond` are database spe [options="header", cols="2,1,1,2,4"] |=== | Field | Type |Optional| Example | Description -| `core` | boolean | no | `true` | Used to distinguish between Core Servers and Read Replicas. +| `core` | boolean | no | `true` | Used to distinguish between Primary (core) and Secondary servers. | `lastAppliedRaftIndex` | number | no | `4321` | Every transaction in a cluster is associated with a raft index. Gives an indication of what the latest applied raft log index is. | `participatingInRaftGroup` | boolean | no | `false` | A participating member is able to vote. - A Core is considered participating when it is part of the voter membership and has kept track of the leader. + A Primary is considered participating when it is part of the voter membership and has kept track of the leader. | `votingMembers` | string[] | no | `[]` | A member is considered a voting member when the leader has been receiving communication with it. - List of member's `memberId` that are considered part of the voting set by this Core. + List of member's `memberId` that are considered part of the voting set by this Primary. | `isHealthy` | boolean | no | `true` | Reflects that the local database of this member has not encountered a critical error preventing it from writing locally. | `memberId` | string | no | `30edc1c4-519c-4030-8348-7cb7af44f591` | Every member in a cluster has it's own unique member id to identify it. - Use `memberId` to distinguish between Core and Read Replica. + Use `memberId` to distinguish between Primary and Secondary Servers. | `leader` | string | yes | `80a7fb7b-c966-4ee7-88a9-35db8b4d68fe` | Follows the same format as `memberId`, but if it is null or missing, then the leader is unknown. | `millisSinceLastLeaderMessage` | number | yes | `1234` | The number of milliseconds since the last heartbeat-like leader message. - Not relevant to Read Replicas, and hence is not included. -| `raftCommandsPerSecond` | number | yes | `124` | An estimate of the average Raft state machine throughput over a sampling windown configurable via `causal_clustering.status_throughput_window` setting. + Not relevant to Secondaries, and hence is not included. +| `raftCommandsPerSecond` [role=deprecated] | number | yes | `124` | An estimate of the average Raft state machine throughput over a sampling windown configurable via `clustering.status_throughput_window` setting. |=== After an instance has been switched on, you can access the status endpoint in order to make sure all the guarantees listed in the table below are met. -To get the most accurate view of a cluster it is strongly recommended to access the _status endpoint_ on all core members and compare the result. +To get the most accurate view of a cluster it is strongly recommended to access the _status endpoint_ on all primary members and compare the result. The following table explains how results can be compared. .Measured values, accessed via the status endpoint [options="header", cols="<1,2,2"] |=== | Name of check | Method of calculation | Description -| `allServersAreHealthy` | Every Core's status endpoint indicates `isHealthy`==`true`. | We want to make sure the data across the entire cluster is healthy. - Whenever any Cores are false that indicates a larger problem. -| `allVotingSetsAreEqual` | For any 2 Cores (A and B), status endpoint A's `votingMembers`== status endpoint B's `votingMembers`. | When the voting begins, all the Cores are equal to each other, and you know all members agree on membership. -| `allVotingSetsContainAtLeastTargetCluster` | For all Cores (*S*), excluding Core Z (to be switched off), every member in *S* contains *S* in their voting set. - Membership is determined by using the `memberId` and `votingMembers` from the status endpoint. | Sometimes network conditions will not be perfect and it may make sense to switch off a different Core to the one we originally wanted to switch off. - If you run this check for all Cores, the ones that match this condition can be switched off (providing other conditions are also met). -| `hasOneLeader` | For any 2 Cores (A and B), `A.leader == B.leader && leader!=null`. | If the leader is different then there may be a partition (alternatively, this could also occur due to bad timing). +| `allServersAreHealthy` | Every Primaries' status endpoint indicates `isHealthy`==`true`. | We want to make sure the data across the entire cluster is healthy. + Whenever any Primaries are false that indicates a larger problem. +| `allVotingSetsAreEqual` | For any 2 Primaries (A and B), status endpoint A's `votingMembers`== status endpoint B's `votingMembers`. | When the voting begins, all the Primaries are equal to each other, and you know all members agree on membership. +| `allVotingSetsContainAtLeastTargetCluster` | For all Primaries (*S*), excluding Primary Z (to be switched off), every member in *S* contains *S* in their voting set. + Membership is determined by using the `memberId` and `votingMembers` from the status endpoint. | Sometimes network conditions will not be perfect and it may make sense to switch off a different Primary to the one we originally wanted to switch off. + If you run this check for all Primaries, the ones that match this condition can be switched off (providing other conditions are also met). +| `hasOneLeader` | For any 2 Primaries (A and B), `A.leader == B.leader && leader!=null`. | If the leader is different then there may be a partition (alternatively, this could also occur due to bad timing). If the leader is unknown, that means the leader messages have actually timed out. -| `noMembersLagging` | For Core A with `lastAppliedRaftIndex` = `min`, and Core B with `lastAppliedRaftIndex` = `max`, `B.lastAppliedRaftIndex-A.lastAppliedRaftIndex/cluster/status` endpoint, you can use the `/dbms/cluster/status` instead. -This endpoint returns a json array, the elements of which contain the same fields as the <>, along with fields for for `databaseName` and `databaseUuid`. +This endpoint returns a json array, the elements of which contain the same fields as the <>, along with fields for for `databaseName` and `databaseUuid`. .Example combined status response ==== From 32a45e5e4691eb6fbbfe52674a806d6fa3c078b5 Mon Sep 17 00:00:00 2001 From: AlexicaWright <49636617+AlexicaWright@users.noreply.github.com> Date: Fri, 13 Jan 2023 14:55:39 +0100 Subject: [PATCH 078/876] edits mainly for consistency and some typos --- .../clustering/monitoring/endpoints.adoc | 45 +++++++++---------- 1 file changed, 20 insertions(+), 25 deletions(-) diff --git a/modules/ROOT/pages/clustering/monitoring/endpoints.adoc b/modules/ROOT/pages/clustering/monitoring/endpoints.adoc index 6169a781e..772077950 100644 --- a/modules/ROOT/pages/clustering/monitoring/endpoints.adoc +++ b/modules/ROOT/pages/clustering/monitoring/endpoints.adoc @@ -1,21 +1,16 @@ -:description: This section desxcribes how to monitor cluster endpoints +:description: This section describes how to monitor cluster endpoints [role=enterprise-edition] = Monitor cluster endpoints for status information -[abstract] --- -This section describes HTTP endpoints for monitoring the health of a Neo4j Cluster. --- - A cluster exposes some HTTP endpoints which can be used to monitor the health of the cluster. -In this section we will describe these endpoints and explain their semantics. +This section describes these endpoints and explains their semantics. [[clustering-http-endpoints-adjusting-security-for-cc]] == Adjusting security settings for clustering endpoints -If authentication and authorization is enabled in Neo4j, the clustering status endpoints will also require authentication credentials. +If authentication and authorization is enabled in Neo4j, the clustering status endpoints also require authentication credentials. The setting <> controls whether the native auth provider is enabled. For some load balancers and proxy servers, providing authentication credentials with the request is not an option. For those situations, consider disabling authentication of the clustering status endpoints by setting <> in <>. @@ -24,7 +19,7 @@ For those situations, consider disabling authentication of the clustering status [[clustering-http-endpoints-unified]] == Unified endpoints -A unified set of endpoints exist, both on Primary and Secondary Servers, with the following behavior: +A unified set of endpoints exist, both on Primary and Secondary servers, with the following behavior: * `/db//cluster/writable` -- Used to direct `write` traffic to specific instances. * `/db//cluster/read-only` -- Used to direct `read` traffic to specific instances. @@ -36,7 +31,7 @@ See <> for further details. Every `/db//*` endpoint targets a specific database. The `databaseName` path parameter represents the name of the database. -By default, a fresh Neo4j installation with two databases `system` and `neo4j` will have the following cluster endpoints: +By default, a fresh Neo4j installation with two databases `system` and `neo4j` has the following cluster endpoints: [source] -------------- @@ -78,11 +73,11 @@ http://localhost:7474/db/neo4j/cluster/status .Use a clustering monitoring endpoint ==== From the command line, a common way to ask those endpoints is to use `curl`. -With no arguments, `curl` will do an HTTP `GET` on the URI provided and will output the body text, if any. -If you also want to get the response code, just add the `-v` flag for verbose output. +With no arguments, `curl` does an HTTP `GET` on the URI provided and outputs the body text, if any. +If the response code is desired, just add the `-v` flag for verbose output. Here are some examples: -* Requesting `writable` endpoint on a Primary Server that is currently elected leader with verbose output: +* Requesting `writable` endpoint on a Primary server that is currently elected leader with verbose output: [source, curl] -------------- @@ -114,15 +109,15 @@ true* Closing connection #0 The status endpoint, available at `/db//cluster/status`, is to be used to assist with rolling upgrades. For more information, see link:{upgrade-current-uri}/upgrade/upgrade-4.4/cluster/[Upgrade and Migration Guide -> Upgrade a cluster]. -Typically, you will want to have some guarantee that a Primary is safe to shutdown for each database before removing it from a cluster. -Counter intuitively, a primary being safe to shutdown means that a majority of the *other* primaries are healthy, caught up, and have recently heard from that database's leader. +Typically, it is desired to have some guarantee that a Primary is safe to shutdown for each database before removing it from a cluster. +Counter-intuitively, that a Primary is safe to shutdown means that a majority of the *other* Primaries are healthy, caught up, and have recently heard from that database's leader. The status endpoints provide the following information in order to help resolve such issues. [NOTE] ==== Several of the fields in status endpoint responses refer to details of <>, the algorithm used in Neo4j clusters to provide highly available transactions. When using multiple databases, each database implements Raft independently. -Therefore, details such as `leader` and `raftCommandsPerSecond` are database specific. +Therefore, details such as `leader` and `raftCommandsPerSecond` are database-specific. ==== [[clustering-http-endpoints-status-example]] @@ -159,14 +154,14 @@ Therefore, details such as `leader` and `raftCommandsPerSecond` are database spe List of member's `memberId` that are considered part of the voting set by this Primary. | `isHealthy` | boolean | no | `true` | Reflects that the local database of this member has not encountered a critical error preventing it from writing locally. | `memberId` | string | no | `30edc1c4-519c-4030-8348-7cb7af44f591` | Every member in a cluster has it's own unique member id to identify it. - Use `memberId` to distinguish between Primary and Secondary Servers. + Use `memberId` to distinguish between Primary and Secondary servers. | `leader` | string | yes | `80a7fb7b-c966-4ee7-88a9-35db8b4d68fe` | Follows the same format as `memberId`, but if it is null or missing, then the leader is unknown. | `millisSinceLastLeaderMessage` | number | yes | `1234` | The number of milliseconds since the last heartbeat-like leader message. Not relevant to Secondaries, and hence is not included. -| `raftCommandsPerSecond` [role=deprecated] | number | yes | `124` | An estimate of the average Raft state machine throughput over a sampling windown configurable via `clustering.status_throughput_window` setting. +| `raftCommandsPerSecond` [role=deprecated] | number | yes | `124` | An estimate of the average Raft state machine throughput over a sampling window configurable via `clustering.status_throughput_window` setting. |=== -After an instance has been switched on, you can access the status endpoint in order to make sure all the guarantees listed in the table below are met. +After an instance has been switched on, the status endpoint can be accessed in order to make sure all the guarantees listed in the table below are met. To get the most accurate view of a cluster it is strongly recommended to access the _status endpoint_ on all primary members and compare the result. The following table explains how results can be compared. @@ -175,12 +170,12 @@ The following table explains how results can be compared. [options="header", cols="<1,2,2"] |=== | Name of check | Method of calculation | Description -| `allServersAreHealthy` | Every Primaries' status endpoint indicates `isHealthy`==`true`. | We want to make sure the data across the entire cluster is healthy. +| `allServersAreHealthy` | Every Primaries' status endpoint indicates `isHealthy`==`true`. | To en sure the data across the entire cluster is healthy. Whenever any Primaries are false that indicates a larger problem. -| `allVotingSetsAreEqual` | For any 2 Primaries (A and B), status endpoint A's `votingMembers`== status endpoint B's `votingMembers`. | When the voting begins, all the Primaries are equal to each other, and you know all members agree on membership. +| `allVotingSetsAreEqual` | For any 2 Primaries (A and B), status endpoint A's `votingMembers`== status endpoint B's `votingMembers`. | When the voting begins, all the Primaries are equal to each other, and all members agree on membership. | `allVotingSetsContainAtLeastTargetCluster` | For all Primaries (*S*), excluding Primary Z (to be switched off), every member in *S* contains *S* in their voting set. - Membership is determined by using the `memberId` and `votingMembers` from the status endpoint. | Sometimes network conditions will not be perfect and it may make sense to switch off a different Primary to the one we originally wanted to switch off. - If you run this check for all Primaries, the ones that match this condition can be switched off (providing other conditions are also met). + Membership is determined by using the `memberId` and `votingMembers` from the status endpoint. | Sometimes network conditions are not perfect and it may make sense to switch off a different Primary than the one originally was to be switched off. + If this check is run for all Primaries, the ones that match this condition can be switched off (providing other conditions are also met). | `hasOneLeader` | For any 2 Primaries (A and B), `A.leader == B.leader && leader!=null`. | If the leader is different then there may be a partition (alternatively, this could also occur due to bad timing). If the leader is unknown, that means the leader messages have actually timed out. | `noMembersLagging` | For Primary A with `lastAppliedRaftIndex` = `min`, and Primary B with `lastAppliedRaftIndex` = `max`, `B.lastAppliedRaftIndex-A.lastAppliedRaftIndex/cluster/status` endpoint, you can use the `/dbms/cluster/status` instead. +When using the status endpoints to support a rolling upgrade, it is required to assess whether a Primary is safe to shut down for *all* databases. +To avoid having to issue a separate request to each `/db//cluster/status` endpoint, use the `/dbms/cluster/status` instead. This endpoint returns a json array, the elements of which contain the same fields as the <>, along with fields for for `databaseName` and `databaseUuid`. From 5114f07129d884b1ce5f3cb676cf2bf6f349a944 Mon Sep 17 00:00:00 2001 From: AlexicaWright <49636617+AlexicaWright@users.noreply.github.com> Date: Fri, 13 Jan 2023 15:56:19 +0100 Subject: [PATCH 079/876] fixed links and deprecation label --- .../ROOT/pages/clustering/monitoring/endpoints.adoc | 10 ++++++---- modules/ROOT/pages/clustering/setup/deploy.adoc | 2 +- package-lock.json | 11 +++++++++++ 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/modules/ROOT/pages/clustering/monitoring/endpoints.adoc b/modules/ROOT/pages/clustering/monitoring/endpoints.adoc index 772077950..add1b9fb9 100644 --- a/modules/ROOT/pages/clustering/monitoring/endpoints.adoc +++ b/modules/ROOT/pages/clustering/monitoring/endpoints.adoc @@ -11,9 +11,9 @@ This section describes these endpoints and explains their semantics. == Adjusting security settings for clustering endpoints If authentication and authorization is enabled in Neo4j, the clustering status endpoints also require authentication credentials. -The setting <> controls whether the native auth provider is enabled. +The setting xref:reference/configuration-settings.adoc#config_dbms.security.auth_enabled[`dbms.security.auth_enabled`] controls whether the native auth provider is enabled. For some load balancers and proxy servers, providing authentication credentials with the request is not an option. -For those situations, consider disabling authentication of the clustering status endpoints by setting <> in <>. +For those situations, consider disabling authentication of the clustering status endpoints by setting xref:reference/configuration-settings.adoc#config_dbms.security.cluster_status_auth_enabled[`dbms.security.cluster_status_auth_enabled=false`] in xref:configuration/neo4j-conf.adoc[_neo4j.conf_]. [[clustering-http-endpoints-unified]] @@ -107,7 +107,7 @@ true* Closing connection #0 === Status endpoints The status endpoint, available at `/db//cluster/status`, is to be used to assist with rolling upgrades. -For more information, see link:{upgrade-current-uri}/upgrade/upgrade-4.4/cluster/[Upgrade and Migration Guide -> Upgrade a cluster]. +For more information, see link:https://neo4j.com/docs/upgrade-migration-guide/current/version-5/upgrade-minor/#_clusters[Upgrade and Migration Guide -> Clusters]. Typically, it is desired to have some guarantee that a Primary is safe to shutdown for each database before removing it from a cluster. Counter-intuitively, that a Primary is safe to shutdown means that a majority of the *other* Primaries are healthy, caught up, and have recently heard from that database's leader. @@ -158,7 +158,9 @@ Therefore, details such as `leader` and `raftCommandsPerSecond` are database-spe | `leader` | string | yes | `80a7fb7b-c966-4ee7-88a9-35db8b4d68fe` | Follows the same format as `memberId`, but if it is null or missing, then the leader is unknown. | `millisSinceLastLeaderMessage` | number | yes | `1234` | The number of milliseconds since the last heartbeat-like leader message. Not relevant to Secondaries, and hence is not included. -| `raftCommandsPerSecond` [role=deprecated] | number | yes | `124` | An estimate of the average Raft state machine throughput over a sampling window configurable via `clustering.status_throughput_window` setting. +| `raftCommandsPerSecond` label:deprecated[] | number | yes | `124` | An estimate of the average Raft state machine throughput over a sampling window configurable via `clustering.status_throughput_window` setting. +`raftCommandsPerSecond` is not an effective way to monitor that servers are not falling behind in updated and is hence deprecated and will be removed in the next major release of Neo4j. +It is recommended to use the metric `.clustering.core.commit_index` on each server and look for divergence instead. |=== After an instance has been switched on, the status endpoint can be accessed in order to make sure all the guarantees listed in the table below are met. diff --git a/modules/ROOT/pages/clustering/setup/deploy.adoc b/modules/ROOT/pages/clustering/setup/deploy.adoc index 8929fa1a4..0af6a4170 100644 --- a/modules/ROOT/pages/clustering/setup/deploy.adoc +++ b/modules/ROOT/pages/clustering/setup/deploy.adoc @@ -23,7 +23,7 @@ Setting this value to `0.0.0.0` makes Neo4j bind to all available network interf | xref:reference/configuration-settings.adoc#config_dbms.cluster.discovery.endpoints[`dbms.cluster.discovery.endpoints`] | This setting contains the network for at least one server in the cluster and must be set to the same value on all cluster members. The behavior of this setting can be modified by configuring the setting `dbms.cluster.discovery.type`. -This is described in detail in <> +This is described in detail in xref:clustering/setup/discovery.adoc[] | <> | The number of initial servers in primary mode. If not specified, it defaults to one server in primary mode. diff --git a/package-lock.json b/package-lock.json index 893fc273b..836a8a08e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -15,6 +15,7 @@ "@neo4j-antora/antora-modify-sitemaps": "^0.4.4", "@neo4j-antora/antora-page-roles": "^0.3.1", "@neo4j-antora/antora-table-footnotes": "^0.3.2", + "@neo4j-antora/antora-unlisted-pages": "^0.1.0", "@neo4j-documentation/macros": "^1.0.2", "@neo4j-documentation/remote-include": "^1.0.0" }, @@ -318,6 +319,11 @@ "resolved": "https://registry.npmjs.org/@neo4j-antora/antora-table-footnotes/-/antora-table-footnotes-0.3.2.tgz", "integrity": "sha512-DXEGVHMJumoKiY/ZCaGRTXl2OhPziPCHT+arj18TmpU50sUs+hyjOPuTkUXUvBwNZwm109Nm1PJPvKLVIJCZSg==" }, + "node_modules/@neo4j-antora/antora-unlisted-pages": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/@neo4j-antora/antora-unlisted-pages/-/antora-unlisted-pages-0.1.0.tgz", + "integrity": "sha512-z45k4/jicO6kY4Ze1efYXhnJOyvWszmgo8hobG8MTK95l3II1OvAibqeEx2V4NJB7LoHB7a1XEjNzqT29TLgAw==" + }, "node_modules/@neo4j-documentation/macros": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/@neo4j-documentation/macros/-/macros-1.0.2.tgz", @@ -3179,6 +3185,11 @@ "resolved": "https://registry.npmjs.org/@neo4j-antora/antora-table-footnotes/-/antora-table-footnotes-0.3.2.tgz", "integrity": "sha512-DXEGVHMJumoKiY/ZCaGRTXl2OhPziPCHT+arj18TmpU50sUs+hyjOPuTkUXUvBwNZwm109Nm1PJPvKLVIJCZSg==" }, + "@neo4j-antora/antora-unlisted-pages": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/@neo4j-antora/antora-unlisted-pages/-/antora-unlisted-pages-0.1.0.tgz", + "integrity": "sha512-z45k4/jicO6kY4Ze1efYXhnJOyvWszmgo8hobG8MTK95l3II1OvAibqeEx2V4NJB7LoHB7a1XEjNzqT29TLgAw==" + }, "@neo4j-documentation/macros": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/@neo4j-documentation/macros/-/macros-1.0.2.tgz", From a8f637313a068492fb3bd0cf2a405c814b7d2fd2 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Fri, 13 Jan 2023 17:35:27 +0100 Subject: [PATCH 080/876] Updating copyright from 2022 to 2023 (#319) (#333) Cherry-pick of https://github.com/neo4j/docs-operations/pull/319 --- preview.yml | 2 +- publish.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/preview.yml b/preview.yml index e321c5f74..6b00ad921 100644 --- a/preview.yml +++ b/preview.yml @@ -50,7 +50,7 @@ asciidoc: includePDF: false nonhtmloutput: "" experimental: '' - copyright: '2022' + copyright: '2023' common-license-page-uri: https://neo4j.com/docs/license/ check-mark: icon:check[] cross-mark: icon:times[] diff --git a/publish.yml b/publish.yml index e218ade0d..c06bb1ed1 100644 --- a/publish.yml +++ b/publish.yml @@ -50,7 +50,7 @@ asciidoc: includePDF: false nonhtmloutput: "" experimental: '' - copyright: '2022' + copyright: '2023' common-license-page-uri: https://neo4j.com/docs/license/ check-mark: icon:check[] cross-mark: icon:times[] From d4d35e8de1d9dd37cfd44b382ce3603e54eb77e7 Mon Sep 17 00:00:00 2001 From: Tony Butterfield <1846725+tonbut@users.noreply.github.com> Date: Fri, 13 Jan 2023 17:22:10 +0000 Subject: [PATCH 081/876] review feedback --- modules/ROOT/pages/clustering/monitoring/endpoints.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/clustering/monitoring/endpoints.adoc b/modules/ROOT/pages/clustering/monitoring/endpoints.adoc index add1b9fb9..35531f9e7 100644 --- a/modules/ROOT/pages/clustering/monitoring/endpoints.adoc +++ b/modules/ROOT/pages/clustering/monitoring/endpoints.adoc @@ -116,7 +116,7 @@ The status endpoints provide the following information in order to help resolve [NOTE] ==== Several of the fields in status endpoint responses refer to details of <>, the algorithm used in Neo4j clusters to provide highly available transactions. -When using multiple databases, each database implements Raft independently. +In a Neo4j cluster each database has its own independent Raft group. Therefore, details such as `leader` and `raftCommandsPerSecond` are database-specific. ==== @@ -143,7 +143,7 @@ Therefore, details such as `leader` and `raftCommandsPerSecond` are database-spe [options="header", cols="2,1,1,2,4"] |=== | Field | Type |Optional| Example | Description -| `core` | boolean | no | `true` | Used to distinguish between Primary (core) and Secondary servers. +| `core` | boolean | no | `true` | Used to distinguish between if the server is hosting the database in Primary (core) or Secondary mode. | `lastAppliedRaftIndex` | number | no | `4321` | Every transaction in a cluster is associated with a raft index. Gives an indication of what the latest applied raft log index is. From 0743d4e20cebc48e08694620472b8b36f286f7c4 Mon Sep 17 00:00:00 2001 From: Jack Waudby <33488812+jackwaudby@users.noreply.github.com> Date: Mon, 16 Jan 2023 14:16:22 +0000 Subject: [PATCH 082/876] Update documentation to reflect changes to server groups (#305) In 5.3 we introduced the concept of server tags which replaced the existing server groups. This PR updates the docs to reflect this change, this resulted in a few config settings changing. This PR also revives the hidden clustering advanced section. Co-authored-by: AlexicaWright <49636617+AlexicaWright@users.noreply.github.com> --- modules/ROOT/content-nav.adoc | 2 + .../ROOT/images/pipeline-of-strategies.svg | 6 +- .../clustering/clustering-advanced/index.adoc | 12 + .../multi-data-center-routing.adoc | 436 ++++++++++++++++++ modules/ROOT/pages/clustering/index.adoc | 2 + 5 files changed, 455 insertions(+), 3 deletions(-) create mode 100644 modules/ROOT/pages/clustering/clustering-advanced/index.adoc create mode 100644 modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc diff --git a/modules/ROOT/content-nav.adoc b/modules/ROOT/content-nav.adoc index 59c440a85..58b690a7b 100644 --- a/modules/ROOT/content-nav.adoc +++ b/modules/ROOT/content-nav.adoc @@ -98,6 +98,8 @@ ** xref:clustering/disaster-recovery.adoc[] //** xref:clustering/internals.adoc[] ** xref:clustering/settings.adoc[] +** xref:clustering/clustering-advanced/index.adoc[] +*** xref:clustering/clustering-advanced/multi-data-center-routing.adoc[] ** xref:clustering/glossary.adoc[] * xref:backup-restore/index.adoc[] diff --git a/modules/ROOT/images/pipeline-of-strategies.svg b/modules/ROOT/images/pipeline-of-strategies.svg index 6f0280626..7af1edd5a 100644 --- a/modules/ROOT/images/pipeline-of-strategies.svg +++ b/modules/ROOT/images/pipeline-of-strategies.svg @@ -13,14 +13,14 @@ connect-randomly-to- - server-group + server-tags typically-connect-to-random- - read-replica + secondary - connect-to-random-core-server + connect-to-random-primary-server diff --git a/modules/ROOT/pages/clustering/clustering-advanced/index.adoc b/modules/ROOT/pages/clustering/clustering-advanced/index.adoc new file mode 100644 index 000000000..87b1f2d49 --- /dev/null +++ b/modules/ROOT/pages/clustering/clustering-advanced/index.adoc @@ -0,0 +1,12 @@ +[role=enterprise-edition] +[[clustering-advanced]] += Advanced Clustering +:description: This appendix describes advanced features of a Neo4j Cluster. + +This section includes information about advanced deployments of a Neo4j Cluster. + +* xref:clustering/clustering-advanced/multi-data-center-routing.adoc[Multi-data center routing] -- Information about routing in multi-data center deployments. + +For details on the configuration and operation of a Neo4j cluster, see xref:clustering/index.adoc[Clustering]. + +For descriptions of settings related to running a Neo4j cluster, see xref:clustering/settings.adoc[Settings reference]. diff --git a/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc b/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc new file mode 100644 index 000000000..1beb350cb --- /dev/null +++ b/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc @@ -0,0 +1,436 @@ +[role=enterprise-edition] +[[multi-data-center-routing]] += Multi-data center routing +:description: This section shows how to configure Neo4j servers so that they are topology/data center-aware. It describes the precise configuration needed to achieve a scalable multi-data center deployment. + +This section describes the following: + +* <> +* <> +** <> +** <> +* <> +** <> +** <> +** <> +** <> +* <> +** <> +** <> +// ** <> +** <<#mdc-favoring-data-centers, Favoring data centers>> + +[[mdc-introduction]] +== Introduction + +When deploying a multi-data center cluster it is often desirable to take advantage of locality to reduce latency and improve performance. +For example, it is preferrable that graph-intensive workloads are executed in the local data center at LAN latencies rather than in a faraway data center at WAN latencies. Neo4j's _load balancing_ and _catchup strategy plugins_ for multi-data center scenarios facilitates precisely this. + +Neo4j's load balancing is a cooperative system where the driver asks the cluster on a recurring basis where it should direct the different classes of its workload (e.g., writes and reads). +This allows the driver to work independently for long stretches of time, yet check back from time to time to adapt to changes such as a new server having been added for increased capacity. +There are also failure situations where the driver asks again immediately, when it cannot use any of its allocated servers for example. + +This is mostly transparent from the perspective of a client. +On the server side, the load balancing behaviors are configured using a simple <>, _DSL_, and exposed under a named _load balancing policy_ which the driver can bind to. +All server-side configuration is performed on the Primary servers. + +Catchup strategy plugins are sets of rules that define how secondary servers contact upstream servers in the cluster in order to synchronize transaction logs. +Neo4j comes with a set of pre-defined strategies, and also user-defined strategies can be created using the same DSL. +Finally, Neo4j supports an API which advanced users may use to enhance upstream recommendations. + +Once a catchup strategy plugin resolves a satisfactory upstream server, it is used for pulling transactions to update the local secondary for a single synchronization. +For subsequent updates, the procedure is repeated so that the most preferred available upstream server is always resolved. + +[[mdc-prerequisite-configuration]] +== Prerequisite configuration + +[[mdc-server-tags]] +=== Server tags + +Both load balancing across multiple data centers and user-defined catchup strategies are predicated on the _Server Tag_ concept. + +In order to optimize the use of the cluster's servers according to the specific requirements, they are sorted using _Server Tags_. +Server tags can map to data centers, availability zones, or any other significant topological elements from the operator's domain, e.g., `us`, `us-east`. +Applying the same tag to multiple servers logically groups them together. +Note that servers can have mulitple tags. + +Server tags are defined as a key that maps onto a set of servers in a cluster. +Server tags are defined on each server using the `xref:reference/configuration-settings.adoc#config_initial.server.tags[initial.server.tags]` parameter in _neo4j.conf_. +Each server in a cluster can be tagged with to zero or more server tags. + +.Definition of grouping servers using server tags +==== + +Grouping servers using server tags is achieved in `neo4j.conf` as in the following examples: + +.Tag the current instance with `us` and `us-east` +[source, properties] +---- +initial.server.tags=us,us-east +---- + +.Tag the current instance with `london` +[source, properties] +---- +initial.server.tags=london +---- +.Tag the current instance with `eu` +[source, properties] +---- +initial.server.tags=eu +---- + +Note that membership of a group implied by a server tag is explicit. +For example, a server tagged with `gb-london` is not automatically part of the same tag group as a server that is tagged with `gb` or `eu` unless that server is also explicitly tagged with those tags. +==== + +[[mdc-primaries-for-reading]] +=== Primaries for reading + +Depending on the deployment and the available number of servers in the cluster, different strategies make sense for whether or not the reading workload should be routed to the primary servers. +The following configuration allows the routing of read workload to primary servers. +Valid values are `true` and `false`. + +[source, properties] +---- +dbms.routing.reads_on_primaries_enabled=true +---- + + +[[mdc-load-balancing-framework]] +== The load balancing framework + +There are different topology-aware load balancing options available for client applications in a multi-data center Neo4j deployment. +There are different ways to configure the load balancing for the cluster so that client applications can direct its workload at the most appropriate cluster members, such as those nearby. + +The load balancing system is based on a plugin architecture for future extensibility and for allowing user customizations. +The current version ships with exactly one such canned plugin called the _server policies_ plugin. + +The server policies plugin is selected by setting the following property: + +[source, properties] +---- +dbms.routing.load_balancing.plugin=server_policies +---- + +Under the server policies plugin, a number of load balancing policies can be configured server-side and be exposed to drivers under unique names. +The drivers, in turn, must on instantiation select an appropriate policy by specifying its name. +Common patterns for naming policies are after geographical regions or intended application groups. + +[IMPORTANT] +==== +It is crucial to define the exact same policies on all servers since this is to be regarded as cluster-wide configuration and failure to do so leads to unpredictable behavior. +Similarly, policies in active use should not be removed or renamed since it breaks applications trying to use these policies. +It is perfectly acceptable and expected however, that policies be modified under the same name. +==== + +If a driver asks for a policy name that is not available, then the driver is not able to use the cluster. +A driver that does not specify any name at all gets the behavior of the default policy as configured. +The default policy, if left unchanged, distributes the load across all servers. +It is possible to change the default policy to any behavior that a named policy can have. + +A misconfigured driver or load balancing policy results in suboptimal routing choices and can even prevent successful interactions with the cluster entirely. + +[NOTE] +==== +The details of how to write a custom plugin is not documented here. +Please contact Neo4j Professional Services if you think that you need a custom plugin. +==== + +[NOTE] +.Use load balancing from Neo4j drivers +==== +Once enabled and configured, the custom load balancing feature is used by drivers to route traffic as intended. +See the link:{neo4j-docs-base-uri}[Neo4j Driver manuals] for instructions on how to configure drivers to use custom load balancing. +==== + + +[[mdc-policy-definitions]] +=== Policy definitions + +The configuration of load balancing policies is transparent to client applications and expressed via a simple DSL. +The syntax consists of a set of rules which are considered in order. +The first rule to produce a non-empty result is the final result. + +[source, properties] +---- +rule1; rule2; rule3 +---- + +Each rule in turn consists of a set of filters which limit the considered servers, starting with the complete set. +Note that the evaluation of each rule starts fresh with the complete set of available servers. + +There is a fixed set of filters which composes a rule and they are chained together using arrows. + +[source, properties] +---- +filter1 -> filter2 -> filter3 +---- + +If there are any servers still left after the last filter then the rule evaluation has produced a result and this is returned to the driver. +However, if there are no servers left then the next rule is considered. +If no rule is able to produce a usable result then the driver is signalled a failure. + + +[[mdc-policy-names]] +=== Policy names + +The policies are configured under the namespace of the `server_policies` plugin and named as desired. +Policy names can contain alphanumeric characters and underscores, and they are case sensitive. +Below is the property key for a policy with the name `mypolicy`. + +`dbms.routing.load_balancing.config.server_policies.mypolicy=` + +The actual policy is defined in the value part using the DSL. + +The `default` policy name is reserved for the default policy. +It is possible to configure this policy like any other and it is used by driver clients that do not specify a policy. + +Additionally, any number of policies can be created using unique policy names. +The policy name can suggest a particular region or an application for which it is intended to be used. + + +[[mdc-filters]] +=== Filters + +There are four filters available for specifying rules, detailed below. +The syntax is similar to a method call with parameters. + +* `tags(name1, name2, ...)` +** Only servers that are tagged with any of the specified tags pass the filter. +** The defined names must match those of the _server tags_. +** Prior to 5.4 `tags()` were referred to as `groups()`, which continue to work but are now deprecated. +* `min(count)` +** Only the minimum amount of servers are allowed to pass (or none). +** Allows overload conditions to be managed. +* `all()` +** No need to specify since it is implicit at the beginning of each rule. +** Implicitly the last rule (override this behavior using halt). +* `halt()` +** Only makes sense as the last filter in the last rule. +** Stops the processing of any more rules. + +The tags filter is essentially an OR-filter, e.g. `tags(A,B)` which passes any server in with either tag A, B or both (the union of the server tags). +An AND-filter can also be created by chaining two filters as in `tags(A) \-> tags(B)`, which only passes servers with both tags (the intersect of the server tags). + + +[[mdc-dsl-example]] +== Load balancing examples + +The discussion on multi-data center clusters introduced a four region, multi-data center setup. +The cardinal compass points for regions and numbered data centers within those regions were used there and the same hypothetical setup is used here as well. + +image::nesw-regions-and-dcs.svg[title="Mapping regions and data centers onto server tags", role="middle"] + +The behavior of the load balancer is configured in the property `dbms.routing.load_balancing.config.server_policies.`. +The specified rules allows for fine-tuning how the cluster routes requests under load. + +The examples make use of the line continuation character `\` for better readability. +It is valid syntax in xref:configuration/file-locations.adoc[_neo4j.conf_] as well and it is recommended to break up complicated rule definitions using this and a new rule on every line. + +The most restrictive strategy is to insist on a particular data center to the exclusion of all others: + +.Specific data center only +==== +[source, properties] +---- +dbms.routing.load_balancing.config.server_policies.north1_only=\ +tags(north1)->min(2); halt(); +---- + +This case states that the intention is to send queries to servers tagged with `north1`, which maps onto a specific physical data center, provided there are two of them available. +If at least two servers tagged with `north1` cannot be provided, then the operation should `halt()`, i.e. not try any other data center. +==== + +While the previous example demonstrates the basic form of load balancing rules, it is possible to be a little more expansive: + +.Specific data center preferably +==== +[source, properties] +---- +dbms.routing.load_balancing.config.server_policies.north1=\ +tags(north1)->min(2); +---- + +In this case if at least two servers are tagged with `north1` then the load is balanced across them. +Otherwise, any server in the whole cluster is used, falling back to the implicit, final `all()` rule. +==== + +The previous example considered only a single data center before resorting to the whole cluster. +If there is a hierarchy or region concept exposed through the server groups, the fall back can be more graceful: + +.Gracefully falling back to neighbors +==== +[source, properties] +---- +dbms.routing.load_balancing.config.server_policies.north_app1=\ +tags(north1,north2)->min(2);\ +tags(north);\ +all(); +---- + +This example says that the cluster should load balance across servers with the `north1` and `north2` tags provided there are at least two machines available across them. +Failing that, any server in the `north` region can be used, and if the whole of the north is offline, any server in the cluster can be used. +==== + +[[mdc-strategy-plugins]] +== Catchup strategy plugins + +_Catchup strategy plugins_ are sets of rules that define how secondaries contact upstream servers in the cluster in order to synchronize transaction logs. +Neo4j comes with a set of pre-defined strategies, and also leverages the <> to flexibly create user-defined strategies. +Finally, Neo4j supports an API which advanced users may use to enhance upstream server recommendations. + +Once a catchup strategy plugin resolves a satisfactory upstream server, it is used for pulling transactions to update the local secondary for a single synchronization. +For subsequent updates, the procedure is repeated so that the most preferred available upstream server is always resolved. + +[[mdc-programmatically-specify-rules]] +=== Configuring upstream selection strategy using pre-defined catchup strategies + +Neo4j ships with the following pre-defined catchup strategy plugins. +These provide coarse-grained algorithms for selecting an upstream server: + +[options="header",width="100%",cols="1,1"] +|=== +| Plugin name | Resulting behavior +| `connect-to-random-primary-server` | Connect to any *primary server* selecting at random from those currently available. +| `typically-connect-to-random-secondary` | Connect to any available *secondary server*, but around 10% of the time connect to any random primary server. +| `connect-randomly-to-server-tags` | Connect at random to any available *secondary server* tagged with any of the server tags specified in the comma-separated list `server.cluster.catchup.connect_randomly_to_server_tags`. +| `leader-only` | Connect only to the current Raft leader of the *primary servers*. +| [deprecated]#`connect-randomly-to-server-group`# | [deprecated]#Connect at random to any available *secondary server* in the server groups specified in the comma-separated list `server.cluster.catchup.connect_randomly_to_server_group`. + Deprecated, please use `connect-randomly-to-server-tags`.# +| [deprecated]#`connect-randomly-within-server-group`# | [deprecated]#Connect at random to any available *secondary server* in any of the server groups to which this server belongs. + Deprecated, please use `connect-randomly-to-server-tags`.# +|=== + +Pre-defined strategies are used by configuring the xref:reference/configuration-settings.adoc#config_server.cluster.catchup.upstream_strategy[`server.cluster.catchup.upstream_strategy`] option. +Doing so allows for specification of an ordered preference of strategies to resolve an upstream provider of transaction data. +A comma-separated list of strategy plugin names with preferred strategies is provided earlier in that list. +The catchup strategy is selected by asking each of the strategies in list-order whether they can provide an upstream server from which transactions can be pulled. + +.Define an upstream server selection strategy +==== +Consider the following configuration example: + +[source, properties] +---- +server.cluster.catchup.upstream_strategy=connect-randomly-to-server-tags,typically-connect-to-random-secondary +---- + +With this configuration the secondary server first tries to connect to any other server with tag(s) specified in `server.cluster.catchup.connect_randomly_to_server_tags`. +Should it fail to find any live servers with those tags, then it connects to a random secondary server. + +[[img-pipeline-of-strategies]] +image::pipeline-of-strategies.svg[title="The first satisfactory response from a strategy will be used.", role="middle"] + +To ensure that downstream servers can still access live data in the event of upstream failures, the last resort of any server is always to contact a random primary server. +This is equivalent to ending the `server.cluster.catchup.upstream_strategy` configuration with `connect-to-random-primary-server`. +==== + + +[[mdc-configuration-user-defined-strategy]] +=== Configuring user-defined catchup strategies + +Neo4j clusters support a small DSL for the configuration of client-cluster load balancing. +This is described in detail in <> and <>. +The same DSL is used to describe preferences for how a server binds to another server to request transaction updates. + +The DSL is made available by selecting the `user-defined` catchup strategy as follows: + +[source, properties] +---- +server.cluster.catchup.upstream_strategy=user-defined +---- + +Once the user-defined strategy has been specified, we can add configuration to the xref:reference/configuration-settings.adoc#config_server.cluster.catchup.user_defined_upstream_strategy[`server.cluster.catchup.user_defined_upstream_strategy`] setting based on the server tags that have been set for the cluster. + +This functionality is described with two examples: + +.Defining a user-defined strategy +==== + +For illustrative purposes four regions are proposed: `north`, `south`, `east`, and `west` and within each region there is a number of data centers such as `north1` or `west2`. +The server tags are configured so that each data center maps to its own server tag. +Additionally it is assumed that each data center fails independently from the others and that a region can act as a supergroup of its constituent data centers. +So a server in the `north` region might have configuration like `initial.server.tags=north2,north` which puts it in two groups that match to our physical topology as shown in the diagram below. + +[[img-nesw-regions-and-dcs]] +image::nesw-regions-and-dcs.svg[title="Mapping regions and data centers onto server tags", role="middle"] + +Once the servers are tagged, the next task is to define some upstream selection rules based on them. +For design purposes, assume that any server in one of the `north` region data centers prefers to catchup within the data center if it can, but resorts to any northern instance otherwise. +To configure that behavior, add: + +[source, properties] +---- +server.cluster.catchup.user_defined_upstream_strategy=tags(north2); tags(north); halt() +---- + +The configuration is in precedence order from left to right. +The `tags()` operator yields a server tag from which to catchup. +In this case, only if there are no servers tagged with `north2` does the operation proceed to the `tags(north)` rule which yields any server tagged with `north`. +Finally, if no servers can be resolved with any of the previous tags, then the rule chain is stopped via `halt()`. + +Note that the use of `halt()` ends the rule chain explicitly. +If a `halt()` is not used at the end of the rule chain, then the `all()` rule is implicitly added. +`all()` is expansive: it offers up all servers and so increases the likelihood of finding an available upstream server. +However `all()` is indiscriminate and the servers it offers are not guaranteed to be topologically or geographically local, potentially increasing the latency of synchronization. + +==== + +The example above shows a simple hierarchy of preferences expressed through the use of server tags. +But the hierarchy can be more sophisticated. +For example, conditions can be placed on the tagged catchup servers. + +.User-defined strategy with conditions +==== + +In this example it is desired to roughly qualify cluster health before selecting from where to catchup. +For this, the `min()` filter is used as follows: + +[source, properties] +---- +server.cluster.catchup.user_defined_upstream_strategy=tags(north2)->min(3), tags(north)->min(3); all(); +---- + +`tags(north2)\->min(3)` states that catchup from servers tagged with `north2` should be performed only if there are three available servers, which here is interpreted as an indicator of good health. +If `north2` can't meet that requirement then catchup should be attempted from any server tagged with `north` provided there are at least three of them available as per `tags(north)\->min(3)`. +Finally, if catchup cannot be performed from a sufficiently healthy `north` region, then the operation (explicitly) falls back to the whole cluster with `all()`. + +The `min()` filter is a simple but reasonable health indicator of a set of servers with the same tag. +==== + +// [[mdc-build-your-own-strategy-plugin]] +// === Building upstream strategy plugins using Java + +// Neo4j supports an API which advanced users may use to enhance upstream recommendations in arbitrary ways: load, subnet, machine size, or anything else accessible from the JVM. +// In such cases we are invited to build our own implementations of `org.neo4j.causalclustering.upstream.UpstreamDatabaseSelectionStrategy` to suit our own needs, and register them with the catchup strategy selection pipeline just like the pre-packaged plugins. + +// We have to override the `org.neo4j.causalclustering.upstream.UpstreamDatabaseSelectionStrategy#upstreamDatabase()` method in our code. +// Overriding that class gives us access to the following items: + +// [options="header"] +// |=== +// | Resource | Description +// | `org.neo4j.causalclustering.discovery.TopologyService` | This is a directory service which provides access to the addresses of all servers and server groups in the cluster. +// | `org.neo4j.kernel.configuration.Config` | This provides the configuration from _neo4j.conf_ for the local instance. +// Configuration for our own plugin can reside here. +// | `org.neo4j.causalclustering.identity.MemberId` | This provides the unique cluster `MemberId` of the current instance. +// |=== + +// Once our code is written and tested, we have to prepare it for deployment. +// `UpstreamDatabaseSelectionStrategy` plugins are loaded via the Java Service Loader. +// This means when we package our code into a jar file, we'll have to create a file _META-INF.services/org.neo4j.upstream.readreplica.UpstreamDatabaseSelectionStrategy_ in which we write the fully qualified class name(s) of the plugins, e.g. `org.example.myplugins.PreferServersWithHighIOPS`. + +// To deploy this jar into the Neo4j server we copy it into the xref:configuration/file-locations.adoc[_plugins_] directory and restart the instance. + +[[mdc-favoring-data-centers]] +=== Favoring data centers + +In a multi-data center scenario, while it remains a rare occurrence, it is possible to bias where writes for the specified database should be directed. +`db.cluster.raft.leader_transfer.priority_tag` can be applied to specify a set of servers with a given tag which should have priority when selecting the leader for a given database. +The priority tag can be set on one or multiple databases and it means that the cluster attempts to keep the leadership for the configured database on a server tagged with the configured server tag. + +A database for which `db.cluster.raft.leader_transfer.priority_tag` has been configured is excluded from the automatic balancing of leaderships across a cluster. +It is therefore recommended to not use this configuration unless it is necessary. + + diff --git a/modules/ROOT/pages/clustering/index.adoc b/modules/ROOT/pages/clustering/index.adoc index dc3807e6e..e10f5e2d7 100644 --- a/modules/ROOT/pages/clustering/index.adoc +++ b/modules/ROOT/pages/clustering/index.adoc @@ -17,6 +17,8 @@ This chapter describes the following: ** xref:clustering/monitoring/show-servers-monitoring.adoc[Monitoring servers] -- The tools available for monitoring the servers in a cluster. ** xref:clustering/monitoring/show-databases-monitoring.adoc[Monitoring databases] -- The tools available for monitoring the databases in a cluster. * xref:clustering/settings.adoc[Settings reference] -- A summary of the most important cluster settings. +* xref:clustering/clustering-advanced/index.adoc[] +** xref:clustering/clustering-advanced/multi-data-center-routing.adoc[] * xref:clustering/glossary.adoc[Clustering glossary] -- A glossary of terms used in the clustering documentation. //* <> -- A few internals regarding the operation of the cluster. Further information: From b20194fe1decb411a571d3289e4b7156bf1ee614 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 18 Jan 2023 07:36:38 +0000 Subject: [PATCH 083/876] Add neo4j service configuration for tarball installations (#331) This PR includes: - A new section on neo4j service configuration for tarball installations - Update the titles to be coherent - Update the Linux tarball installation to include neo4j user and group creation --- .../ROOT/pages/installation/linux/debian.adoc | 9 +- .../ROOT/pages/installation/linux/rpm.adoc | 15 ++- .../pages/installation/linux/systemd.adoc | 15 +-- .../pages/installation/linux/tarball.adoc | 118 ++++++++++++++---- 4 files changed, 115 insertions(+), 42 deletions(-) diff --git a/modules/ROOT/pages/installation/linux/debian.adoc b/modules/ROOT/pages/installation/linux/debian.adoc index db4a7a13b..4c20d0c55 100644 --- a/modules/ROOT/pages/installation/linux/debian.adoc +++ b/modules/ROOT/pages/installation/linux/debian.adoc @@ -1,6 +1,6 @@ :description: How to install Neo4j on Debian, and Debian-based distributions like Ubuntu, using the Neo4j Debian package. [[debian]] -= Debian += Debian-based distributions (.deb) You can install Neo4j on Debian, and Debian-based distributions like Ubuntu, using the Neo4j Debian package. @@ -230,3 +230,10 @@ For operating systems that are not using `systemd`, some package-specific option | _NEO4J_SHUTDOWN_TIMEOUT_ | _120_ | Timeout in seconds when waiting for Neo4j to stop. If it takes longer than this then the shutdown is considered to have failed. This may need to be increased if the system serves long-running transactions. | _NEO4J_ULIMIT_NOFILE_ | _60000_ | Maximum number of file handles that can be opened by the Neo4j process. |=== + +[[debian-service-start-automatically]] +== Starting the service automatically on system start + +On Debian-based distributions, Neo4j is enabled to start automatically on system boot by default. + +For more information on operating the Neo4j system service, see xref:installation/linux/systemd.adoc[Neo4j system service]. diff --git a/modules/ROOT/pages/installation/linux/rpm.adoc b/modules/ROOT/pages/installation/linux/rpm.adoc index e1b928495..9c45412bc 100644 --- a/modules/ROOT/pages/installation/linux/rpm.adoc +++ b/modules/ROOT/pages/installation/linux/rpm.adoc @@ -1,6 +1,6 @@ :description: How to deploy Neo4j using the Neo4j RPM package on Red Hat, CentOS, Fedora, or Amazon Linux distributions. [[linux-rpm]] -= Deploy Neo4j using the Neo4j RPM package += Red Hat, CentOS, Fedora, and Amazon Linux distributions (.rpm) You can deploy Neo4j on Red Hat, CentOS, Fedora, or Amazon Linux distributions using the Neo4j RPM package. @@ -180,7 +180,6 @@ rpm --install rpm --install ---- - [[linux-rpm-install-offline-install-upgrade]] ==== Offline upgrade from 4.4.0 or later @@ -196,3 +195,15 @@ rpm -U ---- This must be one single command, and Neo4j Cypher Shell must be the first package in the command. + +[[rpm-service-start-automatically]] +== Starting the service automatically on system start + +To enable Neo4j to start automatically on system boot, run the following command: + +[source, shell] +---- +systemctl enable neo4j +---- + +For more information on operating the Neo4j system service, see xref:installation/linux/systemd.adoc[Neo4j system service]. \ No newline at end of file diff --git a/modules/ROOT/pages/installation/linux/systemd.adoc b/modules/ROOT/pages/installation/linux/systemd.adoc index 915033599..032cdb35c 100644 --- a/modules/ROOT/pages/installation/linux/systemd.adoc +++ b/modules/ROOT/pages/installation/linux/systemd.adoc @@ -18,19 +18,6 @@ For instructions on how to set the number of concurrent files that a user can ha Configuration is stored in _/etc/neo4j/neo4j.conf_. See xref:configuration/file-locations.adoc[Default file locations] for a complete catalog of where files are found for the various packages. - -[[linux-service-start-automatically]] -== Starting the service automatically on system start - -If you installed the RPM package and want Neo4j to start automatically on system boot then you need to enable the service. -On Debian-based distributions this is done for you at installation time. - -[source, shell] ----- -systemctl enable neo4j ----- - - [[linux-service-control]] == Controlling the service @@ -51,7 +38,7 @@ systemctl edit neo4j ---- Then place any customizations under a `[Service]` section. -The following example lists default values which may be interesting to change for some users: +The following example lists default values that may be interesting to change for some users: [source] ---- diff --git a/modules/ROOT/pages/installation/linux/tarball.adoc b/modules/ROOT/pages/installation/linux/tarball.adoc index 4ba564d80..bb0dd33f2 100644 --- a/modules/ROOT/pages/installation/linux/tarball.adoc +++ b/modules/ROOT/pages/installation/linux/tarball.adoc @@ -1,48 +1,116 @@ :description: How to install Neo4j on Linux from a tarball, and run it as a console application or service. [[installation-linux-tarball]] -= Linux tarball installation += Linux executable (.tar) -Before you install Neo4j on Linux from a tarball and run it as a console application or service, check xref:installation/requirements.adoc[System Requirements] to see if your setup is suitable. +Before you install Neo4j on Linux from a tarball and run it as a console application or a service, check xref:installation/requirements.adoc[System Requirements] to see if your setup is suitable. [[unix-console]] -== Unix console application +== Install Neo4j from a tarball . If it is not already installed, get link:http://openjdk.java.net/[OpenJDK 17] or link:http://www.oracle.com/technetwork/java/javase/downloads/index.html[Oracle Java 17]. -. Download the latest release from {neo4j-download-center-uri}[Neo4j Download Center]. -+ -Select the appropriate tar.gz distribution for your platform. -. Check that the SHA hash of the downloaded file is correct: -.. To find the correct SHA hash, go to Neo4j Download Center and click on `SHA-256` which will be located below your downloaded file. -.. Using the appropriate commands for your platform, display the `SHA-256` hash for the file that you downloaded. -.. Ensure that the two are identical. -. Extract the contents of the archive, using `tar -xf` . -For example, `tar -xf neo4j-community-{neo4j-version-exact}-unix.tar.gz`. -. Place the extracted files in a permanent home on your server. -The top-level directory is referred to as `NEO4J_HOME`. -. label:enterprise[Enterprise Edition] Accept the license agreement using one of the following options: -+ -* Using the environment variable `NEO4J_ACCEPT_LICENSE_AGREEMENT=yes`. -* By running `/bin/neo4j-admin license --accept-commercial`. +. Download the latest Neo4j tarball from https://neo4j.com/download-center/[Neo4j Download Center] and unpack it: ++ +[source, shell, subs="attributes"] +---- +tar zxf neo4j-enterprise-{neo4j-version-exact}-unix.tar.gz +---- +. Move the extracted files to your server's _/opt_ directory and create a symlink to it: ++ +[source, shell, subs="attributes"] +---- +mv neo4j-enterprise-{neo4j-version-exact} /opt/ +ln -s /opt/neo4j-enterprise-{neo4j-version-exact}/opt/neo4j +---- +. Create a `neo4j` user and group: ++ +[source, shell] +---- +groupadd neo4j +useradd -g neo4j neo4j -s /bin/bash +---- +. Give the directory the correct ownership using one of the options: + +* *Ubuntu* ++ +[source, shell, subs="attributes"] +---- +chown -R neo4j:adm /opt/neo4j-enterprise-{neo4j-version-exact} +---- +* *RedHat* ++ +[source, shell, subs="attributes"] +---- +chown -R neo4j /opt/neo4j-enterprise-{neo4j-version-exact} +---- +. label:enterprise[Enterprise Edition] Accept the license agreement by either using the environment variable `NEO4J_ACCEPT_LICENSE_AGREEMENT=yes` or by running `/bin/neo4j-admin license --accept-commercial`. + [NOTE] ==== -From Neo4j v5.4 onwards, you are required to accept the license before running the Neo4j Enterprise Edition from the tarball. +From Neo4j v5.4 onwards, you are required to accept the license _before_ running the Neo4j Enterprise Edition from the tarball. ==== . Start Neo4j: .. To run Neo4j as a console application, use: `/bin/neo4j console`. .. To run Neo4j in a background process, use: `/bin/neo4j start`. -. Visit http://localhost:7474 in your web browser. +. Open http://localhost:7474 in your web browser. . Connect using the username `neo4j` with the default password `neo4j`. You will then be prompted to change the password. . Stop the server by typing `Ctrl-C` in the console. -[[installation-linux-tarball-service]] -== Linux service +[[linux-tarball-start-automatically]] +== Configure Neo4j to start automatically on system boot -If you want to run Neo4j as a system service, you can install either the xref:installation/linux/debian.adoc[Debian] or xref:installation/linux/rpm.adoc[RPM] package. +You can create a Neo4j service and configure it to start automatically on system boot. + +. Create the file _/lib/systemd/system/neo4j.service_ with the following contents: ++ +[source, shell] +---- +[Unit] +Description=Neo4j Graph Database +After=network-online.target +Wants=network-online.target -For more information on configuring and operating the Neo4j system service, see xref:installation/linux/systemd.adoc[Neo4j system service]. +[Service] +ExecStart=/opt/neo4j/bin/neo4j console +Restart=on-abnormal +User=neo4j +Group=neo4j +Environment="NEO4J_CONF=/opt/neo4j/conf" "NEO4J_HOME=/opt/neo4j" +LimitNOFILE=60000 +TimeoutSec=120 + +[Install] +WantedBy=multi-user.target +Reload systemctl to pick up the new service file +systemctl daemon-reload +---- + +. Configure Neo4j to start at boot time: ++ +[source, shell] +---- +systemctl enable neo4j +---- +. Start Neo4j: ++ +[source, shell] +---- +systemctl start neo4j +---- +. Check the status of the newly created service: ++ +[source, shell] +---- +systemctl status neo4j +---- +. Reboot the system (if desired) to verify that Neo4j restarts on boot: ++ +[source, shell] +---- +reboot +---- +For more information on operating the Neo4j system service, see xref:installation/linux/systemd.adoc[Neo4j system service]. -include::partial$/installation/linux/linux-open-files.adoc[leveloffset=+1] +include::partial$/installation/linux/linux-open-files.adoc[leveloffset=+1] \ No newline at end of file From 70aea880bb56b0d0576cc74eb0ec6fb2558b760a Mon Sep 17 00:00:00 2001 From: Lasse Heemann Date: Wed, 18 Jan 2023 12:54:31 +0100 Subject: [PATCH 084/876] Remove unsupported immutable privileges management option --- .../tutorial-immutable-privileges.adoc | 61 ------------------- 1 file changed, 61 deletions(-) diff --git a/modules/ROOT/pages/tutorial/tutorial-immutable-privileges.adoc b/modules/ROOT/pages/tutorial/tutorial-immutable-privileges.adoc index 69ddb7354..9612b8177 100644 --- a/modules/ROOT/pages/tutorial/tutorial-immutable-privileges.adoc +++ b/modules/ROOT/pages/tutorial/tutorial-immutable-privileges.adoc @@ -9,67 +9,6 @@ They offer a way to prevent such users from simply removing any restrictions by In other words, having link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/dbms-administration#access-control-dbms-administration-privilege-management[privilege management] privileges is not sufficient to add or remove immutable privileges. The only way immutable privileges can be added or removed is when auth is disabled. -There are two specific scenarios which equate to auth being disabled. -One is when xref:reference/configuration-settings.adoc#config_dbms.security.auth_enabled[`dbms.security.auth_enabled`] is set to `false`, and the other is from the context of the Security Init file. -Both of these are described in this tutorial. - - -== Administering immutable privileges via the Security Init file - -The Security Init file is a file containing a list of Cypher commands which are run when the system database is created for the first time. -Putting immutable privilege commands in this file will ensure that they are in place before the DBMS is accessed for the first time. - -[NOTE] -==== -The following steps must be performed before the first time the Neo4j DBMS is started. -If the DBMS has already been initialized, you will need to make changes by disabling auth. -The steps to do this are described in sequence. -==== - -. Create a file named `systemdb-init.cypher` and edit it to contain the immutable privileges which you require. + -In this instance, you would like to prevent *all* users (via the `PUBLIC` role) from being able to perform link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/dbms-administration#access-control-dbms-administration-database-management[Database Management] actions. + -Make sure that even users with the rights to link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/dbms-administration#access-control-dbms-administration-privilege-management[alter their own privileges] cannot remove this `DENY`. -+ -[source, cypher, role=noplay] ----- -DENY IMMUTABLE DATABASE MANAGEMENT ON DBMS TO PUBLIC ----- - -. Specify the path of the Security Init file by setting the `internal.dbms.init_file` config settings to the full path of the file created in step 1. -. Start the DBMS. -. Observe that the immutable privileges are now in place: - -[source, cypher, role=noplay] ----- -SHOW PRIVILEGES WHERE IMMUTABLE ----- - - -.Result -[options="header,footer", width="100%", cols="m,m,m,m,m,m,m"] -|=== -|access -|action -|resource -|graph -|segment -|role -|immutable - -|"DENIED" -|"database_management" -|"database" -|"*" -|"database" -|"PUBLIC" -|true -6+a|Rows: 1 -|=== - -This privilege can now be considered to be an immutable part of the DBMS. -The only way to subsequently remove it would be to xref:tutorial/tutorial-immutable-privileges.adoc#administering-immutable-privileges-by-disabling-auth[disable auth]. - - [role=enterprise-edition] [[administering-immutable-privileges-by-disabling-auth]] == Administering immutable privileges by disabling auth From baebc7c86958b8866ae73d9cbdd77f788c39c479 Mon Sep 17 00:00:00 2001 From: JPryce-Aklundh Date: Wed, 18 Jan 2023 13:52:46 +0100 Subject: [PATCH 085/876] fix --- modules/ROOT/pages/reference/procedures.adoc | 31 +++++++++----------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index 092183e7f..33e209592 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -1421,8 +1421,20 @@ m|DBMS // m|reader, editor, publisher, architect, admin |=== +[[procedure_dbms_listcapabilities]] +.dbms.listCapabilities() +[cols="<15s,<85"] +|=== +| Description +a| +List capabilities. +| Signature +m|dbms.listCapabilities() :: (name :: STRING?, description :: STRING?, value :: ANY?) +| Mode +m|DBMS +|=== -[[procedure_dbms_listConfig]] +[[procedure_dbms_listconfig]] .dbms.listConfig() label:admin-only[] [cols="<15s,<85"] |=== @@ -1441,14 +1453,13 @@ Results include: * `explicitlySet`: true if the value was set explicitly, or false if it was set by default. | Signature -m|dbms.listConfig(searchString = :: STRING?) :: (name :: STRING?, description :: STRING?, value :: STRING?, dynamic :: BOOLEAN?, defaultValue :: STRING?, startupValue :: STRING?, explicitlySet :: BOOLEAN?, validValues :: STRING?) +m|dbms.listConfig() :: (searchString = :: STRING?) :: (name :: STRING?, description :: STRING?, value :: STRING?, dynamic :: BOOLEAN?, defaultValue :: STRING?, startupValue :: STRING?, explicitlySet :: BOOLEAN?, validValues :: STRING?) | Mode m|DBMS // | Default roles // m|admin |=== - [[procedure_dbms_listconnections]] .dbms.listConnections() [cols="<15s,<85"] @@ -1464,20 +1475,6 @@ m|DBMS // m|reader, editor, publisher, architect, admin |=== -[[procedure_dbms_listcapabilities]] -.dbms.listCapabilities() -[cols="<15s,<85"] -|=== -| Description -a| -List capabilities. -| Signature -m|dbms.listCapabilities() :: (name :: STRING?, description :: STRING?, value :: ANY?) -| Mode -m|DBMS -|=== - - [[procedure_dbms_listpools]] .dbms.listPools() label:enterprise-edition[] [cols="<15s,<85"] From a05952263c186d428050350bb341cf2438a21172 Mon Sep 17 00:00:00 2001 From: Lasse Heemann Date: Wed, 18 Jan 2023 14:12:04 +0100 Subject: [PATCH 086/876] Update language to singular and add example --- .../tutorial/tutorial-immutable-privileges.adoc | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/modules/ROOT/pages/tutorial/tutorial-immutable-privileges.adoc b/modules/ROOT/pages/tutorial/tutorial-immutable-privileges.adoc index 9612b8177..423c62658 100644 --- a/modules/ROOT/pages/tutorial/tutorial-immutable-privileges.adoc +++ b/modules/ROOT/pages/tutorial/tutorial-immutable-privileges.adoc @@ -3,16 +3,12 @@ = Administering immutable privileges :description: This tutorial describes methods for administering immutable privileges. -This tutorial describes methods for administering immutable privileges, which are useful assets for restricting the actions of users who themselves are able to administer privileges. +This tutorial describes how to administer immutable privileges, which are useful assets for restricting the actions of users who themselves are able to administer privileges. They offer a way to prevent such users from simply removing any restrictions by using their link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/dbms-administration#access-control-dbms-administration-privilege-management[privilege management] privileges. In other words, having link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/dbms-administration#access-control-dbms-administration-privilege-management[privilege management] privileges is not sufficient to add or remove immutable privileges. The only way immutable privileges can be added or removed is when auth is disabled. -[role=enterprise-edition] -[[administering-immutable-privileges-by-disabling-auth]] -== Administering immutable privileges by disabling auth - [CAUTION] ==== This should only be performed when you have other means of preventing access to the Neo4j DBMS. @@ -23,7 +19,12 @@ To do so, follow these steps: . Change the config setting xref:reference/configuration-settings.adoc#config_dbms.security.auth_enabled[`dbms.security.auth_enabled`] to `false`. . Restart the Neo4j DBMS. -. Create or remove immutable privileges in the same way as regular privileges, using the keyword `IMMUTABLE`. +. Create or remove immutable privileges in the same way as regular privileges, using the keyword `IMMUTABLE`. For example: +[source, cypher, role=noplay] +---- +DENY IMMUTABLE DATABASE MANAGEMENT ON DBMS TO PUBLIC +---- +[start=4] . Change the config setting xref:reference/configuration-settings.adoc#config_dbms.security.auth_enabled[`dbms.security.auth_enabled`] to `true`. . Restart the Neo4j DBMS. . Observe that the following immutable privileges are now in place: @@ -55,4 +56,4 @@ SHOW PRIVILEGES WHERE IMMUTABLE |=== Privileges like this one can now be considered to be an immutable part of the DBMS. -The only way to subsequently remove it would be to xref:tutorial/tutorial-immutable-privileges.adoc#administering-immutable-privileges-by-disabling-auth[disable auth]. +The only way to subsequently remove it would be to repeat this process. From f15867795467e45ffca8ca4aff051e9de8ddd256 Mon Sep 17 00:00:00 2001 From: JPryce-Aklundh Date: Wed, 18 Jan 2023 14:35:16 +0100 Subject: [PATCH 087/876] post-review corrections --- modules/ROOT/pages/reference/procedures.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index 33e209592..60e43a21d 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -1453,7 +1453,7 @@ Results include: * `explicitlySet`: true if the value was set explicitly, or false if it was set by default. | Signature -m|dbms.listConfig() :: (searchString = :: STRING?) :: (name :: STRING?, description :: STRING?, value :: STRING?, dynamic :: BOOLEAN?, defaultValue :: STRING?, startupValue :: STRING?, explicitlySet :: BOOLEAN?, validValues :: STRING?) +m|dbms.listConfig(searchString = :: STRING?) :: (name :: STRING?, description :: STRING?, value :: STRING?, dynamic :: BOOLEAN?, defaultValue :: STRING?, startupValue :: STRING?, explicitlySet :: BOOLEAN?, validValues :: STRING?) | Mode m|DBMS // | Default roles From 6bed8c4a16c098fa11956c68a59cab32da9b66e4 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 18 Jan 2023 16:26:12 +0000 Subject: [PATCH 088/876] Amend the column width of the metrics tables and remove the partials (#332) Co-authored-by: AlexicaWright <49636617+AlexicaWright@users.noreply.github.com> --- .../pages/monitoring/metrics/reference.adoc | 317 +++++++++++++++++- .../neo4j-metrics/available-metrics.adoc | 188 ----------- .../partials/neo4j-metrics/cc-metrics.adoc | 61 ---- .../partials/neo4j-metrics/jvm-metrics.adoc | 62 ---- 4 files changed, 313 insertions(+), 315 deletions(-) delete mode 100644 modules/ROOT/partials/neo4j-metrics/available-metrics.adoc delete mode 100644 modules/ROOT/partials/neo4j-metrics/cc-metrics.adoc delete mode 100644 modules/ROOT/partials/neo4j-metrics/jvm-metrics.adoc diff --git a/modules/ROOT/pages/monitoring/metrics/reference.adoc b/modules/ROOT/pages/monitoring/metrics/reference.adoc index d6d80e52d..bfeff5df4 100644 --- a/modules/ROOT/pages/monitoring/metrics/reference.adoc +++ b/modules/ROOT/pages/monitoring/metrics/reference.adoc @@ -72,13 +72,260 @@ By default, database metrics include: [[metrics-general-purpose]] == General-purpose metrics -include::partial$/neo4j-metrics/available-metrics.adoc[leveloffset=+1] +.Bolt metrics +[options="header",cols="<3m,<4"] +|=== +|Name |Description +|.bolt.connections_opened|The total number of Bolt connections opened since startup. This includes both succeeded and failed connections. Useful for monitoring load via the Bolt drivers in combination with other metrics. (counter) +|.bolt.connections_closed|The total number of Bolt connections closed since startup. This includes both properly and abnormally ended connections. Useful for monitoring load via Bolt drivers in combination with other metrics. (counter) +|.bolt.connections_running|The total number of Bolt connections that are currently executing Cypher and returning results. Useful to track the overall load on Bolt connections. This is limited to the number of Bolt worker threads that have been configured via `dbms.connector.bolt.thread_pool_max_size`. Reaching this maximum indicated the server is running at capacity. (gauge) +|.bolt.connections_idle|The total number of Bolt connections that are not currently executing Cypher or returning results. (gauge) +|.bolt.messages_received|The total number of messages received via Bolt since startup. Useful to track general message activity in combination with other metrics. (counter) +|.bolt.messages_started|The total number of messages that have started processing since being received. A received message may have begun processing until a Bolt worker thread becomes available. A large gap observed between `bolt.messages_received` and `bolt.messages_started` could indicate the server is running at capacity. (counter) +|.bolt.messages_done|The total number of Bolt messages that have completed processing whether successfully or unsuccessfully. Useful for tracking overall load. (counter) +|.bolt.messages_failed|The total number of messages that have failed while processing. A high number of failures may indicate an issue with the server and further investigation of the logs is recommended. (counter) +|.bolt.accumulated_queue_time|(unsupported feature) When `internal.server.bolt.thread_pool_queue_size` is enabled, the total time in milliseconds that a Bolt message waits in the processing queue before a Bolt worker thread becomes available to process it. Sharp increases in this value indicate that the server is running at capacity. If `internal.server.bolt.thread_pool_queue_size` is disabled, the value should be `0`, meaning that messages are directly handed off to worker threads. (counter) +|.bolt.accumulated_processing_time|The total amount of time in milliseconds that worker threads have been processing messages. Useful for monitoring load via Bolt drivers in combination with other metrics. (counter) +|=== -[[causal-clustering-metrics]] +.Database checkpointing metrics + +[options="header",cols="<3m,<4"] +|=== +|Name |Description +|.check_point.events|The total number of checkpoint events executed so far. (counter) +|.check_point.total_time|The total time, in milliseconds, spent in checkpointing so far. (counter) +|.check_point.duration|The duration, in milliseconds, of the last checkpoint event. Checkpoints should generally take several seconds to several minutes. Long checkpoints can be an issue, as these are invoked when the database stops, when a hot backup is taken, and periodically as well. Values over `30` minutes or so should be cause for some investigation. (gauge) +|.check_point.pages_flushed|The number of pages that were flushed during the last checkpoint event. (gauge) +|.check_point.io_performed|The number of IOs from Neo4j perspective performed during the last check point event. (gauge) +|.check_point.io_limit|The IO limit used during the last checkpoint event. (gauge) +|=== + +.Cypher metrics + +[options="header",cols="<3m,<4"] +|=== +|Name |Description +|.cypher.replan_events|The total number of times Cypher has decided to re-plan a query. Neo4j caches 1000 plans by default. Seeing sustained replanning events or large spikes could indicate an issue that needs to be investigated. (counter) +|.cypher.replan_wait_time|The total number of seconds waited between query replans. (counter) +|=== + +.Database data count metrics + +[options="header",cols="<3m,<4"] +|=== +|Name |Description +|.neo4j.count.relationship|The total number of relationships in the database. (gauge) +|.neo4j.count.node|The total number of nodes in the database. A rough metric of how big your graph is. And if you are running a bulk insert operation you can see this tick up. (gauge) +|=== + +.Database neo4j pools metrics + +[options="header",cols="<3m,<4"] +|=== +|Name |Description +|.pool...used_heap|Used or reserved heap memory in bytes. (gauge) +|.pool...used_native|Used or reserved native memory in bytes. (gauge) +|.pool...total_used|Sum total used heap and native memory in bytes. (gauge) +|.pool...total_size|Sum total size of capacity of the heap and/or native memory pool. (gauge) +|.pool...free|Available unused memory in the pool, in bytes. (gauge) +|=== + +.Database operation count metrics + +[options="header",cols="<3m,<4"] +|=== +|Name |Description +|.db.operation.count.create|Count of successful database create operations. (counter) +|.db.operation.count.start|Count of successful database start operations. (counter) +|.db.operation.count.stop|Count of successful database stop operations. (counter) +|.db.operation.count.drop|Count of successful database drop operations. (counter) +|.db.operation.count.failed|Count of failed database operations. (counter) +|.db.operation.count.recovered|Count of database operations that failed previously but have recovered. (counter) +|=== + +.Database data metrics + +[options="header",cols="<3m,<4"] +|=== +|Name |Description +|.ids_in_use.relationship_type|The total number of different relationship types stored in the database. Informational, not an indication of any issue. Spikes or large increases indicate large data loads, which could correspond with some behavior you are investigating. (gauge) +|.ids_in_use.property|The total number of different property names used in the database. Informational, not an indication of any issue. Spikes or large increases indicate large data loads, which could correspond with some behavior you are investigating. (gauge) +|.ids_in_use.relationship|The total number of relationships stored in the database. Informational, not an indication of any issue. Spikes or large increases indicate large data loads, which could correspond with some behavior you are investigating. (gauge) +|.ids_in_use.node|The total number of nodes stored in the database. Informational, not an indication of any issue. Spikes or large increases indicate large data loads, which could correspond with some behavior you are investigating. (gauge) +|=== + +.Global neo4j pools metrics + +[options="header",cols="<3m,<4"] +|=== +|Name |Description +|.dbms.pool..used_heap|Used or reserved heap memory in bytes. (gauge) +|.dbms.pool..used_native|Used or reserved native memory in bytes. (gauge) +|.dbms.pool..total_used|Sum total used heap and native memory in bytes. (gauge) +|.dbms.pool..total_size|Sum total size of the capacity of the heap and/or native memory pool. (gauge) +|.dbms.pool..free|Available unused memory in the pool, in bytes. (gauge) +|=== + +.Database page cache metrics + +[options="header",cols="<3m,<4"] +|=== +|Name |Description +|.page_cache.eviction_exceptions|The total number of exceptions seen during the eviction process in the page cache. (counter) +|.page_cache.flushes|The total number of page flushes executed by the page cache. (counter) +|.page_cache.merges|The total number of page merges executed by the page cache. (counter) +|.page_cache.unpins|The total number of page unpins executed by the page cache. (counter) +|.page_cache.pins|The total number of page pins executed by the page cache. (counter) +|.page_cache.evictions|The total number of page evictions executed by the page cache. (counter) +|.page_cache.evictions.cooperative|The total number of cooperative page evictions executed by the page cache due to low available pages. (counter) +|.page_cache.page_faults|The total number of page faults happened in the page cache. If this continues to rise over time, it could be an indication that more page cache is needed. (counter) +|.page_cache.page_fault_failures|The total number of failed page faults happened in the page cache. (counter) +|.page_cache.page_cancelled_faults|The total number of canceled page faults happened in the page cache. (counter) +|.page_cache.hits|The total number of page hits happened in the page cache. (counter) +|.page_cache.hit_ratio|The ratio of hits to the total number of lookups in the page cache. Performance relies on efficiently using the page cache, so this metric should be in the 98-100% range consistently. If it is much lower than that, then the database is going to disk too often. (gauge) +|.page_cache.usage_ratio|The ratio of number of used pages to total number of available pages. This metric shows what percentage of the allocated page cache is actually being used. If it is 100%, then it is likely that the hit ratio will start dropping, and you should consider allocating more RAM to page cache. (gauge) +|.page_cache.bytes_read|The total number of bytes read by the page cache. (counter) +|.page_cache.bytes_written|The total number of bytes written by the page cache. (counter) +|.page_cache.iops|The total number of IO operations performed by page cache. +|.page_cache.throttled.times|The total number of times page cache flush IO limiter was throttled during ongoing IO operations. +|.page_cache.throttled.millis|The total number of millis page cache flush IO limiter was throttled during ongoing IO operations. +|.page_cache.pages_copied|The total number of page copies happened in the page cache. (counter) +|=== + +.Query execution metrics + +[options="header",cols="<3m,<4"] +|=== +|Name |Description +|.db.query.execution.success|Count of successful queries executed. (counter) +|.db.query.execution.failure|Count of failed queries executed. (counter) +|.db.query.execution.latency.millis|Execution time in milliseconds of queries executed successfully. (histogram) +|=== + +.Database store size metrics + +[options="header",cols="<3m,<4"] +|=== +|Name |Description +|.store.size.total|The total size of the database and transaction logs, in bytes. The total size of the database helps determine how much cache page is required. It also helps compare the total disk space used by the data store and how much is available. (gauge) +|.store.size.database|The size of the database, in bytes. The total size of the database helps determine how much cache page is required. It also helps compare the total disk space used by the data store and how much is available. (gauge) +|=== + +.Database transaction log metrics + +[options="header",cols="<3m,<4"] +|=== +|Name |Description +|.log.rotation_events|The total number of transaction log rotations executed so far. (counter) +|.log.rotation_total_time|The total time, in milliseconds, spent in rotating transaction logs so far. (counter) +|.log.rotation_duration|The duration, in milliseconds, of the last log rotation event. (gauge) +|.log.appended_bytes|The total number of bytes appended to the transaction log. (counter) +|.log.flushes|The total number of transaction log flushes. (counter) +|.log.append_batch_size|The size of the last transaction append batch. (gauge) +|=== + +.Database transaction metrics + +[options="header",cols="<3m,<4"] +|=== +|Name |Description +|.transaction.started|The total number of started transactions. (counter) +|.transaction.peak_concurrent|The highest peak of concurrent transactions. This is a useful value to understand. It can help you with the design for the highest load scenarios and whether the Bolt thread settings should be altered. (counter) +|.transaction.active|The number of currently active transactions. Informational, not an indication of any issue. Spikes or large increases could indicate large data loads or just high read load. (gauge) +|.transaction.active_read|The number of currently active read transactions. (gauge) +|.transaction.active_write|The number of currently active write transactions. (gauge) +|.transaction.committed|The total number of committed transactions. Informational, not an indication of any issue. Spikes or large increases indicate large data loads or just high read load. (counter) +|.transaction.committed_read|The total number of committed read transactions. Informational, not an indication of any issue. Spikes or large increases indicate high read load. (counter) +|.transaction.committed_write|The total number of committed write transactions. Informational, not an indication of any issue. Spikes or large increases indicate large data loads, which could correspond with some behavior you are investigating. (counter) +|.transaction.rollbacks|The total number of rolled back transactions. (counter) +|.transaction.rollbacks_read|The total number of rolled back read transactions. (counter) +|.transaction.rollbacks_write|The total number of rolled back write transactions. Seeing a lot of writes rolled back may indicate various issues with locking, transaction timeouts, etc. (counter) +|.transaction.terminated|The total number of terminated transactions. (counter) +|.transaction.terminated_read|The total number of terminated read transactions. (counter) +|.transaction.terminated_write|The total number of terminated write transactions. (counter) +|.transaction.last_committed_tx_id|The ID of the last committed transaction. Track this for each instance. (Cluster) Track this for each primary, and each secondary. Might break into separate charts. It should show one line, ever increasing, and if one of the lines levels off or falls behind, it is clear that this member is no longer replicating data, and action is needed to rectify the situation. (counter) +|.transaction.last_closed_tx_id|The ID of the last closed transaction. (counter) +|.transaction.tx_size_heap|The transactions' size on heap in bytes. (histogram) +|.transaction.tx_size_native|The transactions' size in native memory in bytes. (histogram) +|=== + +.Server metrics + +[options="header",cols="<3m,<4"] +|=== +|Name |Description +|.server.threads.jetty.idle|The total number of idle threads in the jetty pool. (gauge) +|.server.threads.jetty.all|The total number of threads (both idle and busy) in the jetty pool. (gauge) +|=== + + +[[clustering-metrics]] == Metrics specific to clustering -include::partial$/neo4j-metrics/cc-metrics.adoc[] +.CatchUp Metrics + +[options="header",cols="<3m,<4"] +|=== +|Name |Description +|.cluster.catchup.tx_pull_requests_received|TX pull requests received from secondaries. (counter) +|=== + +.Discovery database primary metrics + +[options="header",cols="<3m,<4"] +|=== +|Name |Description +|.cluster.discovery.replicated_data|Size of replicated data structures. (gauge) +|.cluster.discovery.cluster.members|Discovery cluster member size. (gauge) +|.cluster.discovery.cluster.unreachable|Discovery cluster unreachable size. (gauge) +|.cluster.discovery.cluster.converged|Discovery cluster convergence. (gauge) +|=== + +.Raft database primary metrics + +[options="header",cols="<3m,<4"] +|=== +|Name |Description +|.cluster.raft.append_index|The append index of the Raft log. Each index represents a write transaction (possibly internal) proposed for commitment. The values mostly increase, but sometimes they can decrease as a consequence of leader changes. The append index should always be less than or equal to the commit index. (gauge) +|.cluster.raft.commit_index|The commit index of the Raft log. Represents the commitment of previously appended entries. Its value increases monotonically if you do not unbind the cluster state. The commit index should always be bigger than or equal to the appended index. (gauge) +|.cluster.raft.applied_index|The applied index of the Raft log. Represents the application of the committed Raft log entries to the database and internal state. The applied index should always be bigger than or equal to the commit index. The difference between this and the commit index can be used to monitor how up-to-date the follower database is. (gauge) +|.cluster.raft.term|The Raft Term of this server. It increases monotonically if you do not unbind the cluster state. (gauge) +|.cluster.raft.tx_retries|Transaction retries. (counter) +|.cluster.raft.is_leader|Is this server the leader? Track this for each database primary in the cluster. It reports `0` if it is not the leader and `1` if it is the leader. The sum of all of these should always be `1`. However, there are transient periods in which the sum can be more than `1` because more than one member thinks it is the leader. Action may be needed if the metric shows `0` for more than 30 seconds. (gauge) +|.cluster.raft.in_flight_cache.total_bytes|In-flight cache total bytes. (gauge) +|.cluster.raft.in_flight_cache.max_bytes|In-flight cache max bytes. (gauge) +|.cluster.raft.in_flight_cache.element_count|In-flight cache element count. (gauge) +|.cluster.raft.in_flight_cache.max_elements|In-flight cache maximum elements. (gauge) +|.cluster.raft.in_flight_cache.hits|In-flight cache hits. (counter) +|.cluster.raft.in_flight_cache.misses|In-flight cache misses. (counter) +|.cluster.raft.raft_log_entry_prefetch_buffer.lag|Raft Log Entry Prefetch Lag. (gauge) +|.cluster.raft.raft_log_entry_prefetch_buffer.bytes|Raft Log Entry Prefetch total bytes. (gauge) +|.cluster.raft.raft_log_entry_prefetch_buffer.size|Raft Log Entry Prefetch buffer size. (gauge) +|.cluster.raft.raft_log_entry_prefetch_buffer.async_put|Raft Log Entry Prefetch buffer async puts. (gauge) +|.cluster.raft.raft_log_entry_prefetch_buffer.sync_put|Raft Log Entry Prefetch buffer sync puts. (gauge) +|.cluster.raft.message_processing_delay|Delay between Raft message receive and process. (gauge) +|.cluster.raft.message_processing_timer|Timer for Raft message processing. (counter, histogram) +|.cluster.raft.replication_new|The total number of Raft replication requests. It increases with write transactions (possibly internal) activity. (counter) +|.cluster.raft.replication_attempt|The total number of Raft replication requests attempts. It is bigger or equal to the replication requests. (counter) +|.cluster.raft.replication_fail|The total number of Raft replication attempts that have failed. (counter) +|.cluster.raft.replication_maybe|Raft Replication maybe count. (counter) +|.cluster.raft.replication_success|The total number of Raft replication requests that have succeeded. (counter) +|.cluster.raft.last_leader_message|The time elapsed since the last message from a leader in milliseconds. Should reset periodically. (gauge) +|=== + +.Database secondary Metrics + +[options="header",cols="<3m,<4"] +|=== +|Name |Description +|.cluster.store_copy.pull_updates|The total number of pull requests made by this instance. (counter) +|.cluster.store_copy.pull_update_highest_tx_id_requested|The highest transaction id requested in a pull update by this instance. (counter) +|.cluster.store_copy.pull_update_highest_tx_id_received|The highest transaction id that has been pulled in the last pull updates by this instance. (counter) +|=== + + [[jvm-metrics]] @@ -93,4 +340,66 @@ The buffer pools are space outside of the memory managed by the garbage collecto Neo4j allocates buffers in those pools as it needs them. You can limit this memory using JVM settings, but there is never any good reason for you to set them. -include::partial$/neo4j-metrics/jvm-metrics.adoc[leveloffset=-1] +.JVM file descriptor metrics. + +[options="header",cols="<3m,<4"] +|=== +|Name |Description +|.vm.file.descriptors.count|The current number of open file descriptors. (gauge) +|.vm.file.descriptors.maximum|(OS setting) The maximum number of open file descriptors. It is recommended to be set to 40K file handles, because of the native and Lucene indexing Neo4j uses. If this metric gets close to the limit, you should consider raising it. (gauge) +|=== + +.GC metrics. + +[options="header",cols="<3m,<4"] +|=== +|Name |Description +|.vm.gc.time.|Accumulated garbage collection time in milliseconds. Long GCs can be an indication of performance issues or potential instability. If this approaches the heartbeat timeout in a cluster, it may cause unwanted leader switches. (counter) +|.vm.gc.count.|Total number of garbage collections. (counter) +|=== + +.JVM Heap metrics. + +[options="header",cols="<3m,<4"] +|=== +|Name |Description +|.vm.heap.committed|Amount of memory (in bytes) guaranteed to be available for use by the JVM. (gauge) +|.vm.heap.used|Amount of memory (in bytes) currently used. This is the amount of heap space currently used at a given point in time. Monitor this to identify if you are maxing out consistently, in which case, you should increase the initial and max heap size, or if you are underutilizing, you should decrease the initial and max heap sizes. (gauge) +|.vm.heap.max|Maximum amount of heap memory (in bytes) that can be used. This is the amount of heap space currently used at a given point in time. Monitor this to identify if you are maxing out consistently, in which case, you should increase the initial and max heap size, or if you are underutilizing, you should decrease the initial and max heap sizes. (gauge) +|=== + +.JVM memory buffers metrics. + +[options="header",cols="<3m,<4"] +|=== +|Name |Description +|.vm.memory.buffer..count|Estimated number of buffers in the pool. (gauge) +|.vm.memory.buffer..used|Estimated amount of memory used by the pool. (gauge) +|.vm.memory.buffer..capacity|Estimated total capacity of buffers in the pool. (gauge) +|=== + +.JVM memory pools metrics. + +[options="header",cols="<3m,<4"] +|=== +|Name |Description +|.vm.memory.pool.|Estimated amount of memory in bytes used by the pool. (gauge) +|=== + +.JVM pause time metrics. + +[options="header",cols="<3m,<4"] +|=== +|Name |Description +|.vm.pause_time|Accumulated detected VM pause time. (counter) +|=== + +.JVM threads metrics. + +[options="header",cols="<3m,<4"] +|=== +|Name |Description +|.vm.threads|The total number of live threads including daemon and non-daemon threads. (gauge) +|=== + + diff --git a/modules/ROOT/partials/neo4j-metrics/available-metrics.adoc b/modules/ROOT/partials/neo4j-metrics/available-metrics.adoc deleted file mode 100644 index 6f6713de5..000000000 --- a/modules/ROOT/partials/neo4j-metrics/available-metrics.adoc +++ /dev/null @@ -1,188 +0,0 @@ -.Bolt metrics - -[options="header",cols="<1m,<4"] -|=== -|Name |Description -|<prefix>.bolt.connections_opened|The total number of Bolt connections opened since startup. This includes both succeeded and failed connections. Useful for monitoring load via the Bolt drivers in combination with other metrics. (counter) -|<prefix>.bolt.connections_closed|The total number of Bolt connections closed since startup. This includes both properly and abnormally ended connections. Useful for monitoring load via Bolt drivers in combination with other metrics. (counter) -|<prefix>.bolt.connections_running|The total number of Bolt connections that are currently executing Cypher and returning results. Useful to track the overall load on Bolt connections. This is limited to the number of Bolt worker threads that have been configured via `dbms.connector.bolt.thread_pool_max_size`. Reaching this maximum indicated the server is running at capacity. (gauge) -|<prefix>.bolt.connections_idle|The total number of Bolt connections that are not currently executing Cypher or returning results. (gauge) -|<prefix>.bolt.messages_received|The total number of messages received via Bolt since startup. Useful to track general message activity in combination with other metrics. (counter) -|<prefix>.bolt.messages_started|The total number of messages that have started processing since being received. A received message may have begun processing until a Bolt worker thread becomes available. A large gap being observed between between `bolt.messages_received` and `bolt.messages_started` could indicate the server is running at capacity. (counter) -|<prefix>.bolt.messages_done|The total number of Bolt messages that have completed processing whether successfully or unsuccessfully. Useful for tracking overall load. (counter) -|<prefix>.bolt.messages_failed|The total number of messages that have failed while processing. A high number of failures may indicate an issue with server and further investigation of the logs is recommended. (counter) -|<prefix>.bolt.accumulated_queue_time|(unsupported feature) When `internal.server.bolt.thread_pool_queue_size` is enabled, the total time in milliseconds that a Bolt message waits in the processing queue before a Bolt worker thread becomes available to process it. Sharp increases in this value indicate that server is running at capacity. If `internal.server.bolt.thread_pool_queue_size` is disabled, the value should be `0`, meaning that messages are directly handed off to worker threads. (counter) -|<prefix>.bolt.accumulated_processing_time|The total amount of time in milliseconds that worker threads have been processing messages. Useful for monitoring load via Bolt drivers in combination with other metrics. (counter) -|=== - -.Database checkpointing metrics - -[options="header",cols="<1m,<4"] -|=== -|Name |Description -|<prefix>.check_point.events|The total number of check point events executed so far. (counter) -|<prefix>.check_point.total_time|The total time, in milliseconds, spent in check pointing so far. (counter) -|<prefix>.check_point.duration|The duration, in milliseconds, of the last check point event. Checkpoints should generally take several seconds to several minutes. Long checkpoints can be an issue, as these are invoked when the database stops, when a hot backup is taken, and periodically as well. Values over `30` minutes or so should be cause for some investigation. (gauge) -|<prefix>.check_point.pages_flushed|The number of pages that were flushed during the last check point event. (gauge) -|<prefix>.check_point.io_performed|The number of IOs from Neo4j perspective performed during the last check point event. (gauge) -|<prefix>.check_point.io_limit|The IO limit used during the last check point event. (gauge) -|=== - -.Cypher metrics - -[options="header",cols="<1m,<4"] -|=== -|Name |Description -|<prefix>.cypher.replan_events|The total number of times Cypher has decided to re-plan a query. Neo4j caches 1000 plans by default. Seeing sustained replanning events or large spikes could indicate an issue that needs to be investigated. (counter) -|<prefix>.cypher.replan_wait_time|The total number of seconds waited between query replans. (counter) -|=== - -.Database data count metrics - -[options="header",cols="<1m,<4"] -|=== -|Name |Description -|<prefix>.neo4j.count.relationship|The total number of relationships in the database. (gauge) -|<prefix>.neo4j.count.node|The total number of nodes in the database. A rough metric of how big your graph is. And if you are running a bulk insert operation you can see this tick up. (gauge) -|=== - -.Database neo4j pools metrics - -[options="header",cols="<1m,<4"] -|=== -|Name |Description -|<prefix>.pool.<pool>.<database>.used_heap|Used or reserved heap memory in bytes. (gauge) -|<prefix>.pool.<pool>.<database>.used_native|Used or reserved native memory in bytes. (gauge) -|<prefix>.pool.<pool>.<database>.total_used|Sum total used heap and native memory in bytes. (gauge) -|<prefix>.pool.<pool>.<database>.total_size|Sum total size of capacity of the heap and/or native memory pool. (gauge) -|<prefix>.pool.<pool>.<database>.free|Available unused memory in the pool, in bytes. (gauge) -|=== - -.Database operation count metrics - -[options="header",cols="<1m,<4"] -|=== -|Name |Description -|<prefix>.db.operation.count.create|Count of successful database create operations. (counter) -|<prefix>.db.operation.count.start|Count of successful database start operations. (counter) -|<prefix>.db.operation.count.stop|Count of successful database stop operations. (counter) -|<prefix>.db.operation.count.drop|Count of successful database drop operations. (counter) -|<prefix>.db.operation.count.failed|Count of failed database operations. (counter) -|<prefix>.db.operation.count.recovered|Count of database operations which failed previously but have recovered. (counter) -|=== - -.Database data metrics - -[options="header",cols="<1m,<4"] -|=== -|Name |Description -|<prefix>.ids_in_use.relationship_type|The total number of different relationship types stored in the database. Informational, not an indication of any issue. Spikes or large increases indicate large data loads, which could correspond with some behavior you are investigating. (gauge) -|<prefix>.ids_in_use.property|The total number of different property names used in the database. Informational, not an indication of any issue. Spikes or large increases indicate large data loads, which could correspond with some behavior you are investigating. (gauge) -|<prefix>.ids_in_use.relationship|The total number of relationships stored in the database. Informational, not an indication of any issue. Spikes or large increases indicate large data loads, which could correspond with some behavior you are investigating. (gauge) -|<prefix>.ids_in_use.node|The total number of nodes stored in the database. Informational, not an indication of any issue. Spikes or large increases indicate large data loads, which could correspond with some behavior you are investigating. (gauge) -|=== - -.Global neo4j pools metrics - -[options="header",cols="<1m,<4"] -|=== -|Name |Description -|<prefix>.dbms.pool.<pool>.used_heap|Used or reserved heap memory in bytes. (gauge) -|<prefix>.dbms.pool.<pool>.used_native|Used or reserved native memory in bytes. (gauge) -|<prefix>.dbms.pool.<pool>.total_used|Sum total used heap and native memory in bytes. (gauge) -|<prefix>.dbms.pool.<pool>.total_size|Sum total size of capacity of the heap and/or native memory pool. (gauge) -|<prefix>.dbms.pool.<pool>.free|Available unused memory in the pool, in bytes. (gauge) -|=== - -.Database page cache metrics - -[options="header",cols="<1m,<4"] -|=== -|Name |Description -|<prefix>.page_cache.eviction_exceptions|The total number of exceptions seen during the eviction process in the page cache. (counter) -|<prefix>.page_cache.flushes|The total number of page flushes executed by the page cache. (counter) -|<prefix>.page_cache.merges|The total number of page merges executed by the page cache. (counter) -|<prefix>.page_cache.unpins|The total number of page unpins executed by the page cache. (counter) -|<prefix>.page_cache.pins|The total number of page pins executed by the page cache. (counter) -|<prefix>.page_cache.evictions|The total number of page evictions executed by the page cache. (counter) -|<prefix>.page_cache.evictions.cooperative|The total number of cooperative page evictions executed by the page cache due to low available pages. (counter) -|<prefix>.page_cache.page_faults|The total number of page faults happened in the page cache. If this continues to rise over time, it could be an indication that more page cache is needed. (counter) -|<prefix>.page_cache.page_fault_failures|The total number of failed page faults happened in the page cache. (counter) -|<prefix>.page_cache.page_cancelled_faults|The total number of cancelled page faults happened in the page cache. (counter) -|<prefix>.page_cache.hits|The total number of page hits happened in the page cache. (counter) -|<prefix>.page_cache.hit_ratio|The ratio of hits to the total number of lookups in the page cache. Performance relies on efficiently using the page cache, so this metric should be in the 98-100% range consistently. If it is much lower than that, then the database is going to disk too often. (gauge) -|<prefix>.page_cache.usage_ratio|The ratio of number of used pages to total number of available pages. This metric shows what percentage of the allocated page cache is actually being used. If it is 100%, then it is likely that the hit ratio will start dropping, and you should consider allocating more RAM to page cache. (gauge) -|<prefix>.page_cache.bytes_read|The total number of bytes read by the page cache. (counter) -|<prefix>.page_cache.bytes_written|The total number of bytes written by the page cache. (counter) -|<prefix>.page_cache.iops|The total number of IO operations performed by page cache. -|<prefix>.page_cache.throttled.times|The total number of times page cache flush IO limiter was throttled during ongoing IO operations. -|<prefix>.page_cache.throttled.millis|The total number of millis page cache flush IO limiter was throttled during ongoing IO operations. -|<prefix>.page_cache.pages_copied|The total number of page copies happened in the page cache. (counter) -|=== - -.Query execution metrics - -[options="header",cols="<1m,<4"] -|=== -|Name |Description -|<prefix>.db.query.execution.success|Count of successful queries executed. (counter) -|<prefix>.db.query.execution.failure|Count of failed queries executed. (counter) -|<prefix>.db.query.execution.latency.millis|Execution time in milliseconds of queries executed successfully. (histogram) -|=== - -.Database store size metrics - -[options="header",cols="<1m,<4"] -|=== -|Name |Description -|<prefix>.store.size.total|The total size of the database and transaction logs, in bytes. The total size of the database helps determine how much cache page is required. It also helps compare the total disk space used by the data store and how much is available. (gauge) -|<prefix>.store.size.database|The size of the database, in bytes. The total size of the database helps determine how much cache page is required. It also helps compare the total disk space used by the data store and how much is available. (gauge) -|=== - -.Database transaction log metrics - -[options="header",cols="<1m,<4"] -|=== -|Name |Description -|<prefix>.log.rotation_events|The total number of transaction log rotations executed so far. (counter) -|<prefix>.log.rotation_total_time|The total time, in milliseconds, spent in rotating transaction logs so far. (counter) -|<prefix>.log.rotation_duration|The duration, in milliseconds, of the last log rotation event. (gauge) -|<prefix>.log.appended_bytes|The total number of bytes appended to transaction log. (counter) -|<prefix>.log.flushes|The total number of transaction log flushes. (counter) -|<prefix>.log.append_batch_size|The size of the last transaction append batch. (gauge) -|=== - -.Database transaction metrics - -[options="header",cols="<1m,<4"] -|=== -|Name |Description -|<prefix>.transaction.started|The total number of started transactions. (counter) -|<prefix>.transaction.peak_concurrent|The highest peak of concurrent transactions. This is a useful value to understand. It can help you with the design for the highest load scenarios and whether the Bolt thread settings should be altered. (counter) -|<prefix>.transaction.active|The number of currently active transactions. Informational, not an indication of any issue. Spikes or large increases could indicate large data loads, or just high read load. (gauge) -|<prefix>.transaction.active_read|The number of currently active read transactions. (gauge) -|<prefix>.transaction.active_write|The number of currently active write transactions. (gauge) -|<prefix>.transaction.committed|The total number of committed transactions. Informational, not an indication of any issue. Spikes or large increases indicate large data loads, or just high read load. (counter) -|<prefix>.transaction.committed_read|The total number of committed read transactions. Informational, not an indication of any issue. Spikes or large increases indicate high read load. (counter) -|<prefix>.transaction.committed_write|The total number of committed write transactions. Informational, not an indication of any issue. Spikes or large increases indicate large data loads, which could correspond with some behavior you are investigating. (counter) -|<prefix>.transaction.rollbacks|The total number of rolled back transactions. (counter) -|<prefix>.transaction.rollbacks_read|The total number of rolled back read transactions. (counter) -|<prefix>.transaction.rollbacks_write|The total number of rolled back write transactions. Seeing a lot of writes rolled back may indicate various issues with locking, transaction timeouts, etc. (counter) -|<prefix>.transaction.terminated|The total number of terminated transactions. (counter) -|<prefix>.transaction.terminated_read|The total number of terminated read transactions. (counter) -|<prefix>.transaction.terminated_write|The total number of terminated write transactions. (counter) -|<prefix>.transaction.last_committed_tx_id|The ID of the last committed transaction. Track this for each instance. (Cluster) Track this for each Core cluster member, and each Read Replica. Might break into separate charts. It should show one line, ever increasing, and if one of the lines levels off or falls behind, it is clear that this member is no longer replicating data and action is needed to rectify the situation. (counter) -|<prefix>.transaction.last_closed_tx_id|The ID of the last closed transaction. (counter) -|<prefix>.transaction.tx_size_heap|The transactions' size on heap in bytes. (histogram) -|<prefix>.transaction.tx_size_native|The transactions' size in native memory in bytes. (histogram) -|=== - -.Server metrics - -[options="header",cols="<1m,<4"] -|=== -|Name |Description -|<prefix>.server.threads.jetty.idle|The total number of idle threads in the jetty pool. (gauge) -|<prefix>.server.threads.jetty.all|The total number of threads (both idle and busy) in the jetty pool. (gauge) -|=== - diff --git a/modules/ROOT/partials/neo4j-metrics/cc-metrics.adoc b/modules/ROOT/partials/neo4j-metrics/cc-metrics.adoc deleted file mode 100644 index f396ef826..000000000 --- a/modules/ROOT/partials/neo4j-metrics/cc-metrics.adoc +++ /dev/null @@ -1,61 +0,0 @@ -.CatchUp Metrics - -[options="header",cols="<1m,<4"] -|=== -|Name |Description -|<prefix>.cluster.catchup.tx_pull_requests_received|TX pull requests received from read replicas. (counter) -|=== - -.Discovery core metrics - -[options="header",cols="<1m,<4"] -|=== -|Name |Description -|<prefix>.cluster.discovery.replicated_data|Size of replicated data structures. (gauge) -|<prefix>.cluster.discovery.cluster.members|Discovery cluster member size. (gauge) -|<prefix>.cluster.discovery.cluster.unreachable|Discovery cluster unreachable size. (gauge) -|<prefix>.cluster.discovery.cluster.converged|Discovery cluster convergence. (gauge) -|=== - -.Raft core metrics - -[options="header",cols="<1m,<4"] -|=== -|Name |Description -|<prefix>.cluster.core.append_index|The append index of the Raft log. Each index represents a write transaction (possibly internal) proposed for commitment. The values mostly increase, but sometimes they can decrease as a consequence of leader changes. The append index should always be less than or equal to the commit index. (gauge) -|<prefix>.cluster.core.commit_index|The commit index of the Raft log. Represents the commitment of previously appended entries. Its value increases monotonically if you do not unbind the cluster state. The commit index should always be bigger than or equal to the append index. (gauge) -|<prefix>.cluster.core.applied_index|The applied index of the Raft log. Represents the application of the committed Raft log entries to the database and internal state. The applied index should always be bigger than or equal to the commit index. The difference between this and the commit index can be used to monitor how up-to-date the follower database is. (gauge) -|<prefix>.cluster.core.term|The Raft Term of this server. It increases monotonically if you do not unbind the cluster state. (gauge) -|<prefix>.cluster.core.tx_retries|Transaction retries. (counter) -|<prefix>.cluster.core.is_leader|Is this server the leader? Track this for each Core cluster member. It will report `0` if it is not the leader and `1` if it is the leader. The sum of all of these should always be `1`. However, there will be transient periods in which the sum can be more than `1` because more than one member thinks it is the leader. Action may be needed if the metric shows `0` for more than 30 seconds. (gauge) -|<prefix>.cluster.core.in_flight_cache.total_bytes|In-flight cache total bytes. (gauge) -|<prefix>.cluster.core.in_flight_cache.max_bytes|In-flight cache max bytes. (gauge) -|<prefix>.cluster.core.in_flight_cache.element_count|In-flight cache element count. (gauge) -|<prefix>.cluster.core.in_flight_cache.max_elements|In-flight cache maximum elements. (gauge) -|<prefix>.cluster.core.in_flight_cache.hits|In-flight cache hits. (counter) -|<prefix>.cluster.core.in_flight_cache.misses|In-flight cache misses. (counter) -|<prefix>.cluster.core.raft_log_entry_prefetch_buffer.lag|Raft Log Entry Prefetch Lag. (gauge) -|<prefix>.cluster.core.raft_log_entry_prefetch_buffer.bytes|Raft Log Entry Prefetch total bytes. (gauge) -|<prefix>.cluster.core.raft_log_entry_prefetch_buffer.size|Raft Log Entry Prefetch buffer size. (gauge) -|<prefix>.cluster.core.raft_log_entry_prefetch_buffer.async_put|Raft Log Entry Prefetch buffer async puts. (gauge) -|<prefix>.cluster.core.raft_log_entry_prefetch_buffer.sync_put|Raft Log Entry Prefetch buffer sync puts. (gauge) -|<prefix>.cluster.core.message_processing_delay|Delay between Raft message receive and process. (gauge) -|<prefix>.cluster.core.message_processing_timer|Timer for Raft message processing. (counter, histogram) -|<prefix>.cluster.core.replication_new|The total number of Raft replication requests. It increases with write transactions (possibly internal) activity. (counter) -|<prefix>.cluster.core.replication_attempt|The total number of Raft replication requests attempts. It is bigger or equal than the replication requests. (counter) -|<prefix>.cluster.core.replication_fail|The total number of Raft replication attempts that have failed. (counter) -|<prefix>.cluster.core.replication_maybe|Raft Replication maybe count. (counter) -|<prefix>.cluster.core.replication_success|The total number of Raft replication requests that have succeeded. (counter) -|<prefix>.cluster.core.last_leader_message|The time elapsed since the last message from a leader in milliseconds. Should reset periodically. (gauge) -|=== - -.Read Replica Metrics - -[options="header",cols="<1m,<4"] -|=== -|Name |Description -|<prefix>.cluster.read_replica.pull_updates|The total number of pull requests made by this instance. (counter) -|<prefix>.cluster.read_replica.pull_update_highest_tx_id_requested|The highest transaction id requested in a pull update by this instance. (counter) -|<prefix>.cluster.read_replica.pull_update_highest_tx_id_received|The highest transaction id that has been pulled in the last pull updates by this instance. (counter) -|=== - diff --git a/modules/ROOT/partials/neo4j-metrics/jvm-metrics.adoc b/modules/ROOT/partials/neo4j-metrics/jvm-metrics.adoc deleted file mode 100644 index 7a9c159f7..000000000 --- a/modules/ROOT/partials/neo4j-metrics/jvm-metrics.adoc +++ /dev/null @@ -1,62 +0,0 @@ -.JVM file descriptor metrics. - -[options="header",cols="<1m,<4"] -|=== -|Name |Description -|<prefix>.vm.file.descriptors.count|The current number of open file descriptors. (gauge) -|<prefix>.vm.file.descriptors.maximum|(OS setting) The maximum number of open file descriptors. It is recommended to be set to 40K file handles, because of the native and Lucene indexing Neo4j uses. If this metric gets close to the limit, you should consider raising it. (gauge) -|=== - -.GC metrics. - -[options="header",cols="<1m,<4"] -|=== -|Name |Description -|<prefix>.vm.gc.time.<gc>|Accumulated garbage collection time in milliseconds. Long GCs can be an indication of performance issues, or potentially instability. If this approaches the heartbeat timeout in a cluster, it may cause unwanted leader switches. (counter) -|<prefix>.vm.gc.count.<gc>|Total number of garbage collections. (counter) -|=== - -.JVM Heap metrics. - -[options="header",cols="<1m,<4"] -|=== -|Name |Description -|<prefix>.vm.heap.committed|Amount of memory (in bytes) guaranteed to be available for use by the JVM. (gauge) -|<prefix>.vm.heap.used|Amount of memory (in bytes) currently used. This is the amount of heap space currently used at a given point in time. Monitor this to identify if you are maxing out consistently, in which case, you should increase initial and max heap size, or if you are underutilizing, you should decrease the initial and max heap sizes. (gauge) -|<prefix>.vm.heap.max|Maximum amount of heap memory (in bytes) that can be used. This is the amount of heap space currently used at a given point in time. Monitor this to identify if you are maxing out consistently, in which case, you should increase initial and max heap size, or if you are underutilizing, you should decrease the initial and max heap sizes. (gauge) -|=== - -.JVM memory buffers metrics. - -[options="header",cols="<1m,<4"] -|=== -|Name |Description -|<prefix>.vm.memory.buffer.<bufferpool>.count|Estimated number of buffers in the pool. (gauge) -|<prefix>.vm.memory.buffer.<bufferpool>.used|Estimated amount of memory used by the pool. (gauge) -|<prefix>.vm.memory.buffer.<bufferpool>.capacity|Estimated total capacity of buffers in the pool. (gauge) -|=== - -.JVM memory pools metrics. - -[options="header",cols="<1m,<4"] -|=== -|Name |Description -|<prefix>.vm.memory.pool.<pool>|Estimated amount of memory in bytes used by the pool. (gauge) -|=== - -.JVM pause time metrics. - -[options="header",cols="<1m,<4"] -|=== -|Name |Description -|<prefix>.vm.pause_time|Accumulated detected VM pause time. (counter) -|=== - -.JVM threads metrics. - -[options="header",cols="<1m,<4"] -|=== -|Name |Description -|<prefix>.vm.threads|The total number of live threads including daemon and non-daemon threads. (gauge) -|=== - From 4ead52731ba5b43ec09e641a55664bc7b1fad0e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anton=20Klar=C3=A9n?= Date: Wed, 18 Jan 2023 20:41:36 +0100 Subject: [PATCH 089/876] Update Debian non-interactive installation (#341) This only applies to 5.3+, I don't know how I should document that. Co-authored-by: Reneta Popova --- modules/ROOT/pages/installation/linux/debian.adoc | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/installation/linux/debian.adoc b/modules/ROOT/pages/installation/linux/debian.adoc index 4c20d0c55..af982cb39 100644 --- a/modules/ROOT/pages/installation/linux/debian.adoc +++ b/modules/ROOT/pages/installation/linux/debian.adoc @@ -106,7 +106,7 @@ sudo apt-get update ---- apt list -a neo4j ---- - ++ [NOTE] ==== In Ubuntu server installations you will also need to make sure that the `universe` repository is enabled. @@ -157,13 +157,19 @@ echo purge | sudo debconf-communicate neo4j-enterprise For Neo4j Enterprise Edition, the license agreement is presented in an interactive prompt. If you require non-interactive installation of Neo4j Enterprise Edition, you can indicate that you have read and accepted the license agreement using `debconf-set-selections`: +.For Neo4j v5.3 and later +[source, shell] +---- +echo "neo4j-enterprise neo4j/accept-license select Accept commercial license" | sudo debconf-set-selections +---- + +.For Neo4j v5.2 and earlier [source, shell] ---- echo "neo4j-enterprise neo4j/question select I ACCEPT" | sudo debconf-set-selections echo "neo4j-enterprise neo4j/license note" | sudo debconf-set-selections ---- - [[debian-offline-installation]] == Offline installation From 59700822cf7281e65c888526cf967188fbe4a22a Mon Sep 17 00:00:00 2001 From: Valdemar Roxling Date: Thu, 19 Jan 2023 10:51:36 +0100 Subject: [PATCH 090/876] Simple docs for CLI tabcompletion (#342) Co-authored-by: Reneta Popova --- modules/ROOT/pages/tools/neo4j-admin/index.adoc | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/modules/ROOT/pages/tools/neo4j-admin/index.adoc b/modules/ROOT/pages/tools/neo4j-admin/index.adoc index 7957c6810..84a00e638 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/index.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/index.adoc @@ -290,3 +290,11 @@ If set, `HEAP_SIZE` and `JAVA_OPTS` override all relevant settings specified in When `neo4j-admin` finishes as expected, it returns an exit code of `0`. A non-zero exit code means something undesired happened during command execution. The non-zero exit code can contain further information about the error, such as the `backup` command's xref:backup-restore/online-backup.adoc#backup-command-exit-codes[exit codes]. + +== Command-line completion + +From v5.4 onwards, Neo4j supports command-line completion. + +* For Unix-based systems, the tab completion applies to the `neo4j` and `neo4j-admin` command line interfaces in terminals such as Bash and ZSH. +* For RPM and DEB packaged installations, the necessary files are automatically installed in `bash-completion`. +* For tarball installations, the files are located in the _bin/completion/_ directory with detailed instructions for manual installation. From 81783007d87beaeb0b9039f26a34190b64544356 Mon Sep 17 00:00:00 2001 From: Lasse Heemann Date: Thu, 19 Jan 2023 12:10:28 +0100 Subject: [PATCH 091/876] Update modules/ROOT/pages/tutorial/tutorial-immutable-privileges.adoc Co-authored-by: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> --- modules/ROOT/pages/tutorial/tutorial-immutable-privileges.adoc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/tutorial/tutorial-immutable-privileges.adoc b/modules/ROOT/pages/tutorial/tutorial-immutable-privileges.adoc index 423c62658..3fd65aaf5 100644 --- a/modules/ROOT/pages/tutorial/tutorial-immutable-privileges.adoc +++ b/modules/ROOT/pages/tutorial/tutorial-immutable-privileges.adoc @@ -19,7 +19,8 @@ To do so, follow these steps: . Change the config setting xref:reference/configuration-settings.adoc#config_dbms.security.auth_enabled[`dbms.security.auth_enabled`] to `false`. . Restart the Neo4j DBMS. -. Create or remove immutable privileges in the same way as regular privileges, using the keyword `IMMUTABLE`. For example: +. Create or remove immutable privileges in the same way as regular privileges using the keyword `IMMUTABLE`. +For example: [source, cypher, role=noplay] ---- DENY IMMUTABLE DATABASE MANAGEMENT ON DBMS TO PUBLIC From 5d400d0bc56ec301c838b51813c64ca68a9f81f2 Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Thu, 19 Jan 2023 13:05:06 +0100 Subject: [PATCH 092/876] Fix the typo in the description of the setting (#346) (#357) --- modules/ROOT/partials/neo4j-config/all-settings.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/partials/neo4j-config/all-settings.adoc b/modules/ROOT/partials/neo4j-config/all-settings.adoc index 0742f783a..c2f042b73 100644 --- a/modules/ROOT/partials/neo4j-config/all-settings.adoc +++ b/modules/ROOT/partials/neo4j-config/all-settings.adoc @@ -1470,7 +1470,7 @@ m|+++LIST+++ [cols="<1s,<4"] |=== |Description -a|label:enterprise-edition[Enterprise only]Minimum number of machines initially required to formed a clustered DBMS. The cluster is considered formed when at least this many members have discovered each other, bound together and bootstrapped a highly available system database. As a result, at least this many of the cluster's initial machines must have '<>' set to 'PRIMARY'.NOTE: If '<>' is set to 'LIST' and '<>' is empty then the user is assumed to be deploying a standalone DBMS, and the value of this setting is ignored. +a|label:enterprise-edition[Enterprise only]Minimum number of machines initially required to form a clustered DBMS. The cluster is considered formed when at least this many members have discovered each other, bound together and bootstrapped a highly available system database. As a result, at least this many of the cluster's initial machines must have '<>' set to 'PRIMARY'.NOTE: If '<>' is set to 'LIST' and '<>' is empty then the user is assumed to be deploying a standalone DBMS, and the value of this setting is ignored. |Valid values a|dbms.cluster.minimum_initial_system_primaries_count, an integer which is minimum `1` |Default value From e87e68eac3861db68efb7d9f22200b0f333d82e8 Mon Sep 17 00:00:00 2001 From: Stefano Ottolenghi Date: Thu, 19 Jan 2023 15:07:19 +0100 Subject: [PATCH 093/876] point driver link to drivers/apis landing page --- .../clustering-advanced/multi-data-center-routing.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc b/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc index 1beb350cb..ac933c0da 100644 --- a/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc +++ b/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc @@ -141,7 +141,7 @@ Please contact Neo4j Professional Services if you think that you need a custom p .Use load balancing from Neo4j drivers ==== Once enabled and configured, the custom load balancing feature is used by drivers to route traffic as intended. -See the link:{neo4j-docs-base-uri}[Neo4j Driver manuals] for instructions on how to configure drivers to use custom load balancing. +See the link:{neo4j-docs-base-uri}/drivers-apis/[Neo4j Drivers manuals] for instructions on how to configure drivers to use custom load balancing. ==== From f61b5a092307cce5a2989574a6b01a11fa38d001 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Fri, 20 Jan 2023 10:03:24 +0000 Subject: [PATCH 094/876] Add a note about NEO4J_AUTH (#359) --- modules/ROOT/pages/docker/introduction.adoc | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/modules/ROOT/pages/docker/introduction.adoc b/modules/ROOT/pages/docker/introduction.adoc index 33ac58483..773875e70 100644 --- a/modules/ROOT/pages/docker/introduction.adoc +++ b/modules/ROOT/pages/docker/introduction.adoc @@ -70,6 +70,14 @@ docker run \ neo4j:{neo4j-version-exact} ---- +[NOTE] +==== +With no persistent storage for the databases, `NEO4J_ATUH` takes effect each time the container is recreated, even if you have changed the password. + +However, with persistent storage for the databases, `NEO4J_AUTH` only takes effect on the initial startup. +It is ignored when the container is recreated and cannot override a changed password. +==== + Alternatively, you can disable authentication by specifying `NEO4J_AUTH` to `none`: [source, shell] From 326e1a21d7ce933625a16258fdcf166b42da9f8b Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Fri, 20 Jan 2023 11:18:36 +0100 Subject: [PATCH 095/876] fixing link for the neo4j-download-center-uri (#356) (#362) It was broken in neo4j desktop installation page. Should be cherry picked to all branches. Co-authored-by: Neil Dewhurst Cherry-pick of https://github.com/neo4j/docs-operations/pull/356 Co-authored-by: Neil Dewhurst --- modules/ROOT/pages/installation/neo4j-desktop.adoc | 2 +- publish.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/installation/neo4j-desktop.adoc b/modules/ROOT/pages/installation/neo4j-desktop.adoc index 09a6217bd..86ba81ec8 100644 --- a/modules/ROOT/pages/installation/neo4j-desktop.adoc +++ b/modules/ROOT/pages/installation/neo4j-desktop.adoc @@ -9,7 +9,7 @@ Neo4j Desktop is a convenient way for developers to work with local Neo4j databa Neo4j Desktop is not suited for production environments. ==== -To install Neo4j Desktop, go to {neo4j-download-center-uri}[Neo4j Download Center] and follow the instructions. +To install Neo4j Desktop, go to link:{neo4j-download-center-uri}[Neo4j Download Center] and follow the instructions. [TIP] ==== diff --git a/publish.yml b/publish.yml index c06bb1ed1..f89ab4b9d 100644 --- a/publish.yml +++ b/publish.yml @@ -57,4 +57,4 @@ asciidoc: '0': "\\{0}" neo4j-base-uri: '' neo4j-docs-base-uri: /docs - neo4j-download-center-uri: /download-center + neo4j-download-center-uri: https://neo4j.com/download-center From 38c54bc8d121274ce2e292cf0e6719e62282123b Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Fri, 20 Jan 2023 13:25:02 +0100 Subject: [PATCH 096/876] adding information about runtime max number (#368) (#371) Cherry-pick of https://github.com/neo4j/docs-operations/pull/368 --- modules/ROOT/partials/neo4j-config/all-settings.adoc | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/partials/neo4j-config/all-settings.adoc b/modules/ROOT/partials/neo4j-config/all-settings.adoc index c2f042b73..fa903345a 100644 --- a/modules/ROOT/partials/neo4j-config/all-settings.adoc +++ b/modules/ROOT/partials/neo4j-config/all-settings.adoc @@ -2882,7 +2882,8 @@ m|+++neo4j+++ |Description a|label:enterprise-edition[Enterprise only]Initial default number of primary instances of user databases. If the user does not specify the number of primaries in 'CREATE DATABASE', this value will be used, unless it is overwritten with the 'dbms.setDefaultAllocationNumbers' procedure. |Valid values -a|initial.dbms.default_primaries_count, an integer which is minimum `1` and is maximum `11` +a|initial.dbms.default_primaries_count, an integer which is minimum `1` and is maximum `11`. +The same value applies to runtime max number. |Default value m|+++1+++ |=== @@ -2894,7 +2895,8 @@ m|+++1+++ |Description a|label:enterprise-edition[Enterprise only]Initial default number of secondary instances of user databases. If the user does not specify the number of secondaries in 'CREATE DATABASE', this value will be used, unless it is overwritten with the 'dbms.setDefaultAllocationNumbers' procedure. |Valid values -a|initial.dbms.default_secondaries_count, an integer which is minimum `0` and is maximum `20` +a|initial.dbms.default_secondaries_count, an integer which is minimum `0` and is maximum `20`. +The same value applies to runtime max number. |Default value m|+++0+++ |=== From a251ba3a806cd136847e1a0b06b6845910846612 Mon Sep 17 00:00:00 2001 From: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> Date: Mon, 23 Jan 2023 09:28:36 +0100 Subject: [PATCH 097/876] hide advanced clustering (#369) (#370) --- modules/ROOT/content-nav.adoc | 4 ++-- modules/ROOT/pages/clustering/index.adoc | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/ROOT/content-nav.adoc b/modules/ROOT/content-nav.adoc index 58b690a7b..c1afa150d 100644 --- a/modules/ROOT/content-nav.adoc +++ b/modules/ROOT/content-nav.adoc @@ -98,8 +98,8 @@ ** xref:clustering/disaster-recovery.adoc[] //** xref:clustering/internals.adoc[] ** xref:clustering/settings.adoc[] -** xref:clustering/clustering-advanced/index.adoc[] -*** xref:clustering/clustering-advanced/multi-data-center-routing.adoc[] +// ** xref:clustering/clustering-advanced/index.adoc[] +// *** xref:clustering/clustering-advanced/multi-data-center-routing.adoc[] ** xref:clustering/glossary.adoc[] * xref:backup-restore/index.adoc[] diff --git a/modules/ROOT/pages/clustering/index.adoc b/modules/ROOT/pages/clustering/index.adoc index e10f5e2d7..0e7e1a6b7 100644 --- a/modules/ROOT/pages/clustering/index.adoc +++ b/modules/ROOT/pages/clustering/index.adoc @@ -17,8 +17,8 @@ This chapter describes the following: ** xref:clustering/monitoring/show-servers-monitoring.adoc[Monitoring servers] -- The tools available for monitoring the servers in a cluster. ** xref:clustering/monitoring/show-databases-monitoring.adoc[Monitoring databases] -- The tools available for monitoring the databases in a cluster. * xref:clustering/settings.adoc[Settings reference] -- A summary of the most important cluster settings. -* xref:clustering/clustering-advanced/index.adoc[] -** xref:clustering/clustering-advanced/multi-data-center-routing.adoc[] +// * xref:clustering/clustering-advanced/index.adoc[Advanced clustering] -- Some more advanced features of Neo4j clusters. +// ** xref:clustering/clustering-advanced/multi-data-center-routing.adoc[Multi-data center routing] -- Clusters on mutli-data centers. * xref:clustering/glossary.adoc[Clustering glossary] -- A glossary of terms used in the clustering documentation. //* <> -- A few internals regarding the operation of the cluster. Further information: From b8049d6d9463af17156720eea92b218dcd43752f Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Mon, 23 Jan 2023 09:50:26 +0000 Subject: [PATCH 098/876] Update the use of the copy command in v5.x (#360) --- modules/ROOT/pages/backup-restore/copy-database.adoc | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/modules/ROOT/pages/backup-restore/copy-database.adoc b/modules/ROOT/pages/backup-restore/copy-database.adoc index 12abdf4d5..ca5b05748 100644 --- a/modules/ROOT/pages/backup-restore/copy-database.adoc +++ b/modules/ROOT/pages/backup-restore/copy-database.adoc @@ -27,9 +27,9 @@ It is therefore not appropriate for all use cases. Estimating the processing time:: + -- -Estimations for how long the `neo4j-admin database copy` command takes can be made based upon the following: +Estimations for how long the `neo4j-admin database copy` command takes can be made based on the following: -* Neo4j, like many other databases, do IO in 8K pages. +* Neo4j, like many other databases, does IO in 8K pages. * Your disc manufacturer will have a value for the maximum IOPS it can process. For example, if your disc manufacturer has provided a maximum of 5000 IOPS, you can reasonably expect up to 5000 such page operations a second. @@ -56,7 +56,7 @@ For detailed information about supported methods of upgrade and migration, see t [[copy-database-usage]] === Usage -The `neo4j-admin database copy` command can be used to clean up database inconsistencies, compact stores, and do a direct migration from Neo4j 3.5 to any 4.x version. +The `neo4j-admin database copy` command can be used to clean up database inconsistencies, compact stores, and do a direct migration from Neo4j 4.4 to any 5.x version. It can process an optional set of filters, which you can use to remove any unwanted data before copying the database. The command also reclaims the unused space of a database and creates a defragmented copy of that database or backup in the destination Neo4j instance. @@ -70,8 +70,6 @@ However, the command will output Cypher statements, which you can run to recreat [TIP] ==== For a detailed example of how to reclaim unused space, see xref:performance/space-reuse.adoc#space-reuse-reclaim-space[Reclaim unused space]. -// TODO is there a corresponding example that should be linked in the 5.0 docs? -// For a detailed example of how to back up a 3.5 database and use the `neo4j-admin database copy` command to compact its store and migrate it to a 4.x Neo4j standalone instance, see link:{neo4j-docs-base-uri}/upgrade-migration-guide/migration/migrate-to-4.any/online-backup-copy-database/[Upgrade and Migration Guide -> Tutorial: Back up and copy a database in a standalone instance]. ==== [WARNING] From 3b3e2557d7f56b8c7793f572fd5d47d9f0f3bcce Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Mon, 23 Jan 2023 12:15:24 +0100 Subject: [PATCH 099/876] Adding link to procedures page to make it easier and more visible (#373) (#374) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit fo users how to get the full list of functionalities. This PR is related to https://github.com/neo4j/docs-cypher/pull/322 Co-authored-by: Jens Pryce-Åklundh <112686610+JPryce-Aklundh@users.noreply.github.com> Cherry-pick of https://github.com/neo4j/docs-operations/pull/373 Co-authored-by: Jens Pryce-Åklundh <112686610+JPryce-Aklundh@users.noreply.github.com> --- modules/ROOT/pages/performance/index-configuration.adoc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/performance/index-configuration.adoc b/modules/ROOT/pages/performance/index-configuration.adoc index 6492cc80b..ca7a1760a 100644 --- a/modules/ROOT/pages/performance/index-configuration.adoc +++ b/modules/ROOT/pages/performance/index-configuration.adoc @@ -140,7 +140,8 @@ A full description on how to create and use full-text indexes is provided in the [[index-configuration-fulltext-configuration]] === Configuring a full-text index -The following options are available for configuring full-text indexes: +The following options are available for configuring full-text indexes. +For a complete list of Neo4j procedures, see link:{neo4j-docs-base-uri}/operations-manual/{page-version}/reference/procedures/[Operations Manual -> Procedures]. `db.index.fulltext.default_analyzer`:: The name of the default analyzer when creating a new Full-text index. From cf0899c0562e877b0d3ee075a6e5f32215565c38 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Mon, 23 Jan 2023 13:20:54 +0100 Subject: [PATCH 100/876] External link was broken (#349) (#377) because the kubernetes docs version was updated from 1.18 to 1.19 Cherry-pick from https://github.com/neo4j/docs-operations/pull/349 --- modules/ROOT/pages/clustering/setup/discovery.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/clustering/setup/discovery.adoc b/modules/ROOT/pages/clustering/setup/discovery.adoc index 063f38e71..6705ee914 100644 --- a/modules/ROOT/pages/clustering/setup/discovery.adoc +++ b/modules/ROOT/pages/clustering/setup/discovery.adoc @@ -64,7 +64,7 @@ The configured server uses all the addresses from the SRV record to join or form == Discovery in Kubernetes A special case is when a cluster is running in https://kubernetes.io/[Kubernetes^] and each server is running as a Kubernetes service. -Then, the addresses of the other servers can be obtained using the List Service API, as described in the https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#list-service-v1-core[Kubernetes API documentation^]. +Then, the addresses of the other servers can be obtained using the List Service API, as described in the https://kubernetes.io/docs/reference/kubernetes-api/[Kubernetes API documentation^]. The following settings are used to configure for this scenario: From 31d7527ea1718297c3e001d6de17191c2401a28c Mon Sep 17 00:00:00 2001 From: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> Date: Mon, 23 Jan 2023 14:03:11 +0100 Subject: [PATCH 101/876] updated verbiage and metric for cluster health (#378) (#379) --- modules/ROOT/pages/monitoring/metrics/essential.adoc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/ROOT/pages/monitoring/metrics/essential.adoc b/modules/ROOT/pages/monitoring/metrics/essential.adoc index 3e035c793..6c5897380 100644 --- a/modules/ROOT/pages/monitoring/metrics/essential.adoc +++ b/modules/ROOT/pages/monitoring/metrics/essential.adoc @@ -96,11 +96,11 @@ The leader's load pattern differs from the followers, which should exhibit simil | Description | Leader -| `.database..cluster.core.is_leader` -| Track this for each Core cluster member. -It will report `0` if it is not the leader and `1` if it is the leader. +| `.database..cluster.raft.is_leader` +| Track this for each database primary. +It reports `0` if it is not the leader and `1` if it is the leader. The sum of all of these should always be `1`. -However, there will be transient periods in which the sum can be more than `1` because more than one member thinks it is the leader. +However, there are transient periods in which the sum can be more than `1` because more than one member thinks it is the leader. | Transaction workload | `.database..transaction.last_committed_tx_id` From 507301e4b1b2d70d593a46360165886e249ea3ed Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Tue, 24 Jan 2023 15:16:36 +0100 Subject: [PATCH 102/876] Removing extra "calling" in syntax as result of a typo (#381) (#382) Cherry-picked from https://github.com/neo4j/docs-operations/pull/381 --- modules/ROOT/pages/monitoring/background-jobs.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/monitoring/background-jobs.adoc b/modules/ROOT/pages/monitoring/background-jobs.adoc index a7844c960..0a129de40 100644 --- a/modules/ROOT/pages/monitoring/background-jobs.adoc +++ b/modules/ROOT/pages/monitoring/background-jobs.adoc @@ -113,7 +113,7 @@ An xref:authentication-authorization/terminology.adoc#term-administrator[adminis *Syntax:* -`CALL calling dbms.scheduler.failedJobs()` +`CALL dbms.scheduler.failedJobs()` *Returns:* From db24428677fd23e1e89043f9484c9fa4056f1083 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 25 Jan 2023 10:49:36 +0000 Subject: [PATCH 103/876] Remove the step that you need to accept the license agreement before running neo4j (#387) --- modules/ROOT/pages/installation/linux/tarball.adoc | 6 ------ 1 file changed, 6 deletions(-) diff --git a/modules/ROOT/pages/installation/linux/tarball.adoc b/modules/ROOT/pages/installation/linux/tarball.adoc index bb0dd33f2..76e58e79b 100644 --- a/modules/ROOT/pages/installation/linux/tarball.adoc +++ b/modules/ROOT/pages/installation/linux/tarball.adoc @@ -42,12 +42,6 @@ chown -R neo4j:adm /opt/neo4j-enterprise-{neo4j-version-exact} ---- chown -R neo4j /opt/neo4j-enterprise-{neo4j-version-exact} ---- -. label:enterprise[Enterprise Edition] Accept the license agreement by either using the environment variable `NEO4J_ACCEPT_LICENSE_AGREEMENT=yes` or by running `/bin/neo4j-admin license --accept-commercial`. -+ -[NOTE] -==== -From Neo4j v5.4 onwards, you are required to accept the license _before_ running the Neo4j Enterprise Edition from the tarball. -==== . Start Neo4j: .. To run Neo4j as a console application, use: `/bin/neo4j console`. .. To run Neo4j in a background process, use: `/bin/neo4j start`. From ea616682313d12dbdde92651b72f3a20c54d965a Mon Sep 17 00:00:00 2001 From: Therese Magnusson Date: Wed, 25 Jan 2023 13:28:12 +0100 Subject: [PATCH 104/876] Add note about server commands and composite databases (#386) The `allowedDatabases` and `deniedDatabases` doesn't apply to composite databases. Companion PR to https://github.com/neo4j/docs-cypher/pull/333 --- modules/ROOT/pages/clustering/servers.adoc | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/clustering/servers.adoc b/modules/ROOT/pages/clustering/servers.adoc index 8c6dd1557..50b981ebc 100644 --- a/modules/ROOT/pages/clustering/servers.adoc +++ b/modules/ROOT/pages/clustering/servers.adoc @@ -127,7 +127,12 @@ neo4j@neo4j> ENABLE SERVER '25a7efc7-d063-44b8-bdee-f23357f89f01' OPTIONS `modeConstraint` is used to control whether a server can be used to host a database in only primary or secondary mode. `allowedDatabases` and `deniedDatabases` are collections of database names that filter which databases may be hosted on a server. -These are mutually exclusive and if both are specified, an error is returned. +The `allowedDatabases` and `deniedDatabases` are mutually exclusive and if both are specified, an error is returned. + +[NOTE] +==== +`allowedDatabases` and `deniedDatabases` do not affect composite databases, they are always available everywhere. +==== If no options are set, a server can host any database in any mode. Servers can also provide default values for these options via their _neo4j.conf_ files on first startup. @@ -244,6 +249,11 @@ Altering servers may cause databases to be moved, and should be performed with c For example, if the server `25a7efc7-d063-44b8-bdee-f23357f89f01` hosts database `foo` in primary mode when the above command is executed, then another server must begin hosting `foo` in primary mode. Likewise, if `ALTER SERVER '25a7efc7-d063-44b8-bdee-f23357f89f01' SET OPTIONS {allowedDatabases:['bar','baz']};` is executed, then `foo` is forced to move. +[NOTE] +==== +`allowedDatabases` and `deniedDatabases` do not affect composite databases, they are always available everywhere. +==== + As with the `DEALLOCATE DATABASES FROM SERVER ...` command, if the alteration of a server's options renders it impossible for the cluster to satisfy one or more of the databases' topologies, then the command fails and no changes are made. [NOTE] From 607c0c2f80d0dd966f7784d8c7c03d4654d3c0cb Mon Sep 17 00:00:00 2001 From: Neil Dewhurst Date: Wed, 25 Jan 2023 13:39:59 +0000 Subject: [PATCH 105/876] Add antora-page-roles extension (#390) Labels are missing from pages because the add-page-roles extension was missing from the publish playbook. This PR restores the extension to the playbook. --- publish.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/publish.yml b/publish.yml index f89ab4b9d..837d627e5 100644 --- a/publish.yml +++ b/publish.yml @@ -35,6 +35,7 @@ asciidoc: - "@neo4j-documentation/remote-include" - "@neo4j-documentation/macros" - "@neo4j-antora/antora-add-notes" + - "@neo4j-antora/antora-page-roles" - "@neo4j-antora/antora-table-footnotes" attributes: page-theme: docs From e87ba4fb68e2ab7e10b7cfe83e63f7340d21e56f Mon Sep 17 00:00:00 2001 From: Neil Dewhurst Date: Wed, 25 Jan 2023 16:10:36 +0000 Subject: [PATCH 106/876] Update Neo4j versions (#394) --- antora.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/antora.yml b/antora.yml index 85e70e380..ae81dc37b 100644 --- a/antora.yml +++ b/antora.yml @@ -7,7 +7,7 @@ nav: asciidoc: attributes: neo4j-version: '5' - neo4j-version-minor: '5.4' - neo4j-version-exact: '5.4.0' - neo4j-buildnumber: '5.4' - neo4j-debian-package-version: '1:5.4.0@' + neo4j-version-minor: '5.5' + neo4j-version-exact: '5.5.0' + neo4j-buildnumber: '5.5' + neo4j-debian-package-version: '1:5.5.0@' From e68e2a9ced9d647635e4fd8cba55a5cbaec9dc9b Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Thu, 26 Jan 2023 10:35:35 +0100 Subject: [PATCH 107/876] Add information on the column ValidValues (#393) Results of the procedure `dbms.listConfig` lack information on the column 'validValues`. The description was added. --- modules/ROOT/pages/reference/procedures.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index 60e43a21d..4d2456927 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -1451,6 +1451,7 @@ Results include: * `defaultValue`: the default value of the setting. * `startupValue`: the value when the server was started, after _neo4j.conf_ and command line arguments have been applied. * `explicitlySet`: true if the value was set explicitly, or false if it was set by default. +* `validValues`: contains information on data types and possible values for the settings. | Signature m|dbms.listConfig(searchString = :: STRING?) :: (name :: STRING?, description :: STRING?, value :: STRING?, dynamic :: BOOLEAN?, defaultValue :: STRING?, startupValue :: STRING?, explicitlySet :: BOOLEAN?, validValues :: STRING?) From a5507f4fd7446beeaf7441f6edf05f7ff527c251 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Thu, 26 Jan 2023 11:57:02 +0100 Subject: [PATCH 108/876] adding link to JMX manual on the metrics page (#398) As requested Co-authored-by: Reneta Popova --- modules/ROOT/pages/monitoring/metrics/expose.adoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/ROOT/pages/monitoring/metrics/expose.adoc b/modules/ROOT/pages/monitoring/metrics/expose.adoc index f9511f271..3055b86c0 100644 --- a/modules/ROOT/pages/monitoring/metrics/expose.adoc +++ b/modules/ROOT/pages/monitoring/metrics/expose.adoc @@ -54,6 +54,8 @@ From version 4.2.2 onwards, the JMX metrics are exposed by default over JMX MBea server.metrics.jmx.enabled=true ---- +For more information about accessing and adjusting the metrics, see link:{neo4j-docs-base-uri}/java-reference/{page-version}/jmx-metrics/[The Java Reference Guide -> JMX metrics]. + [[metrics-graphite]] == Graphite From a785a9c2f53e2925fafa88886e5c9dbced1e4738 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 26 Jan 2023 11:58:06 +0000 Subject: [PATCH 109/876] Update Setting the number of open files (Linux .tar) (#392) - Replace the include "Setting the number of open files" with the actual content from the partial. - Remove the prefix user@localhost:~$ from the shell commands. - Update step 2 to refer to the created above [Service] section. --- .../pages/installation/linux/tarball.adoc | 81 ++++++++++++++++++- .../installation/linux/linux-open-files.adoc | 79 ------------------ 2 files changed, 80 insertions(+), 80 deletions(-) delete mode 100644 modules/ROOT/partials/installation/linux/linux-open-files.adoc diff --git a/modules/ROOT/pages/installation/linux/tarball.adoc b/modules/ROOT/pages/installation/linux/tarball.adoc index 76e58e79b..4768a3150 100644 --- a/modules/ROOT/pages/installation/linux/tarball.adoc +++ b/modules/ROOT/pages/installation/linux/tarball.adoc @@ -107,4 +107,83 @@ reboot For more information on operating the Neo4j system service, see xref:installation/linux/systemd.adoc[Neo4j system service]. -include::partial$/installation/linux/linux-open-files.adoc[leveloffset=+1] \ No newline at end of file +[[linux-open-files]] +== Setting the number of open files + +Linux platforms impose an upper limit on the number of concurrently open files per user and session. +To check your limit for the current session, run the command `ulimit -n`. +The default value is 1024. + +[source, shell] +---- +ulimit -n +---- + +However, if you experience exceptions on `Too many open files` or `Could not stat() directory`, you have to increase the limit to 40000 or more, depending on your usage patterns. +This is especially true when many indexes are used, or the server installation sees too many open network connections or sockets. + +A quick solution is the command `ulimit -n `, but it will set a new limit only for the root user and will affect only the current session. +If you want to set the value system-wide, follow the instructions for your platform. + +The following steps set the open file descriptor limit to 60000 for the user _neo4j_ under Ubuntu 16.04 LTS, Debian 8, CentOS 7, or later versions. + +=== Running Neo4j as a service + +. Open the _neo4j.service_ file with root privileges. ++ +[source, shell] +---- +sudo systemctl edit neo4j.service +---- + +. Append the following to the `[Service]` section, created in <>: ++ +[source] +---- +[Service] +... +LimitNOFILE=60000 +---- + +=== Running Neo4j as an interactive user (e.g., for testing purposes) + +. Open the _user.conf_ file with root privileges in a text editor. +This example uses Vim: ++ +[source, shell] +---- +sudo vi /etc/systemd/user.conf +---- + +. Uncomment and define the value of `DefaultLimitNOFILE`, found in the `[Manager]` section. ++ +[source] +---- +[Manager] +... +DefaultLimitNOFILE=60000 +---- + +. Open the _/etc/security/limits.conf_ file. ++ +[source, shell] +---- +sudo vi /etc/security/limits.conf +---- + +. Define the following values: ++ +[source] +---- +neo4j soft nofile 60000 +neo4j hard nofile 60000 +---- + +. Reload the `systemd` settings. ++ +[source, shell] +---- +sudo systemctl daemon-reload +---- + +. Reboot your machine. \ No newline at end of file diff --git a/modules/ROOT/partials/installation/linux/linux-open-files.adoc b/modules/ROOT/partials/installation/linux/linux-open-files.adoc deleted file mode 100644 index 5b619ef5d..000000000 --- a/modules/ROOT/partials/installation/linux/linux-open-files.adoc +++ /dev/null @@ -1,79 +0,0 @@ -[[linux-open-files]] -= Setting the number of open files - -Linux platforms impose an upper limit on the number of concurrently open files per user and session. -To check your limit for the current session, run the command `ulimit -n`. -The default value is 1024. - -[source, shell] ----- -user@localhost:~$ ulimit -n -1024 ----- - -However, if you experience exceptions on `Too many open files` or `Could not stat() directory`, you have to increase the limit to 40000 or more, depending on your usage patterns. -This is especially true when many indexes are used, or the server installation sees too many open network connections or sockets. - -A quick solution is the command `ulimit -n `, but it will set a new limit only for the root user and will affect only the current session. -If you want to set the value system-wide, follow the instructions for your platform. - -The following steps set the open file descriptor limit to 60000 for the user _neo4j_ under Ubuntu 16.04 LTS, Debian 8, CentOS 7, or later versions. - -== Running Neo4j as a service - -. Open the _neo4j.service_ file with root privileges. -+ -[source, shell] ----- -user@localhost:~$ sudo systemctl edit neo4j.service ----- - -. Append the `[Service]` section to the _neo4j.service_ file. -+ -[source] ----- -[Service] -LimitNOFILE=60000 ----- - -== Running Neo4j as an interactive user (e.g., for testing purposes) - -. Open the _user.conf_ file with root privileges in a text editor, for example, Vim. -+ -[source, shell] ----- -user@localhost:~$ sudo vi /etc/systemd/user.conf ----- - -. Uncomment and define the value of `DefaultLimitNOFILE`, found in the `[Manager]` section. -+ -[source] ----- -[Manager] -... -DefaultLimitNOFILE=60000 ----- - -. Open the _/etc/security/limits.conf_ file. -+ -[source, shell] ----- -user@localhost:~$ sudo vi /etc/security/limits.conf ----- - -. Define the following values: -+ -[source] ----- -neo4j soft nofile 60000 -neo4j hard nofile 60000 ----- - -. Reload the `systemd` settings. -+ -[source, shell] ----- -user@localhost:~$ sudo systemctl daemon-reload ----- - -. Reboot your machine. From d58239c174ca23d6ef51155dbe12f8db87b32e4e Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 26 Jan 2023 12:05:22 +0000 Subject: [PATCH 110/876] Add that trailing comments are not supported in neo4j.conf (#396) --- modules/ROOT/pages/configuration/neo4j-conf.adoc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/configuration/neo4j-conf.adoc b/modules/ROOT/pages/configuration/neo4j-conf.adoc index d3eee520b..af8e270a6 100644 --- a/modules/ROOT/pages/configuration/neo4j-conf.adoc +++ b/modules/ROOT/pages/configuration/neo4j-conf.adoc @@ -17,6 +17,7 @@ The syntax in the `neo4j.conf` file follows the following conventions: * The equals sign (`=`) maps configuration setting keys to configuration values. * Lines that start with the number sign (`#`) are handled as comments. +* Trailing comments are not supported. * Empty lines are ignored. * Configuring a setting in _neo4j.conf_ overwrites any default values. If you want to amend the default values with custom ones, you must explicitly list the default values along with the new ones. @@ -27,6 +28,7 @@ If you set more than one value for xref:reference/configuration-settings.adoc#co + To disable the strict validation, set `server.config.strict_validation.enabled=false`. + == Configuration settings === General synopsis @@ -65,7 +67,7 @@ Component namespaces are used to group settings that affect similar systems. Name:: The name of the setting. -It may contain common verb and unit patterns, such as `size`, `enabled`, etc. +It may contain a common verb and unit patterns, such as `size`, `enabled`, etc. Words are separated by an underscore. [TIP] From aa0e11e4d1cc253512a0a2be3c9fa87e79ffe887 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 26 Jan 2023 15:50:04 +0000 Subject: [PATCH 111/876] Add certificates location and update the Desktop column (#395) --- .../pages/configuration/file-locations.adoc | 47 +++++++++++-------- modules/ROOT/pages/configuration/index.adoc | 2 +- 2 files changed, 29 insertions(+), 20 deletions(-) diff --git a/modules/ROOT/pages/configuration/file-locations.adoc b/modules/ROOT/pages/configuration/file-locations.adoc index 9398e6b9f..72d707fb5 100644 --- a/modules/ROOT/pages/configuration/file-locations.adoc +++ b/modules/ROOT/pages/configuration/file-locations.adoc @@ -16,13 +16,21 @@ The following table lists the default location of the Neo4j files, per type, and | Neo4j Desktop footnote:[Applicable to all operating systems where Neo4j Desktop is supported.] | Bin -| The Neo4j running script and built-in tools, such as, cypher-shell and neo4j-admin. +| The Neo4j running script and built-in tools, such as Cypher Shell and Neo4j Admin. | _/bin_ | _\bin_ | _/usr/bin_ -| From the _Open_ dropdown menu of your Neo4j instance, select _Terminal_, and navigate to _/bin_. +| From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd bin`. -| Configuration footnote:[For details about neo4j.conf, see: xref:configuration/neo4j-conf.adoc[The neo4j.conf file].] +| Certificates +| The Neo4j TLS certificates. +| _/certificates_ +| _\certificates_ +| _/var/lib/neo4j/certificates_ +| From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd certificates`. + + +| Configuration footnote:[For details about _neo4j.conf_, see xref:configuration/neo4j-conf.adoc[The neo4j.conf file].] | The Neo4j configuration settings, Log4j configuration settings, and the JMX access credentials. | _/conf/neo4j.conf_ + _/conf/server-logs.xml_ + @@ -33,77 +41,77 @@ _\conf\user-log.xml_ | _/etc/neo4j/neo4j.conf_ _/etc/neo4j/server-logs.xml_ + _/etc/neo4j/user-log.xml_ -| From the _Open_ dropdown menu of your Neo4j instance, select _Terminal_, and navigate to _/conf/neo4j.conf_. +| From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd conf`. | Data footnote:[The data directory is internal to Neo4j and its structure is subject to change between versions without notice.] -| All data-related content, such as databases, transactions, cluster-state (if applicable), dumps, and cypher script files (from the `neo4j-admin database restore` command). +| All data-related content, such as databases, transactions, cluster-state (if applicable), dumps, and the _cypher.script_ files (from the `neo4j-admin database restore` command). | _/data_ | _\data_ | _/var/lib/neo4j/data_ -| From the _Open_ dropdown menu of your Neo4j instance, select _Terminal_, and navigate to _/data_. +| From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd data`. | Import | All CSV files that the command `LOAD CSV` uses as sources to import data in Neo4j. | _/import_ | _\import_ | _/var/lib/neo4j/import_ -| From the _Open_ dropdown menu of your Neo4j instance, select _Terminal_, and navigate to _/import_. +| From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd import`. | Labs footnote:[For more information, see https://neo4j.com/labs/apoc/{neo4j-version}/installation/[APOC User Guide -> Installation].] | Contains APOC Core. | _/labs_ | _\labs_ | _/var/lib/neo4j/labs_ -| From the _Open_ dropdown menu of your Neo4j instance, select _Terminal_, and navigate to _/labs_. +| From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd labs`. | Lib | All Neo4j dependencies. | _/lib_ | _\lib_ | _/usr/share/neo4j/lib_ -| From the _Open_ dropdown menu of your Neo4j instance, select _Terminal_, and navigate to _/lib_. +| From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd lib`. | Licenses | For storing license files from Neo4j. | _/licenses_ | _\licenses_ | _/var/lib/neo4j/licenses_ -| From the _Open_ dropdown menu of your Neo4j instance, select _Terminal_, and navigate to _/licences_. +| From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd licences`. | Logs | The Neo4j log files. | _/logs_ footnote:[To view _neo4j.log_ in Docker, use xref:docker/maintenance.adoc#docker-monitoring[`docker logs `].] | _\logs_ | _/var/log/neo4j/_ footnote:[To view the neo4j.log for Debian and RPM, use `journalctl --unit=neo4j`.] -| From the _Open_ dropdown menu of your Neo4j instance, select _Terminal_, and navigate to _/logs_. +| From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd logs`. | Metrics | The Neo4j built-in metrics for monitoring the Neo4j DBMS and each individual database. | _/metrics_ | _\metrics_ | _/var/lib/neo4j/metrics_ -| From the _Open_ dropdown menu of your Neo4j instance, select _Terminal_, and navigate to _/metrics_. +| From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd metrics`. | Plugins | Custom code that extends Neo4j, for example, user-defined procedures, functions, and security plugins. | _/plugins_ | _\plugins_ | _/var/lib/neo4j/plugins_ -| From the _Open_ dropdown menu of your Neo4j instance, select _Terminal_, and navigate to _/plugins_. +| From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd plugins`. | Products | The jar files of the Neo4j products: Graph Data Science Library and Bloom. The folder also contains a _README.txt_ file with information on enabling them. | _/products_ | _\products_ | _/var/lib/neo4j/products_ -| From the _Open_ dropdown menu of your Neo4j instance, select _Terminal_, and navigate to _/products_. +| From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd products`. | Run | The processes IDs. | _/run_ | _\run_ | _/var/lib/neo4j/run_ -| From the _Open_ dropdown menu of your Neo4j instance, select _Terminal_, and navigate to _/run_. +| From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd run`. |=== [[file-locations-file-locations]] @@ -145,6 +153,7 @@ The rest of the locations can be configured by uncommenting the respective setti #server.directories.metrics=metrics #server.directories.transaction.logs.root=data/transactions #server.directories.dumps.root=data/dumps +#server.directories.import=import ---- @@ -154,15 +163,15 @@ The rest of the locations can be configured by uncommenting the respective setti The operating system user that Neo4j server runs as must have the following minimal permissions: Read only:: + * _bin_ + * _certificates_ * _conf_ * _import_ - * _bin_ - * _lib_ * _labs_ + * _lib_ + * _licenses_ * _plugins_ * _products_ - * _certificates_ - * _licenses_ Read and write:: * _data_ diff --git a/modules/ROOT/pages/configuration/index.adoc b/modules/ROOT/pages/configuration/index.adoc index 55bcdf451..739e7dd7e 100644 --- a/modules/ROOT/pages/configuration/index.adoc +++ b/modules/ROOT/pages/configuration/index.adoc @@ -5,7 +5,7 @@ The topics described are: * xref:configuration/neo4j-conf.adoc[The _neo4j.conf_ file] -- An introduction to the primary configuration file in Neo4j. -* xref:configuration/file-locations.adoc[File locations] -- An overview of where files are stored in the different Neo4j distributions and the necessary file permissions for running Neo4j. +* xref:configuration/file-locations.adoc[Default file locations] -- An overview of where files are stored in the different Neo4j distributions and the necessary file permissions for running Neo4j. //* <> -- A visual representation of the Neo4j network architecture. * xref:configuration/ports.adoc[Ports] -- An overview of the ports relevant to a Neo4j installation. * xref:configuration/connectors.adoc[Configure Neo4j connectors] -- How to configure Neo4j connectors. From aa802da6d70bf5e0d7e2d1e8fb87fdd7074911e8 Mon Sep 17 00:00:00 2001 From: Jenny Owen Date: Thu, 26 Jan 2023 18:43:14 +0100 Subject: [PATCH 112/876] added rhel 9.0 to the supported OS list (#407) RHEL 9.0 has actually been supported for a while. I just forgot to update the documentation. --- modules/ROOT/pages/installation/requirements.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/installation/requirements.adoc b/modules/ROOT/pages/installation/requirements.adoc index 9b6ee5ddb..96c5dd8f7 100644 --- a/modules/ROOT/pages/installation/requirements.adoc +++ b/modules/ROOT/pages/installation/requirements.adoc @@ -101,7 +101,7 @@ For cloud environments, and server-based, on-premise environments: | *Amazon Linux 2022 AMI* | Amazon Corretto 17, and OracleJDK 17 | *CentOS Stream 8, 9* | OpenJDK 17, OracleJDK 17, and ZuluJDK 17 | *Debian 11* | OpenJDK 17, OracleJDK 17, and ZuluJDK 17 -| *Red Hat Enterprise Linux Server 8.4, 8.6* | Red Hat OpenJDK 17, Oracle JDK 17, and ZuluJDK 17 +| *Red Hat Enterprise Linux Server 8.4, 8.6, 9.0* | Red Hat OpenJDK 17, Oracle JDK 17, and ZuluJDK 17 | *Ubuntu Server 16.04, 18.04, 20.04, 22.04* | OpenJDK 17, OracleJDK 17, and ZuluJDK 17 | *Windows Server 2016, 2019, 2022* | OracleJDK 17, ZuluJDK 17 |=== From 797a65a1f6cc853401b29f181f91ca51f9aafde9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nadja=20M=C3=BCller?= <73830555+nadja-muller@users.noreply.github.com> Date: Fri, 27 Jan 2023 15:55:03 +0100 Subject: [PATCH 113/876] update description of the procedure db.schema.visualization (#410) Co-authored-by: Reneta Popova --- modules/ROOT/pages/reference/procedures.adoc | 5 ++++- .../procedure-reference-community-edition.adoc | 2 +- .../procedure-reference-complete.adoc | 2 +- .../procedure-reference-enterprise-edition.adoc | 2 +- 4 files changed, 7 insertions(+), 4 deletions(-) diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index 4d2456927..5f39f0832 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -1082,7 +1082,10 @@ m|READ |=== | Description a| -Visualize the schema of the data. +Visualizes the schema of the data based on available statistics. A new node is returned for each label. +The properties represented on the node include `name` (label name), `indexes` (list of indexes), and `constraints` (list of constraints). +A relationship of a given type is returned for all possible combinations of start and end nodes. +Note that this may include additional relationships that do not exist in the data due to the information available in the count store. | Signature m|db.schema.visualization() :: (nodes :: LIST? OF NODE?, relationships :: LIST? OF RELATIONSHIP?) | Mode diff --git a/modules/ROOT/partials/procedure-documentation/procedure-reference-community-edition.adoc b/modules/ROOT/partials/procedure-documentation/procedure-reference-community-edition.adoc index 4ee540abe..043b20439 100644 --- a/modules/ROOT/partials/procedure-documentation/procedure-reference-community-edition.adoc +++ b/modules/ROOT/partials/procedure-documentation/procedure-reference-community-edition.adoc @@ -25,7 +25,7 @@ |db.resampleOutdatedIndexes() |Schedule resampling of all outdated indexes. |db.resampleOutdatedIndexes() :: VOID |READ |db.schema.nodeTypeProperties() |Show the derived property schema of the nodes in tabular form. |db.schema.nodeTypeProperties() :: (nodeType :: STRING?, nodeLabels :: LIST? OF STRING?, propertyName :: STRING?, propertyTypes :: LIST? OF STRING?, mandatory :: BOOLEAN?) |READ |db.schema.relTypeProperties() |Show the derived property schema of the relationships in tabular form. |db.schema.relTypeProperties() :: (relType :: STRING?, propertyName :: STRING?, propertyTypes :: LIST? OF STRING?, mandatory :: BOOLEAN?) |READ -|db.schema.visualization() |Visualize the schema of the data. |db.schema.visualization() :: (nodes :: LIST? OF NODE?, relationships :: LIST? OF RELATIONSHIP?) |READ +|db.schema.visualization() |Visualizes the schema of the data based on available statistics. A new node is returned for each label. The properties represented on the node include `name` (label name), `indexes` (list of indexes), and `constraints` (list of constraints). A relationship of a given type is returned for all possible combinations of start and end nodes. Note that this may include additional relationships that do not exist in the data due to the information available in the count store. |db.schema.visualization() :: (nodes :: LIST? OF NODE?, relationships :: LIST? OF RELATIONSHIP?) |READ |db.stats.clear() |Clear collected data of a given data section. Valid sections are 'QUERIES' |db.stats.clear(section :: STRING?) :: (section :: STRING?, success :: BOOLEAN?, message :: STRING?) |READ |db.stats.collect() |Start data collection of a given data section. Valid sections are 'QUERIES' |db.stats.collect(section :: STRING?, config = {} :: MAP?) :: (section :: STRING?, success :: BOOLEAN?, message :: STRING?) |READ |db.stats.retrieve() |Retrieve statistical data about the current database. Valid sections are 'GRAPH COUNTS', 'TOKENS', 'QUERIES', 'META' |db.stats.retrieve(section :: STRING?, config = {} :: MAP?) :: (section :: STRING?, data :: MAP?) |READ diff --git a/modules/ROOT/partials/procedure-documentation/procedure-reference-complete.adoc b/modules/ROOT/partials/procedure-documentation/procedure-reference-complete.adoc index e7e13fe8d..4c752dd3a 100644 --- a/modules/ROOT/partials/procedure-documentation/procedure-reference-complete.adoc +++ b/modules/ROOT/partials/procedure-documentation/procedure-reference-complete.adoc @@ -26,7 +26,7 @@ |db.resampleOutdatedIndexes() |Schedule resampling of all outdated indexes. |db.resampleOutdatedIndexes() :: VOID |READ |[enterprise-edition]#PUBLIC, admin# |db.schema.nodeTypeProperties() |Show the derived property schema of the nodes in tabular form. |db.schema.nodeTypeProperties() :: (nodeType :: STRING?, nodeLabels :: LIST? OF STRING?, propertyName :: STRING?, propertyTypes :: LIST? OF STRING?, mandatory :: BOOLEAN?) |READ |[enterprise-edition]#PUBLIC, admin# |db.schema.relTypeProperties() |Show the derived property schema of the relationships in tabular form. |db.schema.relTypeProperties() :: (relType :: STRING?, propertyName :: STRING?, propertyTypes :: LIST? OF STRING?, mandatory :: BOOLEAN?) |READ |[enterprise-edition]#PUBLIC, admin# -|db.schema.visualization() |Visualize the schema of the data. |db.schema.visualization() :: (nodes :: LIST? OF NODE?, relationships :: LIST? OF RELATIONSHIP?) |READ |[enterprise-edition]#PUBLIC, admin# +|db.schema.visualization() |Visualizes the schema of the data based on available statistics. A new node is returned for each label. The properties represented on the node include `name` (label name), `indexes` (list of indexes), and `constraints` (list of constraints). A relationship of a given type is returned for all possible combinations of start and end nodes. Note that this may include additional relationships that do not exist in the data due to the information available in the count store. |db.schema.visualization() :: (nodes :: LIST? OF NODE?, relationships :: LIST? OF RELATIONSHIP?) |READ |[enterprise-edition]#PUBLIC, admin# |db.stats.clear() |Clear collected data of a given data section. Valid sections are 'QUERIES' |db.stats.clear(section :: STRING?) :: (section :: STRING?, success :: BOOLEAN?, message :: STRING?) |READ |[enterprise-edition]#admin# |db.stats.collect() |Start data collection of a given data section. Valid sections are 'QUERIES' |db.stats.collect(section :: STRING?, config = {} :: MAP?) :: (section :: STRING?, success :: BOOLEAN?, message :: STRING?) |READ |[enterprise-edition]#admin# |db.stats.retrieve() |Retrieve statistical data about the current database. Valid sections are 'GRAPH COUNTS', 'TOKENS', 'QUERIES', 'META' |db.stats.retrieve(section :: STRING?, config = {} :: MAP?) :: (section :: STRING?, data :: MAP?) |READ |[enterprise-edition]#admin# diff --git a/modules/ROOT/partials/procedure-documentation/procedure-reference-enterprise-edition.adoc b/modules/ROOT/partials/procedure-documentation/procedure-reference-enterprise-edition.adoc index 49b3fa414..bcb15cb60 100644 --- a/modules/ROOT/partials/procedure-documentation/procedure-reference-enterprise-edition.adoc +++ b/modules/ROOT/partials/procedure-documentation/procedure-reference-enterprise-edition.adoc @@ -29,7 +29,7 @@ |db.resampleOutdatedIndexes() |Schedule resampling of all outdated indexes. |db.resampleOutdatedIndexes() :: VOID |READ |PUBLIC, admin |db.schema.nodeTypeProperties() |Show the derived property schema of the nodes in tabular form. |db.schema.nodeTypeProperties() :: (nodeType :: STRING?, nodeLabels :: LIST? OF STRING?, propertyName :: STRING?, propertyTypes :: LIST? OF STRING?, mandatory :: BOOLEAN?) |READ |PUBLIC, admin |db.schema.relTypeProperties() |Show the derived property schema of the relationships in tabular form. |db.schema.relTypeProperties() :: (relType :: STRING?, propertyName :: STRING?, propertyTypes :: LIST? OF STRING?, mandatory :: BOOLEAN?) |READ |PUBLIC, admin -|db.schema.visualization() |Visualize the schema of the data. |db.schema.visualization() :: (nodes :: LIST? OF NODE?, relationships :: LIST? OF RELATIONSHIP?) |READ |PUBLIC, admin +|db.schema.visualization() |Visualizes the schema of the data based on available statistics. A new node is returned for each label. The properties represented on the node include `name` (label name), `indexes` (list of indexes), and `constraints` (list of constraints). A relationship of a given type is returned for all possible combinations of start and end nodes. Note that this may include additional relationships that do not exist in the data due to the information available in the count store. |db.schema.visualization() :: (nodes :: LIST? OF NODE?, relationships :: LIST? OF RELATIONSHIP?) |READ |PUBLIC, admin |db.stats.clear() |Clear collected data of a given data section. Valid sections are 'QUERIES' |db.stats.clear(section :: STRING?) :: (section :: STRING?, success :: BOOLEAN?, message :: STRING?) |READ |admin |db.stats.collect() |Start data collection of a given data section. Valid sections are 'QUERIES' |db.stats.collect(section :: STRING?, config = {} :: MAP?) :: (section :: STRING?, success :: BOOLEAN?, message :: STRING?) |READ |admin |db.stats.retrieve() |Retrieve statistical data about the current database. Valid sections are 'GRAPH COUNTS', 'TOKENS', 'QUERIES', 'META' |db.stats.retrieve(section :: STRING?, config = {} :: MAP?) :: (section :: STRING?, data :: MAP?) |READ |admin From 1afc4c4ac39c097a0f29ebe8e540fd124e66ec96 Mon Sep 17 00:00:00 2001 From: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> Date: Mon, 30 Jan 2023 12:10:49 +0100 Subject: [PATCH 114/876] put advanced clustering back, only on dev (#416) --- modules/ROOT/content-nav.adoc | 4 ++-- modules/ROOT/pages/clustering/index.adoc | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/ROOT/content-nav.adoc b/modules/ROOT/content-nav.adoc index c1afa150d..58b690a7b 100644 --- a/modules/ROOT/content-nav.adoc +++ b/modules/ROOT/content-nav.adoc @@ -98,8 +98,8 @@ ** xref:clustering/disaster-recovery.adoc[] //** xref:clustering/internals.adoc[] ** xref:clustering/settings.adoc[] -// ** xref:clustering/clustering-advanced/index.adoc[] -// *** xref:clustering/clustering-advanced/multi-data-center-routing.adoc[] +** xref:clustering/clustering-advanced/index.adoc[] +*** xref:clustering/clustering-advanced/multi-data-center-routing.adoc[] ** xref:clustering/glossary.adoc[] * xref:backup-restore/index.adoc[] diff --git a/modules/ROOT/pages/clustering/index.adoc b/modules/ROOT/pages/clustering/index.adoc index 0e7e1a6b7..ae0bd4e74 100644 --- a/modules/ROOT/pages/clustering/index.adoc +++ b/modules/ROOT/pages/clustering/index.adoc @@ -17,8 +17,8 @@ This chapter describes the following: ** xref:clustering/monitoring/show-servers-monitoring.adoc[Monitoring servers] -- The tools available for monitoring the servers in a cluster. ** xref:clustering/monitoring/show-databases-monitoring.adoc[Monitoring databases] -- The tools available for monitoring the databases in a cluster. * xref:clustering/settings.adoc[Settings reference] -- A summary of the most important cluster settings. -// * xref:clustering/clustering-advanced/index.adoc[Advanced clustering] -- Some more advanced features of Neo4j clusters. -// ** xref:clustering/clustering-advanced/multi-data-center-routing.adoc[Multi-data center routing] -- Clusters on mutli-data centers. +* xref:clustering/clustering-advanced/index.adoc[Advanced clustering] -- Some more advanced features of Neo4j clusters. +** xref:clustering/clustering-advanced/multi-data-center-routing.adoc[Multi-data center routing] -- Clusters on mutli-data centers. * xref:clustering/glossary.adoc[Clustering glossary] -- A glossary of terms used in the clustering documentation. //* <> -- A few internals regarding the operation of the cluster. Further information: From 092d5471a87ffcd7c73835b4b995297259c33669 Mon Sep 17 00:00:00 2001 From: Mark Dixon <1756429+mnd999@users.noreply.github.com> Date: Mon, 30 Jan 2023 13:09:57 +0000 Subject: [PATCH 115/876] Remove reference to 'user and role management procedures' (#417) Replace the reference to the removed user and role management procedures with something more helpful. --- .../pages/authentication-authorization/ldap-integration.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/authentication-authorization/ldap-integration.adoc b/modules/ROOT/pages/authentication-authorization/ldap-integration.adoc index d125f77da..6d3b14cd3 100644 --- a/modules/ROOT/pages/authentication-authorization/ldap-integration.adoc +++ b/modules/ROOT/pages/authentication-authorization/ldap-integration.adoc @@ -100,7 +100,7 @@ This way, the LDAP connector is used as a security provider for both authenticat [[auth-ldap-map-ldap-roles]] == Map the LDAP groups to the Neo4j roles -To access the user and role management procedures, you have to map the LDAP groups to the xref:authentication-authorization/built-in-roles.adoc[Neo4j built-in] and custom-defined roles. +To assign privileges to users based on their LDAP groups, you have to map the LDAP groups to the xref:authentication-authorization/built-in-roles.adoc[Neo4j built-in] and custom-defined roles. To do that, you need to know what privileges the Neo4j roles have, and based on these privileges, to create the mapping to the groups defined in the LDAP server. The map must be formatted as a semicolon separated list of key-value pairs, where the key is a comma-separated list of the LDAP group names and the value is a comma-separated list of the corresponding role names. For example, `group1=role1;group2=role2;group3=role3,role4,role5;group4,group5=role6`. From bf8bbf64ced4eb93905449c430ec1f6856fcdee3 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Mon, 30 Jan 2023 16:03:32 +0000 Subject: [PATCH 116/876] Emphisize that copy-and-paste of dbs may lead to a corrupt store (#419) --- modules/ROOT/pages/backup-restore/planning.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/backup-restore/planning.adoc b/modules/ROOT/pages/backup-restore/planning.adoc index 103bc5cd0..c6ac87a17 100644 --- a/modules/ROOT/pages/backup-restore/planning.adoc +++ b/modules/ROOT/pages/backup-restore/planning.adoc @@ -81,7 +81,7 @@ This command can be used for cleaning up database inconsistencies and reclaiming [WARNING] ==== -File system copy-and-paste of databases is not supported and may lead to corruption. +File system copy-and-paste of databases is not supported and may result in unwanted behavior, such as corrupt stores. ==== === Considerations for backing up and restoring databases in a cluster From ca6c8062c0790c51a5ebd39b228c154a981ec12b Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 1 Feb 2023 15:27:30 +0000 Subject: [PATCH 117/876] Add a step that requires users to accept the license before running EE (#427) Cherry-picked from #425 Co-authored-by: Nicola Vitucci --- .../ROOT/pages/installation/linux/rpm.adoc | 104 ++++++++++++------ .../pages/installation/linux/tarball.adoc | 12 ++ modules/ROOT/pages/installation/osx.adoc | 12 ++ modules/ROOT/pages/installation/windows.adoc | 18 ++- .../ROOT/pages/tools/neo4j-admin/index.adoc | 5 +- 5 files changed, 111 insertions(+), 40 deletions(-) diff --git a/modules/ROOT/pages/installation/linux/rpm.adoc b/modules/ROOT/pages/installation/linux/rpm.adoc index 9c45412bc..6ce9e5032 100644 --- a/modules/ROOT/pages/installation/linux/rpm.adoc +++ b/modules/ROOT/pages/installation/linux/rpm.adoc @@ -67,39 +67,36 @@ EOF === Install Neo4j -* To install Neo4j Community Edition as `root`: +Install Neo4j as `root` using the following commands depending on which edition you are using: + +* Community Edition + [source, shell, subs="attributes"] ---- yum install neo4j-{neo4j-version-exact} ---- + +* Enterprise Edition + -* To install Neo4j Enterprise Edition as `root`: +From Neo4j v5.4 onwards, you are required to accept the license agreement before running the Neo4j Enterprise Edition. +The following example uses an interactive prompt: + [source, shell, subs="attributes"] ---- yum install neo4j-enterprise-{neo4j-version-exact} ---- - -[NOTE] -==== -Neo4j supports Security-Enhanced Linux (SELinux), by default. -==== - - -[role=enterprise-edition] -[[linux-rpm-install-noninteractive]] -=== Non-interactive installation of Neo4j Enterprise Edition - -When installing Neo4j Enterprise Edition, you will be required to accept the license agreement before installation is allowed to complete. -This is an interactive prompt. -If you require non-interactive installation of Neo4j Enterprise Edition, you can indicate that you have read and accepted the license agreement by setting the environment variable `NEO4J_ACCEPT_LICENSE_AGREEMENT` to `yes`: - +You have to choose either a link:https://neo4j.com/terms/licensing/[commercial license] or an link:https://neo4j.com/terms/enterprise_us/[evaluation license] before the interactive installation is allowed to complete. +For a non-interactive installation, you can set the `NEO4J_ACCEPT_LICENSE_AGREEMENT` to `yes` (for the commercial license) or `eval` (for the evaluation license) as in the following example: ++ [source, shell, subs="attributes"] ---- NEO4J_ACCEPT_LICENSE_AGREEMENT=yes yum install neo4j-enterprise-{neo4j-version-exact} ---- +[NOTE] +==== +Neo4j supports Security-Enhanced Linux (SELinux), by default. +==== [[linux-rpm-suse]] == Install on SUSE @@ -113,71 +110,106 @@ For SUSE-based distributions the steps are as follows: zypper addrepo --refresh https://yum.neo4j.com/stable/{neo4j-version} neo4j-repository ---- -. Install Neo4j. -** To install Neo4j Community Edition as `root`: +. Install Neo4j as `root` using the following commands depending on which edition you are using: ++ +* Community Edition + [source, shell, subs="attributes"] ---- zypper install neo4j-{neo4j-version-exact} ---- -** To install Neo4j Enterprise Edition as `root`: +* Enterprise Edition ++ +From Neo4j v5.4 onwards, you are required to accept the license agreement before running the Neo4j Enterprise Edition. +The following example uses an interactive prompt: + [source, shell, subs="attributes"] ---- zypper install neo4j-enterprise-{neo4j-version-exact} ---- - +You have to choose either a link:https://neo4j.com/terms/licensing/[commercial license] or an link:https://neo4j.com/terms/enterprise_us/[evaluation license] before the interactive installation is allowed to complete. +For a non-interactive installation, you can set the `NEO4J_ACCEPT_LICENSE_AGREEMENT` to `yes` (for the commercial license) or `eval` (for the evaluation license) as in the following example: ++ +[source, shell, subs="attributes"] +---- +NEO4J_ACCEPT_LICENSE_AGREEMENT=yes zypper install neo4j-enterprise-{neo4j-version-exact} +---- [[linux-rpm-install-offline-installation]] == Offline installation -If you cannot reach `\https://yum.neo4j.com/stable/{neo4j-version}` to install Neo4j using RPM, perhaps due to a firewall, you will need to obtain Neo4j via an alternative machine which has the relevant access, and then move the RPM package manually. +If you cannot reach `\https://yum.neo4j.com/stable/{neo4j-version}` to install Neo4j using RPM, perhaps due to a firewall, you will need to obtain Neo4j via an alternative machine that has the relevant access, and then move the RPM package manually. [NOTE] ==== -It is important to note that using this method will mean that the offline machine will not receive the dependencies -that are normally downloaded and installed automatically when using `yum` for installing Neo4j; xref:tools/cypher-shell.adoc[Neo4j Cypher Shell] and Java. +It is important to note that using this method will mean that the offline machine will not receive the dependencies that are normally downloaded and installed automatically when using `yum` for installing Neo4j; xref:tools/cypher-shell.adoc[Neo4j Cypher Shell] and Java. For information on supported versions of Java, see xref:installation/requirements.adoc[System requirements]. ==== [[linux-rpm-install-offline-install-download]] -=== Downloading the RPM installers - -The Cypher Shell RPM package can be downloaded from {neo4j-download-center-uri}/#cyphershell[Neo4j Download Center]. +=== Install Neo4j using the RPM installer . Run the following to obtain the required Neo4j RPM package: -** Neo4j Enterprise Edition: ++ +* Neo4j Enterprise Edition: + [source, curl, subs="attributes"] ---- curl -O https://dist.neo4j.org/rpm/neo4j-enterprise-{neo4j-version-exact}-1.noarch.rpm ---- -** Neo4j Community Edition: +* Neo4j Community Edition: + [source, curl, subs="attributes"] ---- curl -O https://dist.neo4j.org/rpm/neo4j-{neo4j-version-exact}-1.noarch.rpm ---- . Manually move the downloaded RPM packages to the offline machine. - - +Before installing Neo4j, you must manually install the required Java 17 packages. ++ +[NOTE] +==== If using Oracle Java 17, the same dependency issues apply as with the xref:installation/linux/rpm.adoc#linux-rpm-prerequisites-oracle[Oracle Java prerequisites]. You will need to additionally download and install the Java adaptor described in that section. +==== +. Install Neo4j as `root` using the following command depending on which edition you are using: ++ +* Community Edition ++ +[source, shell, subs="attributes"] +---- +rpm --install neo4j-{neo4j-version-exact}-1.noarch.rpm +---- ++ +* Enterprise Edition ++ +From Neo4j v5.4 onwards, you are required to accept the license agreement before running the Neo4j Enterprise Edition. +The following example uses an interactive prompt: ++ +[source, shell, subs="attributes"] +---- +rpm --install neo4j-enterprise-{neo4j-version-exact} +---- +You have to choose either a link:https://neo4j.com/terms/licensing/[commercial license] or an link:https://neo4j.com/terms/enterprise_us/[evaluation license] before the interactive installation is allowed to complete. +For a non-interactive installation, you can set the `NEO4J_ACCEPT_LICENSE_AGREEMENT` to `yes` (for the commercial license) or `eval` (for the evaluation license) as in the following example: ++ +[source, shell, subs="attributes"] +---- +NEO4J_ACCEPT_LICENSE_AGREEMENT=yes rpm --install neo4j-enterprise-{neo4j-version-exact}-1.noarch.rpm +---- [[linux-rpm-install-offline-install-perform]] -=== Performing an offline installation - -Before installing Neo4j, you must manually install the required Java 17 packages. -Then, Neo4j and Cypher Shell can be installed by running the following commands as `root` user: +=== Install Cypher Shell using the RPM installer +. Downloaded the Cypher Shell RPM installer from {neo4j-download-center-uri}/#cyphershell[Neo4j Download Center]. +. Install Cypher Shell by running the following command as a `root` user: ++ [source, shell] ---- rpm --install -rpm --install ---- [[linux-rpm-install-offline-install-upgrade]] diff --git a/modules/ROOT/pages/installation/linux/tarball.adoc b/modules/ROOT/pages/installation/linux/tarball.adoc index 4768a3150..b092d3846 100644 --- a/modules/ROOT/pages/installation/linux/tarball.adoc +++ b/modules/ROOT/pages/installation/linux/tarball.adoc @@ -42,6 +42,18 @@ chown -R neo4j:adm /opt/neo4j-enterprise-{neo4j-version-exact} ---- chown -R neo4j /opt/neo4j-enterprise-{neo4j-version-exact} ---- +. From Neo4j v5.4 onwards, you are required to accept the license agreement before running the Neo4j Enterprise Edition. +If you are using Community Edition, you can skip this step. +.. Use one of the following options to accept the commercial license agreement. +See https://neo4j.com/terms/licensing/ for more information. ++ +* Set the environment variable `NEO4J_ACCEPT_LICENSE_AGREEMENT=yes`. +* Run `/bin/neo4j-admin server license --accept-commercial` +.. Use one of the following options to accept the evaluation license agreement. +See https://neo4j.com/terms/enterprise_us/ for more information. ++ +* Set the environment variable `NEO4J_ACCEPT_LICENSE_AGREEMENT=eval`. +* Run `/bin/neo4j-admin server license --accept-evaluation`. . Start Neo4j: .. To run Neo4j as a console application, use: `/bin/neo4j console`. .. To run Neo4j in a background process, use: `/bin/neo4j start`. diff --git a/modules/ROOT/pages/installation/osx.adoc b/modules/ROOT/pages/installation/osx.adoc index bbd13ce0d..245375c1c 100644 --- a/modules/ROOT/pages/installation/osx.adoc +++ b/modules/ROOT/pages/installation/osx.adoc @@ -20,6 +20,18 @@ Select the appropriate tar.gz distribution for your platform. For example, `tar -xf neo4j-community-{neo4j-version-exact}-unix.tar.gz`. . Place the extracted files in a permanent home on your server. The top level directory is referred to as NEO4J_HOME. +. From Neo4j v5.4 onwards, you are required to accept the license agreement before running the Neo4j Enterprise Edition. +If you are using Community Edition, you can skip this step. +.. Use one of the following options to accept the commercial license agreement. +See https://neo4j.com/terms/licensing/ for more information. ++ +* Set the environment variable `NEO4J_ACCEPT_LICENSE_AGREEMENT=yes`. +* Run `/bin/neo4j-admin server license --accept-commercial` +.. Use one of the following options to accept the evaluation license agreement. +See https://neo4j.com/terms/enterprise_us/ for more information. ++ +* Set the environment variable `NEO4J_ACCEPT_LICENSE_AGREEMENT=eval`. +* Run `/bin/neo4j-admin server license --accept-evaluation`. .. To run Neo4j as a console application, use: `/bin/neo4j console`. .. To run Neo4j in a background process, use: `/bin/neo4j start`. . Visit http://localhost:7474 in your web browser. diff --git a/modules/ROOT/pages/installation/windows.adoc b/modules/ROOT/pages/installation/windows.adoc index 1c455773c..4b209b676 100644 --- a/modules/ROOT/pages/installation/windows.adoc +++ b/modules/ROOT/pages/installation/windows.adoc @@ -16,9 +16,21 @@ Select the appropriate ZIP distribution. .. To find the correct SHA hash, go to Neo4j Download Center and click on `SHA-256` which will be located below your downloaded file. .. Using the appropriate commands for your platform, display the `SHA-256` hash for the file that you downloaded. .. Ensure that the two are identical. -. Right-click the downloaded file, click Extract All. -. Place the extracted files in a permanent home on your server, for example `D:\neo4j\`. -The top level directory is referred to as NEO4J_HOME. +. Right-click the downloaded file and click Extract All. +. Place the extracted files in a permanent home on your server, for example, `D:\neo4j\`. +The top-level directory is referred to as NEO4J_HOME. +. From Neo4j v5.4 onwards, you are required to accept the license agreement before running the Neo4j Enterprise Edition. +If you are using Community Edition, you can skip this step. +.. Use one of the following options to accept the commercial license agreement. +See https://neo4j.com/terms/licensing/ for more information. ++ +* Set it as an environment variable using `set NEO4J_ACCEPT_LICENSE_AGREEMENT=yes`. +* Run `/bin/neo4j-admin server license --accept-commercial` +.. Use one of the following options to accept the evaluation license agreement. +See https://neo4j.com/terms/enterprise_us/ for more information. ++ +* Set it as an environment variable using `set NEO4J_ACCEPT_LICENSE_AGREEMENT=eval`. +* Run `/bin/neo4j-admin server license --accept-evaluation`. .. To run Neo4j as a console application, use: `\bin\neo4j console`. .. To install Neo4j as a service use: `\bin\neo4j windows-service install`. .. For additional commands and to learn about the Windows PowerShell module included in the Zip file, see xref:installation/windows.adoc#powershell[Windows PowerShell module]. diff --git a/modules/ROOT/pages/tools/neo4j-admin/index.adoc b/modules/ROOT/pages/tools/neo4j-admin/index.adoc index 84a00e638..e8566d34d 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/index.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/index.adoc @@ -55,7 +55,7 @@ For details, see xref:configuration/set-initial-password.adoc[Set an initial pas | `unbind-system-db` | Removes and archives the cluster state of the `system` database so the instance can rebind to a new cluster state of the `system` database. -.11+| `server` +.12+| `server` | `console` | Starts DBMS server in the console. @@ -64,6 +64,9 @@ For details, see xref:configuration/set-initial-password.adoc[Set an initial pas | Displays the server ID of an instance. The server ID can be used to specify a server in Cypher commands. +| `license` +| Accept the license agreement. + | `memory-recommendation` | Prints recommendations for Neo4j heap and page cache memory usage. From c5afd88f4d32b33faca3d909503980a304da8a2c Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 1 Feb 2023 17:43:19 +0000 Subject: [PATCH 118/876] Remove the folder partials/procedure-documentation (#415) --- modules/ROOT/pages/reference/procedures.adoc | 15 +--- ...procedure-reference-community-edition.adoc | 50 ------------- .../procedure-reference-complete.adoc | 71 ------------------ ...rocedure-reference-enterprise-edition.adoc | 72 ------------------- 4 files changed, 1 insertion(+), 207 deletions(-) delete mode 100644 modules/ROOT/partials/procedure-documentation/procedure-reference-community-edition.adoc delete mode 100644 modules/ROOT/partials/procedure-documentation/procedure-reference-complete.adoc delete mode 100644 modules/ROOT/partials/procedure-documentation/procedure-reference-enterprise-edition.adoc diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index 5f39f0832..1b8da9e4b 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -1750,17 +1750,4 @@ m|tx.setMetaData(data :: MAP?) :: VOID m|DBMS // | Default roles // m|reader, editor, publisher, architect, admin -|=== - - -// sources: -// neo4j-documentation/procedures/target/docs/procedure-reference-enterprise-edition.adoc -// neo4j-documentation/procedures/target/docs/procedure-reference-community-edition.adoc -// neo4j-documentation/procedures/target/docs/procedure-reference-complete.adoc - -// sources .jar -// ~/.m2/repository/org/neo4j/doc/procedure-documentation/4.3.0-SNAPSHOT/procedure-documentation-4.3.0-SNAPSHOT.jar - -// uncomment below to include the autogenereated sources -// include::{import-procedure-documentation-docs}/procedure-reference-enterprise-edition.adoc[] -// include::{import-procedure-documentation-docs}/procedure-reference-community-edition.adoc[] +|=== \ No newline at end of file diff --git a/modules/ROOT/partials/procedure-documentation/procedure-reference-community-edition.adoc b/modules/ROOT/partials/procedure-documentation/procedure-reference-community-edition.adoc deleted file mode 100644 index 043b20439..000000000 --- a/modules/ROOT/partials/procedure-documentation/procedure-reference-community-edition.adoc +++ /dev/null @@ -1,50 +0,0 @@ -[[community-edition-procedure-reference]] -.Community Edition procedures -[options=header, cols="a,a,m,m"] -|=== -|Name -|Description -|Signature -|Mode|db.awaitIndex() |Wait for an index to come online (for example: CALL db.awaitIndex("MyIndex", 300)). |db.awaitIndex(indexName :: STRING?, timeOutSeconds = 300 :: INTEGER?) :: VOID |READ -|db.awaitIndexes() |Wait for all indexes to come online (for example: CALL db.awaitIndexes(300)). |db.awaitIndexes(timeOutSeconds = 300 :: INTEGER?) :: VOID |READ -|db.clearQueryCaches() |Clears all query caches. |db.clearQueryCaches() :: (value :: STRING?) |DBMS -|db.createLabel() |Create a label |db.createLabel(newLabel :: STRING?) :: VOID |WRITE -|db.createProperty() |Create a Property |db.createProperty(newProperty :: STRING?) :: VOID |WRITE -|db.createRelationshipType() |Create a RelationshipType |db.createRelationshipType(newRelationshipType :: STRING?) :: VOID |WRITE -|db.index.fulltext.awaitEventuallyConsistentIndexRefresh() |Wait for the updates from recently committed transactions to be applied to any eventually-consistent full-text indexes. |db.index.fulltext.awaitEventuallyConsistentIndexRefresh() :: VOID |READ -|db.index.fulltext.listAvailableAnalyzers() |List the available analyzers that the full-text indexes can be configured with. |db.index.fulltext.listAvailableAnalyzers() :: (analyzer :: STRING?, description :: STRING?, stopwords :: LIST? OF STRING?) |READ -|db.index.fulltext.queryNodes() |Query the given full-text index. Returns the matching nodes, and their Lucene query score, ordered by score. Valid keys for the options map are: 'skip' to skip the top N results; 'limit' to limit the number of results returned. |db.index.fulltext.queryNodes(indexName :: STRING?, queryString :: STRING?, options = {} :: MAP?) :: (node :: NODE?, score :: FLOAT?) |READ -|db.index.fulltext.queryRelationships() |Query the given full-text index. Returns the matching relationships, and their Lucene query score, ordered by score. Valid keys for the options map are: 'skip' to skip the top N results; 'limit' to limit the number of results returned. |db.index.fulltext.queryRelationships(indexName :: STRING?, queryString :: STRING?, options = {} :: MAP?) :: (relationship :: RELATIONSHIP?, score :: FLOAT?) |READ -|db.info() |Provides information regarding the database. |db.info() :: (id :: STRING?, name :: STRING?, creationDate :: STRING?) |READ -|db.labels() |List all available labels in the database. |db.labels() :: (label :: STRING?) |READ -|db.ping() |This procedure can be used by client side tooling to test whether they are correctly connected to a database. The procedure is available in all databases and always returns true. A faulty connection can be detected by not being able to call this procedure. |db.ping() :: (success :: BOOLEAN?) |READ -|db.prepareForReplanning() |Triggers an index resample and waits for it to complete, and after that clears query caches. After this procedure has finished queries will be planned using the latest database statistics. |db.prepareForReplanning(timeOutSeconds = 300 :: INTEGER?) :: VOID |READ -|db.propertyKeys() |List all property keys in the database. |db.propertyKeys() :: (propertyKey :: STRING?) |READ -|db.relationshipTypes() |List all available relationship types in the database. |db.relationshipTypes() :: (relationshipType :: STRING?) |READ -|db.resampleIndex() |Schedule resampling of an index (for example: CALL db.resampleIndex("MyIndex")). |db.resampleIndex(indexName :: STRING?) :: VOID |READ -|db.resampleOutdatedIndexes() |Schedule resampling of all outdated indexes. |db.resampleOutdatedIndexes() :: VOID |READ -|db.schema.nodeTypeProperties() |Show the derived property schema of the nodes in tabular form. |db.schema.nodeTypeProperties() :: (nodeType :: STRING?, nodeLabels :: LIST? OF STRING?, propertyName :: STRING?, propertyTypes :: LIST? OF STRING?, mandatory :: BOOLEAN?) |READ -|db.schema.relTypeProperties() |Show the derived property schema of the relationships in tabular form. |db.schema.relTypeProperties() :: (relType :: STRING?, propertyName :: STRING?, propertyTypes :: LIST? OF STRING?, mandatory :: BOOLEAN?) |READ -|db.schema.visualization() |Visualizes the schema of the data based on available statistics. A new node is returned for each label. The properties represented on the node include `name` (label name), `indexes` (list of indexes), and `constraints` (list of constraints). A relationship of a given type is returned for all possible combinations of start and end nodes. Note that this may include additional relationships that do not exist in the data due to the information available in the count store. |db.schema.visualization() :: (nodes :: LIST? OF NODE?, relationships :: LIST? OF RELATIONSHIP?) |READ -|db.stats.clear() |Clear collected data of a given data section. Valid sections are 'QUERIES' |db.stats.clear(section :: STRING?) :: (section :: STRING?, success :: BOOLEAN?, message :: STRING?) |READ -|db.stats.collect() |Start data collection of a given data section. Valid sections are 'QUERIES' |db.stats.collect(section :: STRING?, config = {} :: MAP?) :: (section :: STRING?, success :: BOOLEAN?, message :: STRING?) |READ -|db.stats.retrieve() |Retrieve statistical data about the current database. Valid sections are 'GRAPH COUNTS', 'TOKENS', 'QUERIES', 'META' |db.stats.retrieve(section :: STRING?, config = {} :: MAP?) :: (section :: STRING?, data :: MAP?) |READ -|db.stats.retrieveAllAnonymized() |Retrieve all available statistical data about the current database, in an anonymized form. |db.stats.retrieveAllAnonymized(graphToken :: STRING?, config = {} :: MAP?) :: (section :: STRING?, data :: MAP?) |READ -|db.stats.status() |Retrieve the status of all available collector daemons, for this database. |db.stats.status() :: (section :: STRING?, status :: STRING?, data :: MAP?) |READ -|db.stats.stop() |Stop data collection of a given data section. Valid sections are 'QUERIES' |db.stats.stop(section :: STRING?) :: (section :: STRING?, success :: BOOLEAN?, message :: STRING?) |READ -|dbms.cluster.routing.getRoutingTable() |Returns the advertised bolt capable endpoints for a given database, divided by each endpoint's capabilities. For example an endpoint may serve read queries, write queries and/or future getRoutingTable requests. |dbms.cluster.routing.getRoutingTable(context :: MAP?, database = null :: STRING?) :: (ttl :: INTEGER?, servers :: LIST? OF MAP?) |DBMS -|dbms.components() |List DBMS components and their versions. |dbms.components() :: (name :: STRING?, versions :: LIST? OF STRING?, edition :: STRING?) |DBMS -|dbms.info() |Provides information regarding the DBMS. |dbms.info() :: (id :: STRING?, name :: STRING?, creationDate :: STRING?) |DBMS -|dbms.killConnection() |Kill network connection with the given connection id. |dbms.killConnection(id :: STRING?) :: (connectionId :: STRING?, username :: STRING?, message :: STRING?) |DBMS -|dbms.killConnections() |Kill all network connections with the given connection ids. |dbms.killConnections(ids :: LIST? OF STRING?) :: (connectionId :: STRING?, username :: STRING?, message :: STRING?) |DBMS -|dbms.listCapabilities() |List capabilities |dbms.listCapabilities() :: (name :: STRING?, description :: STRING?, value :: ANY?) |DBMS -|dbms.listConfig() |List the currently active config of Neo4j. |dbms.listConfig(searchString = :: STRING?) :: (name :: STRING?, description :: STRING?, value :: STRING?, dynamic :: BOOLEAN?, defaultValue :: STRING?, startupValue :: STRING?, explicitlySet :: BOOLEAN?, validValues :: STRING?) |DBMS -|dbms.listConnections() |List all accepted network connections at this instance that are visible to the user. |dbms.listConnections() :: (connectionId :: STRING?, connectTime :: STRING?, connector :: STRING?, username :: STRING?, userAgent :: STRING?, serverAddress :: STRING?, clientAddress :: STRING?) |DBMS -|dbms.queryJmx() |Query JMX management data by domain and name. For instance, "*:*" |dbms.queryJmx(query :: STRING?) :: (name :: STRING?, description :: STRING?, attributes :: MAP?) |DBMS -|dbms.routing.getRoutingTable() |Returns the advertised bolt capable endpoints for a given database, divided by each endpoint's capabilities. For example an endpoint may serve read queries, write queries and/or future getRoutingTable requests. |dbms.routing.getRoutingTable(context :: MAP?, database = null :: STRING?) :: (ttl :: INTEGER?, servers :: LIST? OF MAP?) |DBMS -|dbms.showCurrentUser() |Show the current user. |dbms.showCurrentUser() :: (username :: STRING?, roles :: LIST? OF STRING?, flags :: LIST? OF STRING?) |DBMS -|dbms.upgrade() |Upgrade the system database schema if it is not the current schema. |dbms.upgrade() :: (status :: STRING?, upgradeResult :: STRING?) |WRITE -|dbms.upgradeStatus() |Report the current status of the system database sub-graph schema. |dbms.upgradeStatus() :: (status :: STRING?, description :: STRING?, resolution :: STRING?) |READ -|tx.getMetaData() |Provides attached transaction metadata. |tx.getMetaData() :: (metadata :: MAP?) |DBMS -|tx.setMetaData() |Attaches a map of data to the transaction. The data will be printed when listing queries, and inserted into the query log. |tx.setMetaData(data :: MAP?) :: VOID |DBMS -|=== diff --git a/modules/ROOT/partials/procedure-documentation/procedure-reference-complete.adoc b/modules/ROOT/partials/procedure-documentation/procedure-reference-complete.adoc deleted file mode 100644 index 4c752dd3a..000000000 --- a/modules/ROOT/partials/procedure-documentation/procedure-reference-complete.adoc +++ /dev/null @@ -1,71 +0,0 @@ -[[complete-procedure-reference]] -.Complete procedure reference -[options=header, cols="a,a,m,m,a"] -|=== -|Name -|Description -|Signature -|Mode|[enterprise-edition]#Roles# -|db.awaitIndex() |Wait for an index to come online (for example: CALL db.awaitIndex("MyIndex", 300)). |db.awaitIndex(indexName :: STRING?, timeOutSeconds = 300 :: INTEGER?) :: VOID |READ |[enterprise-edition]#PUBLIC, admin# -|db.awaitIndexes() |Wait for all indexes to come online (for example: CALL db.awaitIndexes(300)). |db.awaitIndexes(timeOutSeconds = 300 :: INTEGER?) :: VOID |READ |[enterprise-edition]#PUBLIC, admin# -|db.clearQueryCaches() |Clears all query caches. |db.clearQueryCaches() :: (value :: STRING?) |DBMS |[enterprise-edition]#admin# -|db.createLabel() |Create a label |db.createLabel(newLabel :: STRING?) :: VOID |WRITE |[enterprise-edition]#PUBLIC, admin# -|db.createProperty() |Create a Property |db.createProperty(newProperty :: STRING?) :: VOID |WRITE |[enterprise-edition]#PUBLIC, admin# -|db.createRelationshipType() |Create a RelationshipType |db.createRelationshipType(newRelationshipType :: STRING?) :: VOID |WRITE |[enterprise-edition]#PUBLIC, admin# -|db.index.fulltext.awaitEventuallyConsistentIndexRefresh() |Wait for the updates from recently committed transactions to be applied to any eventually-consistent full-text indexes. |db.index.fulltext.awaitEventuallyConsistentIndexRefresh() :: VOID |READ |[enterprise-edition]#PUBLIC, admin# -|db.index.fulltext.listAvailableAnalyzers() |List the available analyzers that the full-text indexes can be configured with. |db.index.fulltext.listAvailableAnalyzers() :: (analyzer :: STRING?, description :: STRING?, stopwords :: LIST? OF STRING?) |READ |[enterprise-edition]#PUBLIC, admin# -|db.index.fulltext.queryNodes() |Query the given full-text index. Returns the matching nodes, and their Lucene query score, ordered by score. Valid keys for the options map are: 'skip' to skip the top N results; 'limit' to limit the number of results returned. |db.index.fulltext.queryNodes(indexName :: STRING?, queryString :: STRING?, options = {} :: MAP?) :: (node :: NODE?, score :: FLOAT?) |READ |[enterprise-edition]#PUBLIC, admin# -|db.index.fulltext.queryRelationships() |Query the given full-text index. Returns the matching relationships, and their Lucene query score, ordered by score. Valid keys for the options map are: 'skip' to skip the top N results; 'limit' to limit the number of results returned. |db.index.fulltext.queryRelationships(indexName :: STRING?, queryString :: STRING?, options = {} :: MAP?) :: (relationship :: RELATIONSHIP?, score :: FLOAT?) |READ |[enterprise-edition]#PUBLIC, admin# -|db.info() |Provides information regarding the database. |db.info() :: (id :: STRING?, name :: STRING?, creationDate :: STRING?) |READ |[enterprise-edition]#PUBLIC, admin# -|db.labels() |List all available labels in the database. |db.labels() :: (label :: STRING?) |READ |[enterprise-edition]#PUBLIC, admin# -|db.ping() |This procedure can be used by client side tooling to test whether they are correctly connected to a database. The procedure is available in all databases and always returns true. A faulty connection can be detected by not being able to call this procedure. |db.ping() :: (success :: BOOLEAN?) |READ |[enterprise-edition]#PUBLIC, admin# -|db.prepareForReplanning() |Triggers an index resample and waits for it to complete, and after that clears query caches. After this procedure has finished queries will be planned using the latest database statistics. |db.prepareForReplanning(timeOutSeconds = 300 :: INTEGER?) :: VOID |READ |[enterprise-edition]#admin# -|db.propertyKeys() |List all property keys in the database. |db.propertyKeys() :: (propertyKey :: STRING?) |READ |[enterprise-edition]#PUBLIC, admin# -|db.relationshipTypes() |List all available relationship types in the database. |db.relationshipTypes() :: (relationshipType :: STRING?) |READ |[enterprise-edition]#PUBLIC, admin# -|db.resampleIndex() |Schedule resampling of an index (for example: CALL db.resampleIndex("MyIndex")). |db.resampleIndex(indexName :: STRING?) :: VOID |READ |[enterprise-edition]#PUBLIC, admin# -|db.resampleOutdatedIndexes() |Schedule resampling of all outdated indexes. |db.resampleOutdatedIndexes() :: VOID |READ |[enterprise-edition]#PUBLIC, admin# -|db.schema.nodeTypeProperties() |Show the derived property schema of the nodes in tabular form. |db.schema.nodeTypeProperties() :: (nodeType :: STRING?, nodeLabels :: LIST? OF STRING?, propertyName :: STRING?, propertyTypes :: LIST? OF STRING?, mandatory :: BOOLEAN?) |READ |[enterprise-edition]#PUBLIC, admin# -|db.schema.relTypeProperties() |Show the derived property schema of the relationships in tabular form. |db.schema.relTypeProperties() :: (relType :: STRING?, propertyName :: STRING?, propertyTypes :: LIST? OF STRING?, mandatory :: BOOLEAN?) |READ |[enterprise-edition]#PUBLIC, admin# -|db.schema.visualization() |Visualizes the schema of the data based on available statistics. A new node is returned for each label. The properties represented on the node include `name` (label name), `indexes` (list of indexes), and `constraints` (list of constraints). A relationship of a given type is returned for all possible combinations of start and end nodes. Note that this may include additional relationships that do not exist in the data due to the information available in the count store. |db.schema.visualization() :: (nodes :: LIST? OF NODE?, relationships :: LIST? OF RELATIONSHIP?) |READ |[enterprise-edition]#PUBLIC, admin# -|db.stats.clear() |Clear collected data of a given data section. Valid sections are 'QUERIES' |db.stats.clear(section :: STRING?) :: (section :: STRING?, success :: BOOLEAN?, message :: STRING?) |READ |[enterprise-edition]#admin# -|db.stats.collect() |Start data collection of a given data section. Valid sections are 'QUERIES' |db.stats.collect(section :: STRING?, config = {} :: MAP?) :: (section :: STRING?, success :: BOOLEAN?, message :: STRING?) |READ |[enterprise-edition]#admin# -|db.stats.retrieve() |Retrieve statistical data about the current database. Valid sections are 'GRAPH COUNTS', 'TOKENS', 'QUERIES', 'META' |db.stats.retrieve(section :: STRING?, config = {} :: MAP?) :: (section :: STRING?, data :: MAP?) |READ |[enterprise-edition]#admin# -|db.stats.retrieveAllAnonymized() |Retrieve all available statistical data about the current database, in an anonymized form. |db.stats.retrieveAllAnonymized(graphToken :: STRING?, config = {} :: MAP?) :: (section :: STRING?, data :: MAP?) |READ |[enterprise-edition]#admin# -|db.stats.status() |Retrieve the status of all available collector daemons, for this database. |db.stats.status() :: (section :: STRING?, status :: STRING?, data :: MAP?) |READ |[enterprise-edition]#admin# -|db.stats.stop() |Stop data collection of a given data section. Valid sections are 'QUERIES' |db.stats.stop(section :: STRING?) :: (section :: STRING?, success :: BOOLEAN?, message :: STRING?) |READ |[enterprise-edition]#admin# -|dbms.cluster.routing.getRoutingTable() |Returns the advertised bolt capable endpoints for a given database, divided by each endpoint's capabilities. For example an endpoint may serve read queries, write queries and/or future getRoutingTable requests. |dbms.cluster.routing.getRoutingTable(context :: MAP?, database = null :: STRING?) :: (ttl :: INTEGER?, servers :: LIST? OF MAP?) |DBMS |[enterprise-edition]#PUBLIC, admin# -|dbms.components() |List DBMS components and their versions. |dbms.components() :: (name :: STRING?, versions :: LIST? OF STRING?, edition :: STRING?) |DBMS |[enterprise-edition]#PUBLIC, admin# -|dbms.info() |Provides information regarding the DBMS. |dbms.info() :: (id :: STRING?, name :: STRING?, creationDate :: STRING?) |DBMS |[enterprise-edition]#PUBLIC, admin# -|dbms.killConnection() |Kill network connection with the given connection id. |dbms.killConnection(id :: STRING?) :: (connectionId :: STRING?, username :: STRING?, message :: STRING?) |DBMS |[enterprise-edition]#PUBLIC, admin# -|dbms.killConnections() |Kill all network connections with the given connection ids. |dbms.killConnections(ids :: LIST? OF STRING?) :: (connectionId :: STRING?, username :: STRING?, message :: STRING?) |DBMS |[enterprise-edition]#PUBLIC, admin# -|dbms.listCapabilities() |List capabilities |dbms.listCapabilities() :: (name :: STRING?, description :: STRING?, value :: ANY?) |DBMS |[enterprise-edition]#PUBLIC, admin# -|dbms.listConfig() |List the currently active config of Neo4j. |dbms.listConfig(searchString = :: STRING?) :: (name :: STRING?, description :: STRING?, value :: STRING?, dynamic :: BOOLEAN?, defaultValue :: STRING?, startupValue :: STRING?, explicitlySet :: BOOLEAN?, validValues :: STRING?) |DBMS |[enterprise-edition]#admin# -|dbms.listConnections() |List all accepted network connections at this instance that are visible to the user. |dbms.listConnections() :: (connectionId :: STRING?, connectTime :: STRING?, connector :: STRING?, username :: STRING?, userAgent :: STRING?, serverAddress :: STRING?, clientAddress :: STRING?) |DBMS |[enterprise-edition]#PUBLIC, admin# -|dbms.queryJmx() |Query JMX management data by domain and name. For instance, "*:*" |dbms.queryJmx(query :: STRING?) :: (name :: STRING?, description :: STRING?, attributes :: MAP?) |DBMS |[enterprise-edition]#PUBLIC, admin# -|dbms.routing.getRoutingTable() |Returns the advertised bolt capable endpoints for a given database, divided by each endpoint's capabilities. For example an endpoint may serve read queries, write queries and/or future getRoutingTable requests. |dbms.routing.getRoutingTable(context :: MAP?, database = null :: STRING?) :: (ttl :: INTEGER?, servers :: LIST? OF MAP?) |DBMS |[enterprise-edition]#PUBLIC, admin# -|dbms.showCurrentUser() |Show the current user. |dbms.showCurrentUser() :: (username :: STRING?, roles :: LIST? OF STRING?, flags :: LIST? OF STRING?) |DBMS |[enterprise-edition]#PUBLIC, admin# -|dbms.upgrade() |Upgrade the system database schema if it is not the current schema. |dbms.upgrade() :: (status :: STRING?, upgradeResult :: STRING?) |WRITE |[enterprise-edition]#admin# -|dbms.upgradeStatus() |Report the current status of the system database sub-graph schema. |dbms.upgradeStatus() :: (status :: STRING?, description :: STRING?, resolution :: STRING?) |READ |[enterprise-edition]#admin# -|tx.getMetaData() |Provides attached transaction metadata. |tx.getMetaData() :: (metadata :: MAP?) |DBMS |[enterprise-edition]#PUBLIC, admin# -|tx.setMetaData() |Attaches a map of data to the transaction. The data will be printed when listing queries, and inserted into the query log. |tx.setMetaData(data :: MAP?) :: VOID |DBMS |[enterprise-edition]#PUBLIC, admin# -|[enterprise-edition]#db.checkpoint()# |Initiate and wait for a new check point, or wait any already on-going check point to complete. Note that this temporarily disables the `db.checkpoint.iops.limit` setting in order to make the check point complete faster. This might cause transaction throughput to degrade slightly, due to increased IO load. |db.checkpoint() :: (success :: BOOLEAN?, message :: STRING?) |DBMS |[enterprise-edition]#PUBLIC, admin# -|[enterprise-edition]#db.listLocks()# |List all locks at this database. |db.listLocks() :: (mode :: STRING?, resourceType :: STRING?, resourceId :: INTEGER?, transactionId :: STRING?) |DBMS |[enterprise-edition]#admin# -|[enterprise-edition]#dbms.checkConfigValue()# |Check if a potential config setting value is valid. |dbms.checkConfigValue(setting :: STRING?, value :: STRING?) :: (valid :: BOOLEAN?, message :: STRING?) |DBMS |[enterprise-edition]#admin# -|[enterprise-edition]#dbms.cluster.checkConnectivity()# |Check the connectivity of this instance to other cluster members. Not all ports are relevant to all members. Valid values for 'port-name' are: [CLUSTER, RAFT] |dbms.cluster.checkConnectivity(port-name = null :: STRING?, server = null :: STRING?) :: (serverId :: STRING?, mode-constraint :: STRING?, port-name :: STRING?, port-address :: STRING?, result :: STRING?) |DBMS |[enterprise-edition]#admin# -|[enterprise-edition]#dbms.cluster.cordonServer()# |Mark a server in the topology as not suitable for new allocations. It will not force current allocations off the server. This is useful when deallocating databases when you have multiple unavailable servers. |dbms.cluster.cordonServer(server :: STRING?) :: VOID |WRITE |[enterprise-edition]#admin# -|[enterprise-edition]#dbms.cluster.protocols()# |Overview of installed protocols |dbms.cluster.protocols() :: (orientation :: STRING?, remoteAddress :: STRING?, applicationProtocol :: STRING?, applicationProtocolVersion :: INTEGER?, modifierProtocols :: STRING?) |DBMS |[enterprise-edition]#PUBLIC, admin# -|[enterprise-edition]#dbms.cluster.readReplicaToggle()# |The toggle can pause or resume read replica |dbms.cluster.readReplicaToggle(databaseName :: STRING?, pause :: BOOLEAN?) :: (state :: STRING?) |DBMS |[enterprise-edition]#admin# -|[enterprise-edition]#dbms.cluster.uncordonServer()# |Remove the cordon on a server, returning it to 'enabled'. |dbms.cluster.uncordonServer(server :: STRING?) :: VOID |WRITE |[enterprise-edition]#admin# -|[enterprise-edition]#dbms.listActiveLocks()# |List the active lock requests granted for the transaction executing the query with the given query id. |dbms.listActiveLocks(queryId :: STRING?) :: (mode :: STRING?, resourceType :: STRING?, resourceId :: INTEGER?) |DBMS |[enterprise-edition]#PUBLIC, admin# -|[enterprise-edition]#dbms.listPools()# |List all memory pools, including sub pools, currently registered at this instance that are visible to the user. |dbms.listPools() :: (pool :: STRING?, databaseName :: STRING?, heapMemoryUsed :: STRING?, heapMemoryUsedBytes :: STRING?, nativeMemoryUsed :: STRING?, nativeMemoryUsedBytes :: STRING?, freeMemory :: STRING?, freeMemoryBytes :: STRING?, totalPoolMemory :: STRING?, totalPoolMemoryBytes :: STRING?) |DBMS |[enterprise-edition]#PUBLIC, admin# -|[enterprise-edition]#dbms.quarantineDatabase()# |Place a database into quarantine or remove from it. |dbms.quarantineDatabase(databaseName :: STRING?, setStatus :: BOOLEAN?, reason = No reason given :: STRING?) :: (databaseName :: STRING?, quarantined :: BOOLEAN?, result :: STRING?) |DBMS |[enterprise-edition]#admin# -|[enterprise-edition]#dbms.scheduler.failedJobs()# |List failed job runs. There is a limit for amount of historical data. |dbms.scheduler.failedJobs() :: (jobId :: STRING?, group :: STRING?, database :: STRING?, submitter :: STRING?, description :: STRING?, type :: STRING?, submitted :: STRING?, executionStart :: STRING?, failureTime :: STRING?, failureDescription :: STRING?) |DBMS |[enterprise-edition]#admin# -|[enterprise-edition]#dbms.scheduler.groups()# |List the job groups that are active in the database internal job scheduler. |dbms.scheduler.groups() :: (group :: STRING?, threads :: INTEGER?) |DBMS |[enterprise-edition]#admin# -|[enterprise-edition]#dbms.scheduler.jobs()# |List all jobs that are active in the database internal job scheduler. |dbms.scheduler.jobs() :: (jobId :: STRING?, group :: STRING?, submitted :: STRING?, database :: STRING?, submitter :: STRING?, description :: STRING?, type :: STRING?, scheduledAt :: STRING?, period :: STRING?, state :: STRING?, currentStateDescription :: STRING?) |DBMS |[enterprise-edition]#admin# -|[enterprise-edition]#dbms.security.clearAuthCache()# |Clears authentication and authorization cache. |dbms.security.clearAuthCache() :: VOID |DBMS |[enterprise-edition]#admin# -|[enterprise-edition]#dbms.setConfigValue()# |Updates a given setting value. Passing an empty value will result in removing the configured value and falling back to the default value. Changes will not persist and will be lost if the server is restarted. |dbms.setConfigValue(setting :: STRING?, value :: STRING?) :: VOID |DBMS |[enterprise-edition]#admin# -|[enterprise-edition]#dbms.setDatabaseAllocator()# |With this method you can set the allocator, which is responsible to select servers for hosting databases. |dbms.setDatabaseAllocator(allocator :: STRING?) :: VOID |WRITE |[enterprise-edition]#admin# -|[enterprise-edition]#dbms.setDefaultAllocationNumbers()# |With this method you can set the default number of primaries and secondaries. |dbms.setDefaultAllocationNumbers(primaries :: INTEGER?, secondaries :: INTEGER?) :: VOID |WRITE |[enterprise-edition]#admin# -|[enterprise-edition]#dbms.setDefaultDatabase()# |Change the default database to the provided value. The database must exist and the old default database must be stopped. |dbms.setDefaultDatabase(databaseName :: STRING?) :: (result :: STRING?) |WRITE |[enterprise-edition]#admin# -|[enterprise-edition]#dbms.showTopologyGraphConfig()# |With this method the configuration of the Topology Graph can be displayed. |dbms.showTopologyGraphConfig() :: (allocator :: STRING?, defaultPrimariesCount :: INTEGER?, defaultSecondariesCount :: INTEGER?, defaultDatabase :: STRING?) |READ |[enterprise-edition]#admin# -|=== diff --git a/modules/ROOT/partials/procedure-documentation/procedure-reference-enterprise-edition.adoc b/modules/ROOT/partials/procedure-documentation/procedure-reference-enterprise-edition.adoc deleted file mode 100644 index bcb15cb60..000000000 --- a/modules/ROOT/partials/procedure-documentation/procedure-reference-enterprise-edition.adoc +++ /dev/null @@ -1,72 +0,0 @@ -[[enterprise-edition-procedure-reference]] -[role=enterprise-edition] -.Enterprise Edition procedures -[options=header, cols="a,a,m,m,a"] -|=== -|Name -|Description -|Signature -|Mode|Roles -|db.awaitIndex() |Wait for an index to come online (for example: CALL db.awaitIndex("MyIndex", 300)). |db.awaitIndex(indexName :: STRING?, timeOutSeconds = 300 :: INTEGER?) :: VOID |READ |PUBLIC, admin -|db.awaitIndexes() |Wait for all indexes to come online (for example: CALL db.awaitIndexes(300)). |db.awaitIndexes(timeOutSeconds = 300 :: INTEGER?) :: VOID |READ |PUBLIC, admin -|db.checkpoint() |Initiate and wait for a new check point, or wait any already on-going check point to complete. Note that this temporarily disables the `db.checkpoint.iops.limit` setting in order to make the check point complete faster. This might cause transaction throughput to degrade slightly, due to increased IO load. |db.checkpoint() :: (success :: BOOLEAN?, message :: STRING?) |DBMS |PUBLIC, admin -|db.clearQueryCaches() |Clears all query caches. |db.clearQueryCaches() :: (value :: STRING?) |DBMS |admin -|db.createLabel() |Create a label |db.createLabel(newLabel :: STRING?) :: VOID |WRITE |PUBLIC, admin -|db.createProperty() |Create a Property |db.createProperty(newProperty :: STRING?) :: VOID |WRITE |PUBLIC, admin -|db.createRelationshipType() |Create a RelationshipType |db.createRelationshipType(newRelationshipType :: STRING?) :: VOID |WRITE |PUBLIC, admin -|db.index.fulltext.awaitEventuallyConsistentIndexRefresh() |Wait for the updates from recently committed transactions to be applied to any eventually-consistent full-text indexes. |db.index.fulltext.awaitEventuallyConsistentIndexRefresh() :: VOID |READ |PUBLIC, admin -|db.index.fulltext.listAvailableAnalyzers() |List the available analyzers that the full-text indexes can be configured with. |db.index.fulltext.listAvailableAnalyzers() :: (analyzer :: STRING?, description :: STRING?, stopwords :: LIST? OF STRING?) |READ |PUBLIC, admin -|db.index.fulltext.queryNodes() |Query the given full-text index. Returns the matching nodes, and their Lucene query score, ordered by score. Valid keys for the options map are: 'skip' to skip the top N results; 'limit' to limit the number of results returned. |db.index.fulltext.queryNodes(indexName :: STRING?, queryString :: STRING?, options = {} :: MAP?) :: (node :: NODE?, score :: FLOAT?) |READ |PUBLIC, admin -|db.index.fulltext.queryRelationships() |Query the given full-text index. Returns the matching relationships, and their Lucene query score, ordered by score. Valid keys for the options map are: 'skip' to skip the top N results; 'limit' to limit the number of results returned. |db.index.fulltext.queryRelationships(indexName :: STRING?, queryString :: STRING?, options = {} :: MAP?) :: (relationship :: RELATIONSHIP?, score :: FLOAT?) |READ |PUBLIC, admin -|db.info() |Provides information regarding the database. |db.info() :: (id :: STRING?, name :: STRING?, creationDate :: STRING?) |READ |PUBLIC, admin -|db.labels() |List all available labels in the database. |db.labels() :: (label :: STRING?) |READ |PUBLIC, admin -|db.listLocks() |List all locks at this database. |db.listLocks() :: (mode :: STRING?, resourceType :: STRING?, resourceId :: INTEGER?, transactionId :: STRING?) |DBMS |admin -|db.ping() |This procedure can be used by client side tooling to test whether they are correctly connected to a database. The procedure is available in all databases and always returns true. A faulty connection can be detected by not being able to call this procedure. |db.ping() :: (success :: BOOLEAN?) |READ |PUBLIC, admin -|db.prepareForReplanning() |Triggers an index resample and waits for it to complete, and after that clears query caches. After this procedure has finished queries will be planned using the latest database statistics. |db.prepareForReplanning(timeOutSeconds = 300 :: INTEGER?) :: VOID |READ |admin -|db.propertyKeys() |List all property keys in the database. |db.propertyKeys() :: (propertyKey :: STRING?) |READ |PUBLIC, admin -|db.relationshipTypes() |List all available relationship types in the database. |db.relationshipTypes() :: (relationshipType :: STRING?) |READ |PUBLIC, admin -|db.resampleIndex() |Schedule resampling of an index (for example: CALL db.resampleIndex("MyIndex")). |db.resampleIndex(indexName :: STRING?) :: VOID |READ |PUBLIC, admin -|db.resampleOutdatedIndexes() |Schedule resampling of all outdated indexes. |db.resampleOutdatedIndexes() :: VOID |READ |PUBLIC, admin -|db.schema.nodeTypeProperties() |Show the derived property schema of the nodes in tabular form. |db.schema.nodeTypeProperties() :: (nodeType :: STRING?, nodeLabels :: LIST? OF STRING?, propertyName :: STRING?, propertyTypes :: LIST? OF STRING?, mandatory :: BOOLEAN?) |READ |PUBLIC, admin -|db.schema.relTypeProperties() |Show the derived property schema of the relationships in tabular form. |db.schema.relTypeProperties() :: (relType :: STRING?, propertyName :: STRING?, propertyTypes :: LIST? OF STRING?, mandatory :: BOOLEAN?) |READ |PUBLIC, admin -|db.schema.visualization() |Visualizes the schema of the data based on available statistics. A new node is returned for each label. The properties represented on the node include `name` (label name), `indexes` (list of indexes), and `constraints` (list of constraints). A relationship of a given type is returned for all possible combinations of start and end nodes. Note that this may include additional relationships that do not exist in the data due to the information available in the count store. |db.schema.visualization() :: (nodes :: LIST? OF NODE?, relationships :: LIST? OF RELATIONSHIP?) |READ |PUBLIC, admin -|db.stats.clear() |Clear collected data of a given data section. Valid sections are 'QUERIES' |db.stats.clear(section :: STRING?) :: (section :: STRING?, success :: BOOLEAN?, message :: STRING?) |READ |admin -|db.stats.collect() |Start data collection of a given data section. Valid sections are 'QUERIES' |db.stats.collect(section :: STRING?, config = {} :: MAP?) :: (section :: STRING?, success :: BOOLEAN?, message :: STRING?) |READ |admin -|db.stats.retrieve() |Retrieve statistical data about the current database. Valid sections are 'GRAPH COUNTS', 'TOKENS', 'QUERIES', 'META' |db.stats.retrieve(section :: STRING?, config = {} :: MAP?) :: (section :: STRING?, data :: MAP?) |READ |admin -|db.stats.retrieveAllAnonymized() |Retrieve all available statistical data about the current database, in an anonymized form. |db.stats.retrieveAllAnonymized(graphToken :: STRING?, config = {} :: MAP?) :: (section :: STRING?, data :: MAP?) |READ |admin -|db.stats.status() |Retrieve the status of all available collector daemons, for this database. |db.stats.status() :: (section :: STRING?, status :: STRING?, data :: MAP?) |READ |admin -|db.stats.stop() |Stop data collection of a given data section. Valid sections are 'QUERIES' |db.stats.stop(section :: STRING?) :: (section :: STRING?, success :: BOOLEAN?, message :: STRING?) |READ |admin -|dbms.checkConfigValue() |Check if a potential config setting value is valid. |dbms.checkConfigValue(setting :: STRING?, value :: STRING?) :: (valid :: BOOLEAN?, message :: STRING?) |DBMS |admin -|dbms.cluster.checkConnectivity() |Check the connectivity of this instance to other cluster members. Not all ports are relevant to all members. Valid values for 'port-name' are: [CLUSTER, RAFT] |dbms.cluster.checkConnectivity(port-name = null :: STRING?, server = null :: STRING?) :: (serverId :: STRING?, mode-constraint :: STRING?, port-name :: STRING?, port-address :: STRING?, result :: STRING?) |DBMS |admin -|dbms.cluster.cordonServer() |Mark a server in the topology as not suitable for new allocations. It will not force current allocations off the server. This is useful when deallocating databases when you have multiple unavailable servers. |dbms.cluster.cordonServer(server :: STRING?) :: VOID |WRITE |admin -|dbms.cluster.protocols() |Overview of installed protocols |dbms.cluster.protocols() :: (orientation :: STRING?, remoteAddress :: STRING?, applicationProtocol :: STRING?, applicationProtocolVersion :: INTEGER?, modifierProtocols :: STRING?) |DBMS |PUBLIC, admin -|dbms.cluster.readReplicaToggle() |The toggle can pause or resume read replica |dbms.cluster.readReplicaToggle(databaseName :: STRING?, pause :: BOOLEAN?) :: (state :: STRING?) |DBMS |admin -|dbms.cluster.routing.getRoutingTable() |Returns the advertised bolt capable endpoints for a given database, divided by each endpoint's capabilities. For example an endpoint may serve read queries, write queries and/or future getRoutingTable requests. |dbms.cluster.routing.getRoutingTable(context :: MAP?, database = null :: STRING?) :: (ttl :: INTEGER?, servers :: LIST? OF MAP?) |DBMS |PUBLIC, admin -|dbms.cluster.uncordonServer() |Remove the cordon on a server, returning it to 'enabled'. |dbms.cluster.uncordonServer(server :: STRING?) :: VOID |WRITE |admin -|dbms.components() |List DBMS components and their versions. |dbms.components() :: (name :: STRING?, versions :: LIST? OF STRING?, edition :: STRING?) |DBMS |PUBLIC, admin -|dbms.info() |Provides information regarding the DBMS. |dbms.info() :: (id :: STRING?, name :: STRING?, creationDate :: STRING?) |DBMS |PUBLIC, admin -|dbms.killConnection() |Kill network connection with the given connection id. |dbms.killConnection(id :: STRING?) :: (connectionId :: STRING?, username :: STRING?, message :: STRING?) |DBMS |PUBLIC, admin -|dbms.killConnections() |Kill all network connections with the given connection ids. |dbms.killConnections(ids :: LIST? OF STRING?) :: (connectionId :: STRING?, username :: STRING?, message :: STRING?) |DBMS |PUBLIC, admin -|dbms.listActiveLocks() |List the active lock requests granted for the transaction executing the query with the given query id. |dbms.listActiveLocks(queryId :: STRING?) :: (mode :: STRING?, resourceType :: STRING?, resourceId :: INTEGER?) |DBMS |PUBLIC, admin -|dbms.listCapabilities() |List capabilities |dbms.listCapabilities() :: (name :: STRING?, description :: STRING?, value :: ANY?) |DBMS |PUBLIC, admin -|dbms.listConfig() |List the currently active config of Neo4j. |dbms.listConfig(searchString = :: STRING?) :: (name :: STRING?, description :: STRING?, value :: STRING?, dynamic :: BOOLEAN?, defaultValue :: STRING?, startupValue :: STRING?, explicitlySet :: BOOLEAN?, validValues :: STRING?) |DBMS |admin -|dbms.listConnections() |List all accepted network connections at this instance that are visible to the user. |dbms.listConnections() :: (connectionId :: STRING?, connectTime :: STRING?, connector :: STRING?, username :: STRING?, userAgent :: STRING?, serverAddress :: STRING?, clientAddress :: STRING?) |DBMS |PUBLIC, admin -|dbms.listPools() |List all memory pools, including sub pools, currently registered at this instance that are visible to the user. |dbms.listPools() :: (pool :: STRING?, databaseName :: STRING?, heapMemoryUsed :: STRING?, heapMemoryUsedBytes :: STRING?, nativeMemoryUsed :: STRING?, nativeMemoryUsedBytes :: STRING?, freeMemory :: STRING?, freeMemoryBytes :: STRING?, totalPoolMemory :: STRING?, totalPoolMemoryBytes :: STRING?) |DBMS |PUBLIC, admin -|dbms.quarantineDatabase() |Place a database into quarantine or remove from it. |dbms.quarantineDatabase(databaseName :: STRING?, setStatus :: BOOLEAN?, reason = No reason given :: STRING?) :: (databaseName :: STRING?, quarantined :: BOOLEAN?, result :: STRING?) |DBMS |admin -|dbms.queryJmx() |Query JMX management data by domain and name. For instance, "*:*" |dbms.queryJmx(query :: STRING?) :: (name :: STRING?, description :: STRING?, attributes :: MAP?) |DBMS |PUBLIC, admin -|dbms.routing.getRoutingTable() |Returns the advertised bolt capable endpoints for a given database, divided by each endpoint's capabilities. For example an endpoint may serve read queries, write queries and/or future getRoutingTable requests. |dbms.routing.getRoutingTable(context :: MAP?, database = null :: STRING?) :: (ttl :: INTEGER?, servers :: LIST? OF MAP?) |DBMS |PUBLIC, admin -|dbms.scheduler.failedJobs() |List failed job runs. There is a limit for amount of historical data. |dbms.scheduler.failedJobs() :: (jobId :: STRING?, group :: STRING?, database :: STRING?, submitter :: STRING?, description :: STRING?, type :: STRING?, submitted :: STRING?, executionStart :: STRING?, failureTime :: STRING?, failureDescription :: STRING?) |DBMS |admin -|dbms.scheduler.groups() |List the job groups that are active in the database internal job scheduler. |dbms.scheduler.groups() :: (group :: STRING?, threads :: INTEGER?) |DBMS |admin -|dbms.scheduler.jobs() |List all jobs that are active in the database internal job scheduler. |dbms.scheduler.jobs() :: (jobId :: STRING?, group :: STRING?, submitted :: STRING?, database :: STRING?, submitter :: STRING?, description :: STRING?, type :: STRING?, scheduledAt :: STRING?, period :: STRING?, state :: STRING?, currentStateDescription :: STRING?) |DBMS |admin -|dbms.security.clearAuthCache() |Clears authentication and authorization cache. |dbms.security.clearAuthCache() :: VOID |DBMS |admin -|dbms.setConfigValue() |Updates a given setting value. Passing an empty value will result in removing the configured value and falling back to the default value. Changes will not persist and will be lost if the server is restarted. |dbms.setConfigValue(setting :: STRING?, value :: STRING?) :: VOID |DBMS |admin -|dbms.setDatabaseAllocator() |With this method you can set the allocator, which is responsible to select servers for hosting databases. |dbms.setDatabaseAllocator(allocator :: STRING?) :: VOID |WRITE |admin -|dbms.setDefaultAllocationNumbers() |With this method you can set the default number of primaries and secondaries. |dbms.setDefaultAllocationNumbers(primaries :: INTEGER?, secondaries :: INTEGER?) :: VOID |WRITE |admin -|dbms.setDefaultDatabase() |Change the default database to the provided value. The database must exist and the old default database must be stopped. |dbms.setDefaultDatabase(databaseName :: STRING?) :: (result :: STRING?) |WRITE |admin -|dbms.showCurrentUser() |Show the current user. |dbms.showCurrentUser() :: (username :: STRING?, roles :: LIST? OF STRING?, flags :: LIST? OF STRING?) |DBMS |PUBLIC, admin -|dbms.showTopologyGraphConfig() |With this method the configuration of the Topology Graph can be displayed. |dbms.showTopologyGraphConfig() :: (allocator :: STRING?, defaultPrimariesCount :: INTEGER?, defaultSecondariesCount :: INTEGER?, defaultDatabase :: STRING?) |READ |admin -|dbms.upgrade() |Upgrade the system database schema if it is not the current schema. |dbms.upgrade() :: (status :: STRING?, upgradeResult :: STRING?) |WRITE |admin -|dbms.upgradeStatus() |Report the current status of the system database sub-graph schema. |dbms.upgradeStatus() :: (status :: STRING?, description :: STRING?, resolution :: STRING?) |READ |admin -|tx.getMetaData() |Provides attached transaction metadata. |tx.getMetaData() :: (metadata :: MAP?) |DBMS |PUBLIC, admin -|tx.setMetaData() |Attaches a map of data to the transaction. The data will be printed when listing queries, and inserted into the query log. |tx.setMetaData(data :: MAP?) :: VOID |DBMS |PUBLIC, admin -|=== From 865f08e1bbcc5628a435fcf9662a7acf9bee248f Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 2 Feb 2023 10:18:26 +0000 Subject: [PATCH 119/876] Add some exit codes (#420) Trello card: https://trello.com/c/PV1DZpQF/4198-document-the-bin-neo4j-command --- .../ROOT/pages/configuration/neo4j-conf.adoc | 4 ++- .../ROOT/pages/tools/neo4j-admin/index.adoc | 27 +++++++++++++++++-- 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/pages/configuration/neo4j-conf.adoc b/modules/ROOT/pages/configuration/neo4j-conf.adoc index af8e270a6..646a5f624 100644 --- a/modules/ROOT/pages/configuration/neo4j-conf.adoc +++ b/modules/ROOT/pages/configuration/neo4j-conf.adoc @@ -78,7 +78,7 @@ For a complete reference of Neo4j configuration settings, see xref:reference/con [[neo4j-conf-JVM]] === JVM-specific configuration settings -A Java virtual machine (JVM) is a virtual machine that enables a computer to run Java programs and programs written in other languages that are also compiled to Java bytecode. +A Java virtual machine (JVM) is a virtual machine that enables a computer to run Java programs and programs written in other languages that are also compiled in Java bytecode. The Java heap is where the objects of a Java program live. Depending on the JVM implementation, the JVM heap size often determines how and for how long time the virtual machine performs xref:performance/gc-tuning.adoc[garbage collection]. @@ -235,3 +235,5 @@ In this case, the execution stops and the server does not start. * Errors for incorrect values -- The returned value is not the one expected for the setting. In this case, the server does not start. + +For more information, see xref:tools/neo4j-admin/index.adoc#neo4j-admin-exit-codes[Exit codes]. \ No newline at end of file diff --git a/modules/ROOT/pages/tools/neo4j-admin/index.adoc b/modules/ROOT/pages/tools/neo4j-admin/index.adoc index e8566d34d..d5bca6eba 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/index.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/index.adoc @@ -290,9 +290,32 @@ If set, `HEAP_SIZE` and `JAVA_OPTS` override all relevant settings specified in [[neo4j-admin-exit-codes]] == Exit codes -When `neo4j-admin` finishes as expected, it returns an exit code of `0`. +When `neo4j` and `neo4j-admin` finish as expected, they exit with code `0`. A non-zero exit code means something undesired happened during command execution. -The non-zero exit code can contain further information about the error, such as the `backup` command's xref:backup-restore/online-backup.adoc#backup-command-exit-codes[exit codes]. + +.Exit codes +[options="header", cols="1m,3a"] +|=== +| Exit code +| Description + +| `0` +| Successful execution. + +| 1 +| The command failed to execute. + +| 3 +| The command failed to execute because the database is not running. + +| 64 +| The command was invoked with incorrect options/parameters. See the printed usage for details. + +| 70 +| An exception was thrown, not handled otherwise. +|=== + +The non-zero exit code can contain further information about the error, for example, see the `backup` command's xref:backup-restore/online-backup.adoc#backup-command-exit-codes[exit codes]. == Command-line completion From 6827fa6ec34e0f9c598cca80e696f9975014eaa3 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 2 Feb 2023 13:55:41 +0000 Subject: [PATCH 120/876] Remove the folder partials and move the content to the main pages (#432) --- modules/ROOT/pages/installation/windows.adoc | 133 +- .../reference/configuration-settings.adoc | 4065 +++++++++++++++- .../installation/windows/powershell.adoc | 133 - .../partials/neo4j-config/all-settings.adoc | 4066 ----------------- 4 files changed, 4196 insertions(+), 4201 deletions(-) delete mode 100644 modules/ROOT/partials/installation/windows/powershell.adoc delete mode 100644 modules/ROOT/partials/neo4j-config/all-settings.adoc diff --git a/modules/ROOT/pages/installation/windows.adoc b/modules/ROOT/pages/installation/windows.adoc index 4b209b676..0f45ce5d7 100644 --- a/modules/ROOT/pages/installation/windows.adoc +++ b/modules/ROOT/pages/installation/windows.adoc @@ -95,5 +95,136 @@ bin\neo4j restart ---- ==== +[[powershell]] +== Windows PowerShell module -include::partial$/installation/windows/powershell.adoc[leveloffset=+1] +The Neo4j PowerShell module allows administrators to: + +* Install, start and stop Neo4j Windows® Services. +* Start tools, such as `Neo4j Admin` and `Cypher Shell`. + +The PowerShell module is installed as part of the https://neo4j.com/download/other-releases/#releases[ZIP file] distributions of Neo4j. + + +[[powershell-requirements]] +=== System requirements + +* Requires PowerShell v2.0 or above. +* Supported on either 32 or 64 bit operating systems. + + +[[powershell-windows]] +=== Managing Neo4j on Windows + +On Windows, it is sometimes necessary to _Unblock_ a downloaded ZIP file before you can import its contents as a module. +If you right-click on the ZIP file and choose "Properties" you will get a dialog which includes an "Unblock" button, which will enable you to import the module. + +Running scripts has to be enabled on the system. +This can, for example, be achieved by executing the following from an elevated PowerShell prompt: + +[source,powershell] +---- +Set-ExecutionPolicy -ExecutionPolicy RemoteSigned +---- +For more information, see https://technet.microsoft.com/en-us/library/hh847748.aspx[About execution policies]. + +The PowerShell module will display a warning if it detects that you do not have administrative rights. + + +[[powershell-module-import]] +=== How do I import the module? + +The module file is located in the _bin_ directory of your Neo4j installation, i.e. where you unzipped the downloaded file. +For example, if Neo4j was installed in _C:\Neo4j_ then the module would be imported like this: + +[source,powershell] +---- +Import-Module C:\Neo4j\bin\Neo4j-Management.psd1 +---- + +This will add the module to the current session. + +Once the module has been imported you can start an interactive console version of a Neo4j Server like this: + +[source,powershell] +---- +Invoke-Neo4j console +---- + +To stop the server, issue `Ctrl-C` in the console window that was created by the command. + + +[[powershell-help]] +=== How do I get help about the module? + +Once the module is imported you can query the available commands like this: + +[source,powershell] +---- +Get-Command -Module Neo4j-Management +---- + +The output should be similar to the following: + +[source, shell, subs="attributes"] +---- +CommandType Name Version Source +----------- ---- ------- ------ +Function Invoke-Neo4j {neo4j-version-exact} Neo4j-Management +Function Invoke-Neo4jAdmin {neo4j-version-exact} Neo4j-Management +Function Invoke-Neo4jBackup {neo4j-version-exact} Neo4j-Management +Function Invoke-Neo4jImport {neo4j-version-exact} Neo4j-Management +Function Invoke-Neo4jShell {neo4j-version-exact} Neo4j-Management +---- + +The module also supports the standard PowerShell help commands. + +[source,powershell] +---- +Get-Help Invoke-Neo4j +---- + +Run the following to see examples of help commands: + +[source,powershell] +---- +Get-Help Invoke-Neo4j -examples +---- + + +[[powershell-examples]] +=== Example usage + +* List of available commands: ++ +[source,powershell] +---- +Invoke-Neo4j +---- + +* Current status of the Neo4j service: ++ +[source,powershell] +---- +Invoke-Neo4j status +---- + +* Install the service with verbose output: ++ +[source,powershell] +---- +Invoke-Neo4j install-service -Verbose +---- + +* Available commands for administrative tasks: ++ +[source,powershell] +---- +Invoke-Neo4jAdmin +---- + + +[[powershell-common-parameters]] +=== Common PowerShell parameters + +The module commands support the common PowerShell parameter of `Verbose`. diff --git a/modules/ROOT/pages/reference/configuration-settings.adoc b/modules/ROOT/pages/reference/configuration-settings.adoc index 0036c1ee8..e2d884beb 100644 --- a/modules/ROOT/pages/reference/configuration-settings.adoc +++ b/modules/ROOT/pages/reference/configuration-settings.adoc @@ -5,4 +5,4067 @@ This page provides a complete reference to the Neo4j configuration settings, which can be set in xref::/configuration/file-locations.adoc#file-locations[_neo4j.conf_]. Refer to xref::/configuration/neo4j-conf.adoc#neo4j-conf[The neo4j.conf file] for details on how to use configuration settings. -include::partial$/neo4j-config/all-settings.adoc[] +[[settings-reference-all-settings]] +.All settings +ifndef::nonhtmloutput[] +[options="header"] +|=== +|Name|Description +|<>|label:enterprise-edition[Enterprise only]Configure the policy for outgoing Neo4j Browser connections. +|<>|label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to time out logged in users after this idle period. +|<>|Commands to be run when Neo4j Browser successfully connects to this server. +|<>|Whitelist of hosts for the Neo4j Browser to be allowed to fetch content from. +|<>|label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to store or not store user credentials. +|<>|label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to store or not store user editor history. +|<>|Configure client applications such as Browser and Bloom to send Product Analytics data. +|<>|Configures the general policy for when check-points should occur. +|<>|Configures the time interval between check-points. +|<>|Configures the transaction interval between check-points. +|<>|Configures the volume of transaction logs between check-points. +|<>|Limit the number of IOs the background checkpoint process will consume per second. +|<>|label:enterprise-edition[Enterprise only]Interval of pulling updates from cores. +|<>|label:enterprise-edition[Enterprise only]The maximum number of bytes in the apply buffer. +|<>|label:enterprise-edition[Enterprise only]The maximum number of entries in the raft log entry prefetch buffer. +|<>|label:enterprise-edition[Enterprise only]Largest batch processed by RAFT in bytes. +|<>|label:enterprise-edition[Enterprise only]Maximum number of bytes in the RAFT in-queue. +|<>|label:enterprise-edition[Enterprise only]The name of a server_group whose members should be prioritized as leaders. +|<>|label:enterprise-edition[Enterprise only]RAFT log pruning strategy that determines which logs are to be pruned. +|<>|label:enterprise-edition[Enterprise only]The maximum number of bytes in the in-flight cache. +|<>|label:enterprise-edition[Enterprise only]The maximum number of entries in the in-flight cache. +|<>|Allows the enabling or disabling of the file watcher service. +|<>|Database format. +|<>|The size of the internal buffer in bytes used by `LOAD CSV`. +|<>|Selects whether to conform to the standard https://tools.ietf.org/html/rfc4180 for interpreting escaped quotation characters in CSV files loaded using `LOAD CSV`. +|<>|The name of the analyzer that the fulltext indexes should use by default. +|<>|Whether or not fulltext indexes should be eventually consistent by default or not. +|<>|The eventually_consistent mode of the fulltext indexes works by queueing up index updates to be applied later in a background thread. +|<>|Enable or disable background index sampling. +|<>|Index sampling chunk size limit. +|<>|Percentage of index updates of total index size required before sampling of a given index is triggered. +|<>|The maximum time interval within which lock should be acquired. +|<>|Log query text and parameters without obfuscating passwords. +|<>|Log executed queries. +|<>|Sets a maximum character length use for each parameter in the log. +|<>|Obfuscates all literals of the query before writing to the log. +|<>|Log parameters for the executed queries being logged. +|<>|Log query plan description table, useful for debugging purposes. +|<>|If the execution of query takes more time than this threshold, the query is logged once completed - provided query logging is set to INFO. +|<>|Log the start and end of a transaction. +|<>|If the transaction is open for more time than this threshold, the transaction is logged once completed - provided transaction logging (db.logs.query.transaction.enabled) is set to `INFO`. +|<>|Page cache can be configured to perform usage sampling of loaded pages that can be used to construct active load profile. +|<>|Page cache warmup can be configured to prefetch files, preferably when cache size is bigger than store size. +|<>|Page cache warmup prefetch file allowlist regex. +|<>|The profiling frequency for the page cache. +|<>|Limit the amount of memory that a single transaction can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). +|<>|Limit the amount of memory that all transactions in one database can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). +|<>|If `true`, Neo4j will abort recovery if transaction log files are missing. +|<>|Relationship count threshold for considering a node to be dense. +|<>|The maximum amount of time to wait for running transactions to complete before allowing initiated database shutdown to continue. +|<>|Specify if Neo4j should try to preallocate store files as they grow. +|<>|Database timezone for temporal functions. +|<>|Enables or disables tracking of how much time a query spends actively executing on the CPU. +|<>|The maximum amount of time to wait for the database state represented by the bookmark. +|<>|The maximum number of concurrently running transactions. +|<>|Configures the time interval between transaction monitor checks. +|<>|Transaction sampling percentage. +|<>|The maximum time interval of a transaction within which it should be completed. +|<>|Transaction creation tracing level. +|<>|On serialization of transaction logs, they will be temporary stored in the byte buffer that will be flushed at the end of the transaction or at any moment when buffer will be full. +|<>|Specify if Neo4j should try to preallocate logical log file in advance. +|<>|Tell Neo4j how long logical transaction logs should be kept to backup the database.For example, "10 days" will prune logical logs that only contain transactions older than 10 days.Alternatively, "100k txs" will keep the 100k latest transactions from each database and prune any older transactions. +|<>|Specifies at which file size the logical log will auto-rotate. +|<>|Defines whether memory for transaction state should be allocated on- or off-heap. +|<>|label:enterprise-edition[Enterprise only]The catch up protocol times out if the given duration elapses with no network activity. +|<>|label:enterprise-edition[Enterprise only]A comma-separated list of endpoints which a server should contact in order to discover other cluster members. +|<>|label:enterprise-edition[Enterprise only]The level of middleware logging. +|<>|label:enterprise-edition[Enterprise only]Configure the discovery type used for cluster name resolution. +|<>|label:enterprise-edition[Enterprise only]Minimum number of machines initially required to formed a clustered DBMS. +|<>|label:enterprise-edition[Enterprise only]Time out for protocol negotiation handshake. +|<>|label:enterprise-edition[Enterprise only]Maximum chunk size allowable across network by clustering machinery. +|<>|label:enterprise-edition[Enterprise only]Network compression algorithms that this instance will allow in negotiation as a comma-separated list. +|<>|label:enterprise-edition[Enterprise only]The time allowed for a database on a Neo4j server to either join a cluster or form a new cluster with the other Neo4j Servers provided by `dbms.cluster.discovery.endpoints`. +|<>|label:enterprise-edition[Enterprise only]The maximum number of TCP channels between two nodes to operate the raft protocol. +|<>|label:enterprise-edition[Enterprise only]The rate at which leader elections happen. +|<>|label:enterprise-edition[Enterprise only]The time window within which the loss of the leader is detected and the first re-election attempt is held. +|<>|label:enterprise-edition[Enterprise only]Which strategy to use when transferring database leaderships around a cluster. +|<>|label:enterprise-edition[Enterprise only]RAFT log pruning frequency. +|<>|label:enterprise-edition[Enterprise only]RAFT log reader pool size. +|<>|label:enterprise-edition[Enterprise only]RAFT log rotation size. +|<>|label:enterprise-edition[Enterprise only]Maximum amount of lag accepted for a new follower to join the Raft group. +|<>|label:enterprise-edition[Enterprise only]Time out for a new member to catch up. +|<>|label:enterprise-edition[Enterprise only]Maximum retry time per request during store copy. +|<>|This setting is associated with performance optimization. +|<>|This setting is associated with performance optimization. +|<>|Set this to specify the behavior when Cypher planner or runtime hints cannot be fulfilled. +|<>|Set this to change the behavior for Cypher create relationship when the start or end node is missing. +|<>|The minimum time between possible cypher query replanning events. +|<>|Set this to specify the default planner for the default language version. +|<>|If set to `true` a textual representation of the plan description will be rendered on the server for all queries running with `EXPLAIN` or `PROFILE`. +|<>|The threshold for statistics above which a plan is considered stale. ++ +If any of the underlying statistics used to create the plan have changed more than this value, the plan will be considered stale and will be replanned. +|<>|label:enterprise-edition[Enterprise only]Databases may be created from an existing 'seed' (a database backup or dump) stored at some source URI. +|<>|Database timezone. +|<>|label:enterprise-edition[Enterprise only]Address for Kubernetes API. +|<>|label:enterprise-edition[Enterprise only]File location of CA certificate for Kubernetes API. +|<>|label:enterprise-edition[Enterprise only]Kubernetes cluster domain. +|<>|label:enterprise-edition[Enterprise only]LabelSelector for Kubernetes API. +|<>|label:enterprise-edition[Enterprise only]File location of namespace for Kubernetes API. +|<>|label:enterprise-edition[Enterprise only]Service port name for discovery for Kubernetes API. +|<>|label:enterprise-edition[Enterprise only]File location of token for Kubernetes API. +|<>|Enable HTTP request logging. +|<>|Enable off heap and on heap memory tracking. +|<>|Limit the amount of memory that all of the running transactions can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). +|<>|Netty SSL provider. +|<>|Always use client side routing (regardless of the default router) for neo4j:// protocol connections to these domains. +|<>|Routing strategy for neo4j:// protocol connections. +Default is `CLIENT`, using client-side routing, with server-side routing as a fallback (if enabled). +When set to `SERVER`, client-side routing is short-circuited, and requests will rely on server-side routing (which must be enabled for proper operation, i.e. +|<>|Socket connection timeout. +A timeout of zero is treated as an infinite timeout and will be bound by the timeout configured on the +operating system level. +|<>|Pooled connections older than this threshold will be closed and removed from the pool. +Setting this option to a low value will cause a high connection churn and might result in a performance hit. +It is recommended to set maximum lifetime to a slightly smaller value than the one configured in network +equipment (load balancer, proxy, firewall, etc. +|<>|Maximum amount of time spent attempting to acquire a connection from the connection pool. +This timeout only kicks in when all existing connections are being used and no new connections can be created because maximum connection pool size has been reached. +Error is raised when connection can't be acquired within configured time. +Negative values are allowed and result in unlimited acquisition timeout. +|<>|Pooled connections that have been idle in the pool for longer than this timeout will be tested before they are used again, to ensure they are still alive. +If this option is set too low, an additional network call will be incurred when acquiring a connection, which causes a performance hit. +If this is set high, no longer live connections might be used which might lead to errors. +Hence, this parameter tunes a balance between the likelihood of experiencing connection problems and performance +Normally, this parameter should not need tuning. +Value 0 means connections will always be tested for validity. +|<>|Maximum total number of connections to be managed by a connection pool. +The limit is enforced for a combination of a host and user. +|<>|Sets level for driver internal logging. +|<>|Enable server-side routing in clusters using an additional bolt connector. +When configured, this allows requests to be forwarded from one cluster member to another, if the requests can't be satisfied by the first member (e.g. +|<>|label:enterprise-edition[Enterprise only]The load balancing plugin to use. +|<>|label:enterprise-edition[Enterprise only]Enables shuffling of the returned load balancing result. +|<>|label:enterprise-edition[Enterprise only]Configure if the `dbms.routing.getRoutingTable()` procedure should include non-writer primaries as read endpoints or return only secondaries. +|<>|label:enterprise-edition[Enterprise only]Configure if the `dbms.routing.getRoutingTable()` procedure should include the writer as read endpoint or return only non-writers (non writer primaries and secondaries) Note: writer is returned as read endpoint if no other member is present all. +|<>|How long callers should cache the response of the routing procedure `dbms.routing.getRoutingTable()`. +|<>|Determines if Cypher will allow using file URLs when loading data using `LOAD CSV`. +|<>|label:enterprise-edition[Enterprise only]The maximum capacity for authentication and authorization caches (respectively). +|<>|label:enterprise-edition[Enterprise only]The time to live (TTL) for cached authentication and authorization info when using external auth providers (LDAP or plugin). +|<>|label:enterprise-edition[Enterprise only]Enable time-based eviction of the authentication and authorization info cache for external auth providers (LDAP or plugin). +|<>|Enable auth requirement to access Neo4j. +|<>|label:version-number[Neo4j 5.3]The minimum number of characters required in a password. +|<>|The amount of time user account should be locked after a configured number of unsuccessful authentication attempts. +|<>|The maximum number of unsuccessful authentication attempts before imposing a user lock for the configured amount of time, as defined by `dbms.security.auth_lock_time`.The locked out user will not be able to log in until the lock period expires, even if correct credentials are provided. +|<>|label:enterprise-edition[Enterprise only]A list of security authentication providers containing the users and roles. +|<>|label:enterprise-edition[Enterprise only]A list of security authorization providers containing the users and roles. +|<>|label:enterprise-edition[Enterprise only]Require authorization for access to the Causal Clustering status endpoints. +|<>|Value of the Access-Control-Allow-Origin header sent over any HTTP or HTTPS connector. +|<>|Defines an allowlist of http paths where Neo4j authentication is not required. +|<>|Value of the HTTP Strict-Transport-Security (HSTS) response header. +|<>|label:enterprise-edition[Enterprise only]Name of the 256 length AES encryption key, which is used for the symmetric encryption. +|<>|label:enterprise-edition[Enterprise only]Password for accessing the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption. +|<>|label:enterprise-edition[Enterprise only]Location of the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption of secrets held in system database. +|<>|label:enterprise-edition[Enterprise only]The attribute to use when looking up users. +Using this setting requires `dbms.security.ldap.authentication.search_for_attribute` to be true and thus `dbms.security.ldap.authorization.system_username` and `dbms.security.ldap.authorization.system_password` to be configured. +|<>|label:enterprise-edition[Enterprise only]Determines if the result of authentication via the LDAP server should be cached or not. +|<>|label:enterprise-edition[Enterprise only]LDAP authentication mechanism. +|<>|label:enterprise-edition[Enterprise only]Perform authentication by searching for an unique attribute of a user. +Using this setting requires `dbms.security.ldap.authorization.system_username` and `dbms.security.ldap.authorization.system_password` to be configured. +|<>|label:enterprise-edition[Enterprise only]LDAP user DN template. +|<>|label:enterprise-edition[Enterprise only]The LDAP group to which a user must belong to get any access to the system.Set this to restrict access to a subset of LDAP users belonging to a particular group. +|<>|label:enterprise-edition[Enterprise only]A list of attribute names on a user object that contains groups to be used for mapping to roles when LDAP authorization is enabled. +|<>|label:enterprise-edition[Enterprise only]An authorization mapping from LDAP group names to Neo4j role names. +|<>|label:enterprise-edition[Enterprise only]This setting determines whether multiple LDAP search results will be processed (as is required for the lookup of nested groups). +|<>|label:enterprise-edition[Enterprise only]The search template which will be used to find the nested groups which the user is a member of. +|<>|label:enterprise-edition[Enterprise only]An LDAP system account password to use for authorization searches when `dbms.security.ldap.authorization.use_system_account` is `true`. +|<>|label:enterprise-edition[Enterprise only]An LDAP system account username to use for authorization searches when `dbms.security.ldap.authorization.use_system_account` is `true`. +|<>|label:enterprise-edition[Enterprise only]Perform LDAP search for authorization info using a system account instead of the user's own account. +If this is set to `false` (default), the search for group membership will be performed directly after authentication using the LDAP context bound with the user's own account. +|<>|label:enterprise-edition[Enterprise only]The name of the base object or named context to search for user objects when LDAP authorization is enabled. +|<>|label:enterprise-edition[Enterprise only]The LDAP search filter to search for a user principal when LDAP authorization is enabled. +|<>|label:enterprise-edition[Enterprise only]The timeout for establishing an LDAP connection. +|<>|label:enterprise-edition[Enterprise only]URL of LDAP server to use for authentication and authorization. +|<>|label:enterprise-edition[Enterprise only]The timeout for an LDAP read request (i.e. +|<>|label:enterprise-edition[Enterprise only]The LDAP referral behavior when creating a connection. +|<>|label:enterprise-edition[Enterprise only]Use secure communication with the LDAP server using opportunistic TLS. +|<>|label:enterprise-edition[Enterprise only]Set to log successful authentication events to the security log. +|<.audience>>|label:enterprise-edition[Enterprise only]Expected values of the Audience (aud) claim in the id token. +|<.auth_endpoint>>|label:enterprise-edition[Enterprise only]The OIDC authorization endpoint. +|<.auth_flow>>|label:enterprise-edition[Enterprise only]The OIDC flow to use. +|<.auth_params>>|label:enterprise-edition[Enterprise only]Optional additional parameters that the auth endpoint requires. +|<.authorization.group_to_role_mapping>>|label:enterprise-edition[Enterprise only]An authorization mapping from IdP group names to Neo4j role names. +|<.claims.groups>>|label:enterprise-edition[Enterprise only]The claim to use as the list of groups in Neo4j. +|<.claims.username>>|label:enterprise-edition[Enterprise only]The claim to use as the username in Neo4j. +|<.client_id>>|label:enterprise-edition[Enterprise only]Client id needed if token contains multiple Audience (aud) claims. +|<.config>>|label:enterprise-edition[Enterprise only] +|<.display_name>>|label:enterprise-edition[Enterprise only]The user-facing name of the provider as provided by the discovery endpoint to clients (Bloom, Browser etc.). +|<.get_groups_from_user_info>>|label:enterprise-edition[Enterprise only]When turned on, Neo4j gets the groups from the provider user info endpoint. +|<.get_username_from_user_info>>|label:enterprise-edition[Enterprise only]When turned on, Neo4j gets the username from the provider user info endpoint. +|<.issuer>>|label:enterprise-edition[Enterprise only]The expected value of the iss claim in the id token. +|<.jwks_uri>>|label:enterprise-edition[Enterprise only]The location of the JWK public key set for the identity provider. +|<.params>>|label:enterprise-edition[Enterprise only]The map is a semicolon separated list of key-value pairs. +|<.token_endpoint>>|label:enterprise-edition[Enterprise only]The OIDC token endpoint. +|<.token_params>>|label:enterprise-edition[Enterprise only]Optional query parameters that the token endpoint requires. +|<.user_info_uri>>|label:enterprise-edition[Enterprise only]The identity providers user info uri. +|<.well_known_discovery_uri>>|label:enterprise-edition[Enterprise only]The 'well known' OpenID Connect Discovery endpoint used to fetch identity provider settings. +|<>|A list of procedures (comma separated) that are to be loaded. +|<>|A list of procedures and user defined functions (comma separated) that are allowed full access to the database. +|<>|label:enterprise-edition[Enterprise only]Name of the initial database allocator. +|<>|Name of the default database (aliases are not supported). +|<>|label:enterprise-edition[Enterprise only]Initial default number of primary instances of user databases. +|<>|label:enterprise-edition[Enterprise only]Initial default number of secondary instances of user databases. +|<>|label:enterprise-edition[Enterprise only]The names of databases that are allowed on this server - all others are denied. +|<>|label:enterprise-edition[Enterprise only]The names of databases that are not allowed on this server. +|<>|label:enterprise-edition[Enterprise only]An instance can restrict itself to allow databases to be hosted only as primaries or secondaries. +|<>|label:enterprise-edition[Enterprise only]Enable support for running online backups. +|<>|label:enterprise-edition[Enterprise only]Network interface and port for the backup server to listen on. +|<>|label:enterprise-edition[Enterprise only]Maximum retry time per request during store copy. +|<>|Advertised address for this connector. +|<>|The maximum time to wait before sending a NOOP on connections waiting for responses from active ongoing queries.The minimum value is 1 millisecond. +|<>|The type of messages to enable keep-alive messages for (ALL, STREAMING or OFF). +|<>|The total amount of probes to be missed before a connection is considered stale.The minimum for this value is 1. +|<>|The interval between every scheduled keep-alive check on all connections with active queries. +|<>|Enable the bolt connector. +|<>|Address the connector should bind to. +|<>|Enable server OCSP stapling for bolt and http connectors. +|<>|The maximum time an idle thread in the thread pool bound to this connector will wait for new tasks. +|<>|The maximum number of threads allowed in the thread pool bound to this connector. +|<>|The number of threads to keep in the thread pool bound to this connector, even if they are idle. +|<>|Encryption level to require this connector to use. +|<>|label:enterprise-edition[Enterprise only]Advertised hostname/IP address and port for the transaction shipping server. +|<>|label:enterprise-edition[Enterprise only]Comma separated list of groups to be used by the connect-randomly-to-server-group selection strategy. +|<>|label:enterprise-edition[Enterprise only]An ordered list in descending preference of the strategy which secondaries use to choose the upstream server from which to pull transactional updates. +|<>|label:enterprise-edition[Enterprise only]Configuration of a user-defined upstream selection strategy. +|<>|label:enterprise-edition[Enterprise only]Network interface and port for the transaction shipping server to listen on. +|<>|label:enterprise-edition[Enterprise only]Use native transport if available. +|<>|label:enterprise-edition[Enterprise only]Advertised hostname/IP address and port for the RAFT server. +|<>|label:enterprise-edition[Enterprise only]Network interface and port for the RAFT server to listen on. +|<>|label:enterprise-edition[Enterprise only]Users must manually specify the mode for the system database on each instance. +|<>|A strict configuration validation will prevent the database from starting up if unknown configuration options are specified in the neo4j settings namespace (such as dbms., cypher., etc) or if settings are declared multiple times. +|<>|Whether or not any database on this instance are read_only by default. +|<>|List of databases for which to prevent write queries. +|<>|List of databases for which to allow write queries. +|<>|The number of cached Cypher query execution plans per database. +|<>|Default hostname or IP address the server uses to advertise itself. +|<>|Default network interface to listen for incoming connections. +|<>|label:enterprise-edition[Enterprise only]Directory to hold cluster state including Raft log. +|<>|Path of the data directory. +|<>|Root location where Neo4j will store database dumps optionally produced when dropping said databases. +|<>|Sets the root directory for file URLs used with the Cypher `LOAD CSV` clause. +|<>|Path of the lib directory. +|<>|Path of the licenses directory. +|<>|Path of the logs directory. +|<>|label:enterprise-edition[Enterprise only]The target location of the CSV files: a path to a directory wherein a CSV file per reported field will be written. +|<>|Root relative to which directory settings are resolved. +|<>|Location of the database plugin directory. +|<>|Path of the run directory. +|<>|Root location where Neo4j will store scripts for configured databases. +|<>|Root location where Neo4j will store transaction logs for configured databases. +|<>|label:enterprise-edition[Enterprise only]Advertised cluster member discovery management communication. +|<>|label:enterprise-edition[Enterprise only]Host and port to bind the cluster member discovery management communication. +|<>|label:enterprise-edition[Enterprise only]A list of setting name patterns (comma separated) that are allowed to be dynamically changed. +|<>|label:enterprise-edition[Enterprise only]A list of tag names for the server used when configuring load balancing and replication policies. +|<>|Advertised address for this connector. +|<>|Enable the http connector. +|<>|Address the connector should bind to. +|<>|Defines the set of modules loaded into the Neo4j web server. +|<>|Advertised address for this connector. +|<>|Enable the https connector. +|<>|Address the connector should bind to. +|<>|Additional JVM arguments. +|<>|Path to the logging configuration for debug, query, http and security logs. +|<>|Enable the debug log. +|<>|Enable GC Logging. +|<>|GC Logging Options. +|<>|Number of GC logs to keep. +|<>|Size of each GC log that is kept. +|<>|Path to the logging configuration of user logs. +|<>|label:enterprise-edition[Enterprise only]The maximum number of databases. +|<>|Initial heap size. +|<>|Maximum heap size. +|<>|Defines the size of the off-heap memory blocks cache. +|<>|Defines the maximum size of an off-heap memory block that can be cached to speed up allocations. +|<>|The maximum amount of off-heap memory that can be used to store transaction state data; it's a total amount of memory shared across all active transactions. +|<>|Use direct I/O for page cache. +|<>|Page cache can be configured to use a temporal buffer for flushing purposes. +|<>|Page cache can be configured to use a temporal buffer for flushing purposes. +|<>|The maximum number of worker threads to use for pre-fetching data when doing sequential scans. +|<>|The amount of memory to use for mapping the store files. +|<>|label:enterprise-edition[Enterprise only]Set to `true` to enable exporting metrics to CSV files. +|<>|label:enterprise-edition[Enterprise only]The reporting interval for the CSV files. +|<>|label:enterprise-edition[Enterprise only]Decides what compression to use for the csv history files. +|<>|label:enterprise-edition[Enterprise only]Maximum number of history files for the csv files. +|<>|label:enterprise-edition[Enterprise only]The file size in bytes at which the csv files will auto-rotate. +|<>|label:enterprise-edition[Enterprise only]Enable metrics. +|<>|label:enterprise-edition[Enterprise only]Specifies which metrics should be enabled by using a comma separated list of globbing patterns. +|<>|label:enterprise-edition[Enterprise only]Set to `true` to enable exporting metrics to Graphite. +|<>|label:enterprise-edition[Enterprise only]The reporting interval for Graphite. +|<>|label:enterprise-edition[Enterprise only]The hostname or IP address of the Graphite server. +|<>|label:enterprise-edition[Enterprise only]Set to `true` to enable the JMX metrics endpoint. +|<>|label:enterprise-edition[Enterprise only]A common prefix for the reported metrics field names. +|<>|label:enterprise-edition[Enterprise only]Set to `true` to enable the Prometheus endpoint. +|<>|label:enterprise-edition[Enterprise only]The hostname and port to use as Prometheus endpoint. +|<>|label:enterprise-edition[Enterprise only]If there is a Database Management System Panic (an irrecoverable error) should the neo4j process shut down or continue running. +|<>|label:enterprise-edition[Enterprise only]The advertised address for the intra-cluster routing connector. +|<>|The address the routing connector should bind to. +|<>|Number of Neo4j worker threads. +|<>|Comma-separated list of = for unmanaged extensions. +|<>|Name of the Windows Service managing Neo4j when installed using `neo4j install-service`. +|=== +endif::nonhtmloutput[] + +ifdef::nonhtmloutput[] +* <>: label:enterprise-edition[Enterprise only]Configure the policy for outgoing Neo4j Browser connections. +* <>: label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to time out logged in users after this idle period. +* <>: Commands to be run when Neo4j Browser successfully connects to this server. +* <>: Whitelist of hosts for the Neo4j Browser to be allowed to fetch content from. +* <>: label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to store or not store user credentials. +* <>: label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to store or not store user editor history. +* <>: Configure client applications such as Browser and Bloom to send Product Analytics data. +* <>: Configures the general policy for when check-points should occur. +* <>: Configures the time interval between check-points. +* <>: Configures the transaction interval between check-points. +* <>: Configures the volume of transaction logs between check-points. +* <>: Limit the number of IOs the background checkpoint process will consume per second. +* <>: label:enterprise-edition[Enterprise only]Interval of pulling updates from cores. +* <>: label:enterprise-edition[Enterprise only]The maximum number of bytes in the apply buffer. +* <>: label:enterprise-edition[Enterprise only]The maximum number of entries in the raft log entry prefetch buffer. +* <>: label:enterprise-edition[Enterprise only]Largest batch processed by RAFT in bytes. +* <>: label:enterprise-edition[Enterprise only]Maximum number of bytes in the RAFT in-queue. +* <>: label:enterprise-edition[Enterprise only]The name of a server_group whose members should be prioritized as leaders. +* <>: label:enterprise-edition[Enterprise only]RAFT log pruning strategy that determines which logs are to be pruned. +* <>: label:enterprise-edition[Enterprise only]The maximum number of bytes in the in-flight cache. +* <>: label:enterprise-edition[Enterprise only]The maximum number of entries in the in-flight cache. +* <>: Allows the enabling or disabling of the file watcher service. +* <>: Database format. +* <>: The size of the internal buffer in bytes used by `LOAD CSV`. +* <>: Selects whether to conform to the standard https://tools.ietf.org/html/rfc4180 for interpreting escaped quotation characters in CSV files loaded using `LOAD CSV`. +* <>: The name of the analyzer that the fulltext indexes should use by default. +* <>: Whether or not fulltext indexes should be eventually consistent by default or not. +* <>: The eventually_consistent mode of the fulltext indexes works by queueing up index updates to be applied later in a background thread. +* <>: Enable or disable background index sampling. +* <>: Index sampling chunk size limit. +* <>: Percentage of index updates of total index size required before sampling of a given index is triggered. +* <>: The maximum time interval within which lock should be acquired. +* <>: Log query text and parameters without obfuscating passwords. +* <>: Log executed queries. +* <>: Sets a maximum character length use for each parameter in the log. +* <>: Obfuscates all literals of the query before writing to the log. +* <>: Log parameters for the executed queries being logged. +* <>: Log query plan description table, useful for debugging purposes. +* <>: If the execution of query takes more time than this threshold, the query is logged once completed - provided query logging is set to INFO. +* <>: Log the start and end of a transaction. +* <>: If the transaction is open for more time than this threshold, the transaction is logged once completed - provided transaction logging (db.logs.query.transaction.enabled) is set to `INFO`. +* <>: Page cache can be configured to perform usage sampling of loaded pages that can be used to construct active load profile. +* <>: Page cache warmup can be configured to prefetch files, preferably when cache size is bigger than store size. +* <>: Page cache warmup prefetch file allowlist regex. +* <>: The profiling frequency for the page cache. +* <>: Limit the amount of memory that a single transaction can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). +* <>: Limit the amount of memory that all transactions in one database can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). +* <>: If `true`, Neo4j will abort recovery if transaction log files are missing. +* <>: Relationship count threshold for considering a node to be dense. +* <>: The maximum amount of time to wait for running transactions to complete before allowing initiated database shutdown to continue. +* <>: Specify if Neo4j should try to preallocate store files as they grow. +* <>: Database timezone for temporal functions. +* <>: Enables or disables tracking of how much time a query spends actively executing on the CPU. +* <>: The maximum amount of time to wait for the database state represented by the bookmark. +* <>: The maximum number of concurrently running transactions. +* <>: Configures the time interval between transaction monitor checks. +* <>: Transaction sampling percentage. +* <>: The maximum time interval of a transaction within which it should be completed. +* <>: Transaction creation tracing level. +* <>: On serialization of transaction logs, they will be temporary stored in the byte buffer that will be flushed at the end of the transaction or at any moment when buffer will be full. +* <>: Specify if Neo4j should try to preallocate logical log file in advance. +* <>: Tell Neo4j how long logical transaction logs should be kept to backup the database.For example, "10 days" will prune logical logs that only contain transactions older than 10 days.Alternatively, "100k txs" will keep the 100k latest transactions from each database and prune any older transactions. +* <>: Specifies at which file size the logical log will auto-rotate. +* <>: Defines whether memory for transaction state should be allocated on- or off-heap. +* <>: label:enterprise-edition[Enterprise only]The catch up protocol times out if the given duration elapses with no network activity. +* <>: label:enterprise-edition[Enterprise only]A comma-separated list of endpoints which a server should contact in order to discover other cluster members. +* <>: label:enterprise-edition[Enterprise only]The level of middleware logging. +* <>: label:enterprise-edition[Enterprise only]Configure the discovery type used for cluster name resolution. +* <>: label:enterprise-edition[Enterprise only]Minimum number of machines initially required to formed a clustered DBMS. +* <>: label:enterprise-edition[Enterprise only]Time out for protocol negotiation handshake. +* <>: label:enterprise-edition[Enterprise only]Maximum chunk size allowable across network by clustering machinery. +* <>: label:enterprise-edition[Enterprise only]Network compression algorithms that this instance will allow in negotiation as a comma-separated list. +* <>: label:enterprise-edition[Enterprise only]The time allowed for a database on a Neo4j server to either join a cluster or form a new cluster with the other Neo4j Servers provided by `dbms.cluster.discovery.endpoints`. +* <>: label:enterprise-edition[Enterprise only]The maximum number of TCP channels between two nodes to operate the raft protocol. +* <>: label:enterprise-edition[Enterprise only]The rate at which leader elections happen. +* <>: label:enterprise-edition[Enterprise only]The time window within which the loss of the leader is detected and the first re-election attempt is held. +* <>: label:enterprise-edition[Enterprise only]Which strategy to use when transferring database leaderships around a cluster. +* <>: label:enterprise-edition[Enterprise only]RAFT log pruning frequency. +* <>: label:enterprise-edition[Enterprise only]RAFT log reader pool size. +* <>: label:enterprise-edition[Enterprise only]RAFT log rotation size. +* <>: label:enterprise-edition[Enterprise only]Maximum amount of lag accepted for a new follower to join the Raft group. +* <>: label:enterprise-edition[Enterprise only]Time out for a new member to catch up. +* <>: label:enterprise-edition[Enterprise only]Maximum retry time per request during store copy. +* <>: This setting is associated with performance optimization. +* <>: This setting is associated with performance optimization. +* <>: Set this to specify the behavior when Cypher planner or runtime hints cannot be fulfilled. +* <>: Set this to change the behavior for Cypher create relationship when the start or end node is missing. +* <>: The minimum time between possible cypher query replanning events. +* <>: Set this to specify the default planner for the default language version. +* <>: If set to `true` a textual representation of the plan description will be rendered on the server for all queries running with `EXPLAIN` or `PROFILE`. +* <>: The threshold for statistics above which a plan is considered stale. ++ +If any of the underlying statistics used to create the plan have changed more than this value, the plan will be considered stale and will be replanned. +* <>: label:enterprise-edition[Enterprise only]Databases may be created from an existing 'seed' (a database backup or dump) stored at some source URI. +* <>: Database timezone. +* <>: label:enterprise-edition[Enterprise only]Address for Kubernetes API. +* <>: label:enterprise-edition[Enterprise only]File location of CA certificate for Kubernetes API. +* <>: label:enterprise-edition[Enterprise only]Kubernetes cluster domain. +* <>: label:enterprise-edition[Enterprise only]LabelSelector for Kubernetes API. +* <>: label:enterprise-edition[Enterprise only]File location of namespace for Kubernetes API. +* <>: label:enterprise-edition[Enterprise only]Service port name for discovery for Kubernetes API. +* <>: label:enterprise-edition[Enterprise only]File location of token for Kubernetes API. +* <>: Enable HTTP request logging. +* <>: Enable off heap and on heap memory tracking. +* <>: Limit the amount of memory that all of the running transactions can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). +* <>: Netty SSL provider. +* <>: Always use client side routing (regardless of the default router) for neo4j:// protocol connections to these domains. +* <>: Routing strategy for neo4j:// protocol connections. +Default is `CLIENT`, using client-side routing, with server-side routing as a fallback (if enabled). +When set to `SERVER`, client-side routing is short-circuited, and requests will rely on server-side routing (which must be enabled for proper operation, i.e. +* <>: Socket connection timeout. +A timeout of zero is treated as an infinite timeout and will be bound by the timeout configured on the +operating system level. +* <>: Pooled connections older than this threshold will be closed and removed from the pool. +Setting this option to a low value will cause a high connection churn and might result in a performance hit. +It is recommended to set maximum lifetime to a slightly smaller value than the one configured in network +equipment (load balancer, proxy, firewall, etc. +* <>: Maximum amount of time spent attempting to acquire a connection from the connection pool. +This timeout only kicks in when all existing connections are being used and no new connections can be created because maximum connection pool size has been reached. +Error is raised when connection can't be acquired within configured time. +Negative values are allowed and result in unlimited acquisition timeout. +* <>: Pooled connections that have been idle in the pool for longer than this timeout will be tested before they are used again, to ensure they are still alive. +If this option is set too low, an additional network call will be incurred when acquiring a connection, which causes a performance hit. +If this is set high, no longer live connections might be used which might lead to errors. +Hence, this parameter tunes a balance between the likelihood of experiencing connection problems and performance +Normally, this parameter should not need tuning. +Value 0 means connections will always be tested for validity. +* <>: Maximum total number of connections to be managed by a connection pool. +The limit is enforced for a combination of a host and user. +* <>: Sets level for driver internal logging. +* <>: Enable server-side routing in clusters using an additional bolt connector. +When configured, this allows requests to be forwarded from one cluster member to another, if the requests can't be satisfied by the first member (e.g. +* <>: label:enterprise-edition[Enterprise only]The load balancing plugin to use. +* <>: label:enterprise-edition[Enterprise only]Enables shuffling of the returned load balancing result. +* <>: label:enterprise-edition[Enterprise only]Configure if the `dbms.routing.getRoutingTable()` procedure should include non-writer primaries as read endpoints or return only secondaries. +* <>: label:enterprise-edition[Enterprise only]Configure if the `dbms.routing.getRoutingTable()` procedure should include the writer as read endpoint or return only non-writers (non writer primaries and secondaries) Note: writer is returned as read endpoint if no other member is present all. +* <>: How long callers should cache the response of the routing procedure `dbms.routing.getRoutingTable()`. +* <>: Determines if Cypher will allow using file URLs when loading data using `LOAD CSV`. +* <>: label:enterprise-edition[Enterprise only]The maximum capacity for authentication and authorization caches (respectively). +* <>: label:enterprise-edition[Enterprise only]The time to live (TTL) for cached authentication and authorization info when using external auth providers (LDAP or plugin). +* <>: label:enterprise-edition[Enterprise only]Enable time-based eviction of the authentication and authorization info cache for external auth providers (LDAP or plugin). +* <>: Enable auth requirement to access Neo4j. +* <>: The amount of time user account should be locked after a configured number of unsuccessful authentication attempts. +* <>: The maximum number of unsuccessful authentication attempts before imposing a user lock for the configured amount of time, as defined by `dbms.security.auth_lock_time`.The locked out user will not be able to log in until the lock period expires, even if correct credentials are provided. +* <>: label:enterprise-edition[Enterprise only]A list of security authentication providers containing the users and roles. +* <>: label:enterprise-edition[Enterprise only]A list of security authorization providers containing the users and roles. +* <>: label:enterprise-edition[Enterprise only]Require authorization for access to the Causal Clustering status endpoints. +* <>: Value of the Access-Control-Allow-Origin header sent over any HTTP or HTTPS connector. +* <>: Defines an allowlist of http paths where Neo4j authentication is not required. +* <>: Value of the HTTP Strict-Transport-Security (HSTS) response header. +* <>: label:enterprise-edition[Enterprise only]Name of the 256 length AES encryption key, which is used for the symmetric encryption. +* <>: label:enterprise-edition[Enterprise only]Password for accessing the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption. +* <>: label:enterprise-edition[Enterprise only]Location of the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption of secrets held in system database. +* <>: label:enterprise-edition[Enterprise only]The attribute to use when looking up users. +Using this setting requires `dbms.security.ldap.authentication.search_for_attribute` to be true and thus `dbms.security.ldap.authorization.system_username` and `dbms.security.ldap.authorization.system_password` to be configured. +* <>: label:enterprise-edition[Enterprise only]Determines if the result of authentication via the LDAP server should be cached or not. +* <>: label:enterprise-edition[Enterprise only]LDAP authentication mechanism. +* <>: label:enterprise-edition[Enterprise only]Perform authentication by searching for an unique attribute of a user. +Using this setting requires `dbms.security.ldap.authorization.system_username` and `dbms.security.ldap.authorization.system_password` to be configured. +* <>: label:enterprise-edition[Enterprise only]LDAP user DN template. +* <>: label:enterprise-edition[Enterprise only]The LDAP group to which a user must belong to get any access to the system.Set this to restrict access to a subset of LDAP users belonging to a particular group. +* <>: label:enterprise-edition[Enterprise only]A list of attribute names on a user object that contains groups to be used for mapping to roles when LDAP authorization is enabled. +* <>: label:enterprise-edition[Enterprise only]An authorization mapping from LDAP group names to Neo4j role names. +* <>: label:enterprise-edition[Enterprise only]This setting determines whether multiple LDAP search results will be processed (as is required for the lookup of nested groups). +* <>: label:enterprise-edition[Enterprise only]The search template which will be used to find the nested groups which the user is a member of. +* <>: label:enterprise-edition[Enterprise only]An LDAP system account password to use for authorization searches when `dbms.security.ldap.authorization.use_system_account` is `true`. +* <>: label:enterprise-edition[Enterprise only]An LDAP system account username to use for authorization searches when `dbms.security.ldap.authorization.use_system_account` is `true`. +* <>: label:enterprise-edition[Enterprise only]Perform LDAP search for authorization info using a system account instead of the user's own account. +If this is set to `false` (default), the search for group membership will be performed directly after authentication using the LDAP context bound with the user's own account. +* <>: label:enterprise-edition[Enterprise only]The name of the base object or named context to search for user objects when LDAP authorization is enabled. +* <>: label:enterprise-edition[Enterprise only]The LDAP search filter to search for a user principal when LDAP authorization is enabled. +* <>: label:enterprise-edition[Enterprise only]The timeout for establishing an LDAP connection. +* <>: label:enterprise-edition[Enterprise only]URL of LDAP server to use for authentication and authorization. +* <>: label:enterprise-edition[Enterprise only]The timeout for an LDAP read request (i.e. +* <>: label:enterprise-edition[Enterprise only]The LDAP referral behavior when creating a connection. +* <>: label:enterprise-edition[Enterprise only]Use secure communication with the LDAP server using opportunistic TLS. +* <>: label:enterprise-edition[Enterprise only]Set to log successful authentication events to the security log. +* <.audience>>: label:enterprise-edition[Enterprise only]Expected values of the Audience (aud) claim in the id token. +* <.auth_endpoint>>: label:enterprise-edition[Enterprise only]The OIDC authorization endpoint. +* <.auth_flow>>: label:enterprise-edition[Enterprise only]The OIDC flow to use. +* <.auth_params>>: label:enterprise-edition[Enterprise only]Optional additional parameters that the auth endpoint requires. +* <.authorization.group_to_role_mapping>>: label:enterprise-edition[Enterprise only]An authorization mapping from IdP group names to Neo4j role names. +* <.claims.groups>>: label:enterprise-edition[Enterprise only]The claim to use as the list of groups in Neo4j. +* <.claims.username>>: label:enterprise-edition[Enterprise only]The claim to use as the username in Neo4j. +* <.client_id>>: label:enterprise-edition[Enterprise only]Client id needed if token contains multiple Audience (aud) claims. +* <.config>>: label:enterprise-edition[Enterprise only] +* <.display_name>>: label:enterprise-edition[Enterprise only]The user-facing name of the provider as provided by the discovery endpoint to clients (Bloom, Browser etc.). +* <.get_groups_from_user_info>>: label:enterprise-edition[Enterprise only]When turned on, Neo4j gets the groups from the provider user info endpoint. +* <.get_username_from_user_info>>: label:enterprise-edition[Enterprise only]When turned on, Neo4j gets the username from the provider user info endpoint. +* <.issuer>>: label:enterprise-edition[Enterprise only]The expected value of the iss claim in the id token. +* <.jwks_uri>>: label:enterprise-edition[Enterprise only]The location of the JWK public key set for the identity provider. +* <.params>>: label:enterprise-edition[Enterprise only]The map is a semicolon separated list of key-value pairs. +* <.token_endpoint>>: label:enterprise-edition[Enterprise only]The OIDC token endpoint. +* <.token_params>>: label:enterprise-edition[Enterprise only]Optional query parameters that the token endpoint requires. +* <.user_info_uri>>: label:enterprise-edition[Enterprise only]The identity providers user info uri. +* <.well_known_discovery_uri>>: label:enterprise-edition[Enterprise only]The 'well known' OpenID Connect Discovery endpoint used to fetch identity provider settings. +* <>: A list of procedures (comma separated) that are to be loaded. +* <>: A list of procedures and user defined functions (comma separated) that are allowed full access to the database. +* <>: label:enterprise-edition[Enterprise only]Name of the initial database allocator. +* <>: Name of the default database (aliases are not supported). +* <>: label:enterprise-edition[Enterprise only]Initial default number of primary instances of user databases. +* <>: label:enterprise-edition[Enterprise only]Initial default number of secondary instances of user databases. +* <>: label:enterprise-edition[Enterprise only]The names of databases that are allowed on this server - all others are denied. +* <>: label:enterprise-edition[Enterprise only]The names of databases that are not allowed on this server. +* <>: label:enterprise-edition[Enterprise only]An instance can restrict itself to allow databases to be hosted only as primaries or secondaries. +* <>: label:enterprise-edition[Enterprise only]Enable support for running online backups. +* <>: label:enterprise-edition[Enterprise only]Network interface and port for the backup server to listen on. +* <>: label:enterprise-edition[Enterprise only]Maximum retry time per request during store copy. +* <>: Advertised address for this connector. +* <>: The maximum time to wait before sending a NOOP on connections waiting for responses from active ongoing queries.The minimum value is 1 millisecond. +* <>: The type of messages to enable keep-alive messages for (ALL, STREAMING or OFF). +* <>: The total amount of probes to be missed before a connection is considered stale.The minimum for this value is 1. +* <>: The interval between every scheduled keep-alive check on all connections with active queries. +* <>: Enable the bolt connector. +* <>: Address the connector should bind to. +* <>: Enable server OCSP stapling for bolt and http connectors. +* <>: The maximum time an idle thread in the thread pool bound to this connector will wait for new tasks. +* <>: The maximum number of threads allowed in the thread pool bound to this connector. +* <>: The number of threads to keep in the thread pool bound to this connector, even if they are idle. +* <>: Encryption level to require this connector to use. +* <>: label:enterprise-edition[Enterprise only]Advertised hostname/IP address and port for the transaction shipping server. +* <>: label:enterprise-edition[Enterprise only]Comma separated list of groups to be used by the connect-randomly-to-server-group selection strategy. +* <>: label:enterprise-edition[Enterprise only]An ordered list in descending preference of the strategy which secondaries use to choose the upstream server from which to pull transactional updates. +* <>: label:enterprise-edition[Enterprise only]Configuration of a user-defined upstream selection strategy. +* <>: label:enterprise-edition[Enterprise only]Network interface and port for the transaction shipping server to listen on. +* <>: label:enterprise-edition[Enterprise only]Use native transport if available. +* <>: label:enterprise-edition[Enterprise only]Advertised hostname/IP address and port for the RAFT server. +* <>: label:enterprise-edition[Enterprise only]Network interface and port for the RAFT server to listen on. +* <>: label:enterprise-edition[Enterprise only]Users must manually specify the mode for the system database on each instance. +* <>: A strict configuration validation will prevent the database from starting up if unknown configuration options are specified in the neo4j settings namespace (such as dbms., cypher., etc) or if settings are declared multiple times. +* <>: Whether or not any database on this instance are read_only by default. +* <>: List of databases for which to prevent write queries. +* <>: List of databases for which to allow write queries. +* <>: The number of cached Cypher query execution plans per database. +* <>: Default hostname or IP address the server uses to advertise itself. +* <>: Default network interface to listen for incoming connections. +* <>: label:enterprise-edition[Enterprise only]Directory to hold cluster state including Raft log. +* <>: Path of the data directory. +* <>: Root location where Neo4j will store database dumps optionally produced when dropping said databases. +* <>: Sets the root directory for file URLs used with the Cypher `LOAD CSV` clause. +* <>: Path of the lib directory. +* <>: Path of the licenses directory. +* <>: Path of the logs directory. +* <>: label:enterprise-edition[Enterprise only]The target location of the CSV files: a path to a directory wherein a CSV file per reported field will be written. +* <>: Root relative to which directory settings are resolved. +* <>: Location of the database plugin directory. +* <>: Path of the run directory. +* <>: Root location where Neo4j will store scripts for configured databases. +* <>: Root location where Neo4j will store transaction logs for configured databases. +* <>: label:enterprise-edition[Enterprise only]Advertised cluster member discovery management communication. +* <>: label:enterprise-edition[Enterprise only]Host and port to bind the cluster member discovery management communication. +* <>: label:enterprise-edition[Enterprise only]A list of setting name patterns (comma separated) that are allowed to be dynamically changed. +* <>: label:enterprise-edition[Enterprise only]A list of tag names for the server used when configuring load balancing and replication policies. +* <>: Advertised address for this connector. +* <>: Enable the http connector. +* <>: Address the connector should bind to. +* <>: Defines the set of modules loaded into the Neo4j web server. +* <>: Advertised address for this connector. +* <>: Enable the https connector. +* <>: Address the connector should bind to. +* <>: Additional JVM arguments. +* <>: Path to the logging configuration for debug, query, http and security logs. +* <>: Enable the debug log. +* <>: Enable GC Logging. +* <>: GC Logging Options. +* <>: Number of GC logs to keep. +* <>: Size of each GC log that is kept. +* <>: Path to the logging configuration of user logs. +* <>: label:enterprise-edition[Enterprise only]The maximum number of databases. +* <>: Initial heap size. +* <>: Maximum heap size. +* <>: Defines the size of the off-heap memory blocks cache. +* <>: Defines the maximum size of an off-heap memory block that can be cached to speed up allocations. +* <>: The maximum amount of off-heap memory that can be used to store transaction state data; it's a total amount of memory shared across all active transactions. +* <>: Use direct I/O for page cache. +* <>: Page cache can be configured to use a temporal buffer for flushing purposes. +* <>: Page cache can be configured to use a temporal buffer for flushing purposes. +* <>: The maximum number of worker threads to use for pre-fetching data when doing sequential scans. +* <>: The amount of memory to use for mapping the store files. +* <>: label:enterprise-edition[Enterprise only]Set to `true` to enable exporting metrics to CSV files. +* <>: label:enterprise-edition[Enterprise only]The reporting interval for the CSV files. +* <>: label:enterprise-edition[Enterprise only]Decides what compression to use for the csv history files. +* <>: label:enterprise-edition[Enterprise only]Maximum number of history files for the csv files. +* <>: label:enterprise-edition[Enterprise only]The file size in bytes at which the csv files will auto-rotate. +* <>: label:enterprise-edition[Enterprise only]Enable metrics. +* <>: label:enterprise-edition[Enterprise only]Specifies which metrics should be enabled by using a comma separated list of globbing patterns. +* <>: label:enterprise-edition[Enterprise only]Set to `true` to enable exporting metrics to Graphite. +* <>: label:enterprise-edition[Enterprise only]The reporting interval for Graphite. +* <>: label:enterprise-edition[Enterprise only]The hostname or IP address of the Graphite server. +* <>: label:enterprise-edition[Enterprise only]Set to `true` to enable the JMX metrics endpoint. +* <>: label:enterprise-edition[Enterprise only]A common prefix for the reported metrics field names. +* <>: label:enterprise-edition[Enterprise only]Set to `true` to enable the Prometheus endpoint. +* <>: label:enterprise-edition[Enterprise only]The hostname and port to use as Prometheus endpoint. +* <>: label:enterprise-edition[Enterprise only]If there is a Database Management System Panic (an irrecoverable error) should the neo4j process shut down or continue running. +* <>: label:enterprise-edition[Enterprise only]The advertised address for the intra-cluster routing connector. +* <>: The address the routing connector should bind to. +* <>: Number of Neo4j worker threads. +* <>: Comma-separated list of = for unmanaged extensions. +* <>: Name of the Windows Service managing Neo4j when installed using `neo4j install-service`. +endif::nonhtmloutput[] + + +// end::settings-reference-all-settings[] + +[[config_browser.allow_outgoing_connections]] +.browser.allow_outgoing_connections +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Configure the policy for outgoing Neo4j Browser connections. +|Valid values +a|browser.allow_outgoing_connections, a boolean +|Default value +m|+++true+++ +|=== + +[[config_browser.credential_timeout]] +.browser.credential_timeout +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to time out logged in users after this idle period. Setting this to 0 indicates no limit. +|Valid values +a|browser.credential_timeout, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +|Default value +m|+++0s+++ +|=== + +[[config_browser.post_connect_cmd]] +.browser.post_connect_cmd +[cols="<1s,<4"] +|=== +|Description +a|Commands to be run when Neo4j Browser successfully connects to this server. Separate multiple commands with semi-colon. +|Valid values +a|browser.post_connect_cmd, a string +|Default value +m|++++++ +|=== + +[[config_browser.remote_content_hostname_whitelist]] +.browser.remote_content_hostname_whitelist +[cols="<1s,<4"] +|=== +|Description +a|Whitelist of hosts for the Neo4j Browser to be allowed to fetch content from. +|Valid values +a|browser.remote_content_hostname_whitelist, a string +|Default value +m|+++guides.neo4j.com,localhost+++ +|=== + +[[config_browser.retain_connection_credentials]] +.browser.retain_connection_credentials +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to store or not store user credentials. +|Valid values +a|browser.retain_connection_credentials, a boolean +|Default value +m|+++true+++ +|=== + +[[config_browser.retain_editor_history]] +.browser.retain_editor_history +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to store or not store user editor history. +|Valid values +a|browser.retain_editor_history, a boolean +|Default value +m|+++true+++ +|=== + +[[config_client.allow_telemetry]] +.client.allow_telemetry +[cols="<1s,<4"] +|=== +|Description +a|Configure client applications such as Browser and Bloom to send Product Analytics data. +|Valid values +a|client.allow_telemetry, a boolean +|Default value +m|+++true+++ +|=== + +[[config_db.checkpoint]] +.db.checkpoint +[cols="<1s,<4"] +|=== +|Description +a|Configures the general policy for when check-points should occur. The default policy is the 'periodic' check-point policy, as specified by the '<>' and '<>' settings. The Neo4j Enterprise Edition provides two alternative policies: The first is the 'continuous' check-point policy, which will ignore those settings and run the check-point process all the time. The second is the 'volumetric' check-point policy, which makes a best-effort at check-pointing often enough so that the database doesn't get too far behind on deleting old transaction logs in accordance with the '<>' setting. +|Valid values +a|db.checkpoint, one of [PERIODIC, CONTINUOUS, VOLUME, VOLUMETRIC] +|Default value +m|+++PERIODIC+++ +|=== + +[[config_db.checkpoint.interval.time]] +.db.checkpoint.interval.time +[cols="<1s,<4"] +|=== +|Description +a|Configures the time interval between check-points. The database will not check-point more often than this (unless check pointing is triggered by a different event), but might check-point less often than this interval, if performing a check-point takes longer time than the configured interval. A check-point is a point in the transaction logs, which recovery would start from. Longer check-point intervals typically mean that recovery will take longer to complete in case of a crash. On the other hand, a longer check-point interval can also reduce the I/O load that the database places on the system, as each check-point implies a flushing and forcing of all the store files. +|Valid values +a|db.checkpoint.interval.time, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +|Default value +m|+++15m+++ +|=== + +[[config_db.checkpoint.interval.tx]] +.db.checkpoint.interval.tx +[cols="<1s,<4"] +|=== +|Description +a|Configures the transaction interval between check-points. The database will not check-point more often than this (unless check pointing is triggered by a different event), but might check-point less often than this interval, if performing a check-point takes longer time than the configured interval. A check-point is a point in the transaction logs, which recovery would start from. Longer check-point intervals typically mean that recovery will take longer to complete in case of a crash. On the other hand, a longer check-point interval can also reduce the I/O load that the database places on the system, as each check-point implies a flushing and forcing of all the store files. The default is '100000' for a check-point every 100000 transactions. +|Valid values +a|db.checkpoint.interval.tx, an integer which is minimum `1` +|Default value +m|+++100000+++ +|=== + +[[config_db.checkpoint.interval.volume]] +.db.checkpoint.interval.volume +[cols="<1s,<4"] +|=== +|Description +a|Configures the volume of transaction logs between check-points. The database will not check-point more often than this (unless check pointing is triggered by a different event), but might check-point less often than this interval, if performing a check-point takes longer time than the configured interval. A check-point is a point in the transaction logs, which recovery would start from. Longer check-point intervals typically mean that recovery will take longer to complete in case of a crash. On the other hand, a longer check-point interval can also reduce the I/O load that the database places on the system, as each check-point implies a flushing and forcing of all the store files. +|Valid values +a|db.checkpoint.interval.volume, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `1.00KiB` +|Default value +m|+++250.00MiB+++ +|=== + +[[config_db.checkpoint.iops.limit]] +.db.checkpoint.iops.limit +[cols="<1s,<4"] +|=== +|Description +a|Limit the number of IOs the background checkpoint process will consume per second. This setting is advisory, is ignored in Neo4j Community Edition, and is followed to best effort in Enterprise Edition. An IO is in this case a 8 KiB (mostly sequential) write. Limiting the write IO in this way will leave more bandwidth in the IO subsystem to service random-read IOs, which is important for the response time of queries when the database cannot fit entirely in memory. The only drawback of this setting is that longer checkpoint times may lead to slightly longer recovery times in case of a database or system crash. A lower number means lower IO pressure, and consequently longer checkpoint times. Set this to -1 to disable the IOPS limit and remove the limitation entirely; this will let the checkpointer flush data as fast as the hardware will go. Removing the setting, or commenting it out, will set the default value of 600. +|Valid values +a|db.checkpoint.iops.limit, an integer +|Dynamic a|true +|Default value +m|+++600+++ +|=== + +[[config_db.cluster.catchup.pull_interval]] +.db.cluster.catchup.pull_interval +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Interval of pulling updates from cores. +|Valid values +a|db.cluster.catchup.pull_interval, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +|Default value +m|+++1s+++ +|=== + +[[config_db.cluster.raft.apply.buffer.max_bytes]] +.db.cluster.raft.apply.buffer.max_bytes +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The maximum number of bytes in the apply buffer. This parameter limits the amount of memory that can be consumed by the apply buffer. If the bytes limit is reached, buffer size will be limited even if max_entries is not exceeded. +|Valid values +a|db.cluster.raft.apply.buffer.max_bytes, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) +|Default value +m|+++1.00GiB+++ +|=== + +[[config_db.cluster.raft.apply.buffer.max_entries]] +.db.cluster.raft.apply.buffer.max_entries +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The maximum number of entries in the raft log entry prefetch buffer. +|Valid values +a|db.cluster.raft.apply.buffer.max_entries, an integer +|Default value +m|+++1024+++ +|=== + +[[config_db.cluster.raft.in_queue.batch.max_bytes]] +.db.cluster.raft.in_queue.batch.max_bytes +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Largest batch processed by RAFT in bytes. +|Valid values +a|db.cluster.raft.in_queue.batch.max_bytes, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) +|Default value +m|+++8.00MiB+++ +|=== + +[[config_db.cluster.raft.in_queue.max_bytes]] +.db.cluster.raft.in_queue.max_bytes +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Maximum number of bytes in the RAFT in-queue. +|Valid values +a|db.cluster.raft.in_queue.max_bytes, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) +|Default value +m|+++2.00GiB+++ +|=== + +[[config_db.cluster.raft.leader_transfer.priority_group]] +.db.cluster.raft.leader_transfer.priority_group +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The name of a server_group whose members should be prioritized as leaders. This does not guarantee that members of this group will be leader at all times, but the cluster will attempt to transfer leadership to such a member when possible. If a database is specified using `db.cluster.raft.leader_transfer.priority_group`. the specified priority group will apply to that database only. If no database is specified that group will be the default and apply to all databases which have no priority group explicitly set. Using this setting will disable leadership balancing. +|Valid values +a|db.cluster.raft.leader_transfer.priority_group, a string identifying a Server Tag +|Default value +m|++++++ +|=== + +[[config_db.cluster.raft.log.prune_strategy]] +.db.cluster.raft.log.prune_strategy +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]RAFT log pruning strategy that determines which logs are to be pruned. Neo4j only prunes log entries up to the last applied index, which guarantees that logs are only marked for pruning once the transactions within are safely copied over to the local transaction logs and safely committed by a majority of cluster members. Possible values are a byte size or a number of transactions (e.g., 200K txs). +|Valid values +a|db.cluster.raft.log.prune_strategy, a string +|Default value +m|+++1g size+++ +|=== + +[[config_db.cluster.raft.log_shipping.buffer.max_bytes]] +.db.cluster.raft.log_shipping.buffer.max_bytes +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The maximum number of bytes in the in-flight cache. This parameter limits the amount of memory that can be consumed by cache. If the bytes limit is reached, cache size will be limited even if max_entries is not exceeded. +|Valid values +a|db.cluster.raft.log_shipping.buffer.max_bytes, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) +|Default value +m|+++1.00GiB+++ +|=== + +[[config_db.cluster.raft.log_shipping.buffer.max_entries]] +.db.cluster.raft.log_shipping.buffer.max_entries +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The maximum number of entries in the in-flight cache. Increasing size will require more memory but might improve performance in high load situations. +|Valid values +a|db.cluster.raft.log_shipping.buffer.max_entries, an integer +|Default value +m|+++1024+++ +|=== + +[[config_db.filewatcher.enabled]] +.db.filewatcher.enabled +[cols="<1s,<4"] +|=== +|Description +a|Allows the enabling or disabling of the file watcher service. This is an auxiliary service but should be left enabled in almost all cases. +|Valid values +a|db.filewatcher.enabled, a boolean +|Default value +m|+++true+++ +|=== + +[[config_db.format]] +.db.format +[cols="<1s,<4"] +|=== +|Description +a|Database format. This is the format that will be used for new databases. Valid values are `standard`, `aligned`, or `high_limit`.The `aligned` format is essentially the `standard` format with some minimal padding at the end of pages such that a single record will never cross a page boundary. The `high_limit` format is available for Enterprise Edition only. It is required if you have a graph that is larger than 34 billion nodes, 34 billion relationships, or 68 billion properties. +|Valid values +a|db.format, a string +|Dynamic a|true +|Default value +m|+++aligned+++ +|=== + +[[config_db.import.csv.buffer_size]] +.db.import.csv.buffer_size +[cols="<1s,<4"] +|=== +|Description +a|The size of the internal buffer in bytes used by `LOAD CSV`. If the csv file contains huge fields this value may have to be increased. +|Valid values +a|db.import.csv.buffer_size, a long which is minimum `1` +|Default value +m|+++2097152+++ +|=== + +[[config_db.import.csv.legacy_quote_escaping]] +.db.import.csv.legacy_quote_escaping +[cols="<1s,<4"] +|=== +|Description +a|Selects whether to conform to the standard https://tools.ietf.org/html/rfc4180 for interpreting escaped quotation characters in CSV files loaded using `LOAD CSV`. Setting this to `false` will use the standard, interpreting repeated quotes '""' as a single in-lined quote, while `true` will use the legacy convention originally supported in Neo4j 3.0 and 3.1, allowing a backslash to include quotes in-lined in fields. +|Valid values +a|db.import.csv.legacy_quote_escaping, a boolean +|Default value +m|+++true+++ +|=== + +[[config_db.index.fulltext.default_analyzer]] +.db.index.fulltext.default_analyzer +[cols="<1s,<4"] +|=== +|Description +a|The name of the analyzer that the fulltext indexes should use by default. +|Valid values +a|db.index.fulltext.default_analyzer, a string +|Default value +m|+++standard-no-stop-words+++ +|=== + +[[config_db.index.fulltext.eventually_consistent]] +.db.index.fulltext.eventually_consistent +[cols="<1s,<4"] +|=== +|Description +a|Whether or not fulltext indexes should be eventually consistent by default or not. +|Valid values +a|db.index.fulltext.eventually_consistent, a boolean +|Default value +m|+++false+++ +|=== + +[[config_db.index.fulltext.eventually_consistent_index_update_queue_max_length]] +.db.index.fulltext.eventually_consistent_index_update_queue_max_length +[cols="<1s,<4"] +|=== +|Description +a|The eventually_consistent mode of the fulltext indexes works by queueing up index updates to be applied later in a background thread. This newBuilder sets an upper bound on how many index updates are allowed to be in this queue at any one point in time. When it is reached, the commit process will slow down and wait for the index update applier thread to make some more room in the queue. +|Valid values +a|db.index.fulltext.eventually_consistent_index_update_queue_max_length, an integer which is in the range `1` to `50000000` +|Default value +m|+++10000+++ +|=== + +[[config_db.index_sampling.background_enabled]] +.db.index_sampling.background_enabled +[cols="<1s,<4"] +|=== +|Description +a|Enable or disable background index sampling. +|Valid values +a|db.index_sampling.background_enabled, a boolean +|Default value +m|+++true+++ +|=== + +[[config_db.index_sampling.sample_size_limit]] +.db.index_sampling.sample_size_limit +[cols="<1s,<4"] +|=== +|Description +a|Index sampling chunk size limit. +|Valid values +a|db.index_sampling.sample_size_limit, an integer which is in the range `1048576` to `2147483647` +|Default value +m|+++8388608+++ +|=== + +[[config_db.index_sampling.update_percentage]] +.db.index_sampling.update_percentage +[cols="<1s,<4"] +|=== +|Description +a|Percentage of index updates of total index size required before sampling of a given index is triggered. +|Valid values +a|db.index_sampling.update_percentage, an integer which is minimum `0` +|Default value +m|+++5+++ +|=== + +[[config_db.lock.acquisition.timeout]] +.db.lock.acquisition.timeout +[cols="<1s,<4"] +|=== +|Description +a|The maximum time interval within which lock should be acquired. Zero (default) means timeout is disabled. +|Valid values +a|db.lock.acquisition.timeout, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +|Dynamic a|true +|Default value +m|+++0s+++ +|=== + +[[config_db.logs.query.early_raw_logging_enabled]] +.db.logs.query.early_raw_logging_enabled +[cols="<1s,<4"] +|=== +|Description +a|Log query text and parameters without obfuscating passwords. This allows queries to be logged earlier before parsing starts. +|Valid values +a|db.logs.query.early_raw_logging_enabled, a boolean +|Dynamic a|true +|Default value +m|+++false+++ +|=== + +[[config_db.logs.query.enabled]] +.db.logs.query.enabled +[cols="<1s,<4"] +|=== +|Description +a|Log executed queries. Valid values are `OFF`, `INFO`, or `VERBOSE`. + +`OFF`:: no logging. +`INFO`:: log queries at the end of execution, that take longer than the configured threshold, `<>`. +`VERBOSE`:: log queries at the start and end of execution, regardless of `<>`. + +Log entries are written to the query log. + +This feature is available in the Neo4j Enterprise Edition. +|Valid values +a|db.logs.query.enabled, one of [OFF, INFO, VERBOSE] +|Dynamic a|true +|Default value +m|+++VERBOSE+++ +|=== + +[[config_db.logs.query.max_parameter_length]] +.db.logs.query.max_parameter_length +[cols="<1s,<4"] +|=== +|Description +a|Sets a maximum character length use for each parameter in the log. This only takes effect if `<> = true`. +|Valid values +a|db.logs.query.max_parameter_length, an integer +|Dynamic a|true +|Default value +m|+++2147483647+++ +|=== + +[[config_db.logs.query.obfuscate_literals]] +.db.logs.query.obfuscate_literals +[cols="<1s,<4"] +|=== +|Description +a|Obfuscates all literals of the query before writing to the log. Note that node labels, relationship types and map property keys are still shown. Changing the setting will not affect queries that are cached. So, if you want the switch to have immediate effect, you must also call `CALL db.clearQueryCaches()`. +|Valid values +a|db.logs.query.obfuscate_literals, a boolean +|Dynamic a|true +|Default value +m|+++false+++ +|=== + +[[config_db.logs.query.parameter_logging_enabled]] +.db.logs.query.parameter_logging_enabled +[cols="<1s,<4"] +|=== +|Description +a|Log parameters for the executed queries being logged. +|Valid values +a|db.logs.query.parameter_logging_enabled, a boolean +|Dynamic a|true +|Default value +m|+++true+++ +|=== + +[[config_db.logs.query.plan_description_enabled]] +.db.logs.query.plan_description_enabled +[cols="<1s,<4"] +|=== +|Description +a|Log query plan description table, useful for debugging purposes. +|Valid values +a|db.logs.query.plan_description_enabled, a boolean +|Dynamic a|true +|Default value +m|false +|=== + +[[config_db.logs.query.threshold]] +.db.logs.query.threshold +[cols="<1s,<4"] +|=== +|Description +a|If the execution of query takes more time than this threshold, the query is logged once completed - provided query logging is set to INFO. Defaults to 0 seconds, that is all queries are logged. +|Valid values +a|db.logs.query.threshold, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +|Dynamic a|true +|Default value +m|+++0s+++ +|=== + +[[config_db.logs.query.transaction.enabled]] +.db.logs.query.transaction.enabled +[cols="<1s,<4"] +|=== +|Description +a|Log the start and end of a transaction. Valid values are 'OFF', 'INFO', or 'VERBOSE'. +OFF: no logging. +INFO: log start and end of transactions that take longer than the configured threshold, <>. +VERBOSE: log start and end of all transactions. +Log entries are written to the query log. +This feature is available in the Neo4j Enterprise Edition. +|Valid values +a|db.logs.query.transaction.enabled, one of [OFF, INFO, VERBOSE] +|Dynamic a|true +|Default value +m|+++OFF+++ +|=== + +[[config_db.logs.query.transaction.threshold]] +.db.logs.query.transaction.threshold +[cols="<1s,<4"] +|=== +|Description +a|If the transaction is open for more time than this threshold, the transaction is logged once completed - provided transaction logging (<>) is set to `INFO`. Defaults to 0 seconds (all transactions are logged). +|Valid values +a|db.logs.query.transaction.threshold, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +|Dynamic a|true +|Default value +m|+++0s+++ +|=== + +[[config_db.memory.pagecache.warmup.enable]] +.db.memory.pagecache.warmup.enable +[cols="<1s,<4"] +|=== +|Description +a|Page cache can be configured to perform usage sampling of loaded pages that can be used to construct active load profile. According to that profile pages can be reloaded on the restart, replication, etc. This setting allows disabling that behavior. +This feature is available in Neo4j Enterprise Edition. +|Valid values +a|db.memory.pagecache.warmup.enable, a boolean +|Default value +m|+++true+++ +|=== + +[[config_db.memory.pagecache.warmup.preload]] +.db.memory.pagecache.warmup.preload +[cols="<1s,<4"] +|=== +|Description +a|Page cache warmup can be configured to prefetch files, preferably when cache size is bigger than store size. Files to be prefetched can be filtered by 'dbms.memory.pagecache.warmup.preload.allowlist'. Enabling this disables warmup by profile. +|Valid values +a|db.memory.pagecache.warmup.preload, a boolean +|Default value +m|+++false+++ +|=== + +[[config_db.memory.pagecache.warmup.preload.allowlist]] +.db.memory.pagecache.warmup.preload.allowlist +[cols="<1s,<4"] +|=== +|Description +a|Page cache warmup prefetch file allowlist regex. By default matches all files. +|Valid values +a|db.memory.pagecache.warmup.preload.allowlist, a string +|Default value +m|+++.*+++ +|=== + +[[config_db.memory.pagecache.warmup.profile.interval]] +.db.memory.pagecache.warmup.profile.interval +[cols="<1s,<4"] +|=== +|Description +a|The profiling frequency for the page cache. Accurate profiles allow the page cache to do active warmup after a restart, reducing the mean time to performance. +This feature is available in Neo4j Enterprise Edition. +|Valid values +a|db.memory.pagecache.warmup.profile.interval, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +|Default value +m|+++1m+++ +|=== + +[[config_db.memory.transaction.max]] +.db.memory.transaction.max +[cols="<1s,<4"] +|=== +|Description +a|Limit the amount of memory that a single transaction can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). Zero means 'largest possible value'. +|Valid values +a|db.memory.transaction.max, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `1.00MiB` or is `0B` +|Dynamic a|true +|Default value +m|+++0B+++ +|=== + +[[config_db.memory.transaction.total.max]] +.db.memory.transaction.total.max +[cols="<1s,<4"] +|=== +|Description +a|Limit the amount of memory that all transactions in one database can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). Zero means 'unlimited'. +|Valid values +a|db.memory.transaction.total.max, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `10.00MiB` or is `0B` +|Dynamic a|true +|Default value +m|+++0B+++ +|=== + +[[config_db.recovery.fail_on_missing_files]] +.db.recovery.fail_on_missing_files +[cols="<1s,<4"] +|=== +|Description +a|If `true`, Neo4j will abort recovery if transaction log files are missing. Setting this to `false` will allow Neo4j to create new empty missing files for the already existing database, but the integrity of the database might be compromised. +|Valid values +a|db.recovery.fail_on_missing_files, a boolean +|Default value +m|+++true+++ +|=== + +[[config_db.relationship_grouping_threshold]] +.db.relationship_grouping_threshold +[cols="<1s,<4"] +|=== +|Description +a|Relationship count threshold for considering a node to be dense. +|Valid values +a|db.relationship_grouping_threshold, an integer which is minimum `1` +|Default value +m|+++50+++ +|=== + +[[config_db.shutdown_transaction_end_timeout]] +.db.shutdown_transaction_end_timeout +[cols="<1s,<4"] +|=== +|Description +a|The maximum amount of time to wait for running transactions to complete before allowing initiated database shutdown to continue. +|Valid values +a|db.shutdown_transaction_end_timeout, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +|Default value +m|+++10s+++ +|=== + +[[config_db.store.files.preallocate]] +.db.store.files.preallocate +[cols="<1s,<4"] +|=== +|Description +a|Specify if Neo4j should try to preallocate store files as they grow. +|Valid values +a|db.store.files.preallocate, a boolean +|Default value +m|+++true+++ +|=== + +[[config_db.temporal.timezone]] +.db.temporal.timezone +[cols="<1s,<4"] +|=== +|Description +a|Database timezone for temporal functions. All Time and DateTime values that are created without an explicit timezone will use this configured default timezone. +|Valid values +a|db.temporal.timezone, a string describing a timezone, either described by offset (e.g. `+02:00`) or by name (e.g. `Europe/Stockholm`) +|Default value +m|+++Z+++ +|=== + +[[config_db.track_query_cpu_time]] +.db.track_query_cpu_time +[cols="<1s,<4"] +|=== +|Description +a|Enables or disables tracking of how much time a query spends actively executing on the CPU. Calling `SHOW TRANSACTIONS` will display the time. This can also be logged in the query log by using `db.logs.query.time_logging_enabled`. +|Valid values +a|db.track_query_cpu_time, a boolean +|Dynamic a|true +|Default value +m|+++false+++ +|=== + +[[config_db.transaction.bookmark_ready_timeout]] +.db.transaction.bookmark_ready_timeout +[cols="<1s,<4"] +|=== +|Description +a|The maximum amount of time to wait for the database state represented by the bookmark. +|Valid values +a|db.transaction.bookmark_ready_timeout, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) which is minimum `1s` +|Dynamic a|true +|Default value +m|+++30s+++ +|=== + +[[config_db.transaction.concurrent.maximum]] +.db.transaction.concurrent.maximum +[cols="<1s,<4"] +|=== +|Description +a|The maximum number of concurrently running transactions. If set to 0, limit is disabled. +|Valid values +a|db.transaction.concurrent.maximum, an integer +|Dynamic a|true +|Default value +m|+++1000+++ +|=== + +[[config_db.transaction.monitor.check.interval]] +.db.transaction.monitor.check.interval +[cols="<1s,<4"] +|=== +|Description +a|Configures the time interval between transaction monitor checks. Determines how often monitor thread will check transaction for timeout. +|Valid values +a|db.transaction.monitor.check.interval, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +|Default value +m|+++2s+++ +|=== + +[[config_db.transaction.sampling.percentage]] +.db.transaction.sampling.percentage +[cols="<1s,<4"] +|=== +|Description +a|Transaction sampling percentage. +|Valid values +a|db.transaction.sampling.percentage, an integer which is in the range `1` to `100` +|Dynamic a|true +|Default value +m|+++5+++ +|=== + +[[config_db.transaction.timeout]] +.db.transaction.timeout +[cols="<1s,<4"] +|=== +|Description +a|The maximum time interval of a transaction within which it should be completed. +|Valid values +a|db.transaction.timeout, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +|Dynamic a|true +|Default value +m|+++0s+++ +|=== + +[[config_db.transaction.tracing.level]] +.db.transaction.tracing.level +[cols="<1s,<4"] +|=== +|Description +a|Transaction creation tracing level. +|Valid values +a|db.transaction.tracing.level, one of [DISABLED, SAMPLE, ALL] +|Dynamic a|true +|Default value +m|+++DISABLED+++ +|=== + +[[config_db.tx_log.buffer.size]] +.db.tx_log.buffer.size +[cols="<1s,<4"] +|=== +|Description +a|On serialization of transaction logs, they will be temporary stored in the byte buffer that will be flushed at the end of the transaction or at any moment when buffer will be full. +|Valid values +a|db.tx_log.buffer.size, a long which is minimum `131072` +|Default value +m|By default the size of byte buffer is based on number of available cpu's with minimal buffer size of 512KB. Every another 4 cpu's will add another 512KB into the buffer size. Maximal buffer size in this default scheme is 4MB taking into account that we can have one transaction log writer per database in multi-database env.For example, runtime with 4 cpus will have buffer size of 1MB; runtime with 8 cpus will have buffer size of 1MB 512KB; runtime with 12 cpus will have buffer size of 2MB. +|=== + +[[config_db.tx_log.preallocate]] +.db.tx_log.preallocate +[cols="<1s,<4"] +|=== +|Description +a|Specify if Neo4j should try to preallocate logical log file in advance. +|Valid values +a|db.tx_log.preallocate, a boolean +|Dynamic a|true +|Default value +m|+++true+++ +|=== + +[[config_db.tx_log.rotation.retention_policy]] +.db.tx_log.rotation.retention_policy +[cols="<1s,<4"] +|=== +|Description +a|Tell Neo4j how long logical transaction logs should be kept to backup the database.For example, "10 days" will prune logical logs that only contain transactions older than 10 days.Alternatively, "100k txs" will keep the 100k latest transactions from each database and prune any older transactions. +|Valid values +a|db.tx_log.rotation.retention_policy, a string which matches the pattern `^(true{vbar}keep_all{vbar}false{vbar}keep_none{vbar}(\d+[KkMmGg]?( (files{vbar}size{vbar}txs{vbar}entries{vbar}hours{vbar}days))))$` (Must be `true` or `keep_all`, `false` or `keep_none`, or of format ` `. Valid units are `K`, `M` and `G`. Valid types are `files`, `size`, `txs`, `entries`, `hours` and `days`. For example, `100M size` will limit logical log space on disk to 100MB per database,and `200K txs` will limit the number of transactions kept to 200 000 per database.) +|Dynamic a|true +|Default value +m|+++2 days+++ +|=== + +[[config_db.tx_log.rotation.size]] +.db.tx_log.rotation.size +[cols="<1s,<4"] +|=== +|Description +a|Specifies at which file size the logical log will auto-rotate. Minimum accepted value is 128 KiB. +|Valid values +a|db.tx_log.rotation.size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `128.00KiB` +|Dynamic a|true +|Default value +m|+++256.00MiB+++ +|=== + +[[config_db.tx_state.memory_allocation]] +.db.tx_state.memory_allocation +[cols="<1s,<4"] +|=== +|Description +a|Defines whether memory for transaction state should be allocated on- or off-heap. Note that for small transactions you can gain up to 25% write speed by setting it to `ON_HEAP`. +|Valid values +a|db.tx_state.memory_allocation, one of [ON_HEAP, OFF_HEAP] +|Default value +m|+++ON_HEAP+++ +|=== + +[[config_dbms.cluster.catchup.client_inactivity_timeout]] +.dbms.cluster.catchup.client_inactivity_timeout +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The catch up protocol times out if the given duration elapses with no network activity. Every message received by the client from the server extends the time out duration. +|Valid values +a|dbms.cluster.catchup.client_inactivity_timeout, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +|Default value +m|+++10m+++ +|=== + +[[config_dbms.cluster.discovery.endpoints]] +.dbms.cluster.discovery.endpoints +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]A comma-separated list of endpoints which a server should contact in order to discover other cluster members. +|Valid values +a|dbms.cluster.discovery.endpoints, a ',' separated list with elements of type 'a socket address in the format 'hostname:port', 'hostname' or ':port''. +|=== + +[[config_dbms.cluster.discovery.log_level]] +.dbms.cluster.discovery.log_level +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The level of middleware logging. +|Valid values +a|dbms.cluster.discovery.log_level, one of [DEBUG, INFO, WARN, ERROR, NONE] +|Default value +m|+++WARN+++ +|=== + +[[config_dbms.cluster.discovery.type]] +.dbms.cluster.discovery.type +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Configure the discovery type used for cluster name resolution. +|Valid values +a|dbms.cluster.discovery.type, one of [DNS, LIST, SRV, K8S] which may require different settings depending on the discovery type: `DNS requires [dbms.cluster.discovery.endpoints], LIST requires [], SRV requires [dbms.cluster.discovery.endpoints], K8S requires [dbms.kubernetes.label_selector, dbms.kubernetes.service_port_name]` +|Default value +m|+++LIST+++ +|=== + +[[config_dbms.cluster.minimum_initial_system_primaries_count]] +.dbms.cluster.minimum_initial_system_primaries_count +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Minimum number of machines initially required to form a clustered DBMS. The cluster is considered formed when at least this many members have discovered each other, bound together and bootstrapped a highly available system database. As a result, at least this many of the cluster's initial machines must have '<>' set to 'PRIMARY'.NOTE: If '<>' is set to 'LIST' and '<>' is empty then the user is assumed to be deploying a standalone DBMS, and the value of this setting is ignored. +|Valid values +a|dbms.cluster.minimum_initial_system_primaries_count, an integer which is minimum `1` +|Default value +m|+++3+++ +|=== + +[[config_dbms.cluster.network.handshake_timeout]] +.dbms.cluster.network.handshake_timeout +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Time out for protocol negotiation handshake. +|Valid values +a|dbms.cluster.network.handshake_timeout, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +|Default value +m|+++20s+++ +|=== + +[[config_dbms.cluster.network.max_chunk_size]] +.dbms.cluster.network.max_chunk_size +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Maximum chunk size allowable across network by clustering machinery. +|Valid values +a|dbms.cluster.network.max_chunk_size, an integer which is in the range `4096` to `10485760` +|Default value +m|+++32768+++ +|=== + +[[config_dbms.cluster.network.supported_compression_algos]] +.dbms.cluster.network.supported_compression_algos +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Network compression algorithms that this instance will allow in negotiation as a comma-separated list. Listed in descending order of preference for incoming connections. An empty list implies no compression. For outgoing connections this merely specifies the allowed set of algorithms and the preference of the remote peer will be used for making the decision. Allowable values: [Gzip, Snappy, Snappy_validating, LZ4, LZ4_high_compression, LZ_validating, LZ4_high_compression_validating] +|Valid values +a|dbms.cluster.network.supported_compression_algos, a ',' separated list with elements of type 'a string'. +|Default value +m|++++++ +|=== + +[[config_dbms.cluster.raft.binding_timeout]] +.dbms.cluster.raft.binding_timeout +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The time allowed for a database on a Neo4j server to either join a cluster or form a new cluster with the other Neo4j Servers provided by `<>`. +|Valid values +a|dbms.cluster.raft.binding_timeout, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +|Default value +m|+++10m+++ +|=== + +[[config_dbms.cluster.raft.client.max_channels]] +.dbms.cluster.raft.client.max_channels +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The maximum number of TCP channels between two nodes to operate the raft protocol. Each database gets allocated one channel, but a single channel can be used by more than one database. +|Valid values +a|dbms.cluster.raft.client.max_channels, an integer +|Default value +m|+++8+++ +|=== + +[[config_dbms.cluster.raft.election_failure_detection_window]] +.dbms.cluster.raft.election_failure_detection_window +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The rate at which leader elections happen. Note that due to election conflicts it might take several attempts to find a leader. The window should be significantly larger than typical communication delays to make conflicts unlikely. +|Valid values +a|dbms.cluster.raft.election_failure_detection_window, a duration-range (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +|Default value +m|+++3s-6s+++ +|=== + +[[config_dbms.cluster.raft.leader_failure_detection_window]] +.dbms.cluster.raft.leader_failure_detection_window +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The time window within which the loss of the leader is detected and the first re-election attempt is held. The window should be significantly larger than typical communication delays to make conflicts unlikely. +|Valid values +a|dbms.cluster.raft.leader_failure_detection_window, a duration-range (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +|Default value +m|+++20s-23s+++ +|=== + +[[config_dbms.cluster.raft.leader_transfer.balancing_strategy]] +.dbms.cluster.raft.leader_transfer.balancing_strategy +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Which strategy to use when transferring database leaderships around a cluster. This can be one of `equal_balancing` or `no_balancing`. `equal_balancing` automatically ensures that each Core server holds the leader role for an equal number of databases.`no_balancing` prevents any automatic balancing of the leader role. Note that if a `leadership_priority_group` is specified for a given database, the value of this setting will be ignored for that database. +|Valid values +a|dbms.cluster.raft.leader_transfer.balancing_strategy, one of [NO_BALANCING, EQUAL_BALANCING] +|Default value +m|+++EQUAL_BALANCING+++ +|=== + +[[config_dbms.cluster.raft.log.pruning_frequency]] +.dbms.cluster.raft.log.pruning_frequency +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]RAFT log pruning frequency. +|Valid values +a|dbms.cluster.raft.log.pruning_frequency, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +|Default value +m|+++10m+++ +|=== + +[[config_dbms.cluster.raft.log.reader_pool_size]] +.dbms.cluster.raft.log.reader_pool_size +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]RAFT log reader pool size. +|Valid values +a|dbms.cluster.raft.log.reader_pool_size, an integer +|Default value +m|+++8+++ +|=== + +[[config_dbms.cluster.raft.log.rotation_size]] +.dbms.cluster.raft.log.rotation_size +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]RAFT log rotation size. +|Valid values +a|dbms.cluster.raft.log.rotation_size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `1.00KiB` +|Default value +m|+++250.00MiB+++ +|=== + +[[config_dbms.cluster.raft.membership.join_max_lag]] +.dbms.cluster.raft.membership.join_max_lag +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Maximum amount of lag accepted for a new follower to join the Raft group. +|Valid values +a|dbms.cluster.raft.membership.join_max_lag, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +|Default value +m|+++10s+++ +|=== + +[[config_dbms.cluster.raft.membership.join_timeout]] +.dbms.cluster.raft.membership.join_timeout +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Time out for a new member to catch up. +|Valid values +a|dbms.cluster.raft.membership.join_timeout, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +|Default value +m|+++10m+++ +|=== + +[[config_dbms.cluster.store_copy.max_retry_time_per_request]] +.dbms.cluster.store_copy.max_retry_time_per_request +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Maximum retry time per request during store copy. Regular store files and indexes are downloaded in separate requests during store copy. This configures the maximum time failed requests are allowed to resend. +|Valid values +a|dbms.cluster.store_copy.max_retry_time_per_request, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +|Default value +m|+++20m+++ +|=== + +[[config_dbms.cypher.forbid_exhaustive_shortestpath]] +.dbms.cypher.forbid_exhaustive_shortestpath +[cols="<1s,<4"] +|=== +|Description +a|This setting is associated with performance optimization. Set this to `true` in situations where it is preferable to have any queries using the 'shortestPath' function terminate as soon as possible with no answer, rather than potentially running for a long time attempting to find an answer (even if there is no path to be found). For most queries, the 'shortestPath' algorithm will return the correct answer very quickly. However there are some cases where it is possible that the fast bidirectional breadth-first search algorithm will find no results even if they exist. This can happen when the predicates in the `WHERE` clause applied to 'shortestPath' cannot be applied to each step of the traversal, and can only be applied to the entire path. When the query planner detects these special cases, it will plan to perform an exhaustive depth-first search if the fast algorithm finds no paths. However, the exhaustive search may be orders of magnitude slower than the fast algorithm. If it is critical that queries terminate as soon as possible, it is recommended that this option be set to `true`, which means that Neo4j will never consider using the exhaustive search for shortestPath queries. However, please note that if no paths are found, an error will be thrown at run time, which will need to be handled by the application. +|Valid values +a|dbms.cypher.forbid_exhaustive_shortestpath, a boolean +|Default value +m|+++false+++ +|=== + +[[config_dbms.cypher.forbid_shortestpath_common_nodes]] +.dbms.cypher.forbid_shortestpath_common_nodes +[cols="<1s,<4"] +|=== +|Description +a|This setting is associated with performance optimization. The shortest path algorithm does not work when the start and end nodes are the same. With this setting set to `false` no path will be returned when that happens. The default value of `true` will instead throw an exception. This can happen if you perform a shortestPath search after a cartesian product that might have the same start and end nodes for some of the rows passed to shortestPath. If it is preferable to not experience this exception, and acceptable for results to be missing for those rows, then set this to `false`. If you cannot accept missing results, and really want the shortestPath between two common nodes, then re-write the query using a standard Cypher variable length pattern expression followed by ordering by path length and limiting to one result. +|Valid values +a|dbms.cypher.forbid_shortestpath_common_nodes, a boolean +|Default value +m|+++true+++ +|=== + +[[config_dbms.cypher.hints_error]] +.dbms.cypher.hints_error +[cols="<1s,<4"] +|=== +|Description +a|Set this to specify the behavior when Cypher planner or runtime hints cannot be fulfilled. If true, then non-conformance will result in an error, otherwise only a warning is generated. +|Valid values +a|dbms.cypher.hints_error, a boolean +|Default value +m|+++false+++ +|=== + +[[config_dbms.cypher.lenient_create_relationship]] +.dbms.cypher.lenient_create_relationship +[cols="<1s,<4"] +|=== +|Description +a|Set this to change the behavior for Cypher create relationship when the start or end node is missing. By default this fails the query and stops execution, but by setting this flag the create operation is simply not performed and execution continues. +|Valid values +a|dbms.cypher.lenient_create_relationship, a boolean +|Default value +m|+++false+++ +|=== + +[[config_dbms.cypher.min_replan_interval]] +.dbms.cypher.min_replan_interval +[cols="<1s,<4"] +|=== +|Description +a|The minimum time between possible cypher query replanning events. After this time, the graph statistics will be evaluated, and if they have changed by more than the value set by <>, the query will be replanned. If the statistics have not changed sufficiently, the same interval will need to pass before the statistics will be evaluated again. Each time they are evaluated, the divergence threshold will be reduced slightly until it reaches 10% after 7h, so that even moderately changing databases will see query replanning after a sufficiently long time interval. +|Valid values +a|dbms.cypher.min_replan_interval, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +|Default value +m|+++10s+++ +|=== + +[[config_dbms.cypher.planner]] +.dbms.cypher.planner +[cols="<1s,<4"] +|=== +|Description +a|Set this to specify the default planner for the default language version. +|Valid values +a|dbms.cypher.planner, one of [DEFAULT, COST] +|Default value +m|+++DEFAULT+++ +|=== + +[[config_dbms.cypher.render_plan_description]] +.dbms.cypher.render_plan_description +[cols="<1s,<4"] +|=== +|Description +a|If set to `true` a textual representation of the plan description will be rendered on the server for all queries running with `EXPLAIN` or `PROFILE`. This allows clients such as the neo4j browser and Cypher shell to show a more detailed plan description. +|Valid values +a|dbms.cypher.render_plan_description, a boolean +|Dynamic a|true +|Default value +m|+++false+++ +|=== + +[[config_dbms.cypher.statistics_divergence_threshold]] +.dbms.cypher.statistics_divergence_threshold +[cols="<1s,<4"] +|=== +|Description +a|The threshold for statistics above which a plan is considered stale. + +If any of the underlying statistics used to create the plan have changed more than this value, the plan will be considered stale and will be replanned. Change is calculated as `abs(a-b)/max(a,b)`. + +This means that a value of `0.75` requires the database to quadruple in size before query replanning. A value of `0` means that the query will be replanned as soon as there is any change in statistics and the replan interval has elapsed. + +This interval is defined by `<>` and defaults to 10s. After this interval, the divergence threshold will slowly start to decline, reaching 10% after about 7h. This will ensure that long running databases will still get query replanning on even modest changes, while not replanning frequently unless the changes are very large. +|Valid values +a|dbms.cypher.statistics_divergence_threshold, a double which is in the range `0.0` to `1.0` +|Default value +m|+++0.75+++ +|=== + +[[config_dbms.databases.seed_from_uri_providers]] +.dbms.databases.seed_from_uri_providers +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Databases may be created from an existing 'seed' (a database backup or dump) stored at some source URI. Different types of seed source are supported by different implementations of `com.neo4j.dbms.seeding.SeedProvider`. For example, seeds stored at 's3://' and 'https://' URIs are supported by the builtin `S3SeedProvider` and `URLConnectionSeedProvider` respectively. This list specifies enabled seed providers. If a seed source (URI scheme) is supported by multiple providers in the list, the first matching provider will be used. If the list is set to empty, the seed from uri functionality is effectively disabled. +|Valid values +a|dbms.databases.seed_from_uri_providers, a ',' separated list with elements of type 'a string'. +|Default value +m|+++S3SeedProvider+++ +|=== + +[[config_dbms.db.timezone]] +.dbms.db.timezone +[cols="<1s,<4"] +|=== +|Description +a|Database timezone. Among other things, this setting influences the monitoring procedures. +|Valid values +a|dbms.db.timezone, one of [UTC, SYSTEM] +|Default value +m|+++UTC+++ +|=== + +[[config_dbms.kubernetes.address]] +.dbms.kubernetes.address +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Address for Kubernetes API. +|Valid values +a|dbms.kubernetes.address, a socket address in the format 'hostname:port', 'hostname' or ':port' +|Default value +m|+++kubernetes.default.svc:443+++ +|=== + +[[config_dbms.kubernetes.ca_crt]] +.dbms.kubernetes.ca_crt +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]File location of CA certificate for Kubernetes API. +|Valid values +a|dbms.kubernetes.ca_crt, a path +|Default value +m|+++/var/run/secrets/kubernetes.io/serviceaccount/ca.crt+++ +|=== + +[[config_dbms.kubernetes.cluster_domain]] +.dbms.kubernetes.cluster_domain +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Kubernetes cluster domain. +|Valid values +a|dbms.kubernetes.cluster_domain, a string +|Default value +m|+++cluster.local+++ +|=== + +[[config_dbms.kubernetes.label_selector]] +.dbms.kubernetes.label_selector +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]LabelSelector for Kubernetes API. +|Valid values +a|dbms.kubernetes.label_selector, a string +|=== + +[[config_dbms.kubernetes.namespace]] +.dbms.kubernetes.namespace +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]File location of namespace for Kubernetes API. +|Valid values +a|dbms.kubernetes.namespace, a path +|Default value +m|+++/var/run/secrets/kubernetes.io/serviceaccount/namespace+++ +|=== + +[[config_dbms.kubernetes.service_port_name]] +.dbms.kubernetes.service_port_name +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Service port name for discovery for Kubernetes API. +|Valid values +a|dbms.kubernetes.service_port_name, a string +|=== + +[[config_dbms.kubernetes.token]] +.dbms.kubernetes.token +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]File location of token for Kubernetes API. +|Valid values +a|dbms.kubernetes.token, a path +|Default value +m|+++/var/run/secrets/kubernetes.io/serviceaccount/token+++ +|=== + +[[config_dbms.logs.http.enabled]] +.dbms.logs.http.enabled +[cols="<1s,<4"] +|=== +|Description +a|Enable HTTP request logging. +|Valid values +a|dbms.logs.http.enabled, a boolean +|Default value +m|+++false+++ +|=== + +[[config_dbms.memory.tracking.enable]] +.dbms.memory.tracking.enable +[cols="<1s,<4"] +|=== +|Description +a|Enable off heap and on heap memory tracking. Should not be set to `false` for clusters. +|Valid values +a|dbms.memory.tracking.enable, a boolean +|Default value +m|+++true+++ +|=== + +[[config_dbms.memory.transaction.total.max]] +.dbms.memory.transaction.total.max +[cols="<1s,<4"] +|=== +|Description +a|Limit the amount of memory that all of the running transactions can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). Zero means 'unlimited'. +|Valid values +a|dbms.memory.transaction.total.max, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `10.00MiB` or is `0B` +|Dynamic a|true +|Default value +m|+++0B+++ +|=== + +[[config_dbms.netty.ssl.provider]] +.dbms.netty.ssl.provider +[cols="<1s,<4"] +|=== +|Description +a|Netty SSL provider. +|Valid values +a|dbms.netty.ssl.provider, one of [JDK, OPENSSL, OPENSSL_REFCNT] +|Default value +m|+++JDK+++ +|=== + +[[config_dbms.routing.client_side.enforce_for_domains]] +.dbms.routing.client_side.enforce_for_domains +[cols="<1s,<4"] +|=== +|Description +a|Always use client side routing (regardless of the default router) for neo4j:// protocol connections to these domains. A comma separated list of domains. Wildcards (*) are supported. +|Valid values +a|dbms.routing.client_side.enforce_for_domains, a ',' separated set with elements of type 'a string'. +|Dynamic a|true +|Default value +m|++++++ +|=== + +[[config_dbms.routing.default_router]] +.dbms.routing.default_router +[cols="<1s,<4"] +|=== +|Description +a|Routing strategy for neo4j:// protocol connections. +Default is `CLIENT`, using client-side routing, with server-side routing as a fallback (if enabled). +When set to `SERVER`, client-side routing is short-circuited, and requests will rely on server-side routing (which must be enabled for proper operation, i.e. `<>=true`). +Can be overridden by `<>`. +|Valid values +a|dbms.routing.default_router, one of [SERVER, CLIENT] +|Default value +m|+++CLIENT+++ +|=== + +[[config_dbms.routing.driver.connection.connect_timeout]] +.dbms.routing.driver.connection.connect_timeout +[cols="<1s,<4"] +|=== +|Description +a|Socket connection timeout. +A timeout of zero is treated as an infinite timeout and will be bound by the timeout configured on the +operating system level. +|Valid values +a|dbms.routing.driver.connection.connect_timeout, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +|Default value +m|+++5s+++ +|=== + +[[config_dbms.routing.driver.connection.max_lifetime]] +.dbms.routing.driver.connection.max_lifetime +[cols="<1s,<4"] +|=== +|Description +a|Pooled connections older than this threshold will be closed and removed from the pool. +Setting this option to a low value will cause a high connection churn and might result in a performance hit. +It is recommended to set maximum lifetime to a slightly smaller value than the one configured in network +equipment (load balancer, proxy, firewall, etc. can also limit maximum connection lifetime). +Zero and negative values result in lifetime not being checked. +|Valid values +a|dbms.routing.driver.connection.max_lifetime, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +|Default value +m|+++1h+++ +|=== + +[[config_dbms.routing.driver.connection.pool.acquisition_timeout]] +.dbms.routing.driver.connection.pool.acquisition_timeout +[cols="<1s,<4"] +|=== +|Description +a|Maximum amount of time spent attempting to acquire a connection from the connection pool. +This timeout only kicks in when all existing connections are being used and no new connections can be created because maximum connection pool size has been reached. +Error is raised when connection can't be acquired within configured time. +Negative values are allowed and result in unlimited acquisition timeout. Value of 0 is allowed and results in no timeout and immediate failure when connection is unavailable. +|Valid values +a|dbms.routing.driver.connection.pool.acquisition_timeout, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +|Default value +m|+++1m+++ +|=== + +[[config_dbms.routing.driver.connection.pool.idle_test]] +.dbms.routing.driver.connection.pool.idle_test +[cols="<1s,<4"] +|=== +|Description +a|Pooled connections that have been idle in the pool for longer than this timeout will be tested before they are used again, to ensure they are still alive. +If this option is set too low, an additional network call will be incurred when acquiring a connection, which causes a performance hit. +If this is set high, no longer live connections might be used which might lead to errors. +Hence, this parameter tunes a balance between the likelihood of experiencing connection problems and performance +Normally, this parameter should not need tuning. +Value 0 means connections will always be tested for validity. +|Valid values +a|dbms.routing.driver.connection.pool.idle_test, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +|Default value +m|No connection liveliness check is done by default. +|=== + +[[config_dbms.routing.driver.connection.pool.max_size]] +.dbms.routing.driver.connection.pool.max_size +[cols="<1s,<4"] +|=== +|Description +a|Maximum total number of connections to be managed by a connection pool. +The limit is enforced for a combination of a host and user. Negative values are allowed and result in unlimited pool. Value of 0is not allowed. +|Valid values +a|dbms.routing.driver.connection.pool.max_size, an integer +|Default value +m|Unlimited +|=== + +[[config_dbms.routing.driver.logging.level]] +.dbms.routing.driver.logging.level +[cols="<1s,<4"] +|=== +|Description +a|Sets level for driver internal logging. +|Valid values +a|dbms.routing.driver.logging.level, one of [DEBUG, INFO, WARN, ERROR, NONE] +|Default value +m|+++INFO+++ +|=== + +[[config_dbms.routing.enabled]] +.dbms.routing.enabled +[cols="<1s,<4"] +|=== +|Description +a|Enable server-side routing in clusters using an additional bolt connector. +When configured, this allows requests to be forwarded from one cluster member to another, if the requests can't be satisfied by the first member (e.g. write requests received by a non-leader). +|Valid values +a|dbms.routing.enabled, a boolean +|Default value +m|+++true+++ +|=== + +[[config_dbms.routing.load_balancing.plugin]] +.dbms.routing.load_balancing.plugin +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The load balancing plugin to use. +|Valid values +a|dbms.routing.load_balancing.plugin, a string which specified load balancer plugin exist. +|Default value +m|+++server_policies+++ +|=== + +[[config_dbms.routing.load_balancing.shuffle_enabled]] +.dbms.routing.load_balancing.shuffle_enabled +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Enables shuffling of the returned load balancing result. +|Valid values +a|dbms.routing.load_balancing.shuffle_enabled, a boolean +|Default value +m|+++true+++ +|=== + +[[config_dbms.routing.reads_on_primaries_enabled]] +.dbms.routing.reads_on_primaries_enabled +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Configure if the `dbms.routing.getRoutingTable()` procedure should include non-writer primaries as read endpoints or return only secondaries. Note: if there are no secondaries for the given database primaries are returned as read end points regardless the value of this setting. Defaults to true so that non-writer primaries are available for read-only queries in a typical heterogeneous setup. +|Valid values +a|dbms.routing.reads_on_primaries_enabled, a boolean +|Default value +m|+++true+++ +|=== + +[[config_dbms.routing.reads_on_writers_enabled]] +.dbms.routing.reads_on_writers_enabled +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Configure if the `dbms.routing.getRoutingTable()` procedure should include the writer as read endpoint or return only non-writers (non writer primaries and secondaries) Note: writer is returned as read endpoint if no other member is present all. +|Valid values +a|dbms.routing.reads_on_writers_enabled, a boolean +|Dynamic a|true +|Default value +m|+++false+++ +|=== + +[[config_dbms.routing_ttl]] +.dbms.routing_ttl +[cols="<1s,<4"] +|=== +|Description +a|How long callers should cache the response of the routing procedure `dbms.routing.getRoutingTable()` +|Valid values +a|dbms.routing_ttl, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) which is minimum `1s` +|Default value +m|+++5m+++ +|=== + +[[config_dbms.security.allow_csv_import_from_file_urls]] +.dbms.security.allow_csv_import_from_file_urls +[cols="<1s,<4"] +|=== +|Description +a|Determines if Cypher will allow using file URLs when loading data using `LOAD CSV`. Setting this value to `false` will cause Neo4j to fail `LOAD CSV` clauses that load data from the file system. +|Valid values +a|dbms.security.allow_csv_import_from_file_urls, a boolean +|Default value +m|+++true+++ +|=== + +[[config_dbms.security.auth_cache_max_capacity]] +.dbms.security.auth_cache_max_capacity +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The maximum capacity for authentication and authorization caches (respectively). +|Valid values +a|dbms.security.auth_cache_max_capacity, an integer +|Default value +m|+++10000+++ +|=== + +[[config_dbms.security.auth_cache_ttl]] +.dbms.security.auth_cache_ttl +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The time to live (TTL) for cached authentication and authorization info when using external auth providers (LDAP or plugin). Setting the TTL to 0 will disable auth caching. Disabling caching while using the LDAP auth provider requires the use of an LDAP system account for resolving authorization information. +|Valid values +a|dbms.security.auth_cache_ttl, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +|Default value +m|+++10m+++ +|=== + +[[config_dbms.security.auth_cache_use_ttl]] +.dbms.security.auth_cache_use_ttl +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Enable time-based eviction of the authentication and authorization info cache for external auth providers (LDAP or plugin). Disabling this setting will make the cache live forever and only be evicted when `<>` is exceeded. +|Valid values +a|dbms.security.auth_cache_use_ttl, a boolean +|Default value +m|+++true+++ +|=== + +[[config_dbms.security.auth_enabled]] +.dbms.security.auth_enabled +[cols="<1s,<4"] +|=== +|Description +a|Enable auth requirement to access Neo4j. +|Valid values +a|dbms.security.auth_enabled, a boolean +|Default value +m|true +|=== + +[[config_config_dbms.security.auth_minimum_password_length]] +.dbms.security.auth_minimum_password_length +[cols="<1s,<4"] +|=== +|Description +a|label:version-number[Neo4j v5.3]The minimum number of characters required in a password. +|Valid values +a|dbms.security.auth_minimum_password_length, an integer +|Default value +m|+++8+++ +|=== + +[[config_dbms.security.auth_lock_time]] +.dbms.security.auth_lock_time +[cols="<1s,<4"] +|=== +|Description +a|The amount of time user account should be locked after a configured number of unsuccessful authentication attempts. The locked out user will not be able to log in until the lock period expires, even if correct credentials are provided. Setting this configuration option to a low value is not recommended because it might make it easier for an attacker to brute force the password. +|Valid values +a|dbms.security.auth_lock_time, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) which is minimum `0s` +|Default value +m|+++5s+++ +|=== + +[[config_dbms.security.auth_max_failed_attempts]] +.dbms.security.auth_max_failed_attempts +[cols="<1s,<4"] +|=== +|Description +a|The maximum number of unsuccessful authentication attempts before imposing a user lock for the configured amount of time, as defined by `<>`.The locked out user will not be able to log in until the lock period expires, even if correct credentials are provided. Setting this configuration option to values less than 3 is not recommended because it might make it easier for an attacker to brute force the password. +|Valid values +a|dbms.security.auth_max_failed_attempts, an integer which is minimum `0` +|Default value +m|+++3+++ +|=== + +[[config_dbms.security.authentication_providers]] +.dbms.security.authentication_providers +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]A list of security authentication providers containing the users and roles. This can be any of the built-in `native` or `ldap` providers, or it can be an externally provided plugin, with a custom name prefixed by `plugin-`, i.e. `plugin-`. They will be queried in the given order when login is attempted. +|Valid values +a|dbms.security.authentication_providers, a ',' separated list with elements of type 'a string'. +|Default value +m|+++native+++ +|=== + +[[config_dbms.security.authorization_providers]] +.dbms.security.authorization_providers +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]A list of security authorization providers containing the users and roles. This can be any of the built-in `native` or `ldap` providers, or it can be an externally provided plugin, with a custom name prefixed by `plugin-`, i.e. `plugin-`. They will be queried in the given order when login is attempted. +|Valid values +a|dbms.security.authorization_providers, a ',' separated list with elements of type 'a string'. +|Default value +m|+++native+++ +|=== + +[[config_dbms.security.cluster_status_auth_enabled]] +.dbms.security.cluster_status_auth_enabled +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Require authorization for access to the Causal Clustering status endpoints. +|Valid values +a|dbms.security.cluster_status_auth_enabled, a boolean +|Default value +m|+++true+++ +|=== + +[[config_dbms.security.http_access_control_allow_origin]] +.dbms.security.http_access_control_allow_origin +[cols="<1s,<4"] +|=== +|Description +a|Value of the Access-Control-Allow-Origin header sent over any HTTP or HTTPS connector. This defaults to '*', which allows broadest compatibility. Note that any URI provided here limits HTTP/HTTPS access to that URI only. +|Valid values +a|dbms.security.http_access_control_allow_origin, a string +|Default value +m|+++*+++ +|=== + +[[config_dbms.security.http_auth_allowlist]] +.dbms.security.http_auth_allowlist +[cols="<1s,<4"] +|=== +|Description +a|Defines an allowlist of http paths where Neo4j authentication is not required. +|Valid values +a|dbms.security.http_auth_allowlist, a ',' separated list with elements of type 'a string'. +|Default value +m|+++/,/browser.*+++ +|=== + +[[config_dbms.security.http_strict_transport_security]] +.dbms.security.http_strict_transport_security +[cols="<1s,<4"] +|=== +|Description +a|Value of the HTTP Strict-Transport-Security (HSTS) response header. This header tells browsers that a webpage should only be accessed using HTTPS instead of HTTP. It is attached to every HTTPS response. Setting is not set by default so 'Strict-Transport-Security' header is not sent. Value is expected to contain directives like 'max-age', 'includeSubDomains' and 'preload'. +|Valid values +a|dbms.security.http_strict_transport_security, a string +|=== + +[[config_dbms.security.key.name]] +.dbms.security.key.name +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Name of the 256 length AES encryption key, which is used for the symmetric encryption. +|Valid values +a|dbms.security.key.name, a string +|Dynamic a|true +|Default value +m|+++aesKey+++ +|=== + +[[config_dbms.security.keystore.password]] +.dbms.security.keystore.password +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Password for accessing the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption. +|Valid values +a|dbms.security.keystore.password, a secure string +|Dynamic a|true +|=== + +[[config_dbms.security.keystore.path]] +.dbms.security.keystore.path +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Location of the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption of secrets held in system database. +|Valid values +a|dbms.security.keystore.path, a path +|Dynamic a|true +|=== + +[[config_dbms.security.ldap.authentication.attribute]] +.dbms.security.ldap.authentication.attribute +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The attribute to use when looking up users. +Using this setting requires `<>` to be true and thus `<>` and `<>` to be configured. +|Valid values +a|dbms.security.ldap.authentication.attribute, a string which matches the pattern `[A-Za-z0-9-]*` (has to be a valid LDAP attribute name, only containing letters [A-Za-z], digits [0-9] and hyphens [-].) +|Dynamic a|true +|Default value +m|+++samaccountname+++ +|=== + +[[config_dbms.security.ldap.authentication.cache_enabled]] +.dbms.security.ldap.authentication.cache_enabled +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Determines if the result of authentication via the LDAP server should be cached or not. Caching is used to limit the number of LDAP requests that have to be made over the network for users that have already been authenticated successfully. A user can be authenticated against an existing cache entry (instead of via an LDAP server) as long as it is alive (see `<>`). +An important consequence of setting this to `true` is that Neo4j then needs to cache a hashed version of the credentials in order to perform credentials matching. This hashing is done using a cryptographic hash function together with a random salt. Preferably a conscious decision should be made if this method is considered acceptable by the security standards of the organization in which this Neo4j instance is deployed. +|Valid values +a|dbms.security.ldap.authentication.cache_enabled, a boolean +|Default value +m|+++true+++ +|=== + +[[config_dbms.security.ldap.authentication.mechanism]] +.dbms.security.ldap.authentication.mechanism +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]LDAP authentication mechanism. This is one of `simple` or a SASL mechanism supported by JNDI, for example `DIGEST-MD5`. `simple` is basic username and password authentication and SASL is used for more advanced mechanisms. See RFC 2251 LDAPv3 documentation for more details. +|Valid values +a|dbms.security.ldap.authentication.mechanism, a string +|Default value +m|+++simple+++ +|=== + +[[config_dbms.security.ldap.authentication.search_for_attribute]] +.dbms.security.ldap.authentication.search_for_attribute +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Perform authentication by searching for an unique attribute of a user. +Using this setting requires `<>` and `<>` to be configured. +|Valid values +a|dbms.security.ldap.authentication.search_for_attribute, a boolean +|Default value +m|+++false+++ +|=== + +[[config_dbms.security.ldap.authentication.user_dn_template]] +.dbms.security.ldap.authentication.user_dn_template +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]LDAP user DN template. An LDAP object is referenced by its distinguished name (DN), and a user DN is an LDAP fully-qualified unique user identifier. This setting is used to generate an LDAP DN that conforms with the LDAP directory's schema from the user principal that is submitted with the authentication token when logging in. The special token {0} is a placeholder where the user principal will be substituted into the DN string. +|Valid values +a|dbms.security.ldap.authentication.user_dn_template, a string which Must be a string containing '{0}' to understand where to insert the runtime authentication principal. +|Dynamic a|true +|Default value +m|+++uid={0},ou=users,dc=example,dc=com+++ +|=== + +[[config_dbms.security.ldap.authorization.access_permitted_group]] +.dbms.security.ldap.authorization.access_permitted_group +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The LDAP group to which a user must belong to get any access to the system.Set this to restrict access to a subset of LDAP users belonging to a particular group. If this is not set, any user to successfully authenticate via LDAP will have access to the PUBLIC role and any other roles assigned to them via <>. +|Valid values +a|dbms.security.ldap.authorization.access_permitted_group, a string +|Dynamic a|true +|Default value +m|++++++ +|=== + +[[config_dbms.security.ldap.authorization.group_membership_attributes]] +.dbms.security.ldap.authorization.group_membership_attributes +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]A list of attribute names on a user object that contains groups to be used for mapping to roles when LDAP authorization is enabled. This setting is ignored when `dbms.ldap_authorization_nested_groups_enabled` is `true`. +|Valid values +a|dbms.security.ldap.authorization.group_membership_attributes, a ',' separated list with elements of type 'a string'. which Can not be empty +|Dynamic a|true +|Default value +m|+++memberOf+++ +|=== + +[[config_dbms.security.ldap.authorization.group_to_role_mapping]] +.dbms.security.ldap.authorization.group_to_role_mapping +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]An authorization mapping from LDAP group names to Neo4j role names. The map should be formatted as a semicolon separated list of key-value pairs, where the key is the LDAP group name and the value is a comma separated list of corresponding role names. For example: group1=role1;group2=role2;group3=role3,role4,role5 +You could also use whitespaces and quotes around group names to make this mapping more readable, for example: +---- +`dbms.security.ldap.authorization.group_to_role_mapping`=\ + "cn=Neo4j Read Only,cn=users,dc=example,dc=com" = reader; \ + "cn=Neo4j Read-Write,cn=users,dc=example,dc=com" = publisher; \ + "cn=Neo4j Schema Manager,cn=users,dc=example,dc=com" = architect; \ + "cn=Neo4j Administrator,cn=users,dc=example,dc=com" = admin +---- +|Valid values +a|dbms.security.ldap.authorization.group_to_role_mapping, a string which must be semicolon separated list of key-value pairs or empty +|Dynamic a|true +|Default value +m|++++++ +|=== + +[[config_dbms.security.ldap.authorization.nested_groups_enabled]] +.dbms.security.ldap.authorization.nested_groups_enabled +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]This setting determines whether multiple LDAP search results will be processed (as is required for the lookup of nested groups). If set to `true` then instead of using attributes on the user object to determine group membership (as specified by `<>`), the `user` object will only be used to determine the user's Distinguished Name, which will subsequently be used with `<>` in order to perform a nested group search. The Distinguished Names of the resultant group search results will be used to determine roles. +|Valid values +a|dbms.security.ldap.authorization.nested_groups_enabled, a boolean +|Dynamic a|true +|Default value +m|+++false+++ +|=== + +[[config_dbms.security.ldap.authorization.nested_groups_search_filter]] +.dbms.security.ldap.authorization.nested_groups_search_filter +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The search template which will be used to find the nested groups which the user is a member of. The filter should contain the placeholder token `{0}` which will be substituted with the user's Distinguished Name (which is found for the specified user principle using `<>`). The default value specifies Active Directory's LDAP_MATCHING_RULE_IN_CHAIN (aka 1.2.840.113556.1.4.1941) implementation which will walk the ancestry of group membership for the specified user. +|Valid values +a|dbms.security.ldap.authorization.nested_groups_search_filter, a string +|Dynamic a|true +|Default value +m|+++(&(objectclass=group)(member:1.2.840.113556.1.4.1941:={0}))+++ +|=== + +[[config_dbms.security.ldap.authorization.system_password]] +.dbms.security.ldap.authorization.system_password +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]An LDAP system account password to use for authorization searches when `<>` is `true`. +|Valid values +a|dbms.security.ldap.authorization.system_password, a secure string +|=== + +[[config_dbms.security.ldap.authorization.system_username]] +.dbms.security.ldap.authorization.system_username +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]An LDAP system account username to use for authorization searches when `<>` is `true`. Note that the `<>` will not be applied to this username, so you may have to specify a full DN. +|Valid values +a|dbms.security.ldap.authorization.system_username, a string +|=== + +[[config_dbms.security.ldap.authorization.use_system_account]] +.dbms.security.ldap.authorization.use_system_account +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Perform LDAP search for authorization info using a system account instead of the user's own account. +If this is set to `false` (default), the search for group membership will be performed directly after authentication using the LDAP context bound with the user's own account. The mapped roles will be cached for the duration of `<>`, and then expire, requiring re-authentication. To avoid frequently having to re-authenticate sessions you may want to set a relatively long auth cache expiration time together with this option. NOTE: This option will only work if the users are permitted to search for their own group membership attributes in the directory. +If this is set to `true`, the search will be performed using a special system account user with read access to all the users in the directory. You need to specify the username and password using the settings `<>` and `<>` with this option. Note that this account only needs read access to the relevant parts of the LDAP directory and does not need to have access rights to Neo4j, or any other systems. +|Valid values +a|dbms.security.ldap.authorization.use_system_account, a boolean +|Default value +m|+++false+++ +|=== + +[[config_dbms.security.ldap.authorization.user_search_base]] +.dbms.security.ldap.authorization.user_search_base +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The name of the base object or named context to search for user objects when LDAP authorization is enabled. A common case is that this matches the last part of `<>`. +|Valid values +a|dbms.security.ldap.authorization.user_search_base, a string which Can not be empty +|Dynamic a|true +|Default value +m|+++ou=users,dc=example,dc=com+++ +|=== + +[[config_dbms.security.ldap.authorization.user_search_filter]] +.dbms.security.ldap.authorization.user_search_filter +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The LDAP search filter to search for a user principal when LDAP authorization is enabled. The filter should contain the placeholder token {0} which will be substituted for the user principal. +|Valid values +a|dbms.security.ldap.authorization.user_search_filter, a string +|Dynamic a|true +|Default value +m|+++(&(objectClass=*)(uid={0}))+++ +|=== + +[[config_dbms.security.ldap.connection_timeout]] +.dbms.security.ldap.connection_timeout +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The timeout for establishing an LDAP connection. If a connection with the LDAP server cannot be established within the given time the attempt is aborted. A value of 0 means to use the network protocol's (i.e., TCP's) timeout value. +|Valid values +a|dbms.security.ldap.connection_timeout, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +|Default value +m|+++30s+++ +|=== + +[[config_dbms.security.ldap.host]] +.dbms.security.ldap.host +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]URL of LDAP server to use for authentication and authorization. The format of the setting is `://:`, where hostname is the only required field. The supported values for protocol are `ldap` (default) and `ldaps`. The default port for `ldap` is 389 and for `ldaps` 636. For example: `ldaps://ldap.example.com:10389`. +You may want to consider using STARTTLS (`<>`) instead of LDAPS for secure connections, in which case the correct protocol is `ldap`. +|Valid values +a|dbms.security.ldap.host, a string +|Default value +m|+++localhost+++ +|=== + +[[config_dbms.security.ldap.read_timeout]] +.dbms.security.ldap.read_timeout +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The timeout for an LDAP read request (i.e. search). If the LDAP server does not respond within the given time the request will be aborted. A value of 0 means wait for a response indefinitely. +|Valid values +a|dbms.security.ldap.read_timeout, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +|Default value +m|+++30s+++ +|=== + +[[config_dbms.security.ldap.referral]] +.dbms.security.ldap.referral +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The LDAP referral behavior when creating a connection. This is one of `follow`, `ignore` or `throw`. +* `follow` automatically follows any referrals +* `ignore` ignores any referrals +* `throw` throws an exception, which will lead to authentication failure. +|Valid values +a|dbms.security.ldap.referral, a string +|Default value +m|+++follow+++ +|=== + +[[config_dbms.security.ldap.use_starttls]] +.dbms.security.ldap.use_starttls +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Use secure communication with the LDAP server using opportunistic TLS. First an initial insecure connection will be made with the LDAP server, and a STARTTLS command will be issued to negotiate an upgrade of the connection to TLS before initiating authentication. +|Valid values +a|dbms.security.ldap.use_starttls, a boolean +|Default value +m|+++false+++ +|=== + +[[config_dbms.security.log_successful_authentication]] +.dbms.security.log_successful_authentication +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Set to log successful authentication events to the security log. If this is set to `false` only failed authentication events will be logged, which could be useful if you find that the successful events spam the logs too much, and you do not require full auditing capability. +|Valid values +a|dbms.security.log_successful_authentication, a boolean +|Default value +m|+++true+++ +|=== + +[[config_dbms.security.oidc.-provider-.audience]] +.dbms.security.oidc..audience +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Expected values of the Audience (aud) claim in the id token. +|Valid values +a|dbms.security.oidc..audience, a ',' separated list with elements of type 'a string'. which Can not be empty +|Dynamic a|true +|=== + +[[config_dbms.security.oidc.-provider-.auth_endpoint]] +.dbms.security.oidc..auth_endpoint +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The OIDC authorization endpoint. If this is not supplied Neo4j will attempt to discover it from the well_known_discovery_uri. +|Valid values +a|dbms.security.oidc..auth_endpoint, a URI +|Dynamic a|true +|=== + +[[config_dbms.security.oidc.-provider-.auth_flow]] +.dbms.security.oidc..auth_flow +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The OIDC flow to use. This is exposed to clients via the discovery endpoint. Supported values are `pkce` and `implicit` +|Valid values +a|dbms.security.oidc..auth_flow, one of [PKCE, IMPLICIT] +|Dynamic a|true +|Default value +m|+++PKCE+++ +|=== + +[[config_dbms.security.oidc.-provider-.auth_params]] +.dbms.security.oidc..auth_params +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Optional additional parameters that the auth endpoint requires. Please use params instead. The map is a semicolon separated list of key-value pairs. For example: `k1=v1;k2=v2`. +|Valid values +a|dbms.security.oidc..auth_params, A simple key value map pattern `k1=v1;k2=v2`. +|Dynamic a|true +|Default value +m|+++{}+++ +|Deprecated +a|The `dbms.security.oidc..auth_params` configuration setting has been deprecated. +|=== + +[[config_dbms.security.oidc.-provider-.authorization.group_to_role_mapping]] +.dbms.security.oidc..authorization.group_to_role_mapping +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]An authorization mapping from IdP group names to Neo4j role names. The map should be formatted as a semicolon separated list of key-value pairs, where the key is the IdP group name and the value is a comma separated list of corresponding role names. For example: group1=role1;group2=role2;group3=role3,role4,role5 +You could also use whitespaces and quotes around group names to make this mapping more readable, for example: +---- +dbms.security.oidc..authorization.group_to_role_mapping=\ + "Neo4j Read Only" = reader; \ + "Neo4j Read-Write" = publisher; \ + "Neo4j Schema Manager" = architect; \ + "Neo4j Administrator" = admin +---- +|Valid values +a|dbms.security.oidc..authorization.group_to_role_mapping, a string which must be semicolon separated list of key-value pairs or empty +|Dynamic a|true +|=== + +[[config_dbms.security.oidc.-provider-.claims.groups]] +.dbms.security.oidc..claims.groups +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The claim to use as the list of groups in Neo4j. These could be Neo4J roles directly, or can be mapped using dbms.security.oidc..authorization.group_to_role_mapping. +|Valid values +a|dbms.security.oidc..claims.groups, a string +|Dynamic a|true +|=== + +[[config_dbms.security.oidc.-provider-.claims.username]] +.dbms.security.oidc..claims.username +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The claim to use as the username in Neo4j. This would typically be sub, but in some situations it may be be desirable to use something else such as email. +|Valid values +a|dbms.security.oidc..claims.username, a string +|Dynamic a|true +|Default value +m|+++sub+++ +|=== + +[[config_dbms.security.oidc.-provider-.client_id]] +.dbms.security.oidc..client_id +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Client id needed if token contains multiple Audience (aud) claims. +|Valid values +a|dbms.security.oidc..client_id, a string +|Dynamic a|true +|=== + +[[config_dbms.security.oidc.-provider-.config]] +.dbms.security.oidc..config +[cols="<1s,<4a"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The accepted values (all optional) are: + +* `principal`: in which JWT claim the user's email address is specified, email is the default. This is the value that will be shown in browser. +* `code_challenge_method`: default is `S256` and it's the only supported method at this moment. This setting applies only for pkce auth flow +* `token_type_principal`: the options are almost always either `access_token`, which is the default, or `id_token`. +* `token_type_authentication`: the options are almost always either `access_token`, which is the default, or `id_token`. +* `implicit_flow_requires_nonce`: true or false. Defaults to false. + +|Valid values +a|dbms.security.oidc..config, A simple key value map pattern `k1=v1;k2=v2`. Valid key options are: `[implicit_flow_requires_nonce, token_type_authentication, token_type_principal, principal, code_challenge_method]`. +|Dynamic a|true +|Default value +m|+++{}+++ +|=== + +[[config_dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled]] +.dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled +[cols="<1s,<4"] +|=== +|Description +a|When set to `true`, it logs the claims from the JWT. This will only take effect when the security log level is set to `DEBUG`. + +WARNING: It is strongly advised that this is set to `false` when running in a production environment in order to prevent logging of sensitive information. Also note that the contents of the JWT claims set can change over time because they are dependent entirely upon the ID provider. +|Valid values +a|dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled, a boolean +|Default value +m|+++false+++ +|=== + + +[[config_dbms.security.oidc.-provider-.display_name]] +.dbms.security.oidc..display_name +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The user-facing name of the provider as provided by the discovery endpoint to clients (Bloom, Browser etc.). +|Valid values +a|dbms.security.oidc..display_name, a string +|=== + +[[config_dbms.security.oidc.-provider-.get_groups_from_user_info]] +.dbms.security.oidc..get_groups_from_user_info +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]When turned on, Neo4j gets the groups from the provider user info endpoint. +|Valid values +a|dbms.security.oidc..get_groups_from_user_info, a boolean +|Dynamic a|true +|Default value +m|+++false+++ +|=== + +[[config_dbms.security.oidc.-provider-.get_username_from_user_info]] +.dbms.security.oidc..get_username_from_user_info +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]When turned on, Neo4j gets the username from the provider user info endpoint. +|Valid values +a|dbms.security.oidc..get_username_from_user_info, a boolean +|Dynamic a|true +|Default value +m|+++false+++ +|=== + +[[config_dbms.security.oidc.-provider-.issuer]] +.dbms.security.oidc..issuer +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The expected value of the iss claim in the id token. If this is not supplied Neo4j will attempt to discover it from the well_known_discovery_uri. +|Valid values +a|dbms.security.oidc..issuer, a string +|Dynamic a|true +|=== + +[[config_dbms.security.oidc.-provider-.jwks_uri]] +.dbms.security.oidc..jwks_uri +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The location of the JWK public key set for the identity provider. If this is not supplied Neo4j will attempt to discover it from the well_known_discovery_uri. +|Valid values +a|dbms.security.oidc..jwks_uri, a URI +|Dynamic a|true +|=== + +[[config_dbms.security.oidc.-provider-.params]] +.dbms.security.oidc..params +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The map is a semicolon separated list of key-value pairs. For example: `k1=v1;k2=v2`. +The user should at least provide: +---- + client_id: the SSO Idp client idenfifier. + response_type: code if auth_flow is pkce or token for implicit auth_flow. + scope: often containing a subset of 'email profile openid groups'. +---- +For example: `client_id=my-client-id;response_type=code;scope=openid profile email`. +|Valid values +a|dbms.security.oidc..params, A simple key value map pattern `k1=v1;k2=v2`. Required key options are: `[scope, client_id, response_type]`. +|Dynamic a|true +|Default value +m|+++{}+++ +|=== + +[[config_dbms.security.oidc.-provider-.token_endpoint]] +.dbms.security.oidc..token_endpoint +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The OIDC token endpoint. If this is not supplied Neo4j will attempt to discover it from the well_known_discovery_uri. +|Valid values +a|dbms.security.oidc..token_endpoint, a URI +|Dynamic a|true +|=== + +[[config_dbms.security.oidc.-provider-.token_params]] +.dbms.security.oidc..token_params +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Optional query parameters that the token endpoint requires. The map is a semicolon separated list of key-value pairs. For example: `k1=v1;k2=v2`.If the token endpoint requires a client_secret then this parameter should contain `client_secret=super-secret` +|Valid values +a|dbms.security.oidc..token_params, A simple key value map pattern `k1=v1;k2=v2`. +|Dynamic a|true +|Default value +m|+++{}+++ +|=== + +[[config_dbms.security.oidc.-provider-.user_info_uri]] +.dbms.security.oidc..user_info_uri +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The identity providers user info uri. +|Valid values +a|dbms.security.oidc..user_info_uri, a URI +|Dynamic a|true +|=== + +[[config_dbms.security.oidc.-provider-.well_known_discovery_uri]] +.dbms.security.oidc..well_known_discovery_uri +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The 'well known' OpenID Connect Discovery endpoint used to fetch identity provider settings. If not provided, `issuer`, `jwks_uri`, `auth_endpoint` should be present. If the auth_flow is pkce, `token_endpoint` should also be provided. +|Valid values +a|dbms.security.oidc..well_known_discovery_uri, a URI +|Dynamic a|true +|=== + +[[config_dbms.security.procedures.allowlist]] +.dbms.security.procedures.allowlist +[cols="<1s,<4"] +|=== +|Description +a|A list of procedures (comma separated) that are to be loaded. The list may contain both fully-qualified procedure names, and partial names with the wildcard '*'. If this setting is left empty no procedures will be loaded. +|Valid values +a|dbms.security.procedures.allowlist, a ',' separated list with elements of type 'a string'. +|Default value +m|+++*+++ +|=== + +[[config_dbms.security.procedures.unrestricted]] +.dbms.security.procedures.unrestricted +[cols="<1s,<4"] +|=== +|Description +a|A list of procedures and user defined functions (comma separated) that are allowed full access to the database. The list may contain both fully-qualified procedure names, and partial names with the wildcard '*'. Note that this enables these procedures to bypass security. Use with caution. +|Valid values +a|dbms.security.procedures.unrestricted, a ',' separated list with elements of type 'a string'. +|Default value +m|++++++ +|=== + +[[config_initial.dbms.database_allocator]] +.initial.dbms.database_allocator +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Name of the initial database allocator. After the creation of the dbms it can be set with the 'dbms.setDatabaseAllocator' procedure. +|Valid values +a|initial.dbms.database_allocator, a string +|Default value +m|+++EQUAL_NUMBERS+++ +|=== + +[[config_initial.dbms.default_database]] +.initial.dbms.default_database +[cols="<1s,<4"] +|=== +|Description +a|Name of the default database (aliases are not supported). +|Valid values +a|initial.dbms.default_database, A valid database name containing only alphabetic characters, numbers, dots and dashes with a length between 3 and 63 characters, starting with an alphabetic character but not with the name 'system' +|Default value +m|+++neo4j+++ +|=== + +[[config_initial.dbms.default_primaries_count]] +.initial.dbms.default_primaries_count +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Initial default number of primary instances of user databases. If the user does not specify the number of primaries in 'CREATE DATABASE', this value will be used, unless it is overwritten with the 'dbms.setDefaultAllocationNumbers' procedure. +|Valid values +a|initial.dbms.default_primaries_count, an integer which is minimum `1` and is maximum `11`. +The same value applies to runtime max number. +|Default value +m|+++1+++ +|=== + +[[config_initial.dbms.default_secondaries_count]] +.initial.dbms.default_secondaries_count +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Initial default number of secondary instances of user databases. If the user does not specify the number of secondaries in 'CREATE DATABASE', this value will be used, unless it is overwritten with the 'dbms.setDefaultAllocationNumbers' procedure. +|Valid values +a|initial.dbms.default_secondaries_count, an integer which is minimum `0` and is maximum `20`. +The same value applies to runtime max number. +|Default value +m|+++0+++ +|=== + +[[config_initial.server.allowed_databases]] +.initial.server.allowed_databases +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The names of databases that are allowed on this server - all others are denied. Empty means all are allowed. Can be overridden when enabling the server, or altered at runtime, without changing this setting. Exclusive with 'server.initial_denied_databases' +|Valid values +a|initial.server.allowed_databases, a ',' separated set with elements of type 'a string'. +|Default value +m|++++++ +|=== + +[[config_initial.server.denied_databases]] +.initial.server.denied_databases +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The names of databases that are not allowed on this server. Empty means nothing is denied. Can be overridden when enabling the server, or altered at runtime, without changing this setting. Exclusive with 'server.initial_allowed_databases' +|Valid values +a|initial.server.denied_databases, a ',' separated set with elements of type 'a string'. +|Default value +m|++++++ +|=== + +[[config_initial.server.mode_constraint]] +.initial.server.mode_constraint +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]An instance can restrict itself to allow databases to be hosted only as primaries or secondaries. This setting is the default input for the `ENABLE SERVER` command - the user can overwrite it when executing the procedure. +|Valid values +a|initial.server.mode_constraint, one of [PRIMARY, SECONDARY, NONE] +|Default value +m|+++NONE+++ +|=== + +[[config_server.backup.enabled]] +.server.backup.enabled +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Enable support for running online backups. +|Valid values +a|server.backup.enabled, a boolean +|Default value +m|+++true+++ +|=== + +[[config_server.backup.listen_address]] +.server.backup.listen_address +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Network interface and port for the backup server to listen on. +|Valid values +a|server.backup.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port' +|Default value +m|+++127.0.0.1:6362+++ +|=== + +[[config_server.backup.store_copy_max_retry_time_per_request]] +.server.backup.store_copy_max_retry_time_per_request +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Maximum retry time per request during store copy. Regular store files and indexes are downloaded in separate requests during store copy. This configures the maximum time failed requests are allowed to resend. +|Valid values +a|server.backup.store_copy_max_retry_time_per_request, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +|Default value +m|+++20m+++ +|=== + +[[config_server.bolt.advertised_address]] +.server.bolt.advertised_address +[cols="<1s,<4"] +|=== +|Description +a|Advertised address for this connector. +|Valid values +a|server.bolt.advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address +|Default value +m|+++:7687+++ +|=== + +[[config_server.bolt.connection_keep_alive]] +.server.bolt.connection_keep_alive +[cols="<1s,<4"] +|=== +|Description +a|The maximum time to wait before sending a NOOP on connections waiting for responses from active ongoing queries.The minimum value is 1 millisecond. +|Valid values +a|server.bolt.connection_keep_alive, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) which is minimum `1ms` +|Default value +m|1m +|=== + +[[config_server.bolt.connection_keep_alive_for_requests]] +.server.bolt.connection_keep_alive_for_requests +[cols="<1s,<4"] +|=== +|Description +a|The type of messages to enable keep-alive messages for (ALL, STREAMING or OFF) +|Valid values +a|server.bolt.connection_keep_alive_for_requests, one of [ALL, STREAMING, OFF] +|Default value +m|STREAMING +|=== + +[[config_server.bolt.connection_keep_alive_probes]] +.server.bolt.connection_keep_alive_probes +[cols="<1s,<4"] +|=== +|Description +a|The total amount of probes to be missed before a connection is considered stale.The minimum for this value is 1. +|Valid values +a|server.bolt.connection_keep_alive_probes, an integer which is minimum `1` +|Default value +m|2 +|=== + +[[config_server.bolt.connection_keep_alive_streaming_scheduling_interval]] +.server.bolt.connection_keep_alive_streaming_scheduling_interval +[cols="<1s,<4"] +|=== +|Description +a|The interval between every scheduled keep-alive check on all connections with active queries. Zero duration turns off keep-alive service. +|Valid values +a|server.bolt.connection_keep_alive_streaming_scheduling_interval, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) which is minimum `0s` +|Default value +m|1m +|=== + +[[config_server.bolt.enabled]] +.server.bolt.enabled +[cols="<1s,<4"] +|=== +|Description +a|Enable the bolt connector. +|Valid values +a|server.bolt.enabled, a boolean +|Default value +m|true +|=== + +[[config_server.bolt.listen_address]] +.server.bolt.listen_address +[cols="<1s,<4"] +|=== +|Description +a|Address the connector should bind to. +|Valid values +a|server.bolt.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address +|Default value +m|+++:7687+++ +|=== + +[[config_server.bolt.ocsp_stapling_enabled]] +.server.bolt.ocsp_stapling_enabled +[cols="<1s,<4"] +|=== +|Description +a|Enable server OCSP stapling for bolt and http connectors. +|Valid values +a|server.bolt.ocsp_stapling_enabled, a boolean +|Default value +m|false +|=== + +[[config_server.bolt.thread_pool_keep_alive]] +.server.bolt.thread_pool_keep_alive +[cols="<1s,<4"] +|=== +|Description +a|The maximum time an idle thread in the thread pool bound to this connector will wait for new tasks. +|Valid values +a|server.bolt.thread_pool_keep_alive, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +|Default value +m|+++5m+++ +|=== + +[[config_server.bolt.thread_pool_max_size]] +.server.bolt.thread_pool_max_size +[cols="<1s,<4"] +|=== +|Description +a|The maximum number of threads allowed in the thread pool bound to this connector. +|Valid values +a|server.bolt.thread_pool_max_size, an integer +|Default value +m|+++400+++ +|=== + +[[config_server.bolt.thread_pool_min_size]] +.server.bolt.thread_pool_min_size +[cols="<1s,<4"] +|=== +|Description +a|The number of threads to keep in the thread pool bound to this connector, even if they are idle. +|Valid values +a|server.bolt.thread_pool_min_size, an integer +|Default value +m|+++5+++ +|=== + +[[config_server.bolt.tls_level]] +.server.bolt.tls_level +[cols="<1s,<4"] +|=== +|Description +a|Encryption level to require this connector to use. +|Valid values +a|server.bolt.tls_level, one of [REQUIRED, OPTIONAL, DISABLED] +|Default value +m|+++DISABLED+++ +|=== + +[[config_server.cluster.advertised_address]] +.server.cluster.advertised_address +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Advertised hostname/IP address and port for the transaction shipping server. +|Valid values +a|server.cluster.advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address +|Default value +m|+++:6000+++ +|=== + +[[config_server.cluster.catchup.connect_randomly_to_server_group]] +.server.cluster.catchup.connect_randomly_to_server_group +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Comma separated list of groups to be used by the connect-randomly-to-server-group selection strategy. The connect-randomly-to-server-group strategy is used if the list of strategies (`<>`) includes the value `connect-randomly-to-server-group`. +|Valid values +a|server.cluster.catchup.connect_randomly_to_server_group, a ',' separated list with elements of type 'a string identifying a Server Tag'. +|Dynamic a|true +|Default value +m|++++++ +|=== + +[[config_server.cluster.catchup.upstream_strategy]] +.server.cluster.catchup.upstream_strategy +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]An ordered list in descending preference of the strategy which secondaries use to choose the upstream server from which to pull transactional updates. If none are valid or the list is empty, there is a default strategy of `typically-connect-to-random-secondary`. +|Valid values +a|server.cluster.catchup.upstream_strategy, a ',' separated list with elements of type 'a string'. +|Default value +m|++++++ +|=== + +[[config_server.cluster.catchup.user_defined_upstream_strategy]] +.server.cluster.catchup.user_defined_upstream_strategy +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Configuration of a user-defined upstream selection strategy. The user-defined strategy is used if the list of strategies (`<>`) includes the value `user_defined`. +|Valid values +a|server.cluster.catchup.user_defined_upstream_strategy, a string +|Default value +m|++++++ +|=== + +[[config_server.cluster.listen_address]] +.server.cluster.listen_address +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Network interface and port for the transaction shipping server to listen on. Please note that it is also possible to run the backup client against this port so always limit access to it via the firewall and configure an ssl policy. +|Valid values +a|server.cluster.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address +|Default value +m|+++:6000+++ +|=== + +[[config_server.cluster.network.native_transport_enabled]] +.server.cluster.network.native_transport_enabled +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Use native transport if available. Epoll for Linux or Kqueue for MacOS/BSD. If this setting is set to false, or if native transport is not available, Nio transport will be used. +|Valid values +a|server.cluster.network.native_transport_enabled, a boolean +|Default value +m|+++true+++ +|=== + +[[config_server.cluster.raft.advertised_address]] +.server.cluster.raft.advertised_address +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Advertised hostname/IP address and port for the RAFT server. +|Valid values +a|server.cluster.raft.advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address +|Default value +m|+++:7000+++ +|=== + +[[config_server.cluster.raft.listen_address]] +.server.cluster.raft.listen_address +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Network interface and port for the RAFT server to listen on. +|Valid values +a|server.cluster.raft.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address +|Default value +m|+++:7000+++ +|=== + +[[config_server.cluster.system_database_mode]] +.server.cluster.system_database_mode +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Users must manually specify the mode for the system database on each instance. +|Valid values +a|server.cluster.system_database_mode, one of [PRIMARY, SECONDARY] +|Default value +m|+++PRIMARY+++ +|=== + +[[config_server.config.strict_validation.enabled]] +.server.config.strict_validation.enabled +[cols="<1s,<4"] +|=== +|Description +a|A strict configuration validation will prevent the database from starting up if unknown configuration options are specified in the neo4j settings namespace (such as dbms., cypher., etc) or if settings are declared multiple times. +|Valid values +a|server.config.strict_validation.enabled, a boolean +|Default value +m|+++true+++ +|=== + +[[config_server.databases.default_to_read_only]] +.server.databases.default_to_read_only +[cols="<1s,<4"] +|=== +|Description +a|Whether or not any database on this instance are read_only by default. If false, individual databases may be marked as read_only using server.database.read_only. If true, individual databases may be marked as writable using <>. +|Valid values +a|server.databases.default_to_read_only, a boolean +|Dynamic a|true +|Default value +m|+++false+++ +|=== + +[[config_server.databases.read_only]] +.server.databases.read_only +[cols="<1s,<4"] +|=== +|Description +a|List of databases for which to prevent write queries. Databases not included in this list maybe read_only anyway depending upon the value of <>. +|Valid values +a|server.databases.read_only, a ',' separated set with elements of type 'A valid database name containing only alphabetic characters, numbers, dots and dashes with a length between 3 and 63 characters, starting with an alphabetic character but not with the name 'system''. which Value 'system' can't be included in read only databases collection! +|Dynamic a|true +|Default value +m|++++++ +|=== + +[[config_server.databases.writable]] +.server.databases.writable +[cols="<1s,<4"] +|=== +|Description +a|List of databases for which to allow write queries. Databases not included in this list will allow write queries anyway, unless <> is set to true. +|Valid values +a|server.databases.writable, a ',' separated set with elements of type 'A valid database name containing only alphabetic characters, numbers, dots and dashes with a length between 3 and 63 characters, starting with an alphabetic character but not with the name 'system''. +|Dynamic a|true +|Default value +m|++++++ +|=== + +[[config_server.db.query_cache_size]] +.server.db.query_cache_size +[cols="<1s,<4"] +|=== +|Description +a|The number of cached Cypher query execution plans per database. The max number of query plans that can be kept in cache is the `number of databases` * ``server.db.query_cache_size``. With 10 databases and ``server.db.query_cache_size``=1000, the caches can keep 10000 plans in total on the instance, assuming that each DB receives queries that fill up its cache. +|Valid values +a|server.db.query_cache_size, an integer which is minimum `0` +|Default value +m|+++1000+++ +|=== + +[[config_server.default_advertised_address]] +.server.default_advertised_address +[cols="<1s,<4"] +|=== +|Description +a|Default hostname or IP address the server uses to advertise itself. +|Valid values +a|server.default_advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which has no specified port and accessible address +|Default value +m|+++localhost+++ +|=== + +[[config_server.default_listen_address]] +.server.default_listen_address +[cols="<1s,<4"] +|=== +|Description +a|Default network interface to listen for incoming connections. To listen for connections on all interfaces, use "0.0.0.0". +|Valid values +a|server.default_listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which has no specified port +|Default value +m|+++localhost+++ +|=== + +[[config_server.directories.cluster_state]] +.server.directories.cluster_state +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Directory to hold cluster state including Raft log. +|Valid values +a|server.directories.cluster_state, a path. If relative it is resolved from server.directories.data +|Default value +m|+++cluster-state+++ +|=== + +[[config_server.directories.data]] +.server.directories.data +[cols="<1s,<4"] +|=== +|Description +a|Path of the data directory. You must not configure more than one Neo4j installation to use the same data directory. +|Valid values +a|server.directories.data, a path. If relative it is resolved from server.directories.neo4j_home +|Default value +m|+++data+++ +|=== + +[[config_server.directories.dumps.root]] +.server.directories.dumps.root +[cols="<1s,<4"] +|=== +|Description +a|Root location where Neo4j will store database dumps optionally produced when dropping said databases. +|Valid values +a|server.directories.dumps.root, a path. If relative it is resolved from server.directories.data +|Default value +m|+++dumps+++ +|=== + +[[config_server.directories.import]] +.server.directories.import +[cols="<1s,<4"] +|=== +|Description +a|Sets the root directory for file URLs used with the Cypher `LOAD CSV` clause. This should be set to a directory relative to the Neo4j installation path, restricting access to only those files within that directory and its subdirectories. For example the value "import" will only enable access to files within the 'import' folder. Removing this setting will disable the security feature, allowing all files in the local system to be imported. Setting this to an empty field will allow access to all files within the Neo4j installation folder. +|Valid values +a|server.directories.import, a path. If relative it is resolved from server.directories.neo4j_home +|=== + +[[config_server.directories.lib]] +.server.directories.lib +[cols="<1s,<4"] +|=== +|Description +a|Path of the lib directory. +|Valid values +a|server.directories.lib, a path. If relative it is resolved from server.directories.neo4j_home +|Default value +m|+++lib+++ +|=== + +[[config_server.directories.licenses]] +.server.directories.licenses +[cols="<1s,<4"] +|=== +|Description +a|Path of the licenses directory. +|Valid values +a|server.directories.licenses, a path. If relative it is resolved from server.directories.neo4j_home +|Default value +m|+++licenses+++ +|=== + +[[config_server.directories.logs]] +.server.directories.logs +[cols="<1s,<4"] +|=== +|Description +a|Path of the logs directory. +|Valid values +a|server.directories.logs, a path. If relative it is resolved from server.directories.neo4j_home +|Default value +m|+++logs+++ +|=== + +[[config_server.directories.metrics]] +.server.directories.metrics +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The target location of the CSV files: a path to a directory wherein a CSV file per reported field will be written. +|Valid values +a|server.directories.metrics, a path. If relative it is resolved from server.directories.neo4j_home +|Default value +m|+++metrics+++ +|=== + +[[config_server.directories.neo4j_home]] +.server.directories.neo4j_home +[cols="<1s,<4"] +|=== +|Description +a|Root relative to which directory settings are resolved. Calculated and set by the server on startup. +|Valid values +a|server.directories.neo4j_home, a path which is absolute +|Default value +m|Defaults to current working directory +|=== + +[[config_server.directories.plugins]] +.server.directories.plugins +[cols="<1s,<4"] +|=== +|Description +a|Location of the database plugin directory. Compiled Java JAR files that contain database procedures will be loaded if they are placed in this directory. +|Valid values +a|server.directories.plugins, a path. If relative it is resolved from server.directories.neo4j_home +|Default value +m|+++plugins+++ +|=== + +[[config_server.directories.run]] +.server.directories.run +[cols="<1s,<4"] +|=== +|Description +a|Path of the run directory. This directory holds Neo4j's runtime state, such as a pidfile when it is running in the background. The pidfile is created when starting neo4j and removed when stopping it. It may be placed on an in-memory filesystem such as tmpfs. +|Valid values +a|server.directories.run, a path. If relative it is resolved from server.directories.neo4j_home +|Default value +m|+++run+++ +|=== + +[[config_server.directories.script.root]] +.server.directories.script.root +[cols="<1s,<4"] +|=== +|Description +a|Root location where Neo4j will store scripts for configured databases. +|Valid values +a|server.directories.script.root, a path. If relative it is resolved from server.directories.data +|Default value +m|+++scripts+++ +|=== + +[[config_server.directories.transaction.logs.root]] +.server.directories.transaction.logs.root +[cols="<1s,<4"] +|=== +|Description +a|Root location where Neo4j will store transaction logs for configured databases. +|Valid values +a|server.directories.transaction.logs.root, a path. If relative it is resolved from server.directories.data +|Default value +m|+++transactions+++ +|=== + +[[config_server.discovery.advertised_address]] +.server.discovery.advertised_address +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Advertised cluster member discovery management communication. +|Valid values +a|server.discovery.advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address +|Default value +m|+++:5000+++ +|=== + +[[config_server.discovery.listen_address]] +.server.discovery.listen_address +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Host and port to bind the cluster member discovery management communication. +|Valid values +a|server.discovery.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address +|Default value +m|+++:5000+++ +|=== + +[[config_server.dynamic.setting.allowlist]] +.server.dynamic.setting.allowlist +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]A list of setting name patterns (comma separated) that are allowed to be dynamically changed. The list may contain both full setting names, and partial names with the wildcard '*'. If this setting is left empty all dynamic settings updates will be blocked. +|Valid values +a|server.dynamic.setting.allowlist, a ',' separated list with elements of type 'a string'. +|Default value +m|+++*+++ +|=== + +[[config_server.groups]] +.server.groups +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]A list of tag names for the server used when configuring load balancing and replication policies. +|Valid values +a|server.groups, a ',' separated list with elements of type 'a string identifying a Server Tag'. +|Dynamic a|true +|Default value +m|++++++ +|=== + +[[config_server.http.advertised_address]] +.server.http.advertised_address +[cols="<1s,<4"] +|=== +|Description +a|Advertised address for this connector. +|Valid values +a|server.http.advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address +|Default value +m|+++:7474+++ +|=== + +[[config_server.http.enabled]] +.server.http.enabled +[cols="<1s,<4"] +|=== +|Description +a|Enable the http connector. +|Valid values +a|server.http.enabled, a boolean +|Default value +m|true +|=== + +[[config_server.http.listen_address]] +.server.http.listen_address +[cols="<1s,<4"] +|=== +|Description +a|Address the connector should bind to. +|Valid values +a|server.http.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address +|Default value +m|+++:7474+++ +|=== + +[[config_server.http_enabled_modules]] +.server.http_enabled_modules +[cols="<1s,<4"] +|=== +|Description +a|Defines the set of modules loaded into the Neo4j web server. Options include TRANSACTIONAL_ENDPOINTS, BROWSER, UNMANAGED_EXTENSIONS and ENTERPRISE_MANAGEMENT_ENDPOINTS (if applicable). +|Valid values +a|server.http_enabled_modules, a ',' separated set with elements of type 'one of [TRANSACTIONAL_ENDPOINTS, UNMANAGED_EXTENSIONS, BROWSER, ENTERPRISE_MANAGEMENT_ENDPOINTS]'. +|Default value +m|+++TRANSACTIONAL_ENDPOINTS,UNMANAGED_EXTENSIONS,BROWSER,ENTERPRISE_MANAGEMENT_ENDPOINTS+++ +|=== + +[[config_server.https.advertised_address]] +.server.https.advertised_address +[cols="<1s,<4"] +|=== +|Description +a|Advertised address for this connector. +|Valid values +a|server.https.advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address +|Default value +m|+++:7473+++ +|=== + +[[config_server.https.enabled]] +.server.https.enabled +[cols="<1s,<4"] +|=== +|Description +a|Enable the https connector. +|Valid values +a|server.https.enabled, a boolean +|Default value +m|+++false+++ +|=== + +[[config_server.https.listen_address]] +.server.https.listen_address +[cols="<1s,<4"] +|=== +|Description +a|Address the connector should bind to. +|Valid values +a|server.https.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address +|Default value +m|+++:7473+++ +|=== + +[[config_server.jvm.additional]] +.server.jvm.additional +[cols="<1s,<4"] +|=== +|Description +a|Additional JVM arguments. Argument order can be significant. To use a Java commercial feature, the argument to unlock commercial features must precede the argument to enable the specific feature in the config value string. For example, to use Flight Recorder, `-XX:+UnlockCommercialFeatures` must come before `-XX:+FlightRecorder`. +|Valid values +a|server.jvm.additional, one or more jvm arguments +|=== + +[[config_server.logs.config]] +.server.logs.config +[cols="<1s,<4"] +|=== +|Description +a|Path to the logging configuration for debug, query, http and security logs. +|Valid values +a|server.logs.config, a path. If relative it is resolved from server.directories.neo4j_home +|Default value +m|+++conf/server-logs.xml+++ +|=== + +[[config_server.logs.debug.enabled]] +.server.logs.debug.enabled +[cols="<1s,<4"] +|=== +|Description +a|Enable the debug log. +|Valid values +a|server.logs.debug.enabled, a boolean +|Default value +m|+++true+++ +|=== + +[[config_server.logs.gc.enabled]] +.server.logs.gc.enabled +[cols="<1s,<4"] +|=== +|Description +a|Enable GC Logging. +|Valid values +a|server.logs.gc.enabled, a boolean +|Default value +m|+++false+++ +|=== + +[[config_server.logs.gc.options]] +.server.logs.gc.options +[cols="<1s,<4"] +|=== +|Description +a|GC Logging Options. +|Valid values +a|server.logs.gc.options, a string +|Default value +m|+++-Xlog:gc*,safepoint,age*=trace+++ +|=== + +[[config_server.logs.gc.rotation.keep_number]] +.server.logs.gc.rotation.keep_number +[cols="<1s,<4"] +|=== +|Description +a|Number of GC logs to keep. +|Valid values +a|server.logs.gc.rotation.keep_number, an integer +|Default value +m|+++5+++ +|=== + +[[config_server.logs.gc.rotation.size]] +.server.logs.gc.rotation.size +[cols="<1s,<4"] +|=== +|Description +a|Size of each GC log that is kept. +|Valid values +a|server.logs.gc.rotation.size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) +|Default value +m|+++20.00MiB+++ +|=== + +[[config_server.logs.user.config]] +.server.logs.user.config +[cols="<1s,<4"] +|=== +|Description +a|Path to the logging configuration of user logs. +|Valid values +a|server.logs.user.config, a path. If relative it is resolved from server.directories.neo4j_home +|Default value +m|+++conf/user-logs.xml+++ +|=== + +[[config_server.max_databases]] +.server.max_databases +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The maximum number of databases. +|Valid values +a|server.max_databases, a long which is minimum `2` +|Default value +m|+++100+++ +|=== + +[[config_server.memory.heap.initial_size]] +.server.memory.heap.initial_size +[cols="<1s,<4"] +|=== +|Description +a|Initial heap size. By default it is calculated based on available system resources. +|Valid values +a|server.memory.heap.initial_size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) +|=== + +[[config_server.memory.heap.max_size]] +.server.memory.heap.max_size +[cols="<1s,<4"] +|=== +|Description +a|Maximum heap size. By default it is calculated based on available system resources. +|Valid values +a|server.memory.heap.max_size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) +|=== + +[[config_server.memory.off_heap.block_cache_size]] +.server.memory.off_heap.block_cache_size +[cols="<1s,<4"] +|=== +|Description +a|Defines the size of the off-heap memory blocks cache. The cache will contain this number of blocks for each block size that is power of two. Thus, maximum amount of memory used by blocks cache can be calculated as 2 * <> * `server.memory.off_heap.block_cache_size` +|Valid values +a|server.memory.off_heap.block_cache_size, an integer which is minimum `16` +|Default value +m|+++128+++ +|=== + +[[config_server.memory.off_heap.max_cacheable_block_size]] +.server.memory.off_heap.max_cacheable_block_size +[cols="<1s,<4"] +|=== +|Description +a|Defines the maximum size of an off-heap memory block that can be cached to speed up allocations. The value must be a power of 2. +|Valid values +a|server.memory.off_heap.max_cacheable_block_size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `4.00KiB` and is power of 2 +|Default value +m|+++512.00KiB+++ +|=== + +[[config_server.memory.off_heap.max_size]] +.server.memory.off_heap.max_size +[cols="<1s,<4"] +|=== +|Description +a|The maximum amount of off-heap memory that can be used to store transaction state data; it's a total amount of memory shared across all active transactions. Zero means 'unlimited'. Used when <> is set to 'OFF_HEAP'. +|Valid values +a|server.memory.off_heap.max_size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `0B` +|Default value +m|+++2.00GiB+++ +|=== + +[[config_server.memory.pagecache.directio]] +.server.memory.pagecache.directio +[cols="<1s,<4"] +|=== +|Description +a|Use direct I/O for page cache. Setting is supported only on Linux and only for a subset of record formats that use platform aligned page size. +|Valid values +a|server.memory.pagecache.directio, a boolean +|Default value +m|+++false+++ +|=== + +[[config_server.memory.pagecache.flush.buffer.enabled]] +.server.memory.pagecache.flush.buffer.enabled +[cols="<1s,<4"] +|=== +|Description +a|Page cache can be configured to use a temporal buffer for flushing purposes. It is used to combine, if possible, sequence of several cache pages into one bigger buffer to minimize the number of individual IOPS performed and better utilization of available I/O resources, especially when those are restricted. +|Valid values +a|server.memory.pagecache.flush.buffer.enabled, a boolean +|Dynamic a|true +|Default value +m|+++false+++ +|=== + +[[config_server.memory.pagecache.flush.buffer.size_in_pages]] +.server.memory.pagecache.flush.buffer.size_in_pages +[cols="<1s,<4"] +|=== +|Description +a|Page cache can be configured to use a temporal buffer for flushing purposes. It is used to combine, if possible, sequence of several cache pages into one bigger buffer to minimize the number of individual IOPS performed and better utilization of available I/O resources, especially when those are restricted. Use this setting to configure individual file flush buffer size in pages (8KiB). To be able to utilize this buffer during page cache flushing, buffered flush should be enabled. +|Valid values +a|server.memory.pagecache.flush.buffer.size_in_pages, an integer which is in the range `1` to `512` +|Dynamic a|true +|Default value +m|+++128+++ +|=== + +[[config_server.memory.pagecache.scan.prefetchers]] +.server.memory.pagecache.scan.prefetchers +[cols="<1s,<4"] +|=== +|Description +a|The maximum number of worker threads to use for pre-fetching data when doing sequential scans. Set to '0' to disable pre-fetching for scans. +|Valid values +a|server.memory.pagecache.scan.prefetchers, an integer which is in the range `0` to `255` +|Default value +m|+++4+++ +|=== + +[[config_server.memory.pagecache.size]] +.server.memory.pagecache.size +[cols="<1s,<4"] +|=== +|Description +a|The amount of memory to use for mapping the store files. If Neo4j is running on a dedicated server, then it is generally recommended to leave about 2-4 gigabytes for the operating system, give the JVM enough heap to hold all your transaction state and query context, and then leave the rest for the page cache. If no page cache memory is configured, then a heuristic setting is computed based on available system resources. +|Valid values +a|server.memory.pagecache.size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) +|Default value +m|By default the size of page cache will be 50% och available RAM minus the max heap size.The size of the page cache will also not be larger than 70x the max heap size (due to some overhead of the page cache in the heap. +|=== + +[[config_server.metrics.csv.enabled]] +.server.metrics.csv.enabled +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Set to `true` to enable exporting metrics to CSV files. +|Valid values +a|server.metrics.csv.enabled, a boolean +|Default value +m|+++true+++ +|=== + +[[config_server.metrics.csv.interval]] +.server.metrics.csv.interval +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The reporting interval for the CSV files. That is, how often new rows with numbers are appended to the CSV files. +|Valid values +a|server.metrics.csv.interval, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) which is minimum `1ms` +|Default value +m|+++30s+++ +|=== + +[[config_server.metrics.csv.rotation.compression]] +.server.metrics.csv.rotation.compression +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Decides what compression to use for the csv history files. +|Valid values +a|server.metrics.csv.rotation.compression, one of [NONE, ZIP, GZ] +|Default value +m|+++NONE+++ +|=== + +[[config_server.metrics.csv.rotation.keep_number]] +.server.metrics.csv.rotation.keep_number +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Maximum number of history files for the csv files. +|Valid values +a|server.metrics.csv.rotation.keep_number, an integer which is minimum `1` +|Default value +m|+++7+++ +|=== + +[[config_server.metrics.csv.rotation.size]] +.server.metrics.csv.rotation.size +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The file size in bytes at which the csv files will auto-rotate. If set to zero then no rotation will occur. Accepts a binary suffix `k`, `m` or `g`. +|Valid values +a|server.metrics.csv.rotation.size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is in the range `0B` to `8388608.00TiB` +|Default value +m|+++10.00MiB+++ +|=== + +[[config_server.metrics.enabled]] +.server.metrics.enabled +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Enable metrics. Setting this to `false` will to turn off all metrics. +|Valid values +a|server.metrics.enabled, a boolean +|Default value +m|+++true+++ +|=== + +[[config_server.metrics.filter]] +.server.metrics.filter +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Specifies which metrics should be enabled by using a comma separated list of globbing patterns. Only the metrics matching the filter will be enabled. For example `\*check_point*,neo4j.page_cache.evictions` will enable any checkpoint metrics and the pagecache eviction metric. +|Valid values +a|server.metrics.filter, a ',' separated list with elements of type 'A simple globbing pattern that can use `*` and `?`.'. +|Default value +m|+++*bolt.connections*,*bolt.messages_received*,*bolt.messages_started*,*dbms.pool.bolt.free,*dbms.pool.bolt.total_size,*dbms.pool.bolt.total_used,*dbms.pool.bolt.used_heap,*cluster.core.is_leader,*cluster.core.last_leader_message,*cluster.core.replication_attempt,*cluster.core.replication_fail,*cluster.core.last_applied,*cluster.core.last_appended,*check_point.duration,*check_point.total_time,*cypher.replan_events,*ids_in_use*,*pool.transaction.*.total_used,*pool.transaction.*.used_heap,*pool.transaction.*.used_native,*store.size*,*transaction.active_read,*transaction.active_write,*transaction.committed*,*transaction.last_committed_tx_id,*transaction.peak_concurrent,*transaction.rollbacks*,*page_cache.hit*,*page_cache.page_faults,*page_cache.usage_ratio,*vm.file.descriptors.count,*vm.gc.time.*,*vm.heap.used,*vm.memory.buffer.direct.used,*vm.memory.pool.g1_eden_space,*vm.memory.pool.g1_old_gen,*vm.pause_time,*vm.thread*,*db.query.execution*+++ +|=== + +[[config_server.metrics.graphite.enabled]] +.server.metrics.graphite.enabled +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Set to `true` to enable exporting metrics to Graphite. +|Valid values +a|server.metrics.graphite.enabled, a boolean +|Default value +m|+++false+++ +|=== + +[[config_server.metrics.graphite.interval]] +.server.metrics.graphite.interval +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The reporting interval for Graphite. That is, how often to send updated metrics to Graphite. +|Valid values +a|server.metrics.graphite.interval, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +|Default value +m|+++30s+++ +|=== + +[[config_server.metrics.graphite.server]] +.server.metrics.graphite.server +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The hostname or IP address of the Graphite server. +|Valid values +a|server.metrics.graphite.server, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address +|Default value +m|+++:2003+++ +|=== + +[[config_server.metrics.jmx.enabled]] +.server.metrics.jmx.enabled +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Set to `true` to enable the JMX metrics endpoint. +|Valid values +a|server.metrics.jmx.enabled, a boolean +|Default value +m|+++true+++ +|=== + +[[config_server.metrics.prefix]] +.server.metrics.prefix +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]A common prefix for the reported metrics field names. +|Valid values +a|server.metrics.prefix, a string +|Default value +m|+++neo4j+++ +|=== + +[[config_server.metrics.prometheus.enabled]] +.server.metrics.prometheus.enabled +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Set to `true` to enable the Prometheus endpoint. +|Valid values +a|server.metrics.prometheus.enabled, a boolean +|Default value +m|+++false+++ +|=== + +[[config_server.metrics.prometheus.endpoint]] +.server.metrics.prometheus.endpoint +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The hostname and port to use as Prometheus endpoint. +|Valid values +a|server.metrics.prometheus.endpoint, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address +|Default value +m|+++localhost:2004+++ +|=== + +[[config_server.panic.shutdown_on_panic]] +.server.panic.shutdown_on_panic +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]If there is a Database Management System Panic (an irrecoverable error) should the neo4j process shut down or continue running. Following a DbMS panic it is likely that a significant amount of functionality will be lost. Recovering full functionality will require a Neo4j restart. This feature is available in Neo4j Enterprise Edition. +|Valid values +a|server.panic.shutdown_on_panic, a boolean +|Default value +m|`false` except for Neo4j Enterprise Edition deployments running on Kubernetes where it is `true`. +|=== + +[[config_server.routing.advertised_address]] +.server.routing.advertised_address +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The advertised address for the intra-cluster routing connector. +|Valid values +a|server.routing.advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address +|Default value +m|+++:7688+++ +|=== + +[[config_server.routing.listen_address]] +.server.routing.listen_address +[cols="<1s,<4"] +|=== +|Description +a|The address the routing connector should bind to. +|Valid values +a|server.routing.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address +|Default value +m|+++:7688+++ +|=== + +[[config_server.threads.worker_count]] +.server.threads.worker_count +[cols="<1s,<4"] +|=== +|Description +a|Number of Neo4j worker threads. This setting is only valid for REST, and does not influence bolt-server. It sets the amount of worker threads for the Jetty server used by neo4j-server. This option can be tuned when you plan to execute multiple, concurrent REST requests, with the aim of getting more throughput from the database. Your OS might enforce a lower limit than the maximum value specified here. +|Valid values +a|server.threads.worker_count, an integer which is in the range `1` to `44738` +|Default value +m|Number of available processors, or 500 for machines which have more than 500 processors. +|=== + +[[config_server.unmanaged_extension_classes]] +.server.unmanaged_extension_classes +[cols="<1s,<4"] +|=== +|Description +a|Comma-separated list of = for unmanaged extensions. +|Valid values +a|server.unmanaged_extension_classes, a ',' separated list with elements of type '= string'. +|Default value +m|++++++ +|=== + +[[config_server.windows_service_name]] +.server.windows_service_name +[cols="<1s,<4"] +|=== +|Description +a|Name of the Windows Service managing Neo4j when installed using `neo4j install-service`. Only applicable on Windows OS. Note: This must be unique for each individual installation. +|Valid values +a|server.windows_service_name, a string +|Default value +m|+++neo4j+++ +|=== diff --git a/modules/ROOT/partials/installation/windows/powershell.adoc b/modules/ROOT/partials/installation/windows/powershell.adoc deleted file mode 100644 index f0e44f3da..000000000 --- a/modules/ROOT/partials/installation/windows/powershell.adoc +++ /dev/null @@ -1,133 +0,0 @@ -[[powershell]] -= Windows PowerShell module - -The Neo4j PowerShell module allows administrators to: - -* Install, start and stop Neo4j Windows® Services. -* Start tools, such as `Neo4j Admin` and `Cypher Shell`. - -The PowerShell module is installed as part of the https://neo4j.com/download/other-releases/#releases[ZIP file] distributions of Neo4j. - - -[[powershell-requirements]] -== System requirements - -* Requires PowerShell v2.0 or above. -* Supported on either 32 or 64 bit operating systems. - - -[[powershell-windows]] -== Managing Neo4j on Windows - -On Windows, it is sometimes necessary to _Unblock_ a downloaded ZIP file before you can import its contents as a module. -If you right-click on the ZIP file and choose "Properties" you will get a dialog which includes an "Unblock" button, which will enable you to import the module. - -Running scripts has to be enabled on the system. -This can, for example, be achieved by executing the following from an elevated PowerShell prompt: - -[source,powershell] ----- -Set-ExecutionPolicy -ExecutionPolicy RemoteSigned ----- -For more information, see https://technet.microsoft.com/en-us/library/hh847748.aspx[About execution policies]. - -The PowerShell module will display a warning if it detects that you do not have administrative rights. - - -[[powershell-module-import]] -== How do I import the module? - -The module file is located in the _bin_ directory of your Neo4j installation, i.e. where you unzipped the downloaded file. -For example, if Neo4j was installed in _C:\Neo4j_ then the module would be imported like this: - -[source,powershell] ----- -Import-Module C:\Neo4j\bin\Neo4j-Management.psd1 ----- - -This will add the module to the current session. - -Once the module has been imported you can start an interactive console version of a Neo4j Server like this: - -[source,powershell] ----- -Invoke-Neo4j console ----- - -To stop the server, issue `Ctrl-C` in the console window that was created by the command. - - -[[powershell-help]] -== How do I get help about the module? - -Once the module is imported you can query the available commands like this: - -[source,powershell] ----- -Get-Command -Module Neo4j-Management ----- - -The output should be similar to the following: - -[source, shell, subs="attributes"] ----- -CommandType Name Version Source ------------ ---- ------- ------ -Function Invoke-Neo4j {neo4j-version-exact} Neo4j-Management -Function Invoke-Neo4jAdmin {neo4j-version-exact} Neo4j-Management -Function Invoke-Neo4jBackup {neo4j-version-exact} Neo4j-Management -Function Invoke-Neo4jImport {neo4j-version-exact} Neo4j-Management -Function Invoke-Neo4jShell {neo4j-version-exact} Neo4j-Management ----- - -The module also supports the standard PowerShell help commands. - -[source,powershell] ----- -Get-Help Invoke-Neo4j ----- - -Run the following to see examples of help commands: - -[source,powershell] ----- -Get-Help Invoke-Neo4j -examples ----- - - -[[powershell-examples]] -== Example usage - -* List of available commands: -+ -[source,powershell] ----- -Invoke-Neo4j ----- - -* Current status of the Neo4j service: -+ -[source,powershell] ----- -Invoke-Neo4j status ----- - -* Install the service with verbose output: -+ -[source,powershell] ----- -Invoke-Neo4j install-service -Verbose ----- - -* Available commands for administrative tasks: -+ -[source,powershell] ----- -Invoke-Neo4jAdmin ----- - - -[[powershell-common-parameters]] -== Common PowerShell parameters - -The module commands support the common PowerShell parameter of `Verbose`. diff --git a/modules/ROOT/partials/neo4j-config/all-settings.adoc b/modules/ROOT/partials/neo4j-config/all-settings.adoc deleted file mode 100644 index fa903345a..000000000 --- a/modules/ROOT/partials/neo4j-config/all-settings.adoc +++ /dev/null @@ -1,4066 +0,0 @@ -// tag::settings-reference-all-settings[] -[[settings-reference-all-settings]] -.All settings -ifndef::nonhtmloutput[] -[options="header"] -|=== -|Name|Description -|<>|label:enterprise-edition[Enterprise only]Configure the policy for outgoing Neo4j Browser connections. -|<>|label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to time out logged in users after this idle period. -|<>|Commands to be run when Neo4j Browser successfully connects to this server. -|<>|Whitelist of hosts for the Neo4j Browser to be allowed to fetch content from. -|<>|label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to store or not store user credentials. -|<>|label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to store or not store user editor history. -|<>|Configure client applications such as Browser and Bloom to send Product Analytics data. -|<>|Configures the general policy for when check-points should occur. -|<>|Configures the time interval between check-points. -|<>|Configures the transaction interval between check-points. -|<>|Configures the volume of transaction logs between check-points. -|<>|Limit the number of IOs the background checkpoint process will consume per second. -|<>|label:enterprise-edition[Enterprise only]Interval of pulling updates from cores. -|<>|label:enterprise-edition[Enterprise only]The maximum number of bytes in the apply buffer. -|<>|label:enterprise-edition[Enterprise only]The maximum number of entries in the raft log entry prefetch buffer. -|<>|label:enterprise-edition[Enterprise only]Largest batch processed by RAFT in bytes. -|<>|label:enterprise-edition[Enterprise only]Maximum number of bytes in the RAFT in-queue. -|<>|label:enterprise-edition[Enterprise only]The name of a server_group whose members should be prioritized as leaders. -|<>|label:enterprise-edition[Enterprise only]RAFT log pruning strategy that determines which logs are to be pruned. -|<>|label:enterprise-edition[Enterprise only]The maximum number of bytes in the in-flight cache. -|<>|label:enterprise-edition[Enterprise only]The maximum number of entries in the in-flight cache. -|<>|Allows the enabling or disabling of the file watcher service. -|<>|Database format. -|<>|The size of the internal buffer in bytes used by `LOAD CSV`. -|<>|Selects whether to conform to the standard https://tools.ietf.org/html/rfc4180 for interpreting escaped quotation characters in CSV files loaded using `LOAD CSV`. -|<>|The name of the analyzer that the fulltext indexes should use by default. -|<>|Whether or not fulltext indexes should be eventually consistent by default or not. -|<>|The eventually_consistent mode of the fulltext indexes works by queueing up index updates to be applied later in a background thread. -|<>|Enable or disable background index sampling. -|<>|Index sampling chunk size limit. -|<>|Percentage of index updates of total index size required before sampling of a given index is triggered. -|<>|The maximum time interval within which lock should be acquired. -|<>|Log query text and parameters without obfuscating passwords. -|<>|Log executed queries. -|<>|Sets a maximum character length use for each parameter in the log. -|<>|Obfuscates all literals of the query before writing to the log. -|<>|Log parameters for the executed queries being logged. -|<>|Log query plan description table, useful for debugging purposes. -|<>|If the execution of query takes more time than this threshold, the query is logged once completed - provided query logging is set to INFO. -|<>|Log the start and end of a transaction. -|<>|If the transaction is open for more time than this threshold, the transaction is logged once completed - provided transaction logging (db.logs.query.transaction.enabled) is set to `INFO`. -|<>|Page cache can be configured to perform usage sampling of loaded pages that can be used to construct active load profile. -|<>|Page cache warmup can be configured to prefetch files, preferably when cache size is bigger than store size. -|<>|Page cache warmup prefetch file allowlist regex. -|<>|The profiling frequency for the page cache. -|<>|Limit the amount of memory that a single transaction can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). -|<>|Limit the amount of memory that all transactions in one database can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). -|<>|If `true`, Neo4j will abort recovery if transaction log files are missing. -|<>|Relationship count threshold for considering a node to be dense. -|<>|The maximum amount of time to wait for running transactions to complete before allowing initiated database shutdown to continue. -|<>|Specify if Neo4j should try to preallocate store files as they grow. -|<>|Database timezone for temporal functions. -|<>|Enables or disables tracking of how much time a query spends actively executing on the CPU. -|<>|The maximum amount of time to wait for the database state represented by the bookmark. -|<>|The maximum number of concurrently running transactions. -|<>|Configures the time interval between transaction monitor checks. -|<>|Transaction sampling percentage. -|<>|The maximum time interval of a transaction within which it should be completed. -|<>|Transaction creation tracing level. -|<>|On serialization of transaction logs, they will be temporary stored in the byte buffer that will be flushed at the end of the transaction or at any moment when buffer will be full. -|<>|Specify if Neo4j should try to preallocate logical log file in advance. -|<>|Tell Neo4j how long logical transaction logs should be kept to backup the database.For example, "10 days" will prune logical logs that only contain transactions older than 10 days.Alternatively, "100k txs" will keep the 100k latest transactions from each database and prune any older transactions. -|<>|Specifies at which file size the logical log will auto-rotate. -|<>|Defines whether memory for transaction state should be allocated on- or off-heap. -|<>|label:enterprise-edition[Enterprise only]The catch up protocol times out if the given duration elapses with no network activity. -|<>|label:enterprise-edition[Enterprise only]A comma-separated list of endpoints which a server should contact in order to discover other cluster members. -|<>|label:enterprise-edition[Enterprise only]The level of middleware logging. -|<>|label:enterprise-edition[Enterprise only]Configure the discovery type used for cluster name resolution. -|<>|label:enterprise-edition[Enterprise only]Minimum number of machines initially required to formed a clustered DBMS. -|<>|label:enterprise-edition[Enterprise only]Time out for protocol negotiation handshake. -|<>|label:enterprise-edition[Enterprise only]Maximum chunk size allowable across network by clustering machinery. -|<>|label:enterprise-edition[Enterprise only]Network compression algorithms that this instance will allow in negotiation as a comma-separated list. -|<>|label:enterprise-edition[Enterprise only]The time allowed for a database on a Neo4j server to either join a cluster or form a new cluster with the other Neo4j Servers provided by `dbms.cluster.discovery.endpoints`. -|<>|label:enterprise-edition[Enterprise only]The maximum number of TCP channels between two nodes to operate the raft protocol. -|<>|label:enterprise-edition[Enterprise only]The rate at which leader elections happen. -|<>|label:enterprise-edition[Enterprise only]The time window within which the loss of the leader is detected and the first re-election attempt is held. -|<>|label:enterprise-edition[Enterprise only]Which strategy to use when transferring database leaderships around a cluster. -|<>|label:enterprise-edition[Enterprise only]RAFT log pruning frequency. -|<>|label:enterprise-edition[Enterprise only]RAFT log reader pool size. -|<>|label:enterprise-edition[Enterprise only]RAFT log rotation size. -|<>|label:enterprise-edition[Enterprise only]Maximum amount of lag accepted for a new follower to join the Raft group. -|<>|label:enterprise-edition[Enterprise only]Time out for a new member to catch up. -|<>|label:enterprise-edition[Enterprise only]Maximum retry time per request during store copy. -|<>|This setting is associated with performance optimization. -|<>|This setting is associated with performance optimization. -|<>|Set this to specify the behavior when Cypher planner or runtime hints cannot be fulfilled. -|<>|Set this to change the behavior for Cypher create relationship when the start or end node is missing. -|<>|The minimum time between possible cypher query replanning events. -|<>|Set this to specify the default planner for the default language version. -|<>|If set to `true` a textual representation of the plan description will be rendered on the server for all queries running with `EXPLAIN` or `PROFILE`. -|<>|The threshold for statistics above which a plan is considered stale. -+ -If any of the underlying statistics used to create the plan have changed more than this value, the plan will be considered stale and will be replanned. -|<>|label:enterprise-edition[Enterprise only]Databases may be created from an existing 'seed' (a database backup or dump) stored at some source URI. -|<>|Database timezone. -|<>|label:enterprise-edition[Enterprise only]Address for Kubernetes API. -|<>|label:enterprise-edition[Enterprise only]File location of CA certificate for Kubernetes API. -|<>|label:enterprise-edition[Enterprise only]Kubernetes cluster domain. -|<>|label:enterprise-edition[Enterprise only]LabelSelector for Kubernetes API. -|<>|label:enterprise-edition[Enterprise only]File location of namespace for Kubernetes API. -|<>|label:enterprise-edition[Enterprise only]Service port name for discovery for Kubernetes API. -|<>|label:enterprise-edition[Enterprise only]File location of token for Kubernetes API. -|<>|Enable HTTP request logging. -|<>|Enable off heap and on heap memory tracking. -|<>|Limit the amount of memory that all of the running transactions can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). -|<>|Netty SSL provider. -|<>|Always use client side routing (regardless of the default router) for neo4j:// protocol connections to these domains. -|<>|Routing strategy for neo4j:// protocol connections. -Default is `CLIENT`, using client-side routing, with server-side routing as a fallback (if enabled). -When set to `SERVER`, client-side routing is short-circuited, and requests will rely on server-side routing (which must be enabled for proper operation, i.e. -|<>|Socket connection timeout. -A timeout of zero is treated as an infinite timeout and will be bound by the timeout configured on the -operating system level. -|<>|Pooled connections older than this threshold will be closed and removed from the pool. -Setting this option to a low value will cause a high connection churn and might result in a performance hit. -It is recommended to set maximum lifetime to a slightly smaller value than the one configured in network -equipment (load balancer, proxy, firewall, etc. -|<>|Maximum amount of time spent attempting to acquire a connection from the connection pool. -This timeout only kicks in when all existing connections are being used and no new connections can be created because maximum connection pool size has been reached. -Error is raised when connection can't be acquired within configured time. -Negative values are allowed and result in unlimited acquisition timeout. -|<>|Pooled connections that have been idle in the pool for longer than this timeout will be tested before they are used again, to ensure they are still alive. -If this option is set too low, an additional network call will be incurred when acquiring a connection, which causes a performance hit. -If this is set high, no longer live connections might be used which might lead to errors. -Hence, this parameter tunes a balance between the likelihood of experiencing connection problems and performance -Normally, this parameter should not need tuning. -Value 0 means connections will always be tested for validity. -|<>|Maximum total number of connections to be managed by a connection pool. -The limit is enforced for a combination of a host and user. -|<>|Sets level for driver internal logging. -|<>|Enable server-side routing in clusters using an additional bolt connector. -When configured, this allows requests to be forwarded from one cluster member to another, if the requests can't be satisfied by the first member (e.g. -|<>|label:enterprise-edition[Enterprise only]The load balancing plugin to use. -|<>|label:enterprise-edition[Enterprise only]Enables shuffling of the returned load balancing result. -|<>|label:enterprise-edition[Enterprise only]Configure if the `dbms.routing.getRoutingTable()` procedure should include non-writer primaries as read endpoints or return only secondaries. -|<>|label:enterprise-edition[Enterprise only]Configure if the `dbms.routing.getRoutingTable()` procedure should include the writer as read endpoint or return only non-writers (non writer primaries and secondaries) Note: writer is returned as read endpoint if no other member is present all. -|<>|How long callers should cache the response of the routing procedure `dbms.routing.getRoutingTable()`. -|<>|Determines if Cypher will allow using file URLs when loading data using `LOAD CSV`. -|<>|label:enterprise-edition[Enterprise only]The maximum capacity for authentication and authorization caches (respectively). -|<>|label:enterprise-edition[Enterprise only]The time to live (TTL) for cached authentication and authorization info when using external auth providers (LDAP or plugin). -|<>|label:enterprise-edition[Enterprise only]Enable time-based eviction of the authentication and authorization info cache for external auth providers (LDAP or plugin). -|<>|Enable auth requirement to access Neo4j. -|<>|label:version-number[Neo4j 5.3]The minimum number of characters required in a password. -|<>|The amount of time user account should be locked after a configured number of unsuccessful authentication attempts. -|<>|The maximum number of unsuccessful authentication attempts before imposing a user lock for the configured amount of time, as defined by `dbms.security.auth_lock_time`.The locked out user will not be able to log in until the lock period expires, even if correct credentials are provided. -|<>|label:enterprise-edition[Enterprise only]A list of security authentication providers containing the users and roles. -|<>|label:enterprise-edition[Enterprise only]A list of security authorization providers containing the users and roles. -|<>|label:enterprise-edition[Enterprise only]Require authorization for access to the Causal Clustering status endpoints. -|<>|Value of the Access-Control-Allow-Origin header sent over any HTTP or HTTPS connector. -|<>|Defines an allowlist of http paths where Neo4j authentication is not required. -|<>|Value of the HTTP Strict-Transport-Security (HSTS) response header. -|<>|label:enterprise-edition[Enterprise only]Name of the 256 length AES encryption key, which is used for the symmetric encryption. -|<>|label:enterprise-edition[Enterprise only]Password for accessing the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption. -|<>|label:enterprise-edition[Enterprise only]Location of the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption of secrets held in system database. -|<>|label:enterprise-edition[Enterprise only]The attribute to use when looking up users. -Using this setting requires `dbms.security.ldap.authentication.search_for_attribute` to be true and thus `dbms.security.ldap.authorization.system_username` and `dbms.security.ldap.authorization.system_password` to be configured. -|<>|label:enterprise-edition[Enterprise only]Determines if the result of authentication via the LDAP server should be cached or not. -|<>|label:enterprise-edition[Enterprise only]LDAP authentication mechanism. -|<>|label:enterprise-edition[Enterprise only]Perform authentication by searching for an unique attribute of a user. -Using this setting requires `dbms.security.ldap.authorization.system_username` and `dbms.security.ldap.authorization.system_password` to be configured. -|<>|label:enterprise-edition[Enterprise only]LDAP user DN template. -|<>|label:enterprise-edition[Enterprise only]The LDAP group to which a user must belong to get any access to the system.Set this to restrict access to a subset of LDAP users belonging to a particular group. -|<>|label:enterprise-edition[Enterprise only]A list of attribute names on a user object that contains groups to be used for mapping to roles when LDAP authorization is enabled. -|<>|label:enterprise-edition[Enterprise only]An authorization mapping from LDAP group names to Neo4j role names. -|<>|label:enterprise-edition[Enterprise only]This setting determines whether multiple LDAP search results will be processed (as is required for the lookup of nested groups). -|<>|label:enterprise-edition[Enterprise only]The search template which will be used to find the nested groups which the user is a member of. -|<>|label:enterprise-edition[Enterprise only]An LDAP system account password to use for authorization searches when `dbms.security.ldap.authorization.use_system_account` is `true`. -|<>|label:enterprise-edition[Enterprise only]An LDAP system account username to use for authorization searches when `dbms.security.ldap.authorization.use_system_account` is `true`. -|<>|label:enterprise-edition[Enterprise only]Perform LDAP search for authorization info using a system account instead of the user's own account. -If this is set to `false` (default), the search for group membership will be performed directly after authentication using the LDAP context bound with the user's own account. -|<>|label:enterprise-edition[Enterprise only]The name of the base object or named context to search for user objects when LDAP authorization is enabled. -|<>|label:enterprise-edition[Enterprise only]The LDAP search filter to search for a user principal when LDAP authorization is enabled. -|<>|label:enterprise-edition[Enterprise only]The timeout for establishing an LDAP connection. -|<>|label:enterprise-edition[Enterprise only]URL of LDAP server to use for authentication and authorization. -|<>|label:enterprise-edition[Enterprise only]The timeout for an LDAP read request (i.e. -|<>|label:enterprise-edition[Enterprise only]The LDAP referral behavior when creating a connection. -|<>|label:enterprise-edition[Enterprise only]Use secure communication with the LDAP server using opportunistic TLS. -|<>|label:enterprise-edition[Enterprise only]Set to log successful authentication events to the security log. -|<.audience>>|label:enterprise-edition[Enterprise only]Expected values of the Audience (aud) claim in the id token. -|<.auth_endpoint>>|label:enterprise-edition[Enterprise only]The OIDC authorization endpoint. -|<.auth_flow>>|label:enterprise-edition[Enterprise only]The OIDC flow to use. -|<.auth_params>>|label:enterprise-edition[Enterprise only]Optional additional parameters that the auth endpoint requires. -|<.authorization.group_to_role_mapping>>|label:enterprise-edition[Enterprise only]An authorization mapping from IdP group names to Neo4j role names. -|<.claims.groups>>|label:enterprise-edition[Enterprise only]The claim to use as the list of groups in Neo4j. -|<.claims.username>>|label:enterprise-edition[Enterprise only]The claim to use as the username in Neo4j. -|<.client_id>>|label:enterprise-edition[Enterprise only]Client id needed if token contains multiple Audience (aud) claims. -|<.config>>|label:enterprise-edition[Enterprise only] -|<.display_name>>|label:enterprise-edition[Enterprise only]The user-facing name of the provider as provided by the discovery endpoint to clients (Bloom, Browser etc.). -|<.get_groups_from_user_info>>|label:enterprise-edition[Enterprise only]When turned on, Neo4j gets the groups from the provider user info endpoint. -|<.get_username_from_user_info>>|label:enterprise-edition[Enterprise only]When turned on, Neo4j gets the username from the provider user info endpoint. -|<.issuer>>|label:enterprise-edition[Enterprise only]The expected value of the iss claim in the id token. -|<.jwks_uri>>|label:enterprise-edition[Enterprise only]The location of the JWK public key set for the identity provider. -|<.params>>|label:enterprise-edition[Enterprise only]The map is a semicolon separated list of key-value pairs. -|<.token_endpoint>>|label:enterprise-edition[Enterprise only]The OIDC token endpoint. -|<.token_params>>|label:enterprise-edition[Enterprise only]Optional query parameters that the token endpoint requires. -|<.user_info_uri>>|label:enterprise-edition[Enterprise only]The identity providers user info uri. -|<.well_known_discovery_uri>>|label:enterprise-edition[Enterprise only]The 'well known' OpenID Connect Discovery endpoint used to fetch identity provider settings. -|<>|A list of procedures (comma separated) that are to be loaded. -|<>|A list of procedures and user defined functions (comma separated) that are allowed full access to the database. -|<>|label:enterprise-edition[Enterprise only]Name of the initial database allocator. -|<>|Name of the default database (aliases are not supported). -|<>|label:enterprise-edition[Enterprise only]Initial default number of primary instances of user databases. -|<>|label:enterprise-edition[Enterprise only]Initial default number of secondary instances of user databases. -|<>|label:enterprise-edition[Enterprise only]The names of databases that are allowed on this server - all others are denied. -|<>|label:enterprise-edition[Enterprise only]The names of databases that are not allowed on this server. -|<>|label:enterprise-edition[Enterprise only]An instance can restrict itself to allow databases to be hosted only as primaries or secondaries. -|<>|label:enterprise-edition[Enterprise only]Enable support for running online backups. -|<>|label:enterprise-edition[Enterprise only]Network interface and port for the backup server to listen on. -|<>|label:enterprise-edition[Enterprise only]Maximum retry time per request during store copy. -|<>|Advertised address for this connector. -|<>|The maximum time to wait before sending a NOOP on connections waiting for responses from active ongoing queries.The minimum value is 1 millisecond. -|<>|The type of messages to enable keep-alive messages for (ALL, STREAMING or OFF). -|<>|The total amount of probes to be missed before a connection is considered stale.The minimum for this value is 1. -|<>|The interval between every scheduled keep-alive check on all connections with active queries. -|<>|Enable the bolt connector. -|<>|Address the connector should bind to. -|<>|Enable server OCSP stapling for bolt and http connectors. -|<>|The maximum time an idle thread in the thread pool bound to this connector will wait for new tasks. -|<>|The maximum number of threads allowed in the thread pool bound to this connector. -|<>|The number of threads to keep in the thread pool bound to this connector, even if they are idle. -|<>|Encryption level to require this connector to use. -|<>|label:enterprise-edition[Enterprise only]Advertised hostname/IP address and port for the transaction shipping server. -|<>|label:enterprise-edition[Enterprise only]Comma separated list of groups to be used by the connect-randomly-to-server-group selection strategy. -|<>|label:enterprise-edition[Enterprise only]An ordered list in descending preference of the strategy which secondaries use to choose the upstream server from which to pull transactional updates. -|<>|label:enterprise-edition[Enterprise only]Configuration of a user-defined upstream selection strategy. -|<>|label:enterprise-edition[Enterprise only]Network interface and port for the transaction shipping server to listen on. -|<>|label:enterprise-edition[Enterprise only]Use native transport if available. -|<>|label:enterprise-edition[Enterprise only]Advertised hostname/IP address and port for the RAFT server. -|<>|label:enterprise-edition[Enterprise only]Network interface and port for the RAFT server to listen on. -|<>|label:enterprise-edition[Enterprise only]Users must manually specify the mode for the system database on each instance. -|<>|A strict configuration validation will prevent the database from starting up if unknown configuration options are specified in the neo4j settings namespace (such as dbms., cypher., etc) or if settings are declared multiple times. -|<>|Whether or not any database on this instance are read_only by default. -|<>|List of databases for which to prevent write queries. -|<>|List of databases for which to allow write queries. -|<>|The number of cached Cypher query execution plans per database. -|<>|Default hostname or IP address the server uses to advertise itself. -|<>|Default network interface to listen for incoming connections. -|<>|label:enterprise-edition[Enterprise only]Directory to hold cluster state including Raft log. -|<>|Path of the data directory. -|<>|Root location where Neo4j will store database dumps optionally produced when dropping said databases. -|<>|Sets the root directory for file URLs used with the Cypher `LOAD CSV` clause. -|<>|Path of the lib directory. -|<>|Path of the licenses directory. -|<>|Path of the logs directory. -|<>|label:enterprise-edition[Enterprise only]The target location of the CSV files: a path to a directory wherein a CSV file per reported field will be written. -|<>|Root relative to which directory settings are resolved. -|<>|Location of the database plugin directory. -|<>|Path of the run directory. -|<>|Root location where Neo4j will store scripts for configured databases. -|<>|Root location where Neo4j will store transaction logs for configured databases. -|<>|label:enterprise-edition[Enterprise only]Advertised cluster member discovery management communication. -|<>|label:enterprise-edition[Enterprise only]Host and port to bind the cluster member discovery management communication. -|<>|label:enterprise-edition[Enterprise only]A list of setting name patterns (comma separated) that are allowed to be dynamically changed. -|<>|label:enterprise-edition[Enterprise only]A list of tag names for the server used when configuring load balancing and replication policies. -|<>|Advertised address for this connector. -|<>|Enable the http connector. -|<>|Address the connector should bind to. -|<>|Defines the set of modules loaded into the Neo4j web server. -|<>|Advertised address for this connector. -|<>|Enable the https connector. -|<>|Address the connector should bind to. -|<>|Additional JVM arguments. -|<>|Path to the logging configuration for debug, query, http and security logs. -|<>|Enable the debug log. -|<>|Enable GC Logging. -|<>|GC Logging Options. -|<>|Number of GC logs to keep. -|<>|Size of each GC log that is kept. -|<>|Path to the logging configuration of user logs. -|<>|label:enterprise-edition[Enterprise only]The maximum number of databases. -|<>|Initial heap size. -|<>|Maximum heap size. -|<>|Defines the size of the off-heap memory blocks cache. -|<>|Defines the maximum size of an off-heap memory block that can be cached to speed up allocations. -|<>|The maximum amount of off-heap memory that can be used to store transaction state data; it's a total amount of memory shared across all active transactions. -|<>|Use direct I/O for page cache. -|<>|Page cache can be configured to use a temporal buffer for flushing purposes. -|<>|Page cache can be configured to use a temporal buffer for flushing purposes. -|<>|The maximum number of worker threads to use for pre-fetching data when doing sequential scans. -|<>|The amount of memory to use for mapping the store files. -|<>|label:enterprise-edition[Enterprise only]Set to `true` to enable exporting metrics to CSV files. -|<>|label:enterprise-edition[Enterprise only]The reporting interval for the CSV files. -|<>|label:enterprise-edition[Enterprise only]Decides what compression to use for the csv history files. -|<>|label:enterprise-edition[Enterprise only]Maximum number of history files for the csv files. -|<>|label:enterprise-edition[Enterprise only]The file size in bytes at which the csv files will auto-rotate. -|<>|label:enterprise-edition[Enterprise only]Enable metrics. -|<>|label:enterprise-edition[Enterprise only]Specifies which metrics should be enabled by using a comma separated list of globbing patterns. -|<>|label:enterprise-edition[Enterprise only]Set to `true` to enable exporting metrics to Graphite. -|<>|label:enterprise-edition[Enterprise only]The reporting interval for Graphite. -|<>|label:enterprise-edition[Enterprise only]The hostname or IP address of the Graphite server. -|<>|label:enterprise-edition[Enterprise only]Set to `true` to enable the JMX metrics endpoint. -|<>|label:enterprise-edition[Enterprise only]A common prefix for the reported metrics field names. -|<>|label:enterprise-edition[Enterprise only]Set to `true` to enable the Prometheus endpoint. -|<>|label:enterprise-edition[Enterprise only]The hostname and port to use as Prometheus endpoint. -|<>|label:enterprise-edition[Enterprise only]If there is a Database Management System Panic (an irrecoverable error) should the neo4j process shut down or continue running. -|<>|label:enterprise-edition[Enterprise only]The advertised address for the intra-cluster routing connector. -|<>|The address the routing connector should bind to. -|<>|Number of Neo4j worker threads. -|<>|Comma-separated list of = for unmanaged extensions. -|<>|Name of the Windows Service managing Neo4j when installed using `neo4j install-service`. -|=== -endif::nonhtmloutput[] - -ifdef::nonhtmloutput[] -* <>: label:enterprise-edition[Enterprise only]Configure the policy for outgoing Neo4j Browser connections. -* <>: label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to time out logged in users after this idle period. -* <>: Commands to be run when Neo4j Browser successfully connects to this server. -* <>: Whitelist of hosts for the Neo4j Browser to be allowed to fetch content from. -* <>: label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to store or not store user credentials. -* <>: label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to store or not store user editor history. -* <>: Configure client applications such as Browser and Bloom to send Product Analytics data. -* <>: Configures the general policy for when check-points should occur. -* <>: Configures the time interval between check-points. -* <>: Configures the transaction interval between check-points. -* <>: Configures the volume of transaction logs between check-points. -* <>: Limit the number of IOs the background checkpoint process will consume per second. -* <>: label:enterprise-edition[Enterprise only]Interval of pulling updates from cores. -* <>: label:enterprise-edition[Enterprise only]The maximum number of bytes in the apply buffer. -* <>: label:enterprise-edition[Enterprise only]The maximum number of entries in the raft log entry prefetch buffer. -* <>: label:enterprise-edition[Enterprise only]Largest batch processed by RAFT in bytes. -* <>: label:enterprise-edition[Enterprise only]Maximum number of bytes in the RAFT in-queue. -* <>: label:enterprise-edition[Enterprise only]The name of a server_group whose members should be prioritized as leaders. -* <>: label:enterprise-edition[Enterprise only]RAFT log pruning strategy that determines which logs are to be pruned. -* <>: label:enterprise-edition[Enterprise only]The maximum number of bytes in the in-flight cache. -* <>: label:enterprise-edition[Enterprise only]The maximum number of entries in the in-flight cache. -* <>: Allows the enabling or disabling of the file watcher service. -* <>: Database format. -* <>: The size of the internal buffer in bytes used by `LOAD CSV`. -* <>: Selects whether to conform to the standard https://tools.ietf.org/html/rfc4180 for interpreting escaped quotation characters in CSV files loaded using `LOAD CSV`. -* <>: The name of the analyzer that the fulltext indexes should use by default. -* <>: Whether or not fulltext indexes should be eventually consistent by default or not. -* <>: The eventually_consistent mode of the fulltext indexes works by queueing up index updates to be applied later in a background thread. -* <>: Enable or disable background index sampling. -* <>: Index sampling chunk size limit. -* <>: Percentage of index updates of total index size required before sampling of a given index is triggered. -* <>: The maximum time interval within which lock should be acquired. -* <>: Log query text and parameters without obfuscating passwords. -* <>: Log executed queries. -* <>: Sets a maximum character length use for each parameter in the log. -* <>: Obfuscates all literals of the query before writing to the log. -* <>: Log parameters for the executed queries being logged. -* <>: Log query plan description table, useful for debugging purposes. -* <>: If the execution of query takes more time than this threshold, the query is logged once completed - provided query logging is set to INFO. -* <>: Log the start and end of a transaction. -* <>: If the transaction is open for more time than this threshold, the transaction is logged once completed - provided transaction logging (db.logs.query.transaction.enabled) is set to `INFO`. -* <>: Page cache can be configured to perform usage sampling of loaded pages that can be used to construct active load profile. -* <>: Page cache warmup can be configured to prefetch files, preferably when cache size is bigger than store size. -* <>: Page cache warmup prefetch file allowlist regex. -* <>: The profiling frequency for the page cache. -* <>: Limit the amount of memory that a single transaction can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). -* <>: Limit the amount of memory that all transactions in one database can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). -* <>: If `true`, Neo4j will abort recovery if transaction log files are missing. -* <>: Relationship count threshold for considering a node to be dense. -* <>: The maximum amount of time to wait for running transactions to complete before allowing initiated database shutdown to continue. -* <>: Specify if Neo4j should try to preallocate store files as they grow. -* <>: Database timezone for temporal functions. -* <>: Enables or disables tracking of how much time a query spends actively executing on the CPU. -* <>: The maximum amount of time to wait for the database state represented by the bookmark. -* <>: The maximum number of concurrently running transactions. -* <>: Configures the time interval between transaction monitor checks. -* <>: Transaction sampling percentage. -* <>: The maximum time interval of a transaction within which it should be completed. -* <>: Transaction creation tracing level. -* <>: On serialization of transaction logs, they will be temporary stored in the byte buffer that will be flushed at the end of the transaction or at any moment when buffer will be full. -* <>: Specify if Neo4j should try to preallocate logical log file in advance. -* <>: Tell Neo4j how long logical transaction logs should be kept to backup the database.For example, "10 days" will prune logical logs that only contain transactions older than 10 days.Alternatively, "100k txs" will keep the 100k latest transactions from each database and prune any older transactions. -* <>: Specifies at which file size the logical log will auto-rotate. -* <>: Defines whether memory for transaction state should be allocated on- or off-heap. -* <>: label:enterprise-edition[Enterprise only]The catch up protocol times out if the given duration elapses with no network activity. -* <>: label:enterprise-edition[Enterprise only]A comma-separated list of endpoints which a server should contact in order to discover other cluster members. -* <>: label:enterprise-edition[Enterprise only]The level of middleware logging. -* <>: label:enterprise-edition[Enterprise only]Configure the discovery type used for cluster name resolution. -* <>: label:enterprise-edition[Enterprise only]Minimum number of machines initially required to formed a clustered DBMS. -* <>: label:enterprise-edition[Enterprise only]Time out for protocol negotiation handshake. -* <>: label:enterprise-edition[Enterprise only]Maximum chunk size allowable across network by clustering machinery. -* <>: label:enterprise-edition[Enterprise only]Network compression algorithms that this instance will allow in negotiation as a comma-separated list. -* <>: label:enterprise-edition[Enterprise only]The time allowed for a database on a Neo4j server to either join a cluster or form a new cluster with the other Neo4j Servers provided by `dbms.cluster.discovery.endpoints`. -* <>: label:enterprise-edition[Enterprise only]The maximum number of TCP channels between two nodes to operate the raft protocol. -* <>: label:enterprise-edition[Enterprise only]The rate at which leader elections happen. -* <>: label:enterprise-edition[Enterprise only]The time window within which the loss of the leader is detected and the first re-election attempt is held. -* <>: label:enterprise-edition[Enterprise only]Which strategy to use when transferring database leaderships around a cluster. -* <>: label:enterprise-edition[Enterprise only]RAFT log pruning frequency. -* <>: label:enterprise-edition[Enterprise only]RAFT log reader pool size. -* <>: label:enterprise-edition[Enterprise only]RAFT log rotation size. -* <>: label:enterprise-edition[Enterprise only]Maximum amount of lag accepted for a new follower to join the Raft group. -* <>: label:enterprise-edition[Enterprise only]Time out for a new member to catch up. -* <>: label:enterprise-edition[Enterprise only]Maximum retry time per request during store copy. -* <>: This setting is associated with performance optimization. -* <>: This setting is associated with performance optimization. -* <>: Set this to specify the behavior when Cypher planner or runtime hints cannot be fulfilled. -* <>: Set this to change the behavior for Cypher create relationship when the start or end node is missing. -* <>: The minimum time between possible cypher query replanning events. -* <>: Set this to specify the default planner for the default language version. -* <>: If set to `true` a textual representation of the plan description will be rendered on the server for all queries running with `EXPLAIN` or `PROFILE`. -* <>: The threshold for statistics above which a plan is considered stale. -+ -If any of the underlying statistics used to create the plan have changed more than this value, the plan will be considered stale and will be replanned. -* <>: label:enterprise-edition[Enterprise only]Databases may be created from an existing 'seed' (a database backup or dump) stored at some source URI. -* <>: Database timezone. -* <>: label:enterprise-edition[Enterprise only]Address for Kubernetes API. -* <>: label:enterprise-edition[Enterprise only]File location of CA certificate for Kubernetes API. -* <>: label:enterprise-edition[Enterprise only]Kubernetes cluster domain. -* <>: label:enterprise-edition[Enterprise only]LabelSelector for Kubernetes API. -* <>: label:enterprise-edition[Enterprise only]File location of namespace for Kubernetes API. -* <>: label:enterprise-edition[Enterprise only]Service port name for discovery for Kubernetes API. -* <>: label:enterprise-edition[Enterprise only]File location of token for Kubernetes API. -* <>: Enable HTTP request logging. -* <>: Enable off heap and on heap memory tracking. -* <>: Limit the amount of memory that all of the running transactions can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). -* <>: Netty SSL provider. -* <>: Always use client side routing (regardless of the default router) for neo4j:// protocol connections to these domains. -* <>: Routing strategy for neo4j:// protocol connections. -Default is `CLIENT`, using client-side routing, with server-side routing as a fallback (if enabled). -When set to `SERVER`, client-side routing is short-circuited, and requests will rely on server-side routing (which must be enabled for proper operation, i.e. -* <>: Socket connection timeout. -A timeout of zero is treated as an infinite timeout and will be bound by the timeout configured on the -operating system level. -* <>: Pooled connections older than this threshold will be closed and removed from the pool. -Setting this option to a low value will cause a high connection churn and might result in a performance hit. -It is recommended to set maximum lifetime to a slightly smaller value than the one configured in network -equipment (load balancer, proxy, firewall, etc. -* <>: Maximum amount of time spent attempting to acquire a connection from the connection pool. -This timeout only kicks in when all existing connections are being used and no new connections can be created because maximum connection pool size has been reached. -Error is raised when connection can't be acquired within configured time. -Negative values are allowed and result in unlimited acquisition timeout. -* <>: Pooled connections that have been idle in the pool for longer than this timeout will be tested before they are used again, to ensure they are still alive. -If this option is set too low, an additional network call will be incurred when acquiring a connection, which causes a performance hit. -If this is set high, no longer live connections might be used which might lead to errors. -Hence, this parameter tunes a balance between the likelihood of experiencing connection problems and performance -Normally, this parameter should not need tuning. -Value 0 means connections will always be tested for validity. -* <>: Maximum total number of connections to be managed by a connection pool. -The limit is enforced for a combination of a host and user. -* <>: Sets level for driver internal logging. -* <>: Enable server-side routing in clusters using an additional bolt connector. -When configured, this allows requests to be forwarded from one cluster member to another, if the requests can't be satisfied by the first member (e.g. -* <>: label:enterprise-edition[Enterprise only]The load balancing plugin to use. -* <>: label:enterprise-edition[Enterprise only]Enables shuffling of the returned load balancing result. -* <>: label:enterprise-edition[Enterprise only]Configure if the `dbms.routing.getRoutingTable()` procedure should include non-writer primaries as read endpoints or return only secondaries. -* <>: label:enterprise-edition[Enterprise only]Configure if the `dbms.routing.getRoutingTable()` procedure should include the writer as read endpoint or return only non-writers (non writer primaries and secondaries) Note: writer is returned as read endpoint if no other member is present all. -* <>: How long callers should cache the response of the routing procedure `dbms.routing.getRoutingTable()`. -* <>: Determines if Cypher will allow using file URLs when loading data using `LOAD CSV`. -* <>: label:enterprise-edition[Enterprise only]The maximum capacity for authentication and authorization caches (respectively). -* <>: label:enterprise-edition[Enterprise only]The time to live (TTL) for cached authentication and authorization info when using external auth providers (LDAP or plugin). -* <>: label:enterprise-edition[Enterprise only]Enable time-based eviction of the authentication and authorization info cache for external auth providers (LDAP or plugin). -* <>: Enable auth requirement to access Neo4j. -* <>: The amount of time user account should be locked after a configured number of unsuccessful authentication attempts. -* <>: The maximum number of unsuccessful authentication attempts before imposing a user lock for the configured amount of time, as defined by `dbms.security.auth_lock_time`.The locked out user will not be able to log in until the lock period expires, even if correct credentials are provided. -* <>: label:enterprise-edition[Enterprise only]A list of security authentication providers containing the users and roles. -* <>: label:enterprise-edition[Enterprise only]A list of security authorization providers containing the users and roles. -* <>: label:enterprise-edition[Enterprise only]Require authorization for access to the Causal Clustering status endpoints. -* <>: Value of the Access-Control-Allow-Origin header sent over any HTTP or HTTPS connector. -* <>: Defines an allowlist of http paths where Neo4j authentication is not required. -* <>: Value of the HTTP Strict-Transport-Security (HSTS) response header. -* <>: label:enterprise-edition[Enterprise only]Name of the 256 length AES encryption key, which is used for the symmetric encryption. -* <>: label:enterprise-edition[Enterprise only]Password for accessing the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption. -* <>: label:enterprise-edition[Enterprise only]Location of the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption of secrets held in system database. -* <>: label:enterprise-edition[Enterprise only]The attribute to use when looking up users. -Using this setting requires `dbms.security.ldap.authentication.search_for_attribute` to be true and thus `dbms.security.ldap.authorization.system_username` and `dbms.security.ldap.authorization.system_password` to be configured. -* <>: label:enterprise-edition[Enterprise only]Determines if the result of authentication via the LDAP server should be cached or not. -* <>: label:enterprise-edition[Enterprise only]LDAP authentication mechanism. -* <>: label:enterprise-edition[Enterprise only]Perform authentication by searching for an unique attribute of a user. -Using this setting requires `dbms.security.ldap.authorization.system_username` and `dbms.security.ldap.authorization.system_password` to be configured. -* <>: label:enterprise-edition[Enterprise only]LDAP user DN template. -* <>: label:enterprise-edition[Enterprise only]The LDAP group to which a user must belong to get any access to the system.Set this to restrict access to a subset of LDAP users belonging to a particular group. -* <>: label:enterprise-edition[Enterprise only]A list of attribute names on a user object that contains groups to be used for mapping to roles when LDAP authorization is enabled. -* <>: label:enterprise-edition[Enterprise only]An authorization mapping from LDAP group names to Neo4j role names. -* <>: label:enterprise-edition[Enterprise only]This setting determines whether multiple LDAP search results will be processed (as is required for the lookup of nested groups). -* <>: label:enterprise-edition[Enterprise only]The search template which will be used to find the nested groups which the user is a member of. -* <>: label:enterprise-edition[Enterprise only]An LDAP system account password to use for authorization searches when `dbms.security.ldap.authorization.use_system_account` is `true`. -* <>: label:enterprise-edition[Enterprise only]An LDAP system account username to use for authorization searches when `dbms.security.ldap.authorization.use_system_account` is `true`. -* <>: label:enterprise-edition[Enterprise only]Perform LDAP search for authorization info using a system account instead of the user's own account. -If this is set to `false` (default), the search for group membership will be performed directly after authentication using the LDAP context bound with the user's own account. -* <>: label:enterprise-edition[Enterprise only]The name of the base object or named context to search for user objects when LDAP authorization is enabled. -* <>: label:enterprise-edition[Enterprise only]The LDAP search filter to search for a user principal when LDAP authorization is enabled. -* <>: label:enterprise-edition[Enterprise only]The timeout for establishing an LDAP connection. -* <>: label:enterprise-edition[Enterprise only]URL of LDAP server to use for authentication and authorization. -* <>: label:enterprise-edition[Enterprise only]The timeout for an LDAP read request (i.e. -* <>: label:enterprise-edition[Enterprise only]The LDAP referral behavior when creating a connection. -* <>: label:enterprise-edition[Enterprise only]Use secure communication with the LDAP server using opportunistic TLS. -* <>: label:enterprise-edition[Enterprise only]Set to log successful authentication events to the security log. -* <.audience>>: label:enterprise-edition[Enterprise only]Expected values of the Audience (aud) claim in the id token. -* <.auth_endpoint>>: label:enterprise-edition[Enterprise only]The OIDC authorization endpoint. -* <.auth_flow>>: label:enterprise-edition[Enterprise only]The OIDC flow to use. -* <.auth_params>>: label:enterprise-edition[Enterprise only]Optional additional parameters that the auth endpoint requires. -* <.authorization.group_to_role_mapping>>: label:enterprise-edition[Enterprise only]An authorization mapping from IdP group names to Neo4j role names. -* <.claims.groups>>: label:enterprise-edition[Enterprise only]The claim to use as the list of groups in Neo4j. -* <.claims.username>>: label:enterprise-edition[Enterprise only]The claim to use as the username in Neo4j. -* <.client_id>>: label:enterprise-edition[Enterprise only]Client id needed if token contains multiple Audience (aud) claims. -* <.config>>: label:enterprise-edition[Enterprise only] -* <.display_name>>: label:enterprise-edition[Enterprise only]The user-facing name of the provider as provided by the discovery endpoint to clients (Bloom, Browser etc.). -* <.get_groups_from_user_info>>: label:enterprise-edition[Enterprise only]When turned on, Neo4j gets the groups from the provider user info endpoint. -* <.get_username_from_user_info>>: label:enterprise-edition[Enterprise only]When turned on, Neo4j gets the username from the provider user info endpoint. -* <.issuer>>: label:enterprise-edition[Enterprise only]The expected value of the iss claim in the id token. -* <.jwks_uri>>: label:enterprise-edition[Enterprise only]The location of the JWK public key set for the identity provider. -* <.params>>: label:enterprise-edition[Enterprise only]The map is a semicolon separated list of key-value pairs. -* <.token_endpoint>>: label:enterprise-edition[Enterprise only]The OIDC token endpoint. -* <.token_params>>: label:enterprise-edition[Enterprise only]Optional query parameters that the token endpoint requires. -* <.user_info_uri>>: label:enterprise-edition[Enterprise only]The identity providers user info uri. -* <.well_known_discovery_uri>>: label:enterprise-edition[Enterprise only]The 'well known' OpenID Connect Discovery endpoint used to fetch identity provider settings. -* <>: A list of procedures (comma separated) that are to be loaded. -* <>: A list of procedures and user defined functions (comma separated) that are allowed full access to the database. -* <>: label:enterprise-edition[Enterprise only]Name of the initial database allocator. -* <>: Name of the default database (aliases are not supported). -* <>: label:enterprise-edition[Enterprise only]Initial default number of primary instances of user databases. -* <>: label:enterprise-edition[Enterprise only]Initial default number of secondary instances of user databases. -* <>: label:enterprise-edition[Enterprise only]The names of databases that are allowed on this server - all others are denied. -* <>: label:enterprise-edition[Enterprise only]The names of databases that are not allowed on this server. -* <>: label:enterprise-edition[Enterprise only]An instance can restrict itself to allow databases to be hosted only as primaries or secondaries. -* <>: label:enterprise-edition[Enterprise only]Enable support for running online backups. -* <>: label:enterprise-edition[Enterprise only]Network interface and port for the backup server to listen on. -* <>: label:enterprise-edition[Enterprise only]Maximum retry time per request during store copy. -* <>: Advertised address for this connector. -* <>: The maximum time to wait before sending a NOOP on connections waiting for responses from active ongoing queries.The minimum value is 1 millisecond. -* <>: The type of messages to enable keep-alive messages for (ALL, STREAMING or OFF). -* <>: The total amount of probes to be missed before a connection is considered stale.The minimum for this value is 1. -* <>: The interval between every scheduled keep-alive check on all connections with active queries. -* <>: Enable the bolt connector. -* <>: Address the connector should bind to. -* <>: Enable server OCSP stapling for bolt and http connectors. -* <>: The maximum time an idle thread in the thread pool bound to this connector will wait for new tasks. -* <>: The maximum number of threads allowed in the thread pool bound to this connector. -* <>: The number of threads to keep in the thread pool bound to this connector, even if they are idle. -* <>: Encryption level to require this connector to use. -* <>: label:enterprise-edition[Enterprise only]Advertised hostname/IP address and port for the transaction shipping server. -* <>: label:enterprise-edition[Enterprise only]Comma separated list of groups to be used by the connect-randomly-to-server-group selection strategy. -* <>: label:enterprise-edition[Enterprise only]An ordered list in descending preference of the strategy which secondaries use to choose the upstream server from which to pull transactional updates. -* <>: label:enterprise-edition[Enterprise only]Configuration of a user-defined upstream selection strategy. -* <>: label:enterprise-edition[Enterprise only]Network interface and port for the transaction shipping server to listen on. -* <>: label:enterprise-edition[Enterprise only]Use native transport if available. -* <>: label:enterprise-edition[Enterprise only]Advertised hostname/IP address and port for the RAFT server. -* <>: label:enterprise-edition[Enterprise only]Network interface and port for the RAFT server to listen on. -* <>: label:enterprise-edition[Enterprise only]Users must manually specify the mode for the system database on each instance. -* <>: A strict configuration validation will prevent the database from starting up if unknown configuration options are specified in the neo4j settings namespace (such as dbms., cypher., etc) or if settings are declared multiple times. -* <>: Whether or not any database on this instance are read_only by default. -* <>: List of databases for which to prevent write queries. -* <>: List of databases for which to allow write queries. -* <>: The number of cached Cypher query execution plans per database. -* <>: Default hostname or IP address the server uses to advertise itself. -* <>: Default network interface to listen for incoming connections. -* <>: label:enterprise-edition[Enterprise only]Directory to hold cluster state including Raft log. -* <>: Path of the data directory. -* <>: Root location where Neo4j will store database dumps optionally produced when dropping said databases. -* <>: Sets the root directory for file URLs used with the Cypher `LOAD CSV` clause. -* <>: Path of the lib directory. -* <>: Path of the licenses directory. -* <>: Path of the logs directory. -* <>: label:enterprise-edition[Enterprise only]The target location of the CSV files: a path to a directory wherein a CSV file per reported field will be written. -* <>: Root relative to which directory settings are resolved. -* <>: Location of the database plugin directory. -* <>: Path of the run directory. -* <>: Root location where Neo4j will store scripts for configured databases. -* <>: Root location where Neo4j will store transaction logs for configured databases. -* <>: label:enterprise-edition[Enterprise only]Advertised cluster member discovery management communication. -* <>: label:enterprise-edition[Enterprise only]Host and port to bind the cluster member discovery management communication. -* <>: label:enterprise-edition[Enterprise only]A list of setting name patterns (comma separated) that are allowed to be dynamically changed. -* <>: label:enterprise-edition[Enterprise only]A list of tag names for the server used when configuring load balancing and replication policies. -* <>: Advertised address for this connector. -* <>: Enable the http connector. -* <>: Address the connector should bind to. -* <>: Defines the set of modules loaded into the Neo4j web server. -* <>: Advertised address for this connector. -* <>: Enable the https connector. -* <>: Address the connector should bind to. -* <>: Additional JVM arguments. -* <>: Path to the logging configuration for debug, query, http and security logs. -* <>: Enable the debug log. -* <>: Enable GC Logging. -* <>: GC Logging Options. -* <>: Number of GC logs to keep. -* <>: Size of each GC log that is kept. -* <>: Path to the logging configuration of user logs. -* <>: label:enterprise-edition[Enterprise only]The maximum number of databases. -* <>: Initial heap size. -* <>: Maximum heap size. -* <>: Defines the size of the off-heap memory blocks cache. -* <>: Defines the maximum size of an off-heap memory block that can be cached to speed up allocations. -* <>: The maximum amount of off-heap memory that can be used to store transaction state data; it's a total amount of memory shared across all active transactions. -* <>: Use direct I/O for page cache. -* <>: Page cache can be configured to use a temporal buffer for flushing purposes. -* <>: Page cache can be configured to use a temporal buffer for flushing purposes. -* <>: The maximum number of worker threads to use for pre-fetching data when doing sequential scans. -* <>: The amount of memory to use for mapping the store files. -* <>: label:enterprise-edition[Enterprise only]Set to `true` to enable exporting metrics to CSV files. -* <>: label:enterprise-edition[Enterprise only]The reporting interval for the CSV files. -* <>: label:enterprise-edition[Enterprise only]Decides what compression to use for the csv history files. -* <>: label:enterprise-edition[Enterprise only]Maximum number of history files for the csv files. -* <>: label:enterprise-edition[Enterprise only]The file size in bytes at which the csv files will auto-rotate. -* <>: label:enterprise-edition[Enterprise only]Enable metrics. -* <>: label:enterprise-edition[Enterprise only]Specifies which metrics should be enabled by using a comma separated list of globbing patterns. -* <>: label:enterprise-edition[Enterprise only]Set to `true` to enable exporting metrics to Graphite. -* <>: label:enterprise-edition[Enterprise only]The reporting interval for Graphite. -* <>: label:enterprise-edition[Enterprise only]The hostname or IP address of the Graphite server. -* <>: label:enterprise-edition[Enterprise only]Set to `true` to enable the JMX metrics endpoint. -* <>: label:enterprise-edition[Enterprise only]A common prefix for the reported metrics field names. -* <>: label:enterprise-edition[Enterprise only]Set to `true` to enable the Prometheus endpoint. -* <>: label:enterprise-edition[Enterprise only]The hostname and port to use as Prometheus endpoint. -* <>: label:enterprise-edition[Enterprise only]If there is a Database Management System Panic (an irrecoverable error) should the neo4j process shut down or continue running. -* <>: label:enterprise-edition[Enterprise only]The advertised address for the intra-cluster routing connector. -* <>: The address the routing connector should bind to. -* <>: Number of Neo4j worker threads. -* <>: Comma-separated list of = for unmanaged extensions. -* <>: Name of the Windows Service managing Neo4j when installed using `neo4j install-service`. -endif::nonhtmloutput[] - - -// end::settings-reference-all-settings[] - -[[config_browser.allow_outgoing_connections]] -.browser.allow_outgoing_connections -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Configure the policy for outgoing Neo4j Browser connections. -|Valid values -a|browser.allow_outgoing_connections, a boolean -|Default value -m|+++true+++ -|=== - -[[config_browser.credential_timeout]] -.browser.credential_timeout -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to time out logged in users after this idle period. Setting this to 0 indicates no limit. -|Valid values -a|browser.credential_timeout, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++0s+++ -|=== - -[[config_browser.post_connect_cmd]] -.browser.post_connect_cmd -[cols="<1s,<4"] -|=== -|Description -a|Commands to be run when Neo4j Browser successfully connects to this server. Separate multiple commands with semi-colon. -|Valid values -a|browser.post_connect_cmd, a string -|Default value -m|++++++ -|=== - -[[config_browser.remote_content_hostname_whitelist]] -.browser.remote_content_hostname_whitelist -[cols="<1s,<4"] -|=== -|Description -a|Whitelist of hosts for the Neo4j Browser to be allowed to fetch content from. -|Valid values -a|browser.remote_content_hostname_whitelist, a string -|Default value -m|+++guides.neo4j.com,localhost+++ -|=== - -[[config_browser.retain_connection_credentials]] -.browser.retain_connection_credentials -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to store or not store user credentials. -|Valid values -a|browser.retain_connection_credentials, a boolean -|Default value -m|+++true+++ -|=== - -[[config_browser.retain_editor_history]] -.browser.retain_editor_history -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to store or not store user editor history. -|Valid values -a|browser.retain_editor_history, a boolean -|Default value -m|+++true+++ -|=== - -[[config_client.allow_telemetry]] -.client.allow_telemetry -[cols="<1s,<4"] -|=== -|Description -a|Configure client applications such as Browser and Bloom to send Product Analytics data. -|Valid values -a|client.allow_telemetry, a boolean -|Default value -m|+++true+++ -|=== - -[[config_db.checkpoint]] -.db.checkpoint -[cols="<1s,<4"] -|=== -|Description -a|Configures the general policy for when check-points should occur. The default policy is the 'periodic' check-point policy, as specified by the '<>' and '<>' settings. The Neo4j Enterprise Edition provides two alternative policies: The first is the 'continuous' check-point policy, which will ignore those settings and run the check-point process all the time. The second is the 'volumetric' check-point policy, which makes a best-effort at check-pointing often enough so that the database doesn't get too far behind on deleting old transaction logs in accordance with the '<>' setting. -|Valid values -a|db.checkpoint, one of [PERIODIC, CONTINUOUS, VOLUME, VOLUMETRIC] -|Default value -m|+++PERIODIC+++ -|=== - -[[config_db.checkpoint.interval.time]] -.db.checkpoint.interval.time -[cols="<1s,<4"] -|=== -|Description -a|Configures the time interval between check-points. The database will not check-point more often than this (unless check pointing is triggered by a different event), but might check-point less often than this interval, if performing a check-point takes longer time than the configured interval. A check-point is a point in the transaction logs, which recovery would start from. Longer check-point intervals typically mean that recovery will take longer to complete in case of a crash. On the other hand, a longer check-point interval can also reduce the I/O load that the database places on the system, as each check-point implies a flushing and forcing of all the store files. -|Valid values -a|db.checkpoint.interval.time, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++15m+++ -|=== - -[[config_db.checkpoint.interval.tx]] -.db.checkpoint.interval.tx -[cols="<1s,<4"] -|=== -|Description -a|Configures the transaction interval between check-points. The database will not check-point more often than this (unless check pointing is triggered by a different event), but might check-point less often than this interval, if performing a check-point takes longer time than the configured interval. A check-point is a point in the transaction logs, which recovery would start from. Longer check-point intervals typically mean that recovery will take longer to complete in case of a crash. On the other hand, a longer check-point interval can also reduce the I/O load that the database places on the system, as each check-point implies a flushing and forcing of all the store files. The default is '100000' for a check-point every 100000 transactions. -|Valid values -a|db.checkpoint.interval.tx, an integer which is minimum `1` -|Default value -m|+++100000+++ -|=== - -[[config_db.checkpoint.interval.volume]] -.db.checkpoint.interval.volume -[cols="<1s,<4"] -|=== -|Description -a|Configures the volume of transaction logs between check-points. The database will not check-point more often than this (unless check pointing is triggered by a different event), but might check-point less often than this interval, if performing a check-point takes longer time than the configured interval. A check-point is a point in the transaction logs, which recovery would start from. Longer check-point intervals typically mean that recovery will take longer to complete in case of a crash. On the other hand, a longer check-point interval can also reduce the I/O load that the database places on the system, as each check-point implies a flushing and forcing of all the store files. -|Valid values -a|db.checkpoint.interval.volume, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `1.00KiB` -|Default value -m|+++250.00MiB+++ -|=== - -[[config_db.checkpoint.iops.limit]] -.db.checkpoint.iops.limit -[cols="<1s,<4"] -|=== -|Description -a|Limit the number of IOs the background checkpoint process will consume per second. This setting is advisory, is ignored in Neo4j Community Edition, and is followed to best effort in Enterprise Edition. An IO is in this case a 8 KiB (mostly sequential) write. Limiting the write IO in this way will leave more bandwidth in the IO subsystem to service random-read IOs, which is important for the response time of queries when the database cannot fit entirely in memory. The only drawback of this setting is that longer checkpoint times may lead to slightly longer recovery times in case of a database or system crash. A lower number means lower IO pressure, and consequently longer checkpoint times. Set this to -1 to disable the IOPS limit and remove the limitation entirely; this will let the checkpointer flush data as fast as the hardware will go. Removing the setting, or commenting it out, will set the default value of 600. -|Valid values -a|db.checkpoint.iops.limit, an integer -|Dynamic a|true -|Default value -m|+++600+++ -|=== - -[[config_db.cluster.catchup.pull_interval]] -.db.cluster.catchup.pull_interval -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Interval of pulling updates from cores. -|Valid values -a|db.cluster.catchup.pull_interval, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++1s+++ -|=== - -[[config_db.cluster.raft.apply.buffer.max_bytes]] -.db.cluster.raft.apply.buffer.max_bytes -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The maximum number of bytes in the apply buffer. This parameter limits the amount of memory that can be consumed by the apply buffer. If the bytes limit is reached, buffer size will be limited even if max_entries is not exceeded. -|Valid values -a|db.cluster.raft.apply.buffer.max_bytes, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) -|Default value -m|+++1.00GiB+++ -|=== - -[[config_db.cluster.raft.apply.buffer.max_entries]] -.db.cluster.raft.apply.buffer.max_entries -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The maximum number of entries in the raft log entry prefetch buffer. -|Valid values -a|db.cluster.raft.apply.buffer.max_entries, an integer -|Default value -m|+++1024+++ -|=== - -[[config_db.cluster.raft.in_queue.batch.max_bytes]] -.db.cluster.raft.in_queue.batch.max_bytes -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Largest batch processed by RAFT in bytes. -|Valid values -a|db.cluster.raft.in_queue.batch.max_bytes, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) -|Default value -m|+++8.00MiB+++ -|=== - -[[config_db.cluster.raft.in_queue.max_bytes]] -.db.cluster.raft.in_queue.max_bytes -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Maximum number of bytes in the RAFT in-queue. -|Valid values -a|db.cluster.raft.in_queue.max_bytes, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) -|Default value -m|+++2.00GiB+++ -|=== - -[[config_db.cluster.raft.leader_transfer.priority_group]] -.db.cluster.raft.leader_transfer.priority_group -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The name of a server_group whose members should be prioritized as leaders. This does not guarantee that members of this group will be leader at all times, but the cluster will attempt to transfer leadership to such a member when possible. If a database is specified using `db.cluster.raft.leader_transfer.priority_group`. the specified priority group will apply to that database only. If no database is specified that group will be the default and apply to all databases which have no priority group explicitly set. Using this setting will disable leadership balancing. -|Valid values -a|db.cluster.raft.leader_transfer.priority_group, a string identifying a Server Tag -|Default value -m|++++++ -|=== - -[[config_db.cluster.raft.log.prune_strategy]] -.db.cluster.raft.log.prune_strategy -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]RAFT log pruning strategy that determines which logs are to be pruned. Neo4j only prunes log entries up to the last applied index, which guarantees that logs are only marked for pruning once the transactions within are safely copied over to the local transaction logs and safely committed by a majority of cluster members. Possible values are a byte size or a number of transactions (e.g., 200K txs). -|Valid values -a|db.cluster.raft.log.prune_strategy, a string -|Default value -m|+++1g size+++ -|=== - -[[config_db.cluster.raft.log_shipping.buffer.max_bytes]] -.db.cluster.raft.log_shipping.buffer.max_bytes -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The maximum number of bytes in the in-flight cache. This parameter limits the amount of memory that can be consumed by cache. If the bytes limit is reached, cache size will be limited even if max_entries is not exceeded. -|Valid values -a|db.cluster.raft.log_shipping.buffer.max_bytes, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) -|Default value -m|+++1.00GiB+++ -|=== - -[[config_db.cluster.raft.log_shipping.buffer.max_entries]] -.db.cluster.raft.log_shipping.buffer.max_entries -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The maximum number of entries in the in-flight cache. Increasing size will require more memory but might improve performance in high load situations. -|Valid values -a|db.cluster.raft.log_shipping.buffer.max_entries, an integer -|Default value -m|+++1024+++ -|=== - -[[config_db.filewatcher.enabled]] -.db.filewatcher.enabled -[cols="<1s,<4"] -|=== -|Description -a|Allows the enabling or disabling of the file watcher service. This is an auxiliary service but should be left enabled in almost all cases. -|Valid values -a|db.filewatcher.enabled, a boolean -|Default value -m|+++true+++ -|=== - -[[config_db.format]] -.db.format -[cols="<1s,<4"] -|=== -|Description -a|Database format. This is the format that will be used for new databases. Valid values are `standard`, `aligned`, or `high_limit`.The `aligned` format is essentially the `standard` format with some minimal padding at the end of pages such that a single record will never cross a page boundary. The `high_limit` format is available for Enterprise Edition only. It is required if you have a graph that is larger than 34 billion nodes, 34 billion relationships, or 68 billion properties. -|Valid values -a|db.format, a string -|Dynamic a|true -|Default value -m|+++aligned+++ -|=== - -[[config_db.import.csv.buffer_size]] -.db.import.csv.buffer_size -[cols="<1s,<4"] -|=== -|Description -a|The size of the internal buffer in bytes used by `LOAD CSV`. If the csv file contains huge fields this value may have to be increased. -|Valid values -a|db.import.csv.buffer_size, a long which is minimum `1` -|Default value -m|+++2097152+++ -|=== - -[[config_db.import.csv.legacy_quote_escaping]] -.db.import.csv.legacy_quote_escaping -[cols="<1s,<4"] -|=== -|Description -a|Selects whether to conform to the standard https://tools.ietf.org/html/rfc4180 for interpreting escaped quotation characters in CSV files loaded using `LOAD CSV`. Setting this to `false` will use the standard, interpreting repeated quotes '""' as a single in-lined quote, while `true` will use the legacy convention originally supported in Neo4j 3.0 and 3.1, allowing a backslash to include quotes in-lined in fields. -|Valid values -a|db.import.csv.legacy_quote_escaping, a boolean -|Default value -m|+++true+++ -|=== - -[[config_db.index.fulltext.default_analyzer]] -.db.index.fulltext.default_analyzer -[cols="<1s,<4"] -|=== -|Description -a|The name of the analyzer that the fulltext indexes should use by default. -|Valid values -a|db.index.fulltext.default_analyzer, a string -|Default value -m|+++standard-no-stop-words+++ -|=== - -[[config_db.index.fulltext.eventually_consistent]] -.db.index.fulltext.eventually_consistent -[cols="<1s,<4"] -|=== -|Description -a|Whether or not fulltext indexes should be eventually consistent by default or not. -|Valid values -a|db.index.fulltext.eventually_consistent, a boolean -|Default value -m|+++false+++ -|=== - -[[config_db.index.fulltext.eventually_consistent_index_update_queue_max_length]] -.db.index.fulltext.eventually_consistent_index_update_queue_max_length -[cols="<1s,<4"] -|=== -|Description -a|The eventually_consistent mode of the fulltext indexes works by queueing up index updates to be applied later in a background thread. This newBuilder sets an upper bound on how many index updates are allowed to be in this queue at any one point in time. When it is reached, the commit process will slow down and wait for the index update applier thread to make some more room in the queue. -|Valid values -a|db.index.fulltext.eventually_consistent_index_update_queue_max_length, an integer which is in the range `1` to `50000000` -|Default value -m|+++10000+++ -|=== - -[[config_db.index_sampling.background_enabled]] -.db.index_sampling.background_enabled -[cols="<1s,<4"] -|=== -|Description -a|Enable or disable background index sampling. -|Valid values -a|db.index_sampling.background_enabled, a boolean -|Default value -m|+++true+++ -|=== - -[[config_db.index_sampling.sample_size_limit]] -.db.index_sampling.sample_size_limit -[cols="<1s,<4"] -|=== -|Description -a|Index sampling chunk size limit. -|Valid values -a|db.index_sampling.sample_size_limit, an integer which is in the range `1048576` to `2147483647` -|Default value -m|+++8388608+++ -|=== - -[[config_db.index_sampling.update_percentage]] -.db.index_sampling.update_percentage -[cols="<1s,<4"] -|=== -|Description -a|Percentage of index updates of total index size required before sampling of a given index is triggered. -|Valid values -a|db.index_sampling.update_percentage, an integer which is minimum `0` -|Default value -m|+++5+++ -|=== - -[[config_db.lock.acquisition.timeout]] -.db.lock.acquisition.timeout -[cols="<1s,<4"] -|=== -|Description -a|The maximum time interval within which lock should be acquired. Zero (default) means timeout is disabled. -|Valid values -a|db.lock.acquisition.timeout, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Dynamic a|true -|Default value -m|+++0s+++ -|=== - -[[config_db.logs.query.early_raw_logging_enabled]] -.db.logs.query.early_raw_logging_enabled -[cols="<1s,<4"] -|=== -|Description -a|Log query text and parameters without obfuscating passwords. This allows queries to be logged earlier before parsing starts. -|Valid values -a|db.logs.query.early_raw_logging_enabled, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_db.logs.query.enabled]] -.db.logs.query.enabled -[cols="<1s,<4"] -|=== -|Description -a|Log executed queries. Valid values are `OFF`, `INFO`, or `VERBOSE`. - -`OFF`:: no logging. -`INFO`:: log queries at the end of execution, that take longer than the configured threshold, `<>`. -`VERBOSE`:: log queries at the start and end of execution, regardless of `<>`. - -Log entries are written to the query log. - -This feature is available in the Neo4j Enterprise Edition. -|Valid values -a|db.logs.query.enabled, one of [OFF, INFO, VERBOSE] -|Dynamic a|true -|Default value -m|+++VERBOSE+++ -|=== - -[[config_db.logs.query.max_parameter_length]] -.db.logs.query.max_parameter_length -[cols="<1s,<4"] -|=== -|Description -a|Sets a maximum character length use for each parameter in the log. This only takes effect if `<> = true`. -|Valid values -a|db.logs.query.max_parameter_length, an integer -|Dynamic a|true -|Default value -m|+++2147483647+++ -|=== - -[[config_db.logs.query.obfuscate_literals]] -.db.logs.query.obfuscate_literals -[cols="<1s,<4"] -|=== -|Description -a|Obfuscates all literals of the query before writing to the log. Note that node labels, relationship types and map property keys are still shown. Changing the setting will not affect queries that are cached. So, if you want the switch to have immediate effect, you must also call `CALL db.clearQueryCaches()`. -|Valid values -a|db.logs.query.obfuscate_literals, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_db.logs.query.parameter_logging_enabled]] -.db.logs.query.parameter_logging_enabled -[cols="<1s,<4"] -|=== -|Description -a|Log parameters for the executed queries being logged. -|Valid values -a|db.logs.query.parameter_logging_enabled, a boolean -|Dynamic a|true -|Default value -m|+++true+++ -|=== - -[[config_db.logs.query.plan_description_enabled]] -.db.logs.query.plan_description_enabled -[cols="<1s,<4"] -|=== -|Description -a|Log query plan description table, useful for debugging purposes. -|Valid values -a|db.logs.query.plan_description_enabled, a boolean -|Dynamic a|true -|Default value -m|false -|=== - -[[config_db.logs.query.threshold]] -.db.logs.query.threshold -[cols="<1s,<4"] -|=== -|Description -a|If the execution of query takes more time than this threshold, the query is logged once completed - provided query logging is set to INFO. Defaults to 0 seconds, that is all queries are logged. -|Valid values -a|db.logs.query.threshold, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Dynamic a|true -|Default value -m|+++0s+++ -|=== - -[[config_db.logs.query.transaction.enabled]] -.db.logs.query.transaction.enabled -[cols="<1s,<4"] -|=== -|Description -a|Log the start and end of a transaction. Valid values are 'OFF', 'INFO', or 'VERBOSE'. -OFF: no logging. -INFO: log start and end of transactions that take longer than the configured threshold, <>. -VERBOSE: log start and end of all transactions. -Log entries are written to the query log. -This feature is available in the Neo4j Enterprise Edition. -|Valid values -a|db.logs.query.transaction.enabled, one of [OFF, INFO, VERBOSE] -|Dynamic a|true -|Default value -m|+++OFF+++ -|=== - -[[config_db.logs.query.transaction.threshold]] -.db.logs.query.transaction.threshold -[cols="<1s,<4"] -|=== -|Description -a|If the transaction is open for more time than this threshold, the transaction is logged once completed - provided transaction logging (<>) is set to `INFO`. Defaults to 0 seconds (all transactions are logged). -|Valid values -a|db.logs.query.transaction.threshold, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Dynamic a|true -|Default value -m|+++0s+++ -|=== - -[[config_db.memory.pagecache.warmup.enable]] -.db.memory.pagecache.warmup.enable -[cols="<1s,<4"] -|=== -|Description -a|Page cache can be configured to perform usage sampling of loaded pages that can be used to construct active load profile. According to that profile pages can be reloaded on the restart, replication, etc. This setting allows disabling that behavior. -This feature is available in Neo4j Enterprise Edition. -|Valid values -a|db.memory.pagecache.warmup.enable, a boolean -|Default value -m|+++true+++ -|=== - -[[config_db.memory.pagecache.warmup.preload]] -.db.memory.pagecache.warmup.preload -[cols="<1s,<4"] -|=== -|Description -a|Page cache warmup can be configured to prefetch files, preferably when cache size is bigger than store size. Files to be prefetched can be filtered by 'dbms.memory.pagecache.warmup.preload.allowlist'. Enabling this disables warmup by profile. -|Valid values -a|db.memory.pagecache.warmup.preload, a boolean -|Default value -m|+++false+++ -|=== - -[[config_db.memory.pagecache.warmup.preload.allowlist]] -.db.memory.pagecache.warmup.preload.allowlist -[cols="<1s,<4"] -|=== -|Description -a|Page cache warmup prefetch file allowlist regex. By default matches all files. -|Valid values -a|db.memory.pagecache.warmup.preload.allowlist, a string -|Default value -m|+++.*+++ -|=== - -[[config_db.memory.pagecache.warmup.profile.interval]] -.db.memory.pagecache.warmup.profile.interval -[cols="<1s,<4"] -|=== -|Description -a|The profiling frequency for the page cache. Accurate profiles allow the page cache to do active warmup after a restart, reducing the mean time to performance. -This feature is available in Neo4j Enterprise Edition. -|Valid values -a|db.memory.pagecache.warmup.profile.interval, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++1m+++ -|=== - -[[config_db.memory.transaction.max]] -.db.memory.transaction.max -[cols="<1s,<4"] -|=== -|Description -a|Limit the amount of memory that a single transaction can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). Zero means 'largest possible value'. -|Valid values -a|db.memory.transaction.max, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `1.00MiB` or is `0B` -|Dynamic a|true -|Default value -m|+++0B+++ -|=== - -[[config_db.memory.transaction.total.max]] -.db.memory.transaction.total.max -[cols="<1s,<4"] -|=== -|Description -a|Limit the amount of memory that all transactions in one database can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). Zero means 'unlimited'. -|Valid values -a|db.memory.transaction.total.max, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `10.00MiB` or is `0B` -|Dynamic a|true -|Default value -m|+++0B+++ -|=== - -[[config_db.recovery.fail_on_missing_files]] -.db.recovery.fail_on_missing_files -[cols="<1s,<4"] -|=== -|Description -a|If `true`, Neo4j will abort recovery if transaction log files are missing. Setting this to `false` will allow Neo4j to create new empty missing files for the already existing database, but the integrity of the database might be compromised. -|Valid values -a|db.recovery.fail_on_missing_files, a boolean -|Default value -m|+++true+++ -|=== - -[[config_db.relationship_grouping_threshold]] -.db.relationship_grouping_threshold -[cols="<1s,<4"] -|=== -|Description -a|Relationship count threshold for considering a node to be dense. -|Valid values -a|db.relationship_grouping_threshold, an integer which is minimum `1` -|Default value -m|+++50+++ -|=== - -[[config_db.shutdown_transaction_end_timeout]] -.db.shutdown_transaction_end_timeout -[cols="<1s,<4"] -|=== -|Description -a|The maximum amount of time to wait for running transactions to complete before allowing initiated database shutdown to continue. -|Valid values -a|db.shutdown_transaction_end_timeout, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++10s+++ -|=== - -[[config_db.store.files.preallocate]] -.db.store.files.preallocate -[cols="<1s,<4"] -|=== -|Description -a|Specify if Neo4j should try to preallocate store files as they grow. -|Valid values -a|db.store.files.preallocate, a boolean -|Default value -m|+++true+++ -|=== - -[[config_db.temporal.timezone]] -.db.temporal.timezone -[cols="<1s,<4"] -|=== -|Description -a|Database timezone for temporal functions. All Time and DateTime values that are created without an explicit timezone will use this configured default timezone. -|Valid values -a|db.temporal.timezone, a string describing a timezone, either described by offset (e.g. `+02:00`) or by name (e.g. `Europe/Stockholm`) -|Default value -m|+++Z+++ -|=== - -[[config_db.track_query_cpu_time]] -.db.track_query_cpu_time -[cols="<1s,<4"] -|=== -|Description -a|Enables or disables tracking of how much time a query spends actively executing on the CPU. Calling `SHOW TRANSACTIONS` will display the time. This can also be logged in the query log by using `db.logs.query.time_logging_enabled`. -|Valid values -a|db.track_query_cpu_time, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_db.transaction.bookmark_ready_timeout]] -.db.transaction.bookmark_ready_timeout -[cols="<1s,<4"] -|=== -|Description -a|The maximum amount of time to wait for the database state represented by the bookmark. -|Valid values -a|db.transaction.bookmark_ready_timeout, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) which is minimum `1s` -|Dynamic a|true -|Default value -m|+++30s+++ -|=== - -[[config_db.transaction.concurrent.maximum]] -.db.transaction.concurrent.maximum -[cols="<1s,<4"] -|=== -|Description -a|The maximum number of concurrently running transactions. If set to 0, limit is disabled. -|Valid values -a|db.transaction.concurrent.maximum, an integer -|Dynamic a|true -|Default value -m|+++1000+++ -|=== - -[[config_db.transaction.monitor.check.interval]] -.db.transaction.monitor.check.interval -[cols="<1s,<4"] -|=== -|Description -a|Configures the time interval between transaction monitor checks. Determines how often monitor thread will check transaction for timeout. -|Valid values -a|db.transaction.monitor.check.interval, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++2s+++ -|=== - -[[config_db.transaction.sampling.percentage]] -.db.transaction.sampling.percentage -[cols="<1s,<4"] -|=== -|Description -a|Transaction sampling percentage. -|Valid values -a|db.transaction.sampling.percentage, an integer which is in the range `1` to `100` -|Dynamic a|true -|Default value -m|+++5+++ -|=== - -[[config_db.transaction.timeout]] -.db.transaction.timeout -[cols="<1s,<4"] -|=== -|Description -a|The maximum time interval of a transaction within which it should be completed. -|Valid values -a|db.transaction.timeout, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Dynamic a|true -|Default value -m|+++0s+++ -|=== - -[[config_db.transaction.tracing.level]] -.db.transaction.tracing.level -[cols="<1s,<4"] -|=== -|Description -a|Transaction creation tracing level. -|Valid values -a|db.transaction.tracing.level, one of [DISABLED, SAMPLE, ALL] -|Dynamic a|true -|Default value -m|+++DISABLED+++ -|=== - -[[config_db.tx_log.buffer.size]] -.db.tx_log.buffer.size -[cols="<1s,<4"] -|=== -|Description -a|On serialization of transaction logs, they will be temporary stored in the byte buffer that will be flushed at the end of the transaction or at any moment when buffer will be full. -|Valid values -a|db.tx_log.buffer.size, a long which is minimum `131072` -|Default value -m|By default the size of byte buffer is based on number of available cpu's with minimal buffer size of 512KB. Every another 4 cpu's will add another 512KB into the buffer size. Maximal buffer size in this default scheme is 4MB taking into account that we can have one transaction log writer per database in multi-database env.For example, runtime with 4 cpus will have buffer size of 1MB; runtime with 8 cpus will have buffer size of 1MB 512KB; runtime with 12 cpus will have buffer size of 2MB. -|=== - -[[config_db.tx_log.preallocate]] -.db.tx_log.preallocate -[cols="<1s,<4"] -|=== -|Description -a|Specify if Neo4j should try to preallocate logical log file in advance. -|Valid values -a|db.tx_log.preallocate, a boolean -|Dynamic a|true -|Default value -m|+++true+++ -|=== - -[[config_db.tx_log.rotation.retention_policy]] -.db.tx_log.rotation.retention_policy -[cols="<1s,<4"] -|=== -|Description -a|Tell Neo4j how long logical transaction logs should be kept to backup the database.For example, "10 days" will prune logical logs that only contain transactions older than 10 days.Alternatively, "100k txs" will keep the 100k latest transactions from each database and prune any older transactions. -|Valid values -a|db.tx_log.rotation.retention_policy, a string which matches the pattern `^(true{vbar}keep_all{vbar}false{vbar}keep_none{vbar}(\d+[KkMmGg]?( (files{vbar}size{vbar}txs{vbar}entries{vbar}hours{vbar}days))))$` (Must be `true` or `keep_all`, `false` or `keep_none`, or of format ` `. Valid units are `K`, `M` and `G`. Valid types are `files`, `size`, `txs`, `entries`, `hours` and `days`. For example, `100M size` will limit logical log space on disk to 100MB per database,and `200K txs` will limit the number of transactions kept to 200 000 per database.) -|Dynamic a|true -|Default value -m|+++2 days+++ -|=== - -[[config_db.tx_log.rotation.size]] -.db.tx_log.rotation.size -[cols="<1s,<4"] -|=== -|Description -a|Specifies at which file size the logical log will auto-rotate. Minimum accepted value is 128 KiB. -|Valid values -a|db.tx_log.rotation.size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `128.00KiB` -|Dynamic a|true -|Default value -m|+++256.00MiB+++ -|=== - -[[config_db.tx_state.memory_allocation]] -.db.tx_state.memory_allocation -[cols="<1s,<4"] -|=== -|Description -a|Defines whether memory for transaction state should be allocated on- or off-heap. Note that for small transactions you can gain up to 25% write speed by setting it to `ON_HEAP`. -|Valid values -a|db.tx_state.memory_allocation, one of [ON_HEAP, OFF_HEAP] -|Default value -m|+++ON_HEAP+++ -|=== - -[[config_dbms.cluster.catchup.client_inactivity_timeout]] -.dbms.cluster.catchup.client_inactivity_timeout -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The catch up protocol times out if the given duration elapses with no network activity. Every message received by the client from the server extends the time out duration. -|Valid values -a|dbms.cluster.catchup.client_inactivity_timeout, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++10m+++ -|=== - -[[config_dbms.cluster.discovery.endpoints]] -.dbms.cluster.discovery.endpoints -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]A comma-separated list of endpoints which a server should contact in order to discover other cluster members. -|Valid values -a|dbms.cluster.discovery.endpoints, a ',' separated list with elements of type 'a socket address in the format 'hostname:port', 'hostname' or ':port''. -|=== - -[[config_dbms.cluster.discovery.log_level]] -.dbms.cluster.discovery.log_level -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The level of middleware logging. -|Valid values -a|dbms.cluster.discovery.log_level, one of [DEBUG, INFO, WARN, ERROR, NONE] -|Default value -m|+++WARN+++ -|=== - -[[config_dbms.cluster.discovery.type]] -.dbms.cluster.discovery.type -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Configure the discovery type used for cluster name resolution. -|Valid values -a|dbms.cluster.discovery.type, one of [DNS, LIST, SRV, K8S] which may require different settings depending on the discovery type: `DNS requires [dbms.cluster.discovery.endpoints], LIST requires [], SRV requires [dbms.cluster.discovery.endpoints], K8S requires [dbms.kubernetes.label_selector, dbms.kubernetes.service_port_name]` -|Default value -m|+++LIST+++ -|=== - -[[config_dbms.cluster.minimum_initial_system_primaries_count]] -.dbms.cluster.minimum_initial_system_primaries_count -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Minimum number of machines initially required to form a clustered DBMS. The cluster is considered formed when at least this many members have discovered each other, bound together and bootstrapped a highly available system database. As a result, at least this many of the cluster's initial machines must have '<>' set to 'PRIMARY'.NOTE: If '<>' is set to 'LIST' and '<>' is empty then the user is assumed to be deploying a standalone DBMS, and the value of this setting is ignored. -|Valid values -a|dbms.cluster.minimum_initial_system_primaries_count, an integer which is minimum `1` -|Default value -m|+++3+++ -|=== - -[[config_dbms.cluster.network.handshake_timeout]] -.dbms.cluster.network.handshake_timeout -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Time out for protocol negotiation handshake. -|Valid values -a|dbms.cluster.network.handshake_timeout, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++20s+++ -|=== - -[[config_dbms.cluster.network.max_chunk_size]] -.dbms.cluster.network.max_chunk_size -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Maximum chunk size allowable across network by clustering machinery. -|Valid values -a|dbms.cluster.network.max_chunk_size, an integer which is in the range `4096` to `10485760` -|Default value -m|+++32768+++ -|=== - -[[config_dbms.cluster.network.supported_compression_algos]] -.dbms.cluster.network.supported_compression_algos -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Network compression algorithms that this instance will allow in negotiation as a comma-separated list. Listed in descending order of preference for incoming connections. An empty list implies no compression. For outgoing connections this merely specifies the allowed set of algorithms and the preference of the remote peer will be used for making the decision. Allowable values: [Gzip, Snappy, Snappy_validating, LZ4, LZ4_high_compression, LZ_validating, LZ4_high_compression_validating] -|Valid values -a|dbms.cluster.network.supported_compression_algos, a ',' separated list with elements of type 'a string'. -|Default value -m|++++++ -|=== - -[[config_dbms.cluster.raft.binding_timeout]] -.dbms.cluster.raft.binding_timeout -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The time allowed for a database on a Neo4j server to either join a cluster or form a new cluster with the other Neo4j Servers provided by `<>`. -|Valid values -a|dbms.cluster.raft.binding_timeout, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++10m+++ -|=== - -[[config_dbms.cluster.raft.client.max_channels]] -.dbms.cluster.raft.client.max_channels -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The maximum number of TCP channels between two nodes to operate the raft protocol. Each database gets allocated one channel, but a single channel can be used by more than one database. -|Valid values -a|dbms.cluster.raft.client.max_channels, an integer -|Default value -m|+++8+++ -|=== - -[[config_dbms.cluster.raft.election_failure_detection_window]] -.dbms.cluster.raft.election_failure_detection_window -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The rate at which leader elections happen. Note that due to election conflicts it might take several attempts to find a leader. The window should be significantly larger than typical communication delays to make conflicts unlikely. -|Valid values -a|dbms.cluster.raft.election_failure_detection_window, a duration-range (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++3s-6s+++ -|=== - -[[config_dbms.cluster.raft.leader_failure_detection_window]] -.dbms.cluster.raft.leader_failure_detection_window -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The time window within which the loss of the leader is detected and the first re-election attempt is held. The window should be significantly larger than typical communication delays to make conflicts unlikely. -|Valid values -a|dbms.cluster.raft.leader_failure_detection_window, a duration-range (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++20s-23s+++ -|=== - -[[config_dbms.cluster.raft.leader_transfer.balancing_strategy]] -.dbms.cluster.raft.leader_transfer.balancing_strategy -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Which strategy to use when transferring database leaderships around a cluster. This can be one of `equal_balancing` or `no_balancing`. `equal_balancing` automatically ensures that each Core server holds the leader role for an equal number of databases.`no_balancing` prevents any automatic balancing of the leader role. Note that if a `leadership_priority_group` is specified for a given database, the value of this setting will be ignored for that database. -|Valid values -a|dbms.cluster.raft.leader_transfer.balancing_strategy, one of [NO_BALANCING, EQUAL_BALANCING] -|Default value -m|+++EQUAL_BALANCING+++ -|=== - -[[config_dbms.cluster.raft.log.pruning_frequency]] -.dbms.cluster.raft.log.pruning_frequency -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]RAFT log pruning frequency. -|Valid values -a|dbms.cluster.raft.log.pruning_frequency, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++10m+++ -|=== - -[[config_dbms.cluster.raft.log.reader_pool_size]] -.dbms.cluster.raft.log.reader_pool_size -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]RAFT log reader pool size. -|Valid values -a|dbms.cluster.raft.log.reader_pool_size, an integer -|Default value -m|+++8+++ -|=== - -[[config_dbms.cluster.raft.log.rotation_size]] -.dbms.cluster.raft.log.rotation_size -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]RAFT log rotation size. -|Valid values -a|dbms.cluster.raft.log.rotation_size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `1.00KiB` -|Default value -m|+++250.00MiB+++ -|=== - -[[config_dbms.cluster.raft.membership.join_max_lag]] -.dbms.cluster.raft.membership.join_max_lag -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Maximum amount of lag accepted for a new follower to join the Raft group. -|Valid values -a|dbms.cluster.raft.membership.join_max_lag, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++10s+++ -|=== - -[[config_dbms.cluster.raft.membership.join_timeout]] -.dbms.cluster.raft.membership.join_timeout -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Time out for a new member to catch up. -|Valid values -a|dbms.cluster.raft.membership.join_timeout, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++10m+++ -|=== - -[[config_dbms.cluster.store_copy.max_retry_time_per_request]] -.dbms.cluster.store_copy.max_retry_time_per_request -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Maximum retry time per request during store copy. Regular store files and indexes are downloaded in separate requests during store copy. This configures the maximum time failed requests are allowed to resend. -|Valid values -a|dbms.cluster.store_copy.max_retry_time_per_request, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++20m+++ -|=== - -[[config_dbms.cypher.forbid_exhaustive_shortestpath]] -.dbms.cypher.forbid_exhaustive_shortestpath -[cols="<1s,<4"] -|=== -|Description -a|This setting is associated with performance optimization. Set this to `true` in situations where it is preferable to have any queries using the 'shortestPath' function terminate as soon as possible with no answer, rather than potentially running for a long time attempting to find an answer (even if there is no path to be found). For most queries, the 'shortestPath' algorithm will return the correct answer very quickly. However there are some cases where it is possible that the fast bidirectional breadth-first search algorithm will find no results even if they exist. This can happen when the predicates in the `WHERE` clause applied to 'shortestPath' cannot be applied to each step of the traversal, and can only be applied to the entire path. When the query planner detects these special cases, it will plan to perform an exhaustive depth-first search if the fast algorithm finds no paths. However, the exhaustive search may be orders of magnitude slower than the fast algorithm. If it is critical that queries terminate as soon as possible, it is recommended that this option be set to `true`, which means that Neo4j will never consider using the exhaustive search for shortestPath queries. However, please note that if no paths are found, an error will be thrown at run time, which will need to be handled by the application. -|Valid values -a|dbms.cypher.forbid_exhaustive_shortestpath, a boolean -|Default value -m|+++false+++ -|=== - -[[config_dbms.cypher.forbid_shortestpath_common_nodes]] -.dbms.cypher.forbid_shortestpath_common_nodes -[cols="<1s,<4"] -|=== -|Description -a|This setting is associated with performance optimization. The shortest path algorithm does not work when the start and end nodes are the same. With this setting set to `false` no path will be returned when that happens. The default value of `true` will instead throw an exception. This can happen if you perform a shortestPath search after a cartesian product that might have the same start and end nodes for some of the rows passed to shortestPath. If it is preferable to not experience this exception, and acceptable for results to be missing for those rows, then set this to `false`. If you cannot accept missing results, and really want the shortestPath between two common nodes, then re-write the query using a standard Cypher variable length pattern expression followed by ordering by path length and limiting to one result. -|Valid values -a|dbms.cypher.forbid_shortestpath_common_nodes, a boolean -|Default value -m|+++true+++ -|=== - -[[config_dbms.cypher.hints_error]] -.dbms.cypher.hints_error -[cols="<1s,<4"] -|=== -|Description -a|Set this to specify the behavior when Cypher planner or runtime hints cannot be fulfilled. If true, then non-conformance will result in an error, otherwise only a warning is generated. -|Valid values -a|dbms.cypher.hints_error, a boolean -|Default value -m|+++false+++ -|=== - -[[config_dbms.cypher.lenient_create_relationship]] -.dbms.cypher.lenient_create_relationship -[cols="<1s,<4"] -|=== -|Description -a|Set this to change the behavior for Cypher create relationship when the start or end node is missing. By default this fails the query and stops execution, but by setting this flag the create operation is simply not performed and execution continues. -|Valid values -a|dbms.cypher.lenient_create_relationship, a boolean -|Default value -m|+++false+++ -|=== - -[[config_dbms.cypher.min_replan_interval]] -.dbms.cypher.min_replan_interval -[cols="<1s,<4"] -|=== -|Description -a|The minimum time between possible cypher query replanning events. After this time, the graph statistics will be evaluated, and if they have changed by more than the value set by <>, the query will be replanned. If the statistics have not changed sufficiently, the same interval will need to pass before the statistics will be evaluated again. Each time they are evaluated, the divergence threshold will be reduced slightly until it reaches 10% after 7h, so that even moderately changing databases will see query replanning after a sufficiently long time interval. -|Valid values -a|dbms.cypher.min_replan_interval, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++10s+++ -|=== - -[[config_dbms.cypher.planner]] -.dbms.cypher.planner -[cols="<1s,<4"] -|=== -|Description -a|Set this to specify the default planner for the default language version. -|Valid values -a|dbms.cypher.planner, one of [DEFAULT, COST] -|Default value -m|+++DEFAULT+++ -|=== - -[[config_dbms.cypher.render_plan_description]] -.dbms.cypher.render_plan_description -[cols="<1s,<4"] -|=== -|Description -a|If set to `true` a textual representation of the plan description will be rendered on the server for all queries running with `EXPLAIN` or `PROFILE`. This allows clients such as the neo4j browser and Cypher shell to show a more detailed plan description. -|Valid values -a|dbms.cypher.render_plan_description, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_dbms.cypher.statistics_divergence_threshold]] -.dbms.cypher.statistics_divergence_threshold -[cols="<1s,<4"] -|=== -|Description -a|The threshold for statistics above which a plan is considered stale. - -If any of the underlying statistics used to create the plan have changed more than this value, the plan will be considered stale and will be replanned. Change is calculated as `abs(a-b)/max(a,b)`. - -This means that a value of `0.75` requires the database to quadruple in size before query replanning. A value of `0` means that the query will be replanned as soon as there is any change in statistics and the replan interval has elapsed. - -This interval is defined by `<>` and defaults to 10s. After this interval, the divergence threshold will slowly start to decline, reaching 10% after about 7h. This will ensure that long running databases will still get query replanning on even modest changes, while not replanning frequently unless the changes are very large. -|Valid values -a|dbms.cypher.statistics_divergence_threshold, a double which is in the range `0.0` to `1.0` -|Default value -m|+++0.75+++ -|=== - -[[config_dbms.databases.seed_from_uri_providers]] -.dbms.databases.seed_from_uri_providers -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Databases may be created from an existing 'seed' (a database backup or dump) stored at some source URI. Different types of seed source are supported by different implementations of `com.neo4j.dbms.seeding.SeedProvider`. For example, seeds stored at 's3://' and 'https://' URIs are supported by the builtin `S3SeedProvider` and `URLConnectionSeedProvider` respectively. This list specifies enabled seed providers. If a seed source (URI scheme) is supported by multiple providers in the list, the first matching provider will be used. If the list is set to empty, the seed from uri functionality is effectively disabled. -|Valid values -a|dbms.databases.seed_from_uri_providers, a ',' separated list with elements of type 'a string'. -|Default value -m|+++S3SeedProvider+++ -|=== - -[[config_dbms.db.timezone]] -.dbms.db.timezone -[cols="<1s,<4"] -|=== -|Description -a|Database timezone. Among other things, this setting influences the monitoring procedures. -|Valid values -a|dbms.db.timezone, one of [UTC, SYSTEM] -|Default value -m|+++UTC+++ -|=== - -[[config_dbms.kubernetes.address]] -.dbms.kubernetes.address -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Address for Kubernetes API. -|Valid values -a|dbms.kubernetes.address, a socket address in the format 'hostname:port', 'hostname' or ':port' -|Default value -m|+++kubernetes.default.svc:443+++ -|=== - -[[config_dbms.kubernetes.ca_crt]] -.dbms.kubernetes.ca_crt -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]File location of CA certificate for Kubernetes API. -|Valid values -a|dbms.kubernetes.ca_crt, a path -|Default value -m|+++/var/run/secrets/kubernetes.io/serviceaccount/ca.crt+++ -|=== - -[[config_dbms.kubernetes.cluster_domain]] -.dbms.kubernetes.cluster_domain -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Kubernetes cluster domain. -|Valid values -a|dbms.kubernetes.cluster_domain, a string -|Default value -m|+++cluster.local+++ -|=== - -[[config_dbms.kubernetes.label_selector]] -.dbms.kubernetes.label_selector -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]LabelSelector for Kubernetes API. -|Valid values -a|dbms.kubernetes.label_selector, a string -|=== - -[[config_dbms.kubernetes.namespace]] -.dbms.kubernetes.namespace -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]File location of namespace for Kubernetes API. -|Valid values -a|dbms.kubernetes.namespace, a path -|Default value -m|+++/var/run/secrets/kubernetes.io/serviceaccount/namespace+++ -|=== - -[[config_dbms.kubernetes.service_port_name]] -.dbms.kubernetes.service_port_name -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Service port name for discovery for Kubernetes API. -|Valid values -a|dbms.kubernetes.service_port_name, a string -|=== - -[[config_dbms.kubernetes.token]] -.dbms.kubernetes.token -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]File location of token for Kubernetes API. -|Valid values -a|dbms.kubernetes.token, a path -|Default value -m|+++/var/run/secrets/kubernetes.io/serviceaccount/token+++ -|=== - -[[config_dbms.logs.http.enabled]] -.dbms.logs.http.enabled -[cols="<1s,<4"] -|=== -|Description -a|Enable HTTP request logging. -|Valid values -a|dbms.logs.http.enabled, a boolean -|Default value -m|+++false+++ -|=== - -[[config_dbms.memory.tracking.enable]] -.dbms.memory.tracking.enable -[cols="<1s,<4"] -|=== -|Description -a|Enable off heap and on heap memory tracking. Should not be set to `false` for clusters. -|Valid values -a|dbms.memory.tracking.enable, a boolean -|Default value -m|+++true+++ -|=== - -[[config_dbms.memory.transaction.total.max]] -.dbms.memory.transaction.total.max -[cols="<1s,<4"] -|=== -|Description -a|Limit the amount of memory that all of the running transactions can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). Zero means 'unlimited'. -|Valid values -a|dbms.memory.transaction.total.max, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `10.00MiB` or is `0B` -|Dynamic a|true -|Default value -m|+++0B+++ -|=== - -[[config_dbms.netty.ssl.provider]] -.dbms.netty.ssl.provider -[cols="<1s,<4"] -|=== -|Description -a|Netty SSL provider. -|Valid values -a|dbms.netty.ssl.provider, one of [JDK, OPENSSL, OPENSSL_REFCNT] -|Default value -m|+++JDK+++ -|=== - -[[config_dbms.routing.client_side.enforce_for_domains]] -.dbms.routing.client_side.enforce_for_domains -[cols="<1s,<4"] -|=== -|Description -a|Always use client side routing (regardless of the default router) for neo4j:// protocol connections to these domains. A comma separated list of domains. Wildcards (*) are supported. -|Valid values -a|dbms.routing.client_side.enforce_for_domains, a ',' separated set with elements of type 'a string'. -|Dynamic a|true -|Default value -m|++++++ -|=== - -[[config_dbms.routing.default_router]] -.dbms.routing.default_router -[cols="<1s,<4"] -|=== -|Description -a|Routing strategy for neo4j:// protocol connections. -Default is `CLIENT`, using client-side routing, with server-side routing as a fallback (if enabled). -When set to `SERVER`, client-side routing is short-circuited, and requests will rely on server-side routing (which must be enabled for proper operation, i.e. `<>=true`). -Can be overridden by `<>`. -|Valid values -a|dbms.routing.default_router, one of [SERVER, CLIENT] -|Default value -m|+++CLIENT+++ -|=== - -[[config_dbms.routing.driver.connection.connect_timeout]] -.dbms.routing.driver.connection.connect_timeout -[cols="<1s,<4"] -|=== -|Description -a|Socket connection timeout. -A timeout of zero is treated as an infinite timeout and will be bound by the timeout configured on the -operating system level. -|Valid values -a|dbms.routing.driver.connection.connect_timeout, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++5s+++ -|=== - -[[config_dbms.routing.driver.connection.max_lifetime]] -.dbms.routing.driver.connection.max_lifetime -[cols="<1s,<4"] -|=== -|Description -a|Pooled connections older than this threshold will be closed and removed from the pool. -Setting this option to a low value will cause a high connection churn and might result in a performance hit. -It is recommended to set maximum lifetime to a slightly smaller value than the one configured in network -equipment (load balancer, proxy, firewall, etc. can also limit maximum connection lifetime). -Zero and negative values result in lifetime not being checked. -|Valid values -a|dbms.routing.driver.connection.max_lifetime, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++1h+++ -|=== - -[[config_dbms.routing.driver.connection.pool.acquisition_timeout]] -.dbms.routing.driver.connection.pool.acquisition_timeout -[cols="<1s,<4"] -|=== -|Description -a|Maximum amount of time spent attempting to acquire a connection from the connection pool. -This timeout only kicks in when all existing connections are being used and no new connections can be created because maximum connection pool size has been reached. -Error is raised when connection can't be acquired within configured time. -Negative values are allowed and result in unlimited acquisition timeout. Value of 0 is allowed and results in no timeout and immediate failure when connection is unavailable. -|Valid values -a|dbms.routing.driver.connection.pool.acquisition_timeout, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++1m+++ -|=== - -[[config_dbms.routing.driver.connection.pool.idle_test]] -.dbms.routing.driver.connection.pool.idle_test -[cols="<1s,<4"] -|=== -|Description -a|Pooled connections that have been idle in the pool for longer than this timeout will be tested before they are used again, to ensure they are still alive. -If this option is set too low, an additional network call will be incurred when acquiring a connection, which causes a performance hit. -If this is set high, no longer live connections might be used which might lead to errors. -Hence, this parameter tunes a balance between the likelihood of experiencing connection problems and performance -Normally, this parameter should not need tuning. -Value 0 means connections will always be tested for validity. -|Valid values -a|dbms.routing.driver.connection.pool.idle_test, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|No connection liveliness check is done by default. -|=== - -[[config_dbms.routing.driver.connection.pool.max_size]] -.dbms.routing.driver.connection.pool.max_size -[cols="<1s,<4"] -|=== -|Description -a|Maximum total number of connections to be managed by a connection pool. -The limit is enforced for a combination of a host and user. Negative values are allowed and result in unlimited pool. Value of 0is not allowed. -|Valid values -a|dbms.routing.driver.connection.pool.max_size, an integer -|Default value -m|Unlimited -|=== - -[[config_dbms.routing.driver.logging.level]] -.dbms.routing.driver.logging.level -[cols="<1s,<4"] -|=== -|Description -a|Sets level for driver internal logging. -|Valid values -a|dbms.routing.driver.logging.level, one of [DEBUG, INFO, WARN, ERROR, NONE] -|Default value -m|+++INFO+++ -|=== - -[[config_dbms.routing.enabled]] -.dbms.routing.enabled -[cols="<1s,<4"] -|=== -|Description -a|Enable server-side routing in clusters using an additional bolt connector. -When configured, this allows requests to be forwarded from one cluster member to another, if the requests can't be satisfied by the first member (e.g. write requests received by a non-leader). -|Valid values -a|dbms.routing.enabled, a boolean -|Default value -m|+++true+++ -|=== - -[[config_dbms.routing.load_balancing.plugin]] -.dbms.routing.load_balancing.plugin -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The load balancing plugin to use. -|Valid values -a|dbms.routing.load_balancing.plugin, a string which specified load balancer plugin exist. -|Default value -m|+++server_policies+++ -|=== - -[[config_dbms.routing.load_balancing.shuffle_enabled]] -.dbms.routing.load_balancing.shuffle_enabled -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Enables shuffling of the returned load balancing result. -|Valid values -a|dbms.routing.load_balancing.shuffle_enabled, a boolean -|Default value -m|+++true+++ -|=== - -[[config_dbms.routing.reads_on_primaries_enabled]] -.dbms.routing.reads_on_primaries_enabled -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Configure if the `dbms.routing.getRoutingTable()` procedure should include non-writer primaries as read endpoints or return only secondaries. Note: if there are no secondaries for the given database primaries are returned as read end points regardless the value of this setting. Defaults to true so that non-writer primaries are available for read-only queries in a typical heterogeneous setup. -|Valid values -a|dbms.routing.reads_on_primaries_enabled, a boolean -|Default value -m|+++true+++ -|=== - -[[config_dbms.routing.reads_on_writers_enabled]] -.dbms.routing.reads_on_writers_enabled -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Configure if the `dbms.routing.getRoutingTable()` procedure should include the writer as read endpoint or return only non-writers (non writer primaries and secondaries) Note: writer is returned as read endpoint if no other member is present all. -|Valid values -a|dbms.routing.reads_on_writers_enabled, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_dbms.routing_ttl]] -.dbms.routing_ttl -[cols="<1s,<4"] -|=== -|Description -a|How long callers should cache the response of the routing procedure `dbms.routing.getRoutingTable()` -|Valid values -a|dbms.routing_ttl, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) which is minimum `1s` -|Default value -m|+++5m+++ -|=== - -[[config_dbms.security.allow_csv_import_from_file_urls]] -.dbms.security.allow_csv_import_from_file_urls -[cols="<1s,<4"] -|=== -|Description -a|Determines if Cypher will allow using file URLs when loading data using `LOAD CSV`. Setting this value to `false` will cause Neo4j to fail `LOAD CSV` clauses that load data from the file system. -|Valid values -a|dbms.security.allow_csv_import_from_file_urls, a boolean -|Default value -m|+++true+++ -|=== - -[[config_dbms.security.auth_cache_max_capacity]] -.dbms.security.auth_cache_max_capacity -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The maximum capacity for authentication and authorization caches (respectively). -|Valid values -a|dbms.security.auth_cache_max_capacity, an integer -|Default value -m|+++10000+++ -|=== - -[[config_dbms.security.auth_cache_ttl]] -.dbms.security.auth_cache_ttl -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The time to live (TTL) for cached authentication and authorization info when using external auth providers (LDAP or plugin). Setting the TTL to 0 will disable auth caching. Disabling caching while using the LDAP auth provider requires the use of an LDAP system account for resolving authorization information. -|Valid values -a|dbms.security.auth_cache_ttl, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++10m+++ -|=== - -[[config_dbms.security.auth_cache_use_ttl]] -.dbms.security.auth_cache_use_ttl -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Enable time-based eviction of the authentication and authorization info cache for external auth providers (LDAP or plugin). Disabling this setting will make the cache live forever and only be evicted when `<>` is exceeded. -|Valid values -a|dbms.security.auth_cache_use_ttl, a boolean -|Default value -m|+++true+++ -|=== - -[[config_dbms.security.auth_enabled]] -.dbms.security.auth_enabled -[cols="<1s,<4"] -|=== -|Description -a|Enable auth requirement to access Neo4j. -|Valid values -a|dbms.security.auth_enabled, a boolean -|Default value -m|true -|=== - -[[config_config_dbms.security.auth_minimum_password_length]] -.dbms.security.auth_minimum_password_length -[cols="<1s,<4"] -|=== -|Description -a|label:version-number[Neo4j v5.3]The minimum number of characters required in a password. -|Valid values -a|dbms.security.auth_minimum_password_length, an integer -|Default value -m|+++8+++ -|=== - -[[config_dbms.security.auth_lock_time]] -.dbms.security.auth_lock_time -[cols="<1s,<4"] -|=== -|Description -a|The amount of time user account should be locked after a configured number of unsuccessful authentication attempts. The locked out user will not be able to log in until the lock period expires, even if correct credentials are provided. Setting this configuration option to a low value is not recommended because it might make it easier for an attacker to brute force the password. -|Valid values -a|dbms.security.auth_lock_time, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) which is minimum `0s` -|Default value -m|+++5s+++ -|=== - -[[config_dbms.security.auth_max_failed_attempts]] -.dbms.security.auth_max_failed_attempts -[cols="<1s,<4"] -|=== -|Description -a|The maximum number of unsuccessful authentication attempts before imposing a user lock for the configured amount of time, as defined by `<>`.The locked out user will not be able to log in until the lock period expires, even if correct credentials are provided. Setting this configuration option to values less than 3 is not recommended because it might make it easier for an attacker to brute force the password. -|Valid values -a|dbms.security.auth_max_failed_attempts, an integer which is minimum `0` -|Default value -m|+++3+++ -|=== - -[[config_dbms.security.authentication_providers]] -.dbms.security.authentication_providers -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]A list of security authentication providers containing the users and roles. This can be any of the built-in `native` or `ldap` providers, or it can be an externally provided plugin, with a custom name prefixed by `plugin-`, i.e. `plugin-`. They will be queried in the given order when login is attempted. -|Valid values -a|dbms.security.authentication_providers, a ',' separated list with elements of type 'a string'. -|Default value -m|+++native+++ -|=== - -[[config_dbms.security.authorization_providers]] -.dbms.security.authorization_providers -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]A list of security authorization providers containing the users and roles. This can be any of the built-in `native` or `ldap` providers, or it can be an externally provided plugin, with a custom name prefixed by `plugin-`, i.e. `plugin-`. They will be queried in the given order when login is attempted. -|Valid values -a|dbms.security.authorization_providers, a ',' separated list with elements of type 'a string'. -|Default value -m|+++native+++ -|=== - -[[config_dbms.security.cluster_status_auth_enabled]] -.dbms.security.cluster_status_auth_enabled -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Require authorization for access to the Causal Clustering status endpoints. -|Valid values -a|dbms.security.cluster_status_auth_enabled, a boolean -|Default value -m|+++true+++ -|=== - -[[config_dbms.security.http_access_control_allow_origin]] -.dbms.security.http_access_control_allow_origin -[cols="<1s,<4"] -|=== -|Description -a|Value of the Access-Control-Allow-Origin header sent over any HTTP or HTTPS connector. This defaults to '*', which allows broadest compatibility. Note that any URI provided here limits HTTP/HTTPS access to that URI only. -|Valid values -a|dbms.security.http_access_control_allow_origin, a string -|Default value -m|+++*+++ -|=== - -[[config_dbms.security.http_auth_allowlist]] -.dbms.security.http_auth_allowlist -[cols="<1s,<4"] -|=== -|Description -a|Defines an allowlist of http paths where Neo4j authentication is not required. -|Valid values -a|dbms.security.http_auth_allowlist, a ',' separated list with elements of type 'a string'. -|Default value -m|+++/,/browser.*+++ -|=== - -[[config_dbms.security.http_strict_transport_security]] -.dbms.security.http_strict_transport_security -[cols="<1s,<4"] -|=== -|Description -a|Value of the HTTP Strict-Transport-Security (HSTS) response header. This header tells browsers that a webpage should only be accessed using HTTPS instead of HTTP. It is attached to every HTTPS response. Setting is not set by default so 'Strict-Transport-Security' header is not sent. Value is expected to contain directives like 'max-age', 'includeSubDomains' and 'preload'. -|Valid values -a|dbms.security.http_strict_transport_security, a string -|=== - -[[config_dbms.security.key.name]] -.dbms.security.key.name -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Name of the 256 length AES encryption key, which is used for the symmetric encryption. -|Valid values -a|dbms.security.key.name, a string -|Dynamic a|true -|Default value -m|+++aesKey+++ -|=== - -[[config_dbms.security.keystore.password]] -.dbms.security.keystore.password -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Password for accessing the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption. -|Valid values -a|dbms.security.keystore.password, a secure string -|Dynamic a|true -|=== - -[[config_dbms.security.keystore.path]] -.dbms.security.keystore.path -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Location of the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption of secrets held in system database. -|Valid values -a|dbms.security.keystore.path, a path -|Dynamic a|true -|=== - -[[config_dbms.security.ldap.authentication.attribute]] -.dbms.security.ldap.authentication.attribute -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The attribute to use when looking up users. -Using this setting requires `<>` to be true and thus `<>` and `<>` to be configured. -|Valid values -a|dbms.security.ldap.authentication.attribute, a string which matches the pattern `[A-Za-z0-9-]*` (has to be a valid LDAP attribute name, only containing letters [A-Za-z], digits [0-9] and hyphens [-].) -|Dynamic a|true -|Default value -m|+++samaccountname+++ -|=== - -[[config_dbms.security.ldap.authentication.cache_enabled]] -.dbms.security.ldap.authentication.cache_enabled -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Determines if the result of authentication via the LDAP server should be cached or not. Caching is used to limit the number of LDAP requests that have to be made over the network for users that have already been authenticated successfully. A user can be authenticated against an existing cache entry (instead of via an LDAP server) as long as it is alive (see `<>`). -An important consequence of setting this to `true` is that Neo4j then needs to cache a hashed version of the credentials in order to perform credentials matching. This hashing is done using a cryptographic hash function together with a random salt. Preferably a conscious decision should be made if this method is considered acceptable by the security standards of the organization in which this Neo4j instance is deployed. -|Valid values -a|dbms.security.ldap.authentication.cache_enabled, a boolean -|Default value -m|+++true+++ -|=== - -[[config_dbms.security.ldap.authentication.mechanism]] -.dbms.security.ldap.authentication.mechanism -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]LDAP authentication mechanism. This is one of `simple` or a SASL mechanism supported by JNDI, for example `DIGEST-MD5`. `simple` is basic username and password authentication and SASL is used for more advanced mechanisms. See RFC 2251 LDAPv3 documentation for more details. -|Valid values -a|dbms.security.ldap.authentication.mechanism, a string -|Default value -m|+++simple+++ -|=== - -[[config_dbms.security.ldap.authentication.search_for_attribute]] -.dbms.security.ldap.authentication.search_for_attribute -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Perform authentication by searching for an unique attribute of a user. -Using this setting requires `<>` and `<>` to be configured. -|Valid values -a|dbms.security.ldap.authentication.search_for_attribute, a boolean -|Default value -m|+++false+++ -|=== - -[[config_dbms.security.ldap.authentication.user_dn_template]] -.dbms.security.ldap.authentication.user_dn_template -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]LDAP user DN template. An LDAP object is referenced by its distinguished name (DN), and a user DN is an LDAP fully-qualified unique user identifier. This setting is used to generate an LDAP DN that conforms with the LDAP directory's schema from the user principal that is submitted with the authentication token when logging in. The special token {0} is a placeholder where the user principal will be substituted into the DN string. -|Valid values -a|dbms.security.ldap.authentication.user_dn_template, a string which Must be a string containing '{0}' to understand where to insert the runtime authentication principal. -|Dynamic a|true -|Default value -m|+++uid={0},ou=users,dc=example,dc=com+++ -|=== - -[[config_dbms.security.ldap.authorization.access_permitted_group]] -.dbms.security.ldap.authorization.access_permitted_group -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The LDAP group to which a user must belong to get any access to the system.Set this to restrict access to a subset of LDAP users belonging to a particular group. If this is not set, any user to successfully authenticate via LDAP will have access to the PUBLIC role and any other roles assigned to them via <>. -|Valid values -a|dbms.security.ldap.authorization.access_permitted_group, a string -|Dynamic a|true -|Default value -m|++++++ -|=== - -[[config_dbms.security.ldap.authorization.group_membership_attributes]] -.dbms.security.ldap.authorization.group_membership_attributes -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]A list of attribute names on a user object that contains groups to be used for mapping to roles when LDAP authorization is enabled. This setting is ignored when `dbms.ldap_authorization_nested_groups_enabled` is `true`. -|Valid values -a|dbms.security.ldap.authorization.group_membership_attributes, a ',' separated list with elements of type 'a string'. which Can not be empty -|Dynamic a|true -|Default value -m|+++memberOf+++ -|=== - -[[config_dbms.security.ldap.authorization.group_to_role_mapping]] -.dbms.security.ldap.authorization.group_to_role_mapping -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]An authorization mapping from LDAP group names to Neo4j role names. The map should be formatted as a semicolon separated list of key-value pairs, where the key is the LDAP group name and the value is a comma separated list of corresponding role names. For example: group1=role1;group2=role2;group3=role3,role4,role5 -You could also use whitespaces and quotes around group names to make this mapping more readable, for example: ----- -`dbms.security.ldap.authorization.group_to_role_mapping`=\ - "cn=Neo4j Read Only,cn=users,dc=example,dc=com" = reader; \ - "cn=Neo4j Read-Write,cn=users,dc=example,dc=com" = publisher; \ - "cn=Neo4j Schema Manager,cn=users,dc=example,dc=com" = architect; \ - "cn=Neo4j Administrator,cn=users,dc=example,dc=com" = admin ----- -|Valid values -a|dbms.security.ldap.authorization.group_to_role_mapping, a string which must be semicolon separated list of key-value pairs or empty -|Dynamic a|true -|Default value -m|++++++ -|=== - -[[config_dbms.security.ldap.authorization.nested_groups_enabled]] -.dbms.security.ldap.authorization.nested_groups_enabled -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]This setting determines whether multiple LDAP search results will be processed (as is required for the lookup of nested groups). If set to `true` then instead of using attributes on the user object to determine group membership (as specified by `<>`), the `user` object will only be used to determine the user's Distinguished Name, which will subsequently be used with `<>` in order to perform a nested group search. The Distinguished Names of the resultant group search results will be used to determine roles. -|Valid values -a|dbms.security.ldap.authorization.nested_groups_enabled, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_dbms.security.ldap.authorization.nested_groups_search_filter]] -.dbms.security.ldap.authorization.nested_groups_search_filter -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The search template which will be used to find the nested groups which the user is a member of. The filter should contain the placeholder token `{0}` which will be substituted with the user's Distinguished Name (which is found for the specified user principle using `<>`). The default value specifies Active Directory's LDAP_MATCHING_RULE_IN_CHAIN (aka 1.2.840.113556.1.4.1941) implementation which will walk the ancestry of group membership for the specified user. -|Valid values -a|dbms.security.ldap.authorization.nested_groups_search_filter, a string -|Dynamic a|true -|Default value -m|+++(&(objectclass=group)(member:1.2.840.113556.1.4.1941:={0}))+++ -|=== - -[[config_dbms.security.ldap.authorization.system_password]] -.dbms.security.ldap.authorization.system_password -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]An LDAP system account password to use for authorization searches when `<>` is `true`. -|Valid values -a|dbms.security.ldap.authorization.system_password, a secure string -|=== - -[[config_dbms.security.ldap.authorization.system_username]] -.dbms.security.ldap.authorization.system_username -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]An LDAP system account username to use for authorization searches when `<>` is `true`. Note that the `<>` will not be applied to this username, so you may have to specify a full DN. -|Valid values -a|dbms.security.ldap.authorization.system_username, a string -|=== - -[[config_dbms.security.ldap.authorization.use_system_account]] -.dbms.security.ldap.authorization.use_system_account -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Perform LDAP search for authorization info using a system account instead of the user's own account. -If this is set to `false` (default), the search for group membership will be performed directly after authentication using the LDAP context bound with the user's own account. The mapped roles will be cached for the duration of `<>`, and then expire, requiring re-authentication. To avoid frequently having to re-authenticate sessions you may want to set a relatively long auth cache expiration time together with this option. NOTE: This option will only work if the users are permitted to search for their own group membership attributes in the directory. -If this is set to `true`, the search will be performed using a special system account user with read access to all the users in the directory. You need to specify the username and password using the settings `<>` and `<>` with this option. Note that this account only needs read access to the relevant parts of the LDAP directory and does not need to have access rights to Neo4j, or any other systems. -|Valid values -a|dbms.security.ldap.authorization.use_system_account, a boolean -|Default value -m|+++false+++ -|=== - -[[config_dbms.security.ldap.authorization.user_search_base]] -.dbms.security.ldap.authorization.user_search_base -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The name of the base object or named context to search for user objects when LDAP authorization is enabled. A common case is that this matches the last part of `<>`. -|Valid values -a|dbms.security.ldap.authorization.user_search_base, a string which Can not be empty -|Dynamic a|true -|Default value -m|+++ou=users,dc=example,dc=com+++ -|=== - -[[config_dbms.security.ldap.authorization.user_search_filter]] -.dbms.security.ldap.authorization.user_search_filter -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The LDAP search filter to search for a user principal when LDAP authorization is enabled. The filter should contain the placeholder token {0} which will be substituted for the user principal. -|Valid values -a|dbms.security.ldap.authorization.user_search_filter, a string -|Dynamic a|true -|Default value -m|+++(&(objectClass=*)(uid={0}))+++ -|=== - -[[config_dbms.security.ldap.connection_timeout]] -.dbms.security.ldap.connection_timeout -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The timeout for establishing an LDAP connection. If a connection with the LDAP server cannot be established within the given time the attempt is aborted. A value of 0 means to use the network protocol's (i.e., TCP's) timeout value. -|Valid values -a|dbms.security.ldap.connection_timeout, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++30s+++ -|=== - -[[config_dbms.security.ldap.host]] -.dbms.security.ldap.host -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]URL of LDAP server to use for authentication and authorization. The format of the setting is `://:`, where hostname is the only required field. The supported values for protocol are `ldap` (default) and `ldaps`. The default port for `ldap` is 389 and for `ldaps` 636. For example: `ldaps://ldap.example.com:10389`. -You may want to consider using STARTTLS (`<>`) instead of LDAPS for secure connections, in which case the correct protocol is `ldap`. -|Valid values -a|dbms.security.ldap.host, a string -|Default value -m|+++localhost+++ -|=== - -[[config_dbms.security.ldap.read_timeout]] -.dbms.security.ldap.read_timeout -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The timeout for an LDAP read request (i.e. search). If the LDAP server does not respond within the given time the request will be aborted. A value of 0 means wait for a response indefinitely. -|Valid values -a|dbms.security.ldap.read_timeout, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++30s+++ -|=== - -[[config_dbms.security.ldap.referral]] -.dbms.security.ldap.referral -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The LDAP referral behavior when creating a connection. This is one of `follow`, `ignore` or `throw`. -* `follow` automatically follows any referrals -* `ignore` ignores any referrals -* `throw` throws an exception, which will lead to authentication failure. -|Valid values -a|dbms.security.ldap.referral, a string -|Default value -m|+++follow+++ -|=== - -[[config_dbms.security.ldap.use_starttls]] -.dbms.security.ldap.use_starttls -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Use secure communication with the LDAP server using opportunistic TLS. First an initial insecure connection will be made with the LDAP server, and a STARTTLS command will be issued to negotiate an upgrade of the connection to TLS before initiating authentication. -|Valid values -a|dbms.security.ldap.use_starttls, a boolean -|Default value -m|+++false+++ -|=== - -[[config_dbms.security.log_successful_authentication]] -.dbms.security.log_successful_authentication -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Set to log successful authentication events to the security log. If this is set to `false` only failed authentication events will be logged, which could be useful if you find that the successful events spam the logs too much, and you do not require full auditing capability. -|Valid values -a|dbms.security.log_successful_authentication, a boolean -|Default value -m|+++true+++ -|=== - -[[config_dbms.security.oidc.-provider-.audience]] -.dbms.security.oidc..audience -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Expected values of the Audience (aud) claim in the id token. -|Valid values -a|dbms.security.oidc..audience, a ',' separated list with elements of type 'a string'. which Can not be empty -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.auth_endpoint]] -.dbms.security.oidc..auth_endpoint -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The OIDC authorization endpoint. If this is not supplied Neo4j will attempt to discover it from the well_known_discovery_uri. -|Valid values -a|dbms.security.oidc..auth_endpoint, a URI -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.auth_flow]] -.dbms.security.oidc..auth_flow -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The OIDC flow to use. This is exposed to clients via the discovery endpoint. Supported values are `pkce` and `implicit` -|Valid values -a|dbms.security.oidc..auth_flow, one of [PKCE, IMPLICIT] -|Dynamic a|true -|Default value -m|+++PKCE+++ -|=== - -[[config_dbms.security.oidc.-provider-.auth_params]] -.dbms.security.oidc..auth_params -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Optional additional parameters that the auth endpoint requires. Please use params instead. The map is a semicolon separated list of key-value pairs. For example: `k1=v1;k2=v2`. -|Valid values -a|dbms.security.oidc..auth_params, A simple key value map pattern `k1=v1;k2=v2`. -|Dynamic a|true -|Default value -m|+++{}+++ -|Deprecated -a|The `dbms.security.oidc..auth_params` configuration setting has been deprecated. -|=== - -[[config_dbms.security.oidc.-provider-.authorization.group_to_role_mapping]] -.dbms.security.oidc..authorization.group_to_role_mapping -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]An authorization mapping from IdP group names to Neo4j role names. The map should be formatted as a semicolon separated list of key-value pairs, where the key is the IdP group name and the value is a comma separated list of corresponding role names. For example: group1=role1;group2=role2;group3=role3,role4,role5 -You could also use whitespaces and quotes around group names to make this mapping more readable, for example: ----- -dbms.security.oidc..authorization.group_to_role_mapping=\ - "Neo4j Read Only" = reader; \ - "Neo4j Read-Write" = publisher; \ - "Neo4j Schema Manager" = architect; \ - "Neo4j Administrator" = admin ----- -|Valid values -a|dbms.security.oidc..authorization.group_to_role_mapping, a string which must be semicolon separated list of key-value pairs or empty -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.claims.groups]] -.dbms.security.oidc..claims.groups -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The claim to use as the list of groups in Neo4j. These could be Neo4J roles directly, or can be mapped using dbms.security.oidc..authorization.group_to_role_mapping. -|Valid values -a|dbms.security.oidc..claims.groups, a string -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.claims.username]] -.dbms.security.oidc..claims.username -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The claim to use as the username in Neo4j. This would typically be sub, but in some situations it may be be desirable to use something else such as email. -|Valid values -a|dbms.security.oidc..claims.username, a string -|Dynamic a|true -|Default value -m|+++sub+++ -|=== - -[[config_dbms.security.oidc.-provider-.client_id]] -.dbms.security.oidc..client_id -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Client id needed if token contains multiple Audience (aud) claims. -|Valid values -a|dbms.security.oidc..client_id, a string -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.config]] -.dbms.security.oidc..config -[cols="<1s,<4a"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The accepted values (all optional) are: - -* `principal`: in which JWT claim the user's email address is specified, email is the default. This is the value that will be shown in browser. -* `code_challenge_method`: default is `S256` and it's the only supported method at this moment. This setting applies only for pkce auth flow -* `token_type_principal`: the options are almost always either `access_token`, which is the default, or `id_token`. -* `token_type_authentication`: the options are almost always either `access_token`, which is the default, or `id_token`. -* `implicit_flow_requires_nonce`: true or false. Defaults to false. - -|Valid values -a|dbms.security.oidc..config, A simple key value map pattern `k1=v1;k2=v2`. Valid key options are: `[implicit_flow_requires_nonce, token_type_authentication, token_type_principal, principal, code_challenge_method]`. -|Dynamic a|true -|Default value -m|+++{}+++ -|=== - -[[config_dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled]] -.dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled -[cols="<1s,<4"] -|=== -|Description -a|When set to `true`, it logs the claims from the JWT. This will only take effect when the security log level is set to `DEBUG`. + -WARNING: It is strongly advised that this is set to `false` when running in a production environment in order to prevent logging of sensitive information. Also note that the contents of the JWT claims set can change over time because they are dependent entirely upon the ID provider. -|Valid values -a|dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled, a boolean -|Default value -m|+++false+++ -|=== - - -[[config_dbms.security.oidc.-provider-.display_name]] -.dbms.security.oidc..display_name -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The user-facing name of the provider as provided by the discovery endpoint to clients (Bloom, Browser etc.). -|Valid values -a|dbms.security.oidc..display_name, a string -|=== - -[[config_dbms.security.oidc.-provider-.get_groups_from_user_info]] -.dbms.security.oidc..get_groups_from_user_info -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]When turned on, Neo4j gets the groups from the provider user info endpoint. -|Valid values -a|dbms.security.oidc..get_groups_from_user_info, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_dbms.security.oidc.-provider-.get_username_from_user_info]] -.dbms.security.oidc..get_username_from_user_info -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]When turned on, Neo4j gets the username from the provider user info endpoint. -|Valid values -a|dbms.security.oidc..get_username_from_user_info, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_dbms.security.oidc.-provider-.issuer]] -.dbms.security.oidc..issuer -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The expected value of the iss claim in the id token. If this is not supplied Neo4j will attempt to discover it from the well_known_discovery_uri. -|Valid values -a|dbms.security.oidc..issuer, a string -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.jwks_uri]] -.dbms.security.oidc..jwks_uri -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The location of the JWK public key set for the identity provider. If this is not supplied Neo4j will attempt to discover it from the well_known_discovery_uri. -|Valid values -a|dbms.security.oidc..jwks_uri, a URI -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.params]] -.dbms.security.oidc..params -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The map is a semicolon separated list of key-value pairs. For example: `k1=v1;k2=v2`. -The user should at least provide: ----- - client_id: the SSO Idp client idenfifier. - response_type: code if auth_flow is pkce or token for implicit auth_flow. - scope: often containing a subset of 'email profile openid groups'. ----- -For example: `client_id=my-client-id;response_type=code;scope=openid profile email`. -|Valid values -a|dbms.security.oidc..params, A simple key value map pattern `k1=v1;k2=v2`. Required key options are: `[scope, client_id, response_type]`. -|Dynamic a|true -|Default value -m|+++{}+++ -|=== - -[[config_dbms.security.oidc.-provider-.token_endpoint]] -.dbms.security.oidc..token_endpoint -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The OIDC token endpoint. If this is not supplied Neo4j will attempt to discover it from the well_known_discovery_uri. -|Valid values -a|dbms.security.oidc..token_endpoint, a URI -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.token_params]] -.dbms.security.oidc..token_params -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Optional query parameters that the token endpoint requires. The map is a semicolon separated list of key-value pairs. For example: `k1=v1;k2=v2`.If the token endpoint requires a client_secret then this parameter should contain `client_secret=super-secret` -|Valid values -a|dbms.security.oidc..token_params, A simple key value map pattern `k1=v1;k2=v2`. -|Dynamic a|true -|Default value -m|+++{}+++ -|=== - -[[config_dbms.security.oidc.-provider-.user_info_uri]] -.dbms.security.oidc..user_info_uri -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The identity providers user info uri. -|Valid values -a|dbms.security.oidc..user_info_uri, a URI -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.well_known_discovery_uri]] -.dbms.security.oidc..well_known_discovery_uri -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The 'well known' OpenID Connect Discovery endpoint used to fetch identity provider settings. If not provided, `issuer`, `jwks_uri`, `auth_endpoint` should be present. If the auth_flow is pkce, `token_endpoint` should also be provided. -|Valid values -a|dbms.security.oidc..well_known_discovery_uri, a URI -|Dynamic a|true -|=== - -[[config_dbms.security.procedures.allowlist]] -.dbms.security.procedures.allowlist -[cols="<1s,<4"] -|=== -|Description -a|A list of procedures (comma separated) that are to be loaded. The list may contain both fully-qualified procedure names, and partial names with the wildcard '*'. If this setting is left empty no procedures will be loaded. -|Valid values -a|dbms.security.procedures.allowlist, a ',' separated list with elements of type 'a string'. -|Default value -m|+++*+++ -|=== - -[[config_dbms.security.procedures.unrestricted]] -.dbms.security.procedures.unrestricted -[cols="<1s,<4"] -|=== -|Description -a|A list of procedures and user defined functions (comma separated) that are allowed full access to the database. The list may contain both fully-qualified procedure names, and partial names with the wildcard '*'. Note that this enables these procedures to bypass security. Use with caution. -|Valid values -a|dbms.security.procedures.unrestricted, a ',' separated list with elements of type 'a string'. -|Default value -m|++++++ -|=== - -[[config_initial.dbms.database_allocator]] -.initial.dbms.database_allocator -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Name of the initial database allocator. After the creation of the dbms it can be set with the 'dbms.setDatabaseAllocator' procedure. -|Valid values -a|initial.dbms.database_allocator, a string -|Default value -m|+++EQUAL_NUMBERS+++ -|=== - -[[config_initial.dbms.default_database]] -.initial.dbms.default_database -[cols="<1s,<4"] -|=== -|Description -a|Name of the default database (aliases are not supported). -|Valid values -a|initial.dbms.default_database, A valid database name containing only alphabetic characters, numbers, dots and dashes with a length between 3 and 63 characters, starting with an alphabetic character but not with the name 'system' -|Default value -m|+++neo4j+++ -|=== - -[[config_initial.dbms.default_primaries_count]] -.initial.dbms.default_primaries_count -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Initial default number of primary instances of user databases. If the user does not specify the number of primaries in 'CREATE DATABASE', this value will be used, unless it is overwritten with the 'dbms.setDefaultAllocationNumbers' procedure. -|Valid values -a|initial.dbms.default_primaries_count, an integer which is minimum `1` and is maximum `11`. -The same value applies to runtime max number. -|Default value -m|+++1+++ -|=== - -[[config_initial.dbms.default_secondaries_count]] -.initial.dbms.default_secondaries_count -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Initial default number of secondary instances of user databases. If the user does not specify the number of secondaries in 'CREATE DATABASE', this value will be used, unless it is overwritten with the 'dbms.setDefaultAllocationNumbers' procedure. -|Valid values -a|initial.dbms.default_secondaries_count, an integer which is minimum `0` and is maximum `20`. -The same value applies to runtime max number. -|Default value -m|+++0+++ -|=== - -[[config_initial.server.allowed_databases]] -.initial.server.allowed_databases -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The names of databases that are allowed on this server - all others are denied. Empty means all are allowed. Can be overridden when enabling the server, or altered at runtime, without changing this setting. Exclusive with 'server.initial_denied_databases' -|Valid values -a|initial.server.allowed_databases, a ',' separated set with elements of type 'a string'. -|Default value -m|++++++ -|=== - -[[config_initial.server.denied_databases]] -.initial.server.denied_databases -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The names of databases that are not allowed on this server. Empty means nothing is denied. Can be overridden when enabling the server, or altered at runtime, without changing this setting. Exclusive with 'server.initial_allowed_databases' -|Valid values -a|initial.server.denied_databases, a ',' separated set with elements of type 'a string'. -|Default value -m|++++++ -|=== - -[[config_initial.server.mode_constraint]] -.initial.server.mode_constraint -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]An instance can restrict itself to allow databases to be hosted only as primaries or secondaries. This setting is the default input for the `ENABLE SERVER` command - the user can overwrite it when executing the procedure. -|Valid values -a|initial.server.mode_constraint, one of [PRIMARY, SECONDARY, NONE] -|Default value -m|+++NONE+++ -|=== - -[[config_server.backup.enabled]] -.server.backup.enabled -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Enable support for running online backups. -|Valid values -a|server.backup.enabled, a boolean -|Default value -m|+++true+++ -|=== - -[[config_server.backup.listen_address]] -.server.backup.listen_address -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Network interface and port for the backup server to listen on. -|Valid values -a|server.backup.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port' -|Default value -m|+++127.0.0.1:6362+++ -|=== - -[[config_server.backup.store_copy_max_retry_time_per_request]] -.server.backup.store_copy_max_retry_time_per_request -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Maximum retry time per request during store copy. Regular store files and indexes are downloaded in separate requests during store copy. This configures the maximum time failed requests are allowed to resend. -|Valid values -a|server.backup.store_copy_max_retry_time_per_request, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++20m+++ -|=== - -[[config_server.bolt.advertised_address]] -.server.bolt.advertised_address -[cols="<1s,<4"] -|=== -|Description -a|Advertised address for this connector. -|Valid values -a|server.bolt.advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address -|Default value -m|+++:7687+++ -|=== - -[[config_server.bolt.connection_keep_alive]] -.server.bolt.connection_keep_alive -[cols="<1s,<4"] -|=== -|Description -a|The maximum time to wait before sending a NOOP on connections waiting for responses from active ongoing queries.The minimum value is 1 millisecond. -|Valid values -a|server.bolt.connection_keep_alive, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) which is minimum `1ms` -|Default value -m|1m -|=== - -[[config_server.bolt.connection_keep_alive_for_requests]] -.server.bolt.connection_keep_alive_for_requests -[cols="<1s,<4"] -|=== -|Description -a|The type of messages to enable keep-alive messages for (ALL, STREAMING or OFF) -|Valid values -a|server.bolt.connection_keep_alive_for_requests, one of [ALL, STREAMING, OFF] -|Default value -m|STREAMING -|=== - -[[config_server.bolt.connection_keep_alive_probes]] -.server.bolt.connection_keep_alive_probes -[cols="<1s,<4"] -|=== -|Description -a|The total amount of probes to be missed before a connection is considered stale.The minimum for this value is 1. -|Valid values -a|server.bolt.connection_keep_alive_probes, an integer which is minimum `1` -|Default value -m|2 -|=== - -[[config_server.bolt.connection_keep_alive_streaming_scheduling_interval]] -.server.bolt.connection_keep_alive_streaming_scheduling_interval -[cols="<1s,<4"] -|=== -|Description -a|The interval between every scheduled keep-alive check on all connections with active queries. Zero duration turns off keep-alive service. -|Valid values -a|server.bolt.connection_keep_alive_streaming_scheduling_interval, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) which is minimum `0s` -|Default value -m|1m -|=== - -[[config_server.bolt.enabled]] -.server.bolt.enabled -[cols="<1s,<4"] -|=== -|Description -a|Enable the bolt connector. -|Valid values -a|server.bolt.enabled, a boolean -|Default value -m|true -|=== - -[[config_server.bolt.listen_address]] -.server.bolt.listen_address -[cols="<1s,<4"] -|=== -|Description -a|Address the connector should bind to. -|Valid values -a|server.bolt.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address -|Default value -m|+++:7687+++ -|=== - -[[config_server.bolt.ocsp_stapling_enabled]] -.server.bolt.ocsp_stapling_enabled -[cols="<1s,<4"] -|=== -|Description -a|Enable server OCSP stapling for bolt and http connectors. -|Valid values -a|server.bolt.ocsp_stapling_enabled, a boolean -|Default value -m|false -|=== - -[[config_server.bolt.thread_pool_keep_alive]] -.server.bolt.thread_pool_keep_alive -[cols="<1s,<4"] -|=== -|Description -a|The maximum time an idle thread in the thread pool bound to this connector will wait for new tasks. -|Valid values -a|server.bolt.thread_pool_keep_alive, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++5m+++ -|=== - -[[config_server.bolt.thread_pool_max_size]] -.server.bolt.thread_pool_max_size -[cols="<1s,<4"] -|=== -|Description -a|The maximum number of threads allowed in the thread pool bound to this connector. -|Valid values -a|server.bolt.thread_pool_max_size, an integer -|Default value -m|+++400+++ -|=== - -[[config_server.bolt.thread_pool_min_size]] -.server.bolt.thread_pool_min_size -[cols="<1s,<4"] -|=== -|Description -a|The number of threads to keep in the thread pool bound to this connector, even if they are idle. -|Valid values -a|server.bolt.thread_pool_min_size, an integer -|Default value -m|+++5+++ -|=== - -[[config_server.bolt.tls_level]] -.server.bolt.tls_level -[cols="<1s,<4"] -|=== -|Description -a|Encryption level to require this connector to use. -|Valid values -a|server.bolt.tls_level, one of [REQUIRED, OPTIONAL, DISABLED] -|Default value -m|+++DISABLED+++ -|=== - -[[config_server.cluster.advertised_address]] -.server.cluster.advertised_address -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Advertised hostname/IP address and port for the transaction shipping server. -|Valid values -a|server.cluster.advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address -|Default value -m|+++:6000+++ -|=== - -[[config_server.cluster.catchup.connect_randomly_to_server_group]] -.server.cluster.catchup.connect_randomly_to_server_group -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Comma separated list of groups to be used by the connect-randomly-to-server-group selection strategy. The connect-randomly-to-server-group strategy is used if the list of strategies (`<>`) includes the value `connect-randomly-to-server-group`. -|Valid values -a|server.cluster.catchup.connect_randomly_to_server_group, a ',' separated list with elements of type 'a string identifying a Server Tag'. -|Dynamic a|true -|Default value -m|++++++ -|=== - -[[config_server.cluster.catchup.upstream_strategy]] -.server.cluster.catchup.upstream_strategy -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]An ordered list in descending preference of the strategy which secondaries use to choose the upstream server from which to pull transactional updates. If none are valid or the list is empty, there is a default strategy of `typically-connect-to-random-secondary`. -|Valid values -a|server.cluster.catchup.upstream_strategy, a ',' separated list with elements of type 'a string'. -|Default value -m|++++++ -|=== - -[[config_server.cluster.catchup.user_defined_upstream_strategy]] -.server.cluster.catchup.user_defined_upstream_strategy -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Configuration of a user-defined upstream selection strategy. The user-defined strategy is used if the list of strategies (`<>`) includes the value `user_defined`. -|Valid values -a|server.cluster.catchup.user_defined_upstream_strategy, a string -|Default value -m|++++++ -|=== - -[[config_server.cluster.listen_address]] -.server.cluster.listen_address -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Network interface and port for the transaction shipping server to listen on. Please note that it is also possible to run the backup client against this port so always limit access to it via the firewall and configure an ssl policy. -|Valid values -a|server.cluster.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address -|Default value -m|+++:6000+++ -|=== - -[[config_server.cluster.network.native_transport_enabled]] -.server.cluster.network.native_transport_enabled -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Use native transport if available. Epoll for Linux or Kqueue for MacOS/BSD. If this setting is set to false, or if native transport is not available, Nio transport will be used. -|Valid values -a|server.cluster.network.native_transport_enabled, a boolean -|Default value -m|+++true+++ -|=== - -[[config_server.cluster.raft.advertised_address]] -.server.cluster.raft.advertised_address -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Advertised hostname/IP address and port for the RAFT server. -|Valid values -a|server.cluster.raft.advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address -|Default value -m|+++:7000+++ -|=== - -[[config_server.cluster.raft.listen_address]] -.server.cluster.raft.listen_address -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Network interface and port for the RAFT server to listen on. -|Valid values -a|server.cluster.raft.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address -|Default value -m|+++:7000+++ -|=== - -[[config_server.cluster.system_database_mode]] -.server.cluster.system_database_mode -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Users must manually specify the mode for the system database on each instance. -|Valid values -a|server.cluster.system_database_mode, one of [PRIMARY, SECONDARY] -|Default value -m|+++PRIMARY+++ -|=== - -[[config_server.config.strict_validation.enabled]] -.server.config.strict_validation.enabled -[cols="<1s,<4"] -|=== -|Description -a|A strict configuration validation will prevent the database from starting up if unknown configuration options are specified in the neo4j settings namespace (such as dbms., cypher., etc) or if settings are declared multiple times. -|Valid values -a|server.config.strict_validation.enabled, a boolean -|Default value -m|+++true+++ -|=== - -[[config_server.databases.default_to_read_only]] -.server.databases.default_to_read_only -[cols="<1s,<4"] -|=== -|Description -a|Whether or not any database on this instance are read_only by default. If false, individual databases may be marked as read_only using server.database.read_only. If true, individual databases may be marked as writable using <>. -|Valid values -a|server.databases.default_to_read_only, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_server.databases.read_only]] -.server.databases.read_only -[cols="<1s,<4"] -|=== -|Description -a|List of databases for which to prevent write queries. Databases not included in this list maybe read_only anyway depending upon the value of <>. -|Valid values -a|server.databases.read_only, a ',' separated set with elements of type 'A valid database name containing only alphabetic characters, numbers, dots and dashes with a length between 3 and 63 characters, starting with an alphabetic character but not with the name 'system''. which Value 'system' can't be included in read only databases collection! -|Dynamic a|true -|Default value -m|++++++ -|=== - -[[config_server.databases.writable]] -.server.databases.writable -[cols="<1s,<4"] -|=== -|Description -a|List of databases for which to allow write queries. Databases not included in this list will allow write queries anyway, unless <> is set to true. -|Valid values -a|server.databases.writable, a ',' separated set with elements of type 'A valid database name containing only alphabetic characters, numbers, dots and dashes with a length between 3 and 63 characters, starting with an alphabetic character but not with the name 'system''. -|Dynamic a|true -|Default value -m|++++++ -|=== - -[[config_server.db.query_cache_size]] -.server.db.query_cache_size -[cols="<1s,<4"] -|=== -|Description -a|The number of cached Cypher query execution plans per database. The max number of query plans that can be kept in cache is the `number of databases` * ``server.db.query_cache_size``. With 10 databases and ``server.db.query_cache_size``=1000, the caches can keep 10000 plans in total on the instance, assuming that each DB receives queries that fill up its cache. -|Valid values -a|server.db.query_cache_size, an integer which is minimum `0` -|Default value -m|+++1000+++ -|=== - -[[config_server.default_advertised_address]] -.server.default_advertised_address -[cols="<1s,<4"] -|=== -|Description -a|Default hostname or IP address the server uses to advertise itself. -|Valid values -a|server.default_advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which has no specified port and accessible address -|Default value -m|+++localhost+++ -|=== - -[[config_server.default_listen_address]] -.server.default_listen_address -[cols="<1s,<4"] -|=== -|Description -a|Default network interface to listen for incoming connections. To listen for connections on all interfaces, use "0.0.0.0". -|Valid values -a|server.default_listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which has no specified port -|Default value -m|+++localhost+++ -|=== - -[[config_server.directories.cluster_state]] -.server.directories.cluster_state -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Directory to hold cluster state including Raft log. -|Valid values -a|server.directories.cluster_state, a path. If relative it is resolved from server.directories.data -|Default value -m|+++cluster-state+++ -|=== - -[[config_server.directories.data]] -.server.directories.data -[cols="<1s,<4"] -|=== -|Description -a|Path of the data directory. You must not configure more than one Neo4j installation to use the same data directory. -|Valid values -a|server.directories.data, a path. If relative it is resolved from server.directories.neo4j_home -|Default value -m|+++data+++ -|=== - -[[config_server.directories.dumps.root]] -.server.directories.dumps.root -[cols="<1s,<4"] -|=== -|Description -a|Root location where Neo4j will store database dumps optionally produced when dropping said databases. -|Valid values -a|server.directories.dumps.root, a path. If relative it is resolved from server.directories.data -|Default value -m|+++dumps+++ -|=== - -[[config_server.directories.import]] -.server.directories.import -[cols="<1s,<4"] -|=== -|Description -a|Sets the root directory for file URLs used with the Cypher `LOAD CSV` clause. This should be set to a directory relative to the Neo4j installation path, restricting access to only those files within that directory and its subdirectories. For example the value "import" will only enable access to files within the 'import' folder. Removing this setting will disable the security feature, allowing all files in the local system to be imported. Setting this to an empty field will allow access to all files within the Neo4j installation folder. -|Valid values -a|server.directories.import, a path. If relative it is resolved from server.directories.neo4j_home -|=== - -[[config_server.directories.lib]] -.server.directories.lib -[cols="<1s,<4"] -|=== -|Description -a|Path of the lib directory. -|Valid values -a|server.directories.lib, a path. If relative it is resolved from server.directories.neo4j_home -|Default value -m|+++lib+++ -|=== - -[[config_server.directories.licenses]] -.server.directories.licenses -[cols="<1s,<4"] -|=== -|Description -a|Path of the licenses directory. -|Valid values -a|server.directories.licenses, a path. If relative it is resolved from server.directories.neo4j_home -|Default value -m|+++licenses+++ -|=== - -[[config_server.directories.logs]] -.server.directories.logs -[cols="<1s,<4"] -|=== -|Description -a|Path of the logs directory. -|Valid values -a|server.directories.logs, a path. If relative it is resolved from server.directories.neo4j_home -|Default value -m|+++logs+++ -|=== - -[[config_server.directories.metrics]] -.server.directories.metrics -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The target location of the CSV files: a path to a directory wherein a CSV file per reported field will be written. -|Valid values -a|server.directories.metrics, a path. If relative it is resolved from server.directories.neo4j_home -|Default value -m|+++metrics+++ -|=== - -[[config_server.directories.neo4j_home]] -.server.directories.neo4j_home -[cols="<1s,<4"] -|=== -|Description -a|Root relative to which directory settings are resolved. Calculated and set by the server on startup. -|Valid values -a|server.directories.neo4j_home, a path which is absolute -|Default value -m|Defaults to current working directory -|=== - -[[config_server.directories.plugins]] -.server.directories.plugins -[cols="<1s,<4"] -|=== -|Description -a|Location of the database plugin directory. Compiled Java JAR files that contain database procedures will be loaded if they are placed in this directory. -|Valid values -a|server.directories.plugins, a path. If relative it is resolved from server.directories.neo4j_home -|Default value -m|+++plugins+++ -|=== - -[[config_server.directories.run]] -.server.directories.run -[cols="<1s,<4"] -|=== -|Description -a|Path of the run directory. This directory holds Neo4j's runtime state, such as a pidfile when it is running in the background. The pidfile is created when starting neo4j and removed when stopping it. It may be placed on an in-memory filesystem such as tmpfs. -|Valid values -a|server.directories.run, a path. If relative it is resolved from server.directories.neo4j_home -|Default value -m|+++run+++ -|=== - -[[config_server.directories.script.root]] -.server.directories.script.root -[cols="<1s,<4"] -|=== -|Description -a|Root location where Neo4j will store scripts for configured databases. -|Valid values -a|server.directories.script.root, a path. If relative it is resolved from server.directories.data -|Default value -m|+++scripts+++ -|=== - -[[config_server.directories.transaction.logs.root]] -.server.directories.transaction.logs.root -[cols="<1s,<4"] -|=== -|Description -a|Root location where Neo4j will store transaction logs for configured databases. -|Valid values -a|server.directories.transaction.logs.root, a path. If relative it is resolved from server.directories.data -|Default value -m|+++transactions+++ -|=== - -[[config_server.discovery.advertised_address]] -.server.discovery.advertised_address -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Advertised cluster member discovery management communication. -|Valid values -a|server.discovery.advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address -|Default value -m|+++:5000+++ -|=== - -[[config_server.discovery.listen_address]] -.server.discovery.listen_address -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Host and port to bind the cluster member discovery management communication. -|Valid values -a|server.discovery.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address -|Default value -m|+++:5000+++ -|=== - -[[config_server.dynamic.setting.allowlist]] -.server.dynamic.setting.allowlist -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]A list of setting name patterns (comma separated) that are allowed to be dynamically changed. The list may contain both full setting names, and partial names with the wildcard '*'. If this setting is left empty all dynamic settings updates will be blocked. -|Valid values -a|server.dynamic.setting.allowlist, a ',' separated list with elements of type 'a string'. -|Default value -m|+++*+++ -|=== - -[[config_server.groups]] -.server.groups -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]A list of tag names for the server used when configuring load balancing and replication policies. -|Valid values -a|server.groups, a ',' separated list with elements of type 'a string identifying a Server Tag'. -|Dynamic a|true -|Default value -m|++++++ -|=== - -[[config_server.http.advertised_address]] -.server.http.advertised_address -[cols="<1s,<4"] -|=== -|Description -a|Advertised address for this connector. -|Valid values -a|server.http.advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address -|Default value -m|+++:7474+++ -|=== - -[[config_server.http.enabled]] -.server.http.enabled -[cols="<1s,<4"] -|=== -|Description -a|Enable the http connector. -|Valid values -a|server.http.enabled, a boolean -|Default value -m|true -|=== - -[[config_server.http.listen_address]] -.server.http.listen_address -[cols="<1s,<4"] -|=== -|Description -a|Address the connector should bind to. -|Valid values -a|server.http.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address -|Default value -m|+++:7474+++ -|=== - -[[config_server.http_enabled_modules]] -.server.http_enabled_modules -[cols="<1s,<4"] -|=== -|Description -a|Defines the set of modules loaded into the Neo4j web server. Options include TRANSACTIONAL_ENDPOINTS, BROWSER, UNMANAGED_EXTENSIONS and ENTERPRISE_MANAGEMENT_ENDPOINTS (if applicable). -|Valid values -a|server.http_enabled_modules, a ',' separated set with elements of type 'one of [TRANSACTIONAL_ENDPOINTS, UNMANAGED_EXTENSIONS, BROWSER, ENTERPRISE_MANAGEMENT_ENDPOINTS]'. -|Default value -m|+++TRANSACTIONAL_ENDPOINTS,UNMANAGED_EXTENSIONS,BROWSER,ENTERPRISE_MANAGEMENT_ENDPOINTS+++ -|=== - -[[config_server.https.advertised_address]] -.server.https.advertised_address -[cols="<1s,<4"] -|=== -|Description -a|Advertised address for this connector. -|Valid values -a|server.https.advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address -|Default value -m|+++:7473+++ -|=== - -[[config_server.https.enabled]] -.server.https.enabled -[cols="<1s,<4"] -|=== -|Description -a|Enable the https connector. -|Valid values -a|server.https.enabled, a boolean -|Default value -m|+++false+++ -|=== - -[[config_server.https.listen_address]] -.server.https.listen_address -[cols="<1s,<4"] -|=== -|Description -a|Address the connector should bind to. -|Valid values -a|server.https.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address -|Default value -m|+++:7473+++ -|=== - -[[config_server.jvm.additional]] -.server.jvm.additional -[cols="<1s,<4"] -|=== -|Description -a|Additional JVM arguments. Argument order can be significant. To use a Java commercial feature, the argument to unlock commercial features must precede the argument to enable the specific feature in the config value string. For example, to use Flight Recorder, `-XX:+UnlockCommercialFeatures` must come before `-XX:+FlightRecorder`. -|Valid values -a|server.jvm.additional, one or more jvm arguments -|=== - -[[config_server.logs.config]] -.server.logs.config -[cols="<1s,<4"] -|=== -|Description -a|Path to the logging configuration for debug, query, http and security logs. -|Valid values -a|server.logs.config, a path. If relative it is resolved from server.directories.neo4j_home -|Default value -m|+++conf/server-logs.xml+++ -|=== - -[[config_server.logs.debug.enabled]] -.server.logs.debug.enabled -[cols="<1s,<4"] -|=== -|Description -a|Enable the debug log. -|Valid values -a|server.logs.debug.enabled, a boolean -|Default value -m|+++true+++ -|=== - -[[config_server.logs.gc.enabled]] -.server.logs.gc.enabled -[cols="<1s,<4"] -|=== -|Description -a|Enable GC Logging. -|Valid values -a|server.logs.gc.enabled, a boolean -|Default value -m|+++false+++ -|=== - -[[config_server.logs.gc.options]] -.server.logs.gc.options -[cols="<1s,<4"] -|=== -|Description -a|GC Logging Options. -|Valid values -a|server.logs.gc.options, a string -|Default value -m|+++-Xlog:gc*,safepoint,age*=trace+++ -|=== - -[[config_server.logs.gc.rotation.keep_number]] -.server.logs.gc.rotation.keep_number -[cols="<1s,<4"] -|=== -|Description -a|Number of GC logs to keep. -|Valid values -a|server.logs.gc.rotation.keep_number, an integer -|Default value -m|+++5+++ -|=== - -[[config_server.logs.gc.rotation.size]] -.server.logs.gc.rotation.size -[cols="<1s,<4"] -|=== -|Description -a|Size of each GC log that is kept. -|Valid values -a|server.logs.gc.rotation.size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) -|Default value -m|+++20.00MiB+++ -|=== - -[[config_server.logs.user.config]] -.server.logs.user.config -[cols="<1s,<4"] -|=== -|Description -a|Path to the logging configuration of user logs. -|Valid values -a|server.logs.user.config, a path. If relative it is resolved from server.directories.neo4j_home -|Default value -m|+++conf/user-logs.xml+++ -|=== - -[[config_server.max_databases]] -.server.max_databases -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The maximum number of databases. -|Valid values -a|server.max_databases, a long which is minimum `2` -|Default value -m|+++100+++ -|=== - -[[config_server.memory.heap.initial_size]] -.server.memory.heap.initial_size -[cols="<1s,<4"] -|=== -|Description -a|Initial heap size. By default it is calculated based on available system resources. -|Valid values -a|server.memory.heap.initial_size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) -|=== - -[[config_server.memory.heap.max_size]] -.server.memory.heap.max_size -[cols="<1s,<4"] -|=== -|Description -a|Maximum heap size. By default it is calculated based on available system resources. -|Valid values -a|server.memory.heap.max_size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) -|=== - -[[config_server.memory.off_heap.block_cache_size]] -.server.memory.off_heap.block_cache_size -[cols="<1s,<4"] -|=== -|Description -a|Defines the size of the off-heap memory blocks cache. The cache will contain this number of blocks for each block size that is power of two. Thus, maximum amount of memory used by blocks cache can be calculated as 2 * <> * `server.memory.off_heap.block_cache_size` -|Valid values -a|server.memory.off_heap.block_cache_size, an integer which is minimum `16` -|Default value -m|+++128+++ -|=== - -[[config_server.memory.off_heap.max_cacheable_block_size]] -.server.memory.off_heap.max_cacheable_block_size -[cols="<1s,<4"] -|=== -|Description -a|Defines the maximum size of an off-heap memory block that can be cached to speed up allocations. The value must be a power of 2. -|Valid values -a|server.memory.off_heap.max_cacheable_block_size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `4.00KiB` and is power of 2 -|Default value -m|+++512.00KiB+++ -|=== - -[[config_server.memory.off_heap.max_size]] -.server.memory.off_heap.max_size -[cols="<1s,<4"] -|=== -|Description -a|The maximum amount of off-heap memory that can be used to store transaction state data; it's a total amount of memory shared across all active transactions. Zero means 'unlimited'. Used when <> is set to 'OFF_HEAP'. -|Valid values -a|server.memory.off_heap.max_size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `0B` -|Default value -m|+++2.00GiB+++ -|=== - -[[config_server.memory.pagecache.directio]] -.server.memory.pagecache.directio -[cols="<1s,<4"] -|=== -|Description -a|Use direct I/O for page cache. Setting is supported only on Linux and only for a subset of record formats that use platform aligned page size. -|Valid values -a|server.memory.pagecache.directio, a boolean -|Default value -m|+++false+++ -|=== - -[[config_server.memory.pagecache.flush.buffer.enabled]] -.server.memory.pagecache.flush.buffer.enabled -[cols="<1s,<4"] -|=== -|Description -a|Page cache can be configured to use a temporal buffer for flushing purposes. It is used to combine, if possible, sequence of several cache pages into one bigger buffer to minimize the number of individual IOPS performed and better utilization of available I/O resources, especially when those are restricted. -|Valid values -a|server.memory.pagecache.flush.buffer.enabled, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_server.memory.pagecache.flush.buffer.size_in_pages]] -.server.memory.pagecache.flush.buffer.size_in_pages -[cols="<1s,<4"] -|=== -|Description -a|Page cache can be configured to use a temporal buffer for flushing purposes. It is used to combine, if possible, sequence of several cache pages into one bigger buffer to minimize the number of individual IOPS performed and better utilization of available I/O resources, especially when those are restricted. Use this setting to configure individual file flush buffer size in pages (8KiB). To be able to utilize this buffer during page cache flushing, buffered flush should be enabled. -|Valid values -a|server.memory.pagecache.flush.buffer.size_in_pages, an integer which is in the range `1` to `512` -|Dynamic a|true -|Default value -m|+++128+++ -|=== - -[[config_server.memory.pagecache.scan.prefetchers]] -.server.memory.pagecache.scan.prefetchers -[cols="<1s,<4"] -|=== -|Description -a|The maximum number of worker threads to use for pre-fetching data when doing sequential scans. Set to '0' to disable pre-fetching for scans. -|Valid values -a|server.memory.pagecache.scan.prefetchers, an integer which is in the range `0` to `255` -|Default value -m|+++4+++ -|=== - -[[config_server.memory.pagecache.size]] -.server.memory.pagecache.size -[cols="<1s,<4"] -|=== -|Description -a|The amount of memory to use for mapping the store files. If Neo4j is running on a dedicated server, then it is generally recommended to leave about 2-4 gigabytes for the operating system, give the JVM enough heap to hold all your transaction state and query context, and then leave the rest for the page cache. If no page cache memory is configured, then a heuristic setting is computed based on available system resources. -|Valid values -a|server.memory.pagecache.size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) -|Default value -m|By default the size of page cache will be 50% och available RAM minus the max heap size.The size of the page cache will also not be larger than 70x the max heap size (due to some overhead of the page cache in the heap. -|=== - -[[config_server.metrics.csv.enabled]] -.server.metrics.csv.enabled -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Set to `true` to enable exporting metrics to CSV files. -|Valid values -a|server.metrics.csv.enabled, a boolean -|Default value -m|+++true+++ -|=== - -[[config_server.metrics.csv.interval]] -.server.metrics.csv.interval -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The reporting interval for the CSV files. That is, how often new rows with numbers are appended to the CSV files. -|Valid values -a|server.metrics.csv.interval, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) which is minimum `1ms` -|Default value -m|+++30s+++ -|=== - -[[config_server.metrics.csv.rotation.compression]] -.server.metrics.csv.rotation.compression -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Decides what compression to use for the csv history files. -|Valid values -a|server.metrics.csv.rotation.compression, one of [NONE, ZIP, GZ] -|Default value -m|+++NONE+++ -|=== - -[[config_server.metrics.csv.rotation.keep_number]] -.server.metrics.csv.rotation.keep_number -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Maximum number of history files for the csv files. -|Valid values -a|server.metrics.csv.rotation.keep_number, an integer which is minimum `1` -|Default value -m|+++7+++ -|=== - -[[config_server.metrics.csv.rotation.size]] -.server.metrics.csv.rotation.size -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The file size in bytes at which the csv files will auto-rotate. If set to zero then no rotation will occur. Accepts a binary suffix `k`, `m` or `g`. -|Valid values -a|server.metrics.csv.rotation.size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is in the range `0B` to `8388608.00TiB` -|Default value -m|+++10.00MiB+++ -|=== - -[[config_server.metrics.enabled]] -.server.metrics.enabled -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Enable metrics. Setting this to `false` will to turn off all metrics. -|Valid values -a|server.metrics.enabled, a boolean -|Default value -m|+++true+++ -|=== - -[[config_server.metrics.filter]] -.server.metrics.filter -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Specifies which metrics should be enabled by using a comma separated list of globbing patterns. Only the metrics matching the filter will be enabled. For example `\*check_point*,neo4j.page_cache.evictions` will enable any checkpoint metrics and the pagecache eviction metric. -|Valid values -a|server.metrics.filter, a ',' separated list with elements of type 'A simple globbing pattern that can use `*` and `?`.'. -|Default value -m|+++*bolt.connections*,*bolt.messages_received*,*bolt.messages_started*,*dbms.pool.bolt.free,*dbms.pool.bolt.total_size,*dbms.pool.bolt.total_used,*dbms.pool.bolt.used_heap,*cluster.core.is_leader,*cluster.core.last_leader_message,*cluster.core.replication_attempt,*cluster.core.replication_fail,*cluster.core.last_applied,*cluster.core.last_appended,*check_point.duration,*check_point.total_time,*cypher.replan_events,*ids_in_use*,*pool.transaction.*.total_used,*pool.transaction.*.used_heap,*pool.transaction.*.used_native,*store.size*,*transaction.active_read,*transaction.active_write,*transaction.committed*,*transaction.last_committed_tx_id,*transaction.peak_concurrent,*transaction.rollbacks*,*page_cache.hit*,*page_cache.page_faults,*page_cache.usage_ratio,*vm.file.descriptors.count,*vm.gc.time.*,*vm.heap.used,*vm.memory.buffer.direct.used,*vm.memory.pool.g1_eden_space,*vm.memory.pool.g1_old_gen,*vm.pause_time,*vm.thread*,*db.query.execution*+++ -|=== - -[[config_server.metrics.graphite.enabled]] -.server.metrics.graphite.enabled -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Set to `true` to enable exporting metrics to Graphite. -|Valid values -a|server.metrics.graphite.enabled, a boolean -|Default value -m|+++false+++ -|=== - -[[config_server.metrics.graphite.interval]] -.server.metrics.graphite.interval -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The reporting interval for Graphite. That is, how often to send updated metrics to Graphite. -|Valid values -a|server.metrics.graphite.interval, a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++30s+++ -|=== - -[[config_server.metrics.graphite.server]] -.server.metrics.graphite.server -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The hostname or IP address of the Graphite server. -|Valid values -a|server.metrics.graphite.server, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address -|Default value -m|+++:2003+++ -|=== - -[[config_server.metrics.jmx.enabled]] -.server.metrics.jmx.enabled -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Set to `true` to enable the JMX metrics endpoint. -|Valid values -a|server.metrics.jmx.enabled, a boolean -|Default value -m|+++true+++ -|=== - -[[config_server.metrics.prefix]] -.server.metrics.prefix -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]A common prefix for the reported metrics field names. -|Valid values -a|server.metrics.prefix, a string -|Default value -m|+++neo4j+++ -|=== - -[[config_server.metrics.prometheus.enabled]] -.server.metrics.prometheus.enabled -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Set to `true` to enable the Prometheus endpoint. -|Valid values -a|server.metrics.prometheus.enabled, a boolean -|Default value -m|+++false+++ -|=== - -[[config_server.metrics.prometheus.endpoint]] -.server.metrics.prometheus.endpoint -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The hostname and port to use as Prometheus endpoint. -|Valid values -a|server.metrics.prometheus.endpoint, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address -|Default value -m|+++localhost:2004+++ -|=== - -[[config_server.panic.shutdown_on_panic]] -.server.panic.shutdown_on_panic -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]If there is a Database Management System Panic (an irrecoverable error) should the neo4j process shut down or continue running. Following a DbMS panic it is likely that a significant amount of functionality will be lost. Recovering full functionality will require a Neo4j restart. This feature is available in Neo4j Enterprise Edition. -|Valid values -a|server.panic.shutdown_on_panic, a boolean -|Default value -m|`false` except for Neo4j Enterprise Edition deployments running on Kubernetes where it is `true`. -|=== - -[[config_server.routing.advertised_address]] -.server.routing.advertised_address -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The advertised address for the intra-cluster routing connector. -|Valid values -a|server.routing.advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address -|Default value -m|+++:7688+++ -|=== - -[[config_server.routing.listen_address]] -.server.routing.listen_address -[cols="<1s,<4"] -|=== -|Description -a|The address the routing connector should bind to. -|Valid values -a|server.routing.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address -|Default value -m|+++:7688+++ -|=== - -[[config_server.threads.worker_count]] -.server.threads.worker_count -[cols="<1s,<4"] -|=== -|Description -a|Number of Neo4j worker threads. This setting is only valid for REST, and does not influence bolt-server. It sets the amount of worker threads for the Jetty server used by neo4j-server. This option can be tuned when you plan to execute multiple, concurrent REST requests, with the aim of getting more throughput from the database. Your OS might enforce a lower limit than the maximum value specified here. -|Valid values -a|server.threads.worker_count, an integer which is in the range `1` to `44738` -|Default value -m|Number of available processors, or 500 for machines which have more than 500 processors. -|=== - -[[config_server.unmanaged_extension_classes]] -.server.unmanaged_extension_classes -[cols="<1s,<4"] -|=== -|Description -a|Comma-separated list of = for unmanaged extensions. -|Valid values -a|server.unmanaged_extension_classes, a ',' separated list with elements of type '= string'. -|Default value -m|++++++ -|=== - -[[config_server.windows_service_name]] -.server.windows_service_name -[cols="<1s,<4"] -|=== -|Description -a|Name of the Windows Service managing Neo4j when installed using `neo4j install-service`. Only applicable on Windows OS. Note: This must be unique for each individual installation. -|Valid values -a|server.windows_service_name, a string -|Default value -m|+++neo4j+++ -|=== - From d9ac096d001367e6b6b083a1ab34e8655bbdf859 Mon Sep 17 00:00:00 2001 From: Balazs Lendvai <56266523+gfx54b@users.noreply.github.com> Date: Thu, 2 Feb 2023 14:22:36 +0000 Subject: [PATCH 121/876] It is possible now to go 1->n with primaries. (#431) Co-authored-by: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> --- modules/ROOT/pages/clustering/databases.adoc | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/pages/clustering/databases.adoc b/modules/ROOT/pages/clustering/databases.adoc index 0192e7544..24773ca08 100644 --- a/modules/ROOT/pages/clustering/databases.adoc +++ b/modules/ROOT/pages/clustering/databases.adoc @@ -40,9 +40,7 @@ Like the `CREATE DATABASE` command, this command results in an error if the clus When there is more than one possible permutation of the specified topology, Neo4j uses an allocator to decide how to spread the database across the cluster. This normally happens when the cluster is configured with more servers than the sum of the number of primaries and secondaries for any one database. -It is not possible to automatically transition to or from a topology with a single primary host. -This limitation is due to Raft replication not being present when only a single server is running, i.e. the server is running in _standalone_ or _single mode_. -Attempting to do so results in an error. +It is not possible to automatically transition to a topology with a single primary host. Attempting to do so results in an error. However, it is possible to _manually_ do this transition. The first step is to back up the database, see xref:backup-restore/index.adoc[Backup and restore] for more information. @@ -50,6 +48,9 @@ Once the database is backed up, the next step is to drop the database, see xref: The last step is to either seed a cluster from the backup with the new topology, or to restore the backup on a single server. See xref:clustering/databases.adoc#cluster-seed[Seed a cluster] further on for information on seeding. + Also, it is possible to automatically transition _from_ a topology with a single primary host to multiple primary hosts. +Keep in mind that during such a transition, the database will be unavailable for a short period of time. + // This part can be added back once it has been implemented. // The allocation approach can be specified with the setting `initial.dbms.database_allocator`. // The available options are: From ed81ea22a9d05260381864b1a4fab36a4c991816 Mon Sep 17 00:00:00 2001 From: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> Date: Fri, 3 Feb 2023 08:55:11 +0000 Subject: [PATCH 122/876] more content addressed (#435) --- .../clustering-advanced/multi-data-center-routing.adoc | 7 ++++--- modules/ROOT/pages/clustering/databases.adoc | 7 +++++-- modules/ROOT/pages/clustering/introduction.adoc | 4 ++-- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc b/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc index ac933c0da..82b0327dd 100644 --- a/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc +++ b/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc @@ -24,14 +24,15 @@ This section describes the following: == Introduction When deploying a multi-data center cluster it is often desirable to take advantage of locality to reduce latency and improve performance. -For example, it is preferrable that graph-intensive workloads are executed in the local data center at LAN latencies rather than in a faraway data center at WAN latencies. Neo4j's _load balancing_ and _catchup strategy plugins_ for multi-data center scenarios facilitates precisely this. +For example, it is preferrable that graph-intensive workloads are executed in the local data center at LAN latencies rather than in a faraway data center at WAN latencies. +Neo4j's _load balancing_ and _catchup strategy plugins_ for multi-data center scenarios facilitates precisely this. Neo4j's load balancing is a cooperative system where the driver asks the cluster on a recurring basis where it should direct the different classes of its workload (e.g., writes and reads). This allows the driver to work independently for long stretches of time, yet check back from time to time to adapt to changes such as a new server having been added for increased capacity. There are also failure situations where the driver asks again immediately, when it cannot use any of its allocated servers for example. This is mostly transparent from the perspective of a client. -On the server side, the load balancing behaviors are configured using a simple <>, _DSL_, and exposed under a named _load balancing policy_ which the driver can bind to. +On the server side, the load balancing behaviors are configured using a simple <>, _DSL_, and exposed under a named _load balancing policy_ which the driver can bind to. All server-side configuration is performed on the Primary servers. Catchup strategy plugins are sets of rules that define how secondary servers contact upstream servers in the cluster in order to synchronize transaction logs. @@ -331,7 +332,7 @@ This is equivalent to ending the `server.cluster.catchup.upstream_strategy` conf === Configuring user-defined catchup strategies Neo4j clusters support a small DSL for the configuration of client-cluster load balancing. -This is described in detail in <> and <>. +This is described in detail in <> and <>. The same DSL is used to describe preferences for how a server binds to another server to request transaction updates. The DSL is made available by selecting the `user-defined` catchup strategy as follows: diff --git a/modules/ROOT/pages/clustering/databases.adoc b/modules/ROOT/pages/clustering/databases.adoc index 24773ca08..be94b7a0f 100644 --- a/modules/ROOT/pages/clustering/databases.adoc +++ b/modules/ROOT/pages/clustering/databases.adoc @@ -99,6 +99,7 @@ In this example, the `server01` member is used. neo4j@neo4j$ ./bin/neo4j-admin database restore --from-path=/path/to/foo-backup-dir foo ---- . Find the server ID of `server01` by logging in to Cypher Shell and running `SHOW SERVERS`. +Cross-reference the address to find the server ID. Use any database to connect. + [source, cypher, role=noplay] @@ -116,6 +117,8 @@ SHOW SERVERS; | "8512c9b9-d9e8-48e6-b037-b15b0004ca18" | "localhost:7687" | "Enabled" | "Available" | ["system", "neo4j"] | +------------------------------------------------------------------------------------------------------------+ ---- +In this case, the address for `server01` is `localhost:7687` and thus, the server ID is `8512c9b9-d9e8-48e6-b037-b15b0004ca18`. ++ . On one of the servers, use the `system` database and create the database `foo` using the server ID of `server01`. + [source, cypher, role=noplay] @@ -148,9 +151,9 @@ SHOW DATABASE foo; This method seeds all servers with an identical seed from an external source, specified by the URI. The seed can be either a backup or a dump from an existing database. +The sources of seeds are called _seed providers_. -The mechanism is pluggable, allowing new sources of seeds to be supported. -These are called _seed providers_. +The mechanism is pluggable, allowing new sources of seeds to be supported (see link:https://www.neo4j.com/docs/java-reference/current/extending-neo4j/project-setup/#extending-neo4j-plugin-seed-provider[Java Reference -> Implement custom seed providers] for more information). The product has built-in support for seed from a mounted file system (file), FTP server, HTTP/HTTPS server and Amazon S3. The `URLConnectionSeedProvider` supports the following: diff --git a/modules/ROOT/pages/clustering/introduction.adoc b/modules/ROOT/pages/clustering/introduction.adoc index fb549d012..065274ecf 100644 --- a/modules/ROOT/pages/clustering/introduction.adoc +++ b/modules/ROOT/pages/clustering/introduction.adoc @@ -45,7 +45,7 @@ The remainder of this section assumes a database has multiple primaries. Database primaries achieve high availability by replicating all transactions using the Raft protocol. Raft ensures that the data is safely durable by waiting for a majority of primaries in a database (N/2+1) to acknowledge a transaction, before acknowledging its commit to the end user application. In practice, only one of the multiple primaries execute write transactions from clients. -This writer is elected automatically from amongst a database’s primaries and may change over time. +This writer is elected automatically from amongst a database's primaries and may change over time. The writer primary synchronously replicates writes to the other primaries. The database secondaries replicates the writes asynchronously from more up-to-date members of the cluster. @@ -101,7 +101,7 @@ Consequently, client applications are guaranteed to read their own writes, regar This simplifies interaction with large clusters, allowing clients to treat them as a single (logical) server. ==== -Causal consistency makes it possible to write to databases hosted on servers in primary mode (where data is safe) and read those writes from databases hosted on servers in secondary mode (where graph operations are scaled out). +Causal consistency makes it possible to write to databases hosted on servers in primary mode and read those writes from databases hosted on servers in secondary mode (where graph operations are scaled out). For example, causal consistency guarantees that the write which created a user account is present when that same user subsequently attempts to log in. //image::causal-clustering-drivers.svg[title="Cluster setup with causal consistency via Neo4j drivers", role="middle"] From 54f254b16913738402b8e5101e3f112da7edebc9 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Fri, 3 Feb 2023 09:21:56 +0000 Subject: [PATCH 123/876] Add a note about the need of node property uniqueness constraints (#434) --- .../tools/neo4j-admin/neo4j-admin-import.adoc | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc index e6bc6554c..a7913be9a 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc @@ -470,6 +470,12 @@ neo4j-admin database import incremental [-h] The incremental import command can be used to add: * New nodes with labels and properties. ++ +[WARNING] +==== +Note that you must have node property uniqueness constraints in place for the property key and label combinations that form the primary key, or the uniquely identifiable nodes. +For more information, see <>. +==== * New relationships between existing or new nodes. The incremental import command cannot be used to: @@ -496,7 +502,7 @@ This option requires the database to be stopped. + During this stage, the import tool analyzes the CSV headers and copies the relevant data over to the new increment database path. The import command is run with the option `--stage=prepare` and the database must be stopped. - + ** _build_ stage: + During this stage, the import tool imports the data into the database. @@ -793,14 +799,15 @@ The header contains information for each field, with the format `:` is used for properties and node IDs. In all other cases, the `` part of the field is ignored. -When using incremental import, you will need to have node property uniqueness constraints in place for the property key and label combinations that form the primary key, or the uniquely identifiable nodes. +.Incremental import +[NOTE] +==== +When using <>, you must have node property uniqueness constraints in place for the property key and label combinations that form the primary key, or the uniquely identifiable nodes. For example, importing nodes with a `Person` label that are uniquely identified with a `uuid` property key, the format of the header should be `uuid:ID{label:Person}`. This is also true when working with multiple groups. For example, you can use `uuid:ID(Person){label:Person}`, where the relationship CSV data can refer to different groups for its `:START_ID` and `:END_ID`, just like the full import method. -[NOTE] -==== * For more information on constraints, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/constraints[Cypher Manual -> Constraints]. * For examples of creating property uniqueness constraints, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/constraints/examples/#constraints-examples-node-uniqueness[Cypher Manual -> Node property uniqueness constraints]. ==== From f51d71c55f15070a60e1b37ec948b1039ee962ef Mon Sep 17 00:00:00 2001 From: Stefano Ottolenghi Date: Fri, 3 Feb 2023 10:56:30 +0100 Subject: [PATCH 124/876] Fix broken link in manage-database/configuration (#426) --- modules/ROOT/pages/manage-databases/configuration.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/manage-databases/configuration.adoc b/modules/ROOT/pages/manage-databases/configuration.adoc index 266f145eb..3f2b83e8a 100644 --- a/modules/ROOT/pages/manage-databases/configuration.adoc +++ b/modules/ROOT/pages/manage-databases/configuration.adoc @@ -75,7 +75,7 @@ For example, `main.db` is a valid database name. ==== It is possible to create an alias to refer to an existing database to avoid these restrictions. -For more information, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/aliases#alias-management-create-database-alias,Cypher Manual -> Creating database aliases>> +For more information, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/aliases#alias-management-create-database-alias[Cypher Manual -> Creating database aliases]. For detailed information on Cypher administrative commands, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control[Cypher Manual -> Access Control]. From b8f7cfce2dfe0c0f265ccdc9715b38d78f484ff0 Mon Sep 17 00:00:00 2001 From: Nick Giles <100630647+nick-giles-neo@users.noreply.github.com> Date: Fri, 3 Feb 2023 10:46:10 +0000 Subject: [PATCH 125/876] Write up how creation of the initial default database works (#414) In a cluster, you sometimes get fewer copies than you might expect, so explain why that might be, and recommend that users who care actually create their own default database. --- modules/ROOT/content-nav.adoc | 1 + .../clustering-advanced/default-database.adoc | 61 +++++++++++++++++++ .../clustering/clustering-advanced/index.adoc | 1 + modules/ROOT/pages/clustering/databases.adoc | 7 +++ .../pages/manage-databases/configuration.adoc | 6 ++ .../pages/manage-databases/introduction.adoc | 6 ++ .../ROOT/pages/manage-databases/queries.adoc | 9 ++- 7 files changed, 89 insertions(+), 2 deletions(-) create mode 100644 modules/ROOT/pages/clustering/clustering-advanced/default-database.adoc diff --git a/modules/ROOT/content-nav.adoc b/modules/ROOT/content-nav.adoc index 58b690a7b..a72544343 100644 --- a/modules/ROOT/content-nav.adoc +++ b/modules/ROOT/content-nav.adoc @@ -99,6 +99,7 @@ //** xref:clustering/internals.adoc[] ** xref:clustering/settings.adoc[] ** xref:clustering/clustering-advanced/index.adoc[] +*** xref:clustering/clustering-advanced/default-database.adoc[] *** xref:clustering/clustering-advanced/multi-data-center-routing.adoc[] ** xref:clustering/glossary.adoc[] diff --git a/modules/ROOT/pages/clustering/clustering-advanced/default-database.adoc b/modules/ROOT/pages/clustering/clustering-advanced/default-database.adoc new file mode 100644 index 000000000..98703f2e1 --- /dev/null +++ b/modules/ROOT/pages/clustering/clustering-advanced/default-database.adoc @@ -0,0 +1,61 @@ +[role=enterprise-edition] +[[cluster-default-database]] += Default database in a cluster +:description: This section describers how the creation of the initial default database works in a cluster. + +[[default-database-introduction]] +== Introduction + +The default database, as defined by xref:reference/configuration-settings.adoc#config_initial.dbms.default_database[`initial.dbms.default_database`], is automatically created when the DBMS starts for the first time. +This provides a user database to experiment with immediately. +However, this creation is 'best effort' for reasons explained below, and users are encouraged to create their own default database for production use. +If you create your own default database, even if you just `DROP DATABASE neo4j` and `CREATE DATABASE neo4j`, you do not have to be aware of the complexities below. + +[[default-database-automatic-creation]] +== Automatic default database creation + +The initial default database is created when the DBMS starts for the first time. +It uses the following settings: + +* xref:reference/configuration-settings.adoc#config_initial.dbms.default_database[`initial.dbms.default_database`] -- the name of the database. +* xref:reference/configuration-settings.adoc#config_initial.dbms.default_primaries_count[`initial.dbms.default_primaries_count`] -- the number of primaries requested for the default database. +* xref:reference/configuration-settings.adoc#config_initial.dbms.default_secondaries_count[`initial.dbms.default_secondaries_count`] -- the number of secondaries requested for the default database. + +However, it uses the default primary and secondary counts (topology) as maximums, not as hard requirements. +This is different to normal database creation, where if the requested topology cannot be satisfied, creation fails. +For the automatic creation of the default database alone, if the requested topology cannot be satisfied, you get as many of each hosting type as can be satisfied by the current cluster. +This means you may end up with a default database with as few as one primary and no secondaries, despite the default values being higher. +It is also possible to configure a cluster where automatic creation of the default database is not possible when the DBMS starts up. +In this case, creation fails, a warning is logged, and creation *is not be re-attempted*. + +Automatic creation of the initial default database works as follows: + +* As the cluster starts for the first time, there is a configured threshold for how many servers are required to create the DBMS - `dbms.cluster.minimum_initial_system_primaries_count`. +* Once *a minimum* of this many servers have discovered each other, the `system` database bootstraps, allowing creation of the DBMS. +* The initial default database is created with those servers as the possible hosts. + * If any of the servers block hosting the default database (see xref:reference/configuration-settings.adoc#config_initial.server.denied_databases[`initial.server.denied_databases`]), they are not used. + * If any of the servers restrict the mode they can host a database in, that is obeyed (see xref:reference/configuration-settings.adoc#config_initial.server.mode_constraint[`initial.server.mode_constraint`]). + * If there are too few servers to allocate the requested number of primaries, whichever ones available are used. + If there are zero available primaries, automatic creation fails. + * If there are too few servers remaining after the primary allocation to satisfy the requested number of secondaries, whicever ones available are used. + +Some possible behaviours that may be observed as a result of the above approach: + +* If `initial.dbms.default_primaries_count` is larger than `dbms.cluster.minimum_initial_system_primaries_count`, you are likely to get an initial default database with fewer primaries than the default. +This is because DBMS initialisation only waits for the minimum system primaries. +* If `initial.dbms.default_secondaries_count` plus `initial.dbms.default_primaries_count` is larger than `dbms.cluster.minimum_initial_system_primaries_count`, you are likely to get an initial default database with fewer secondaries than the default. +This is because DBMS initialisation only waits for the minimum number of system primaries. +* If you use `initial.server.denied_databases` to prevent the allocation of your default database to any of your initial servers, you may end up with fewer copies of the database than the default request, and possibly even no default database. +* If you use `initial.server.mode_constraint=SECONDARY` for any of your initial servers, you may end up with fewer primary copies of the database than the default request, and possibly even no default database. + +[[default-database-change-topology]] +== Changing default database topology + +If the default database is initially created for you with a topology different to what you want, you can update it in the same way as any database, see xref:clustering/databases.adoc#alter-topology[Alter topology]. + +[[default-database-create-your-own]] +== Creating your own default database + +Once the DBMS has started, you can create your own database with your specified topology, and make it the default. +See xref:clustering/databases.adoc#cluster-default-database[Change the default database]. +This can replace the existing default database, or have a different name. diff --git a/modules/ROOT/pages/clustering/clustering-advanced/index.adoc b/modules/ROOT/pages/clustering/clustering-advanced/index.adoc index 87b1f2d49..7c0ee915e 100644 --- a/modules/ROOT/pages/clustering/clustering-advanced/index.adoc +++ b/modules/ROOT/pages/clustering/clustering-advanced/index.adoc @@ -6,6 +6,7 @@ This section includes information about advanced deployments of a Neo4j Cluster. * xref:clustering/clustering-advanced/multi-data-center-routing.adoc[Multi-data center routing] -- Information about routing in multi-data center deployments. +* xref:clustering/clustering-advanced/default-database.adoc[Default database in a cluster] -- Details of the creation of the default database in a cluster. For details on the configuration and operation of a Neo4j cluster, see xref:clustering/index.adoc[Clustering]. diff --git a/modules/ROOT/pages/clustering/databases.adoc b/modules/ROOT/pages/clustering/databases.adoc index be94b7a0f..73deb9a9e 100644 --- a/modules/ROOT/pages/clustering/databases.adoc +++ b/modules/ROOT/pages/clustering/databases.adoc @@ -22,6 +22,7 @@ The command can only be executed successfully if the cluster's servers are able If they are not, the command results in an error. For example, if the cluster's servers are set up with mode constraints to contain two primaries and three secondaries, or if only four servers exist, the command fails with an error. +[[alter-topology]] == `ALTER DATABASE` To alter the topology of or read/write access to a database after it has been created, use the command `ALTER DATABASE`. @@ -260,3 +261,9 @@ You can use the procedure <`. . Run `CALL dbms.setDefaultDatabase("newDefaultDatabaseName")` against the `system` database to set the new default database. . Optionally, you can start the previous default database as non-default by using `START DATABASE `. + +[NOTE] +==== +Be aware that the automatically created _initial_ default database may have a different topology to the default configuration values. +See xref:clustering/clustering-advanced/default-database.adoc[Default database in a cluster] for more information. +==== diff --git a/modules/ROOT/pages/manage-databases/configuration.adoc b/modules/ROOT/pages/manage-databases/configuration.adoc index 3f2b83e8a..b4b165557 100644 --- a/modules/ROOT/pages/manage-databases/configuration.adoc +++ b/modules/ROOT/pages/manage-databases/configuration.adoc @@ -107,6 +107,12 @@ In a clustered setup, the value of `initial.dbms.default_database` is only used To change the default database at a later point, see <>. ==== +[NOTE] +==== +Be aware that the automatically created _initial_ default database may have a different topology to the default configuration values. +See xref:clustering/clustering-advanced/default-database.adoc[Default database in a cluster] for more information. +==== + | xref:reference/configuration-settings.adoc#config_server.max_databases[`server.max_databases`] a| Maximum number of databases that can be used in a Neo4j single instance or cluster. diff --git a/modules/ROOT/pages/manage-databases/introduction.adoc b/modules/ROOT/pages/manage-databases/introduction.adoc index d5b593ca4..cf7e9324c 100644 --- a/modules/ROOT/pages/manage-databases/introduction.adoc +++ b/modules/ROOT/pages/manage-databases/introduction.adoc @@ -42,6 +42,12 @@ A default installation of Neo4j {neo4j-version} contains two databases: This has a default name of `neo4j`. A different name can be configured before starting Neo4j for the first time. +[NOTE] +==== +Be aware that the automatically created _initial_ default database may have a different topology to the default configuration values. +See xref:clustering/clustering-advanced/default-database.adoc[Default database in a cluster] for more information. +==== + Composite database:: A composite database is a logical grouping of multiple graphs contained in other, standard databases. + diff --git a/modules/ROOT/pages/manage-databases/queries.adoc b/modules/ROOT/pages/manage-databases/queries.adoc index 4c9271b8a..fcc8c9eb9 100644 --- a/modules/ROOT/pages/manage-databases/queries.adoc +++ b/modules/ROOT/pages/manage-databases/queries.adoc @@ -53,7 +53,6 @@ Or in a cluster: ---- ==== - [[manage-databases-queries-show-databases]] == Show the status of all databases @@ -139,7 +138,13 @@ Or in a cluster: ---- ==== -You can change the default database by using xref:reference/configuration-settings.adoc#config_initial.dbms.default_database[`initial.dbms.default_database`], and restarting the server. +[NOTE] +==== +Be aware that the automatically created _initial_ default database may have a different topology to the default configuration values. +See xref:clustering/clustering-advanced/default-database.adoc[Default database in a cluster] for more information. +==== + +To change the default database, see xref:clustering/databases.adoc#cluster-default-database[Change the default database]. [NOTE] ==== From 18d3f7997f20b098fca19ac264fe893185bd974d Mon Sep 17 00:00:00 2001 From: David Oliver Date: Mon, 6 Feb 2023 09:12:28 +0000 Subject: [PATCH 126/876] Remove errant semi-colon from Cypher example (#438) --- modules/ROOT/pages/monitoring/logging.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/monitoring/logging.adoc b/modules/ROOT/pages/monitoring/logging.adoc index 422f60392..f0edcffa0 100644 --- a/modules/ROOT/pages/monitoring/logging.adoc +++ b/modules/ROOT/pages/monitoring/logging.adoc @@ -875,7 +875,7 @@ MATCH (n:Person) RETURN n LIMIT 5; - {} - runtime=pipelined - {app: 'neo4j-cyph ==== [source, cypher] ---- -CALL tx.setMetaData({app: 'neo4j-browser_v.4.4.0', type: 'user-direct', user: 'jsmith'}); +CALL tx.setMetaData({app: 'neo4j-browser_v.4.4.0', type: 'user-direct', user: 'jsmith'}) MATCH (n:Person) RETURN n LIMIT 5 ---- From 68a4638938a54c2a8369ce3a83f26c4066e39d10 Mon Sep 17 00:00:00 2001 From: Nick Giles <100630647+nick-giles-neo@users.noreply.github.com> Date: Mon, 6 Feb 2023 12:56:16 +0000 Subject: [PATCH 127/876] Remove use of 'servers' when describing initial database counts (#150) The configuration page uses 'instances', and 'servers' is misleading --------- Co-authored-by: AlexicaWright <49636617+AlexicaWright@users.noreply.github.com> --- modules/ROOT/pages/clustering/setup/deploy.adoc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/ROOT/pages/clustering/setup/deploy.adoc b/modules/ROOT/pages/clustering/setup/deploy.adoc index 0af6a4170..7fbced7e5 100644 --- a/modules/ROOT/pages/clustering/setup/deploy.adoc +++ b/modules/ROOT/pages/clustering/setup/deploy.adoc @@ -3,7 +3,7 @@ [[clustering-deploy]] = Deploy a basic cluster -The first step in setting up a cluster infrastructure is configuring a number of servers to form a cluster that you can run your databases on. +The first step in setting up a cluster infrastructure is configuring a number of servers to form a cluster that you can host your databases on. The following configuration settings are important to consider when deploying a new cluster. //Remember to update the settings and link below. See also xref:clustering/settings.adoc[Settings reference] for more detailed descriptions and examples. @@ -25,11 +25,11 @@ Setting this value to `0.0.0.0` makes Neo4j bind to all available network interf The behavior of this setting can be modified by configuring the setting `dbms.cluster.discovery.type`. This is described in detail in xref:clustering/setup/discovery.adoc[] | <> -| The number of initial servers in primary mode. -If not specified, it defaults to one server in primary mode. +| The number of initial database hostings in primary mode. +If not specified, it defaults to one hosting in primary mode. | <> -| The number of initial servers in secondary mode. -If not specified, it defaults to zero servers in secondary mode. +| The number of initial database hostings in secondary mode. +If not specified, it defaults to zero hostings in secondary mode. |=== The following example shows how to set up a basic cluster with three servers with primary hosting capabilities. From 3a54b533b077d889a7a4ea2a5a2ef360abba0a17 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Izabela=20=C5=9Amietana?= Date: Mon, 6 Feb 2023 14:25:53 +0000 Subject: [PATCH 128/876] Update routing decisions for Composite database (#322) Co-authored-by: lidiazuin --- modules/ROOT/content-nav.adoc | 2 + modules/ROOT/images/routing-decisions.svg | 118 ++++++++++++++++++++++ modules/ROOT/pages/routing-decisions.adoc | 56 ++++++++++ 3 files changed, 176 insertions(+) create mode 100644 modules/ROOT/images/routing-decisions.svg create mode 100644 modules/ROOT/pages/routing-decisions.adoc diff --git a/modules/ROOT/content-nav.adoc b/modules/ROOT/content-nav.adoc index a72544343..0380f485a 100644 --- a/modules/ROOT/content-nav.adoc +++ b/modules/ROOT/content-nav.adoc @@ -181,6 +181,8 @@ *** xref:tutorial/tutorial-sso-configuration.adoc[] *** xref:tutorial/tutorial-immutable-privileges.adoc[] +** xref:routing-decisions.adoc[] + // ** xref:clustering-advanced/index.adoc[] // *** xref:clustering-advanced/lifecycle.adoc[] // *** xref:clustering-advanced/multi-data-center/index.adoc[] diff --git a/modules/ROOT/images/routing-decisions.svg b/modules/ROOT/images/routing-decisions.svg new file mode 100644 index 000000000..ade34e97a --- /dev/null +++ b/modules/ROOT/images/routing-decisions.svg @@ -0,0 +1,118 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/modules/ROOT/pages/routing-decisions.adoc b/modules/ROOT/pages/routing-decisions.adoc new file mode 100644 index 000000000..e2a61d482 --- /dev/null +++ b/modules/ROOT/pages/routing-decisions.adoc @@ -0,0 +1,56 @@ +[appendix] +[role=enterprise-edition] +[[appendix-routing-decisions]] += Query routing decisions +:description: This appendix describes in detail how queries are routed to databases for execution. + + +[[appendix-routing-decisions-introduction]] +== Introduction + +A query that arrives at a Neo4j server, over the bolt protocol from a driver, undergoes _query routing_. +Query routing is the process of deciding with which Cypher executor (database) and at which physical location the query should be executed. + +[[appendix-routing-decisions-tree]] +== Routing decision tree + +Before the query is executed, these are the decisions taken during query routing: + +Step 1: Determine the name of the target database:: + Pick the first of these that has a value: +. link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/clauses/use[Cypher `USE` clause] +** Note that link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/databases[administration commands] implicitly have `USE system`. +. link:{neo4j-docs-base-uri}[Driver session database] +. xref:manage-databases/introduction.adoc#manage-databases-default[Home or default database] +Step 2: Reuse open transaction:: +* If there is an already open transaction to the target database, local or remote, then proceed to step 6. +* If not, then proceed to step 3. +Step 3: Determine the type of the target database (execution context type):: +* If the target database is a database in this DBMS, then the context type is _Internal_. +* If the target database is the xref:composite-databases/introduction.adoc[Composite database], then the context type is _Composite_. +** This also allows the query to target multiple databases. +* If the target database is a xref:manage-databases/remote-alias.adoc[Remote Alias], then the context type is _External_. +Step 4: Determine the location of execution:: +* If context type is _Internal_, then ... +** if the URI scheme is `bolt://` (routing disabled), then location is _Local_. +** if transaction mode is `READ`, then ... +*** if the database is hosted on this server, then location is _Local_ +*** if the database is hosted on another sever, then ... +**** if xref:clustering/setup/routing.adoc#clustering-routing[Server-side routing] is xref:reference/configuration-settings.adoc#config_dbms.routing.enabled[enabled], then location is _Remote_ (using the xref:reference/configuration-settings.adoc#config_server.routing.advertised_address[routing advertised address] of that server). +**** if not, then fail. +** if transaction mode is `WRITE`, then ... +*** if the local server is the leader for the database, then location is _Local_. +*** if another server is the leader for the database, then ... +**** if xref:clustering/setup/routing.adoc#clustering-routing[Server-side routing] is xref:reference/configuration-settings.adoc#config_dbms.routing.enabled[enabled], then location is _Remote_ (using the xref:reference/configuration-settings.adoc#config_server.routing.advertised_address[routing advertised address] of that server). +**** if not, then fail. +* If context type is _Composite_, then location is _Local_ (for this part of the query). +* If context type is _External_, then location is _Remote_ (using the xref:manage-databases/remote-alias.adoc[URI and database] given in the configuration). +Step 5: Open a transaction:: +* If location is _Local_, then open a transaction to the database on this server. +* If location is _Remote_, then open a driver transaction to the database using the URI determined in step 4. +Step 6: Execute query:: +* Execute the query in the open transaction. + +[[appendix-routing-decisions-tree-illustrated]] +== Illustrated routing decision tree +image::routing-decisions.svg[width=800, title="Illustrated routing decision tree"] From ecc5365f511710d2bd6c710cbf37a061de917040 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Mon, 6 Feb 2023 16:08:37 +0100 Subject: [PATCH 129/876] Adding admonition about the debug option (#446) As requested. --------- Co-authored-by: Reneta Popova --- modules/ROOT/pages/security/ssl-framework.adoc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/ROOT/pages/security/ssl-framework.adoc b/modules/ROOT/pages/security/ssl-framework.adoc index 8095baeee..43df42a2c 100644 --- a/modules/ROOT/pages/security/ssl-framework.adoc +++ b/modules/ROOT/pages/security/ssl-framework.adoc @@ -1103,6 +1103,12 @@ neo4j@ubuntu:/var/log/neo4j$ journalctl -u neo4j -b > neo4j.log neo4j@ubuntu:/var/log/neo4j$ vi neo4j.log ---- +[WARNING] +==== +Beware that the SSL debug option logs a new statement every time a client connects over SSL, which can make _neo4j.log_ grow large reasonably quickly. +To avoid that scenario, make sure this setting is only enabled for a short term duration. +==== + [[ssl-terminology]] == Terminology From df96f3e36b7267919df6eedd8f1a1e79427b5274 Mon Sep 17 00:00:00 2001 From: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> Date: Tue, 7 Feb 2023 09:11:01 +0100 Subject: [PATCH 130/876] updated terminology to accommodate secondary (#449) --- modules/ROOT/pages/reference/procedures.adoc | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index 1b8da9e4b..941e54630 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -1292,20 +1292,21 @@ m|READ | Description a| The toggle can pause or resume the pulling of new transactions for a specific database. -If paused, the Read Replica does not pull new transactions from the other cluster members for the specific database. -The Read Replica is still available for reads, you can perform a backup, etc. +If paused, the database secondary does not pull new transactions from the other cluster members for the specific database. +The database secondary is still available for reads, you can perform a backup, etc. [TIP] ==== _What is it for?_ You can perform a point in time backup, as the backup will contain only the transactions up to the point where the transaction pulling was paused. +Follow these steps to do so: -. Connect directly to the Read Replica cluster member. (Neo4j Driver use `bolt://` or use the HTTP API). +. Connect directly to the server hosting the database in secondary mode. (Neo4j Driver use `bolt://` or use the HTTP API). . Pause transaction pulling for the specified database. -. Create a point in time backup, see xref:backup-restore/online-backup.adoc[Back up an online database]. +. Back up the database, see xref:backup-restore/online-backup.adoc[Back up an online database]. -If connected directly to a Read Replica, Data Scientists can execute analysis on a specific database that is paused, the data will not unexpectedly change while performing the analysis. +If connected directly to a server hosting a database in secondary mode, Data Scientists can execute analysis on a specific database that is paused, the data will not unexpectedly change while performing the analysis. ==== [NOTE] From e142d365cacb0f95eb324c1aa0106280153e0fe4 Mon Sep 17 00:00:00 2001 From: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> Date: Tue, 7 Feb 2023 09:14:51 +0100 Subject: [PATCH 131/876] added new procedure and notes to deprecate old one in 5.6 (#448) --- modules/ROOT/pages/reference/procedures.adoc | 58 ++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index 941e54630..0ceeb2c8d 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -229,11 +229,18 @@ In 4.2, signature changed to `db.listLocks() :: (mode :: STRING?, resourceType : // New in 4.2 // com.neo4j.causaulclustering.discovery.procedures.ReadReplicaToggleProcedure +//deprecate in 5.6 | xref:reference/procedures.adoc#procedure_dbms_cluster_readreplicatoggle[`dbms.cluster.readReplicaToggle()`] | label:no[] | label:yes[] | label:admin-only[] +// New in 5.6 +// | xref:reference/procedures.adoc#procedure_dbms_cluster_secondaryreplicationtoggle[`dbms.cluster.secondaryReplicationToggle()`] +// | label:no[] +// | label:yes[] +// | label:admin-only[] + // Clustering is an Enterprise feature, the naming is weird. // dbms.routing.getRoutingTable() does the same thing. | xref:reference/procedures.adoc#procedure_dbms_cluster_routing_getroutingtable[`dbms.cluster.routing.getRoutingTable()`] @@ -1285,6 +1292,7 @@ m|READ // m|reader, editor, publisher, architect, admin |=== +//deprecate in 5.6 [[procedure_dbms_cluster_readreplicatoggle]] .dbms.cluster.readReplicaToggle() label:enterprise-edition[] label:admin-only[] [cols="<15s,<85"] @@ -1334,6 +1342,56 @@ m|READ // m|admin |=== +// New in 5.6 +// [[procedure_dbms_cluster_secondaryreplicationtoggle]] +// .dbms.cluster.secondaryReplicationToggle() label:enterprise-edition[] label:admin-only[] +// [cols="<15s,<85"] +// |=== +// | Description +// a| +// The toggle can pause or resume the pulling of new transactions for a specific database. +// If paused, the database secondary does not pull new transactions from the other cluster members for the specific database. +// The database secondary is still available for reads, you can perform a backup, etc. + +// [TIP] +// ==== +// _What is it for?_ + +// You can perform a point-in-time backup, as the backup will contain only the transactions up to the point where the transaction pulling was paused. +// Follow these steps to do so: + +// . Connect directly to the server hosting the database in secondary mode. (Neo4j Driver use `bolt://` or use the HTTP API). +// . Pause transaction pulling for the specified database. +// . Back up the database, see xref:backup-restore/online-backup.adoc[Back up an online database]. + +// If connected directly to a server hosting a database in secondary mode, Data Scientists can execute analysis on a specific database that is paused, the data will not unexpectedly change while performing the analysis. +// ==== + +// [NOTE] +// ==== +// This procedure can only be executed on a database which runs in a secondary role on the connected server. +// ==== + +// .Pause transaction pulling for database `neo4j` +// [source, cypher, role="noheader"] +// ---- +// CALL dbms.cluster.secondaryReplicationToggle("neo4j", true) +// ---- + +// .Resume transaction pulling for database `neo4j` +// [source, cypher, role="noheader"] +// ---- +// CALL dbms.cluster.secondaryReplicationToggle("neo4j", false) +// ---- + +// | Signature +// m|dbms.cluster.secondaryReplicationToggle(databaseName :: STRING?, pause :: BOOLEAN?) :: (state :: STRING?) +// | Mode +// m|READ +// // | Default roles +// // m|admin +// |=== + [[procedure_dbms_cluster_uncordonServer]] .dbms.cluster.uncordonServer() label:enterprise-edition[] label:admin-only[] [cols="<15s,<85"] From 89f1bc30e77d806dd23f784c5c398070ee2cfe1e Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Tue, 7 Feb 2023 11:13:13 +0100 Subject: [PATCH 132/876] Adding more context to why would a user archive cluster state (#421) As requested. --------- Co-authored-by: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> --- modules/ROOT/pages/tools/neo4j-admin/unbind.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/tools/neo4j-admin/unbind.adoc b/modules/ROOT/pages/tools/neo4j-admin/unbind.adoc index 84a0f95d4..1e3e21d38 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/unbind.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/unbind.adoc @@ -86,7 +86,7 @@ To start the Neo4j server in single (standalone) mode after unbinding it from th === Archive cluster state -To archive the cluster state, from the __ folder, run the `neo4j-admin server unbind` command with the arguments `--archive-cluster-state=true` and `--archive-path=`: +If something goes wrong and debugging is needed, you can archive the cluster state, from the __ folder, run the `neo4j-admin server unbind` command with the arguments `--archive-cluster-state=true` and `--archive-path=`: [source, shell] ---- From f39aabbaf286b4e526d25f7a7d6d756bb5e81951 Mon Sep 17 00:00:00 2001 From: Nick Giles <100630647+nick-giles-neo@users.noreply.github.com> Date: Wed, 8 Feb 2023 11:17:39 +0000 Subject: [PATCH 133/876] Rename server.max_databases to dbms.max_databases (#456) This got mistakenly renamed in 5.0, and is in fact a DBMS-wide setting. Given there is a migrator in place to go from dbms -> server, and will be a migrator in place to go from server -> dbms, this change is not specific to any version of the docs, other than being v5. --------- Co-authored-by: AlexicaWright <49636617+AlexicaWright@users.noreply.github.com> --- modules/ROOT/pages/docker/ref-settings.adoc | 3 +++ .../pages/manage-databases/configuration.adoc | 2 +- .../reference/configuration-settings.adoc | 22 +++++++++++++++++-- 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/pages/docker/ref-settings.adoc b/modules/ROOT/pages/docker/ref-settings.adoc index 7a394c519..1a7ea9338 100644 --- a/modules/ROOT/pages/docker/ref-settings.adoc +++ b/modules/ROOT/pages/docker/ref-settings.adoc @@ -337,6 +337,9 @@ For more information on the configuration descriptions, valid values, and defaul | `dbms.logs.http.enabled` | `+NEO4J_dbms_logs_http_enabled+` +| `dbms.max_databases` +| `+NEO4J_dbms._max__databases+` + | `dbms.memory.tracking.enable` | `+NEO4J_dbms_memory_tracking_enable+` diff --git a/modules/ROOT/pages/manage-databases/configuration.adoc b/modules/ROOT/pages/manage-databases/configuration.adoc index b4b165557..a21a8ccec 100644 --- a/modules/ROOT/pages/manage-databases/configuration.adoc +++ b/modules/ROOT/pages/manage-databases/configuration.adoc @@ -113,7 +113,7 @@ Be aware that the automatically created _initial_ default database may have a di See xref:clustering/clustering-advanced/default-database.adoc[Default database in a cluster] for more information. ==== -| xref:reference/configuration-settings.adoc#config_server.max_databases[`server.max_databases`] +| xref:reference/configuration-settings.adoc#config_dbms.max_databases[`dbms.max_databases`] a| Maximum number of databases that can be used in a Neo4j single instance or cluster. The number includes all the online and offline databases. diff --git a/modules/ROOT/pages/reference/configuration-settings.adoc b/modules/ROOT/pages/reference/configuration-settings.adoc index e2d884beb..81c6938a3 100644 --- a/modules/ROOT/pages/reference/configuration-settings.adoc +++ b/modules/ROOT/pages/reference/configuration-settings.adoc @@ -114,6 +114,7 @@ If any of the underlying statistics used to create the plan have changed more th |<>|label:enterprise-edition[Enterprise only]Service port name for discovery for Kubernetes API. |<>|label:enterprise-edition[Enterprise only]File location of token for Kubernetes API. |<>|Enable HTTP request logging. +|<>|label:enterprise-edition[Enterprise only]The maximum number of databases. |<>|Enable off heap and on heap memory tracking. |<>|Limit the amount of memory that all of the running transactions can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). |<>|Netty SSL provider. @@ -280,7 +281,8 @@ If this is set to `false` (default), the search for group membership will be per |<>|Number of GC logs to keep. |<>|Size of each GC log that is kept. |<>|Path to the logging configuration of user logs. -|<>|label:enterprise-edition[Enterprise only]The maximum number of databases. +|<>|label:enterprise-edition[Enterprise only]The maximum number of databases. +This setting will be deprecated in favour of <> in a future version. |<>|Initial heap size. |<>|Maximum heap size. |<>|Defines the size of the off-heap memory blocks cache. @@ -418,6 +420,7 @@ If any of the underlying statistics used to create the plan have changed more th * <>: label:enterprise-edition[Enterprise only]Service port name for discovery for Kubernetes API. * <>: label:enterprise-edition[Enterprise only]File location of token for Kubernetes API. * <>: Enable HTTP request logging. +* <>: label:enterprise-edition[Enterprise only]The maximum number of databases. * <>: Enable off heap and on heap memory tracking. * <>: Limit the amount of memory that all of the running transactions can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). * <>: Netty SSL provider. @@ -583,7 +586,8 @@ If this is set to `false` (default), the search for group membership will be per * <>: Number of GC logs to keep. * <>: Size of each GC log that is kept. * <>: Path to the logging configuration of user logs. -* <>: label:enterprise-edition[Enterprise only]The maximum number of databases. +* <>: label:enterprise-edition[Enterprise only]The maximum number of databases. +This setting will be deprecated in favour of <> in a future version. * <>: Initial heap size. * <>: Maximum heap size. * <>: Defines the size of the off-heap memory blocks cache. @@ -1870,6 +1874,18 @@ a|dbms.logs.http.enabled, a boolean m|+++false+++ |=== +[[config_dbms.max_databases]] +.dbms.max_databases +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The maximum number of databases. +|Valid values +a|dbms.max_databases, a long which is minimum `2` +|Default value +m|+++100+++ +|=== + [[config_dbms.memory.tracking.enable]] .dbms.memory.tracking.enable [cols="<1s,<4"] @@ -3710,6 +3726,8 @@ a|label:enterprise-edition[Enterprise only]The maximum number of databases. a|server.max_databases, a long which is minimum `2` |Default value m|+++100+++ +|Deprecated +a|The `server.max_databases` configuration setting will be deprecated in favour of <> in a future version. |=== [[config_server.memory.heap.initial_size]] From cc52d44830f6b3b2caff521f4a57019b28d310b1 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Wed, 8 Feb 2023 15:11:32 +0100 Subject: [PATCH 134/876] Editorial review of the new query routing decision page (#463) A few suggestions of styling and formatting. --------- Co-authored-by: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> --- modules/ROOT/pages/routing-decisions.adoc | 45 ++++++++++++----------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/modules/ROOT/pages/routing-decisions.adoc b/modules/ROOT/pages/routing-decisions.adoc index e2a61d482..7fd699746 100644 --- a/modules/ROOT/pages/routing-decisions.adoc +++ b/modules/ROOT/pages/routing-decisions.adoc @@ -2,47 +2,48 @@ [role=enterprise-edition] [[appendix-routing-decisions]] = Query routing decisions -:description: This appendix describes in detail how queries are routed to databases for execution. +:description: This page describes in detail how queries are routed to databases for execution. - -[[appendix-routing-decisions-introduction]] -== Introduction - -A query that arrives at a Neo4j server, over the bolt protocol from a driver, undergoes _query routing_. -Query routing is the process of deciding with which Cypher executor (database) and at which physical location the query should be executed. +Query routing is the process of deciding which Cypher executor (database) should be used and at which physical location the query should be executed. +Every query that arrives at a Neo4j server, over the bolt protocol from a driver, undergoes the process described here. [[appendix-routing-decisions-tree]] == Routing decision tree -Before the query is executed, these are the decisions taken during query routing: +Before the query is executed, these are the decisions taken during query routing stage: Step 1: Determine the name of the target database:: Pick the first of these that has a value: . link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/clauses/use[Cypher `USE` clause] ** Note that link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/databases[administration commands] implicitly have `USE system`. -. link:{neo4j-docs-base-uri}[Driver session database] +. link:{neo4j-docs-base-uri}/drivers-apis/[Driver session database] . xref:manage-databases/introduction.adoc#manage-databases-default[Home or default database] Step 2: Reuse open transaction:: * If there is an already open transaction to the target database, local or remote, then proceed to step 6. * If not, then proceed to step 3. Step 3: Determine the type of the target database (execution context type):: * If the target database is a database in this DBMS, then the context type is _Internal_. -* If the target database is the xref:composite-databases/introduction.adoc[Composite database], then the context type is _Composite_. -** This also allows the query to target multiple databases. +* If the target database is the xref:composite-databases/introduction.adoc[Composite database], then the context type is _Composite_. + ++ +[NOTE] +==== +This also allows the query to target multiple databases. +==== ++ * If the target database is a xref:manage-databases/remote-alias.adoc[Remote Alias], then the context type is _External_. Step 4: Determine the location of execution:: -* If context type is _Internal_, then ... -** if the URI scheme is `bolt://` (routing disabled), then location is _Local_. -** if transaction mode is `READ`, then ... -*** if the database is hosted on this server, then location is _Local_ -*** if the database is hosted on another sever, then ... -**** if xref:clustering/setup/routing.adoc#clustering-routing[Server-side routing] is xref:reference/configuration-settings.adoc#config_dbms.routing.enabled[enabled], then location is _Remote_ (using the xref:reference/configuration-settings.adoc#config_server.routing.advertised_address[routing advertised address] of that server). -**** if not, then fail. -** if transaction mode is `WRITE`, then ... -*** if the local server is the leader for the database, then location is _Local_. -*** if another server is the leader for the database, then ... -**** if xref:clustering/setup/routing.adoc#clustering-routing[Server-side routing] is xref:reference/configuration-settings.adoc#config_dbms.routing.enabled[enabled], then location is _Remote_ (using the xref:reference/configuration-settings.adoc#config_server.routing.advertised_address[routing advertised address] of that server). +* If context type is _Internal_ +** and the URI scheme is `bolt://` (routing disabled), then location is _Local_. +** and the transaction mode is `READ` +*** and the database is hosted on this server, then location is _Local_. +*** and the database is hosted on another sever +**** and xref:clustering/setup/routing.adoc#clustering-routing[Server-side routing] is xref:reference/configuration-settings.adoc#config_dbms.routing.enabled[enabled], then location is _Remote_ (using the xref:reference/configuration-settings.adoc#config_server.routing.advertised_address[routing advertised address] of that server). **** if not, then fail. +** if the transaction mode is `WRITE` +*** and the local server is the leader for the database, then location is _Local_. +*** and another server is the leader for the database +**** and xref:clustering/setup/routing.adoc#clustering-routing[Server-side routing] is xref:reference/configuration-settings.adoc#config_dbms.routing.enabled[enabled], then location is _Remote_ (using the xref:reference/configuration-settings.adoc#config_server.routing.advertised_address[routing advertised address] of that server). +**** and xref:clustering/setup/routing.adoc#clustering-routing[Server-side routing] is _not_ enabled, then fail. * If context type is _Composite_, then location is _Local_ (for this part of the query). * If context type is _External_, then location is _Remote_ (using the xref:manage-databases/remote-alias.adoc[URI and database] given in the configuration). Step 5: Open a transaction:: From 3c0a47da86701f9621f3c9a00cf96227c0636570 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Thu, 9 Feb 2023 13:59:38 +0100 Subject: [PATCH 135/876] Removing some elements that were breaking the overall formatting (#465) Inserting code inside boxes was generating conflicts with the formatting of sections' titles. I removed them as they are not crucial and thus we can similar conflicts in the future. --- .../access-control.adoc | 73 +------------------ 1 file changed, 4 insertions(+), 69 deletions(-) diff --git a/modules/ROOT/pages/authentication-authorization/access-control.adoc b/modules/ROOT/pages/authentication-authorization/access-control.adoc index a6c2c9534..c1facd433 100644 --- a/modules/ROOT/pages/authentication-authorization/access-control.adoc +++ b/modules/ROOT/pages/authentication-authorization/access-control.adoc @@ -97,9 +97,6 @@ In this example, consider five users of the _healthcare_ database: These users can be created using the `CREATE USER` command (from the `system` database): -.Creating users -==== - [source, cypher] ---- CREATE USER charlie SET PASSWORD $secret1 CHANGE NOT REQUIRED; @@ -109,9 +106,6 @@ CREATE USER bob SET PASSWORD $secret4 CHANGE NOT REQUIRED; CREATE USER tina SET PASSWORD $secret5 CHANGE NOT REQUIRED; ---- -==== - - At this point the users have no ability to interact with the database, so these capabilities need to be granted by using roles. There are two different ways of doing this, either by using the built-in roles, or through more fine-grained access control using privileges and custom roles. @@ -138,9 +132,6 @@ Tina, the IT administrator who installs and manages the database, needs to be as Here is how to grant roles to the users: -.Granting roles -==== - [source, cypher] ---- GRANT ROLE reader TO charlie; @@ -150,10 +141,8 @@ GRANT ROLE editor TO bob; GRANT ROLE admin TO tina; ---- -==== - [[auth-access-control-using-privileges]] -== Sub-graph access control using privileges] +== Sub-graph access control using privileges A limitation of the previously described approach is that it does allow all users to see all the data on the database. In many real-world scenarios though, it would be preferable to establish some access restrictions. @@ -171,7 +160,6 @@ REVOKE ROLE editor FROM daniel; REVOKE ROLE editor FROM bob; REVOKE ROLE admin FROM tina; ---- -==== Now you can create custom roles based on the concept of _privileges_, which allows more control over what each user is capable of doing. To properly assign those privileges, start by identifying each type of user: @@ -217,40 +205,33 @@ To achieve that, a new role can be created from scratch and only specific admini Before creating the new roles and assigning them to Alice, Bob, Daniel, Charlie, and Tina, it is important to define the privileges each role should have. Since all users need `ACCESS` privilege to the `healthcare` database, this can be set through the `PUBLIC` role instead of all the individual roles: -==== [source, cypher] ---- GRANT ACCESS ON DATABASE healthcare TO PUBLIC; ---- -==== === Privileges of `itadmin` This role can be created as a copy of the built-in `admin` role: -==== [source, cypher, role=systemcmd] ---- CREATE ROLE itadmin AS COPY OF admin; ---- -==== Then you need to *deny* the two specific actions this role is not supposed to perform: * Read any patients' social security number (`SSN`). * Submit medical diagnoses. -==== [source, cypher, role=systemcmd] ---- DENY READ {ssn} ON GRAPH healthcare NODES Patient TO itadmin; DENY CREATE ON GRAPH healthcare RELATIONSHIPS DIAGNOSIS TO itadmin; ---- -==== The complete set of privileges available to users assigned the `itadmin` role can be viewed using the following command: -==== [source, cypher, role=systemcmd] ---- SHOW ROLE itadmin PRIVILEGES AS COMMANDS; @@ -274,7 +255,6 @@ SHOW ROLE itadmin PRIVILEGES AS COMMANDS; | "DENY CREATE ON GRAPH `healthcare` RELATIONSHIP DIAGNOSIS TO `itadmin`" | +-------------------------------------------------------------------------+ ---- -==== [NOTE] ==== @@ -283,12 +263,10 @@ Privileges that were granted or denied earlier can be revoked using link:{neo4j- To provide the IT administrator `tina` these privileges, they must be assigned the new role `itadmin`: -==== [source, cypher, role=systemcmd] ---- neo4j@system> GRANT ROLE itadmin TO tina; ---- -==== To demonstrate that Tina is not able to see the patients' `SSN`, you can login to `healthcare` as `tina` and run the following query: @@ -369,7 +347,6 @@ DENY TRAVERSE RELATIONSHIPS DIAGNOSIS TO researcherB; ---- -==== * *Granting privileges*: + @@ -407,20 +384,16 @@ GRANT READ {dateOfBirth} NODES Patient TO researcherW; ---- -==== In order to test that the researcher Charlie now has the specified privileges, assign them the `researcherB` role (with specifically denied privileges): -==== [source, cypher, role=systemcmd] ---- GRANT ROLE researcherB TO charlie; ---- -==== You can also use a version of the `SHOW PRIVILEGES` command to see Charlie's access rights, which are a combination of those assigned to the `researcherB` and `PUBLIC` roles: -==== [source, cypher, role=systemcmd] ---- neo4j@system> SHOW USER charlie PRIVILEGES AS COMMANDS; @@ -441,7 +414,6 @@ neo4j@system> SHOW USER charlie PRIVILEGES AS COMMANDS; | "DENY READ {ssn} ON GRAPH `healthcare` NODE Patient TO $role" | +-----------------------------------------------------------------------+ ---- -==== Now when Charlie logs into the `healthcare` database and tries to run a command similar to the one previously used by the `itadmin`, they will see different results: @@ -508,7 +480,6 @@ Privileges that were granted or denied earlier can be revoked using link:{neo4j- Doctors should be given the ability to read and write almost everything, except the patients' `address` property, for instance. This role can be built from scratch by assigning full read and write access, and then specifically denying access to the `address` property: -==== [source, cypher] ---- CREATE ROLE doctor; @@ -518,16 +489,13 @@ GRANT WRITE ON GRAPH healthcare TO doctor; DENY READ {address} ON GRAPH healthcare NODES Patient TO doctor; DENY SET PROPERTY {address} ON GRAPH healthcare NODES Patient TO doctor; ---- -==== To allow the doctor Alice to have these privileges, grant them this new role: -==== [source, cypher] ---- neo4j@system> GRANT ROLE doctor TO alice; ---- -==== To demonstrate that Alice is not able to see patient addresses, log in as `alice` to `healthcare` and run the following query: @@ -642,7 +610,6 @@ Receptionists should only be able to manage patient information. They are not allowed to find or read any other parts of the graph. In addition, they should be able to create and delete patients, but not any other nodes: -==== [source, cypher, role=systemdb] ---- CREATE ROLE receptionist; @@ -651,7 +618,6 @@ GRANT CREATE ON GRAPH healthcare NODES Patient TO receptionist; GRANT DELETE ON GRAPH healthcare NODES Patient TO receptionist; GRANT SET PROPERTY {*} ON GRAPH healthcare NODES Patient TO receptionist; ---- -==== It would have been simpler to grant global `WRITE` privileges to the receptionist Bob. However, this would have the unfortunate side effect of allowing them the ability to create other nodes, like new `Symptom` nodes, even though they would subsequently be unable to find or read those same nodes. @@ -659,12 +625,10 @@ While there are use cases in which it is desirable to have roles able to create With that in mind, grant the receptionist Bob their new `receptionist` role: -==== [source, cypher] ---- neo4j@system> GRANT ROLE receptionist TO bob; ---- -==== With these privileges, if Bob tries to read the entire database, they will still only see the patients: @@ -776,21 +740,19 @@ org.neo4j.graphdb.ConstraintViolationException: Cannot delete node<42>, because The reason why this query fails is that, while Bob can find the `(:Patient)` node, they do not have sufficient traverse rights to find nor delete the outgoing relationships from it. Either they need to ask Tina the `itadmin` for help for this task, or more privileges can be added to the `receptionist` role: -==== [source, cypher, role=systemcmd] ---- GRANT TRAVERSE ON GRAPH healthcare NODES Symptom, Disease TO receptionist; GRANT TRAVERSE ON GRAPH healthcare RELATIONSHIPS HAS, DIAGNOSIS TO receptionist; GRANT DELETE ON GRAPH healthcare RELATIONSHIPS HAS, DIAGNOSIS TO receptionist; ---- -==== [NOTE] ==== Privileges that were granted or denied earlier can be revoked using link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/manage-privileges/#access-control-revoke-privileges[the `REVOKE` command]. ==== -=== Privileges of nurses +=== Privileges of `nurse` Nurses should have the capabilities of both doctors and receptionists, but assigning them both the `doctor` and `receptionist` roles might not have the expected effect. If those two roles were created with `GRANT` privileges only, combining them would be simply cumulative. @@ -799,16 +761,13 @@ This means that the nurse will still have the same restrictions as a doctor, whi To demonstrate this, you can assign the `doctor` role to the nurse Daniel: -==== [source, cypher] ---- neo4j@system> GRANT ROLE doctor, receptionist TO daniel; ---- -==== Daniel should now have a combined set of privileges: -==== [source, cypher, role=systemdb] ---- SHOW USER daniel PRIVILEGES AS COMMANDS; @@ -834,7 +793,6 @@ SHOW USER daniel PRIVILEGES AS COMMANDS; | "DENY SET PROPERTY {address} ON GRAPH `healthcare` NODE Patient TO $role" | +---------------------------------------------------------------------------+ ---- -==== [NOTE] ==== @@ -879,7 +837,6 @@ To correct that, you can: The second option is simpler if you consider that the nurse is essentially the doctor without the `address` restrictions. In this case, you need to create a `nurse` role from scratch: -==== [source, cypher, role=systemdb] ---- CREATE ROLE nurse @@ -887,18 +844,15 @@ GRANT TRAVERSE ON GRAPH healthcare TO nurse; GRANT READ {*} ON GRAPH healthcare TO nurse; GRANT WRITE ON GRAPH healthcare TO nurse; ---- -==== Now you assign the `nurse` role to the nurse Daniel, but remember to revoke the `doctor` and the `receptionist` roles so there are no privileges being overridden: -==== [source, cypher, role=systemdb] ---- REVOKE ROLE doctor FROM daniel; REVOKE ROLE receptionist FROM daniel; GRANT ROLE nurse TO daniel; ---- -==== This time, when the nurse Daniel takes another look at the patient records, they will see the `address` fields: @@ -947,33 +901,28 @@ Performing this action, otherwise reserved for the `doctor` role, involves more There might be nurses that should not be entrusted with this option, which is why you can divide the `nurse` role into _senior_ and _junior_ nurses, for example. Currently, Daniel is a senior nurse. -=== Privileges of junior nurses +=== Privileges of _junior_ `nurse` Previously, creating the `nurse` role by combining the `doctor` and `receptionist` roles led to an undesired scenario as the `DENIED` privileges of the `doctor` role overrode the `GRANTED` privileges of the `receptionist`. In that case, the objective was to enhance the permissions of the _senior_ nurse, but when it comes to the _junior_ nurse, they should be able to perform the same actions as the _senior_, except adding diagnoses to the database. To achieve this, you can create a special role that contains specifically only the additional restrictions: -==== [source, cypher, role=systemdb] ---- CREATE ROLE disableDiagnoses; DENY CREATE ON GRAPH healthcare RELATIONSHIPS DIAGNOSIS TO disableDiagnoses; ---- -==== And then assign this new role to the nurse Daniel, so you can test the behavior: -==== [source, cypher, role=systemdb] ---- GRANT ROLE disableDiagnoses TO daniel; ---- -==== If you check what privileges Daniel has now, it is the combination of the two roles `nurse` and `disableDiagnoses`: -==== [source, cypher, role=systemdb] ---- neo4j@system> SHOW USER daniel PRIVILEGES AS COMMANDS; @@ -994,7 +943,6 @@ neo4j@system> SHOW USER daniel PRIVILEGES AS COMMANDS; | "DENY CREATE ON GRAPH `healthcare` RELATIONSHIP DIAGNOSIS TO $role" | +---------------------------------------------------------------------+ ---- -==== Daniel can still see the address fields, and can even perform the diagnosis investigation that the `doctor` can perform: @@ -1043,12 +991,10 @@ Create relationship with type 'DIAGNOSIS' is not allowed for user 'daniel' with To promote Daniel back to senior nurse, revoke the role that introduced the restriction: -==== [source, cypher, role=systemdb] ---- REVOKE ROLE disableDiagnoses FROM daniel; ---- -==== === Building a custom administrator role @@ -1058,7 +1004,6 @@ Instead, you can build the administrator role from the ground up. The IT administrator Tina is able to create new users and assign them to the product roles as an `itadmin`, but you can create a more restricted role called `userManager` and grant it only the appropriate privileges: -==== [source, cypher, role=systemdb] ---- CREATE ROLE userManager; @@ -1066,17 +1011,14 @@ GRANT USER MANAGEMENT ON DBMS TO userManager; GRANT ROLE MANAGEMENT ON DBMS TO userManager; GRANT SHOW PRIVILEGE ON DBMS TO userManager; ---- -==== Test the new behavior by revoking the `itadmin` role from Tina and grant them the `userManager` role instead: -==== [source, cypher, role=systemdb] ---- REVOKE ROLE itadmin FROM tina GRANT ROLE userManager TO tina ---- -==== These are the privileges granted to `userManager`: @@ -1086,7 +1028,6 @@ These are the privileges granted to `userManager`: Listing Tina's new privileges should now show a much shorter list than when they were a more powerful administrator with the `itadmin` role: -==== [source, cypher, role=systemdb] ---- neo4j@system> SHOW USER tina PRIVILEGES AS COMMANDS; @@ -1105,7 +1046,6 @@ neo4j@system> SHOW USER tina PRIVILEGES AS COMMANDS; | "GRANT SHOW PRIVILEGE ON DBMS TO $role" | +--------------------------------------------------+ ---- -==== [NOTE] ==== @@ -1116,16 +1056,13 @@ Refer to the section link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/acc Now Tina should be able to create new users and assign them to roles: -==== [source, cypher, role=systemdb] ---- CREATE USER sally SET PASSWORD 'secret' CHANGE REQUIRED; GRANT ROLE receptionist TO sally; SHOW USER sally PRIVILEGES AS COMMANDS; ---- -==== -==== ---- +----------------------------------------------------------------------+ | command | @@ -1139,6 +1076,4 @@ SHOW USER sally PRIVILEGES AS COMMANDS; | "GRANT CREATE ON GRAPH `healthcare` NODE Patient TO $role" | | "GRANT DELETE ON GRAPH `healthcare` NODE Patient TO $role" | +----------------------------------------------------------------------+ ----- -==== -==== \ No newline at end of file +---- \ No newline at end of file From 44902dcdd21b8164ffda01e7d27f79616636cf12 Mon Sep 17 00:00:00 2001 From: emmaholmbergohlsson Date: Thu, 9 Feb 2023 14:12:47 +0100 Subject: [PATCH 136/876] Document 'in-place' store copy (#339) Co-authored-by: David Pond Co-authored-by: Reneta Popova --- .../pages/backup-restore/copy-database.adoc | 178 ++++++++++-------- package-lock.json | 11 -- 2 files changed, 103 insertions(+), 86 deletions(-) diff --git a/modules/ROOT/pages/backup-restore/copy-database.adoc b/modules/ROOT/pages/backup-restore/copy-database.adoc index ca5b05748..f80b87211 100644 --- a/modules/ROOT/pages/backup-restore/copy-database.adoc +++ b/modules/ROOT/pages/backup-restore/copy-database.adoc @@ -3,49 +3,20 @@ [[copy-database]] = Copy a database store -A user database or backup can be copied to a Neo4j instance using the `copy` command of `neo4j-admin`. - -[NOTE] -==== -`neo4j-admin database copy` is not supported for use on the `system` database. -==== +You can use the `neo4j-admin database copy` command to copy a database, create a compacted/defragmented copy of a database, or clean up database inconsistencies. +`neo4j-admin database copy` reclaims the unused space, creates a defragmented copy of the _data store_, and creates the node label and relationship type lookup indexes. +Any additional _schema_ (indexes and constraints) defined are not included. +However, the command will output Cypher statements, which you can run to recreate the indexes and constraints. +.Command limitations [NOTE] ==== -`neo4j-admin database copy` is not supported for use on xref:composite-databases/introduction.adoc#composite-databases-concepts[composite databases]. +* `neo4j-admin database copy` preserves the node IDs (unless `--compact-node-store` is used), but the relationships get new IDs. +* `neo4j-admin database copy` is not supported for use on the `system` database. +* `neo4j-admin database copy` is not supported for use on xref:composite-databases/introduction.adoc#composite-databases-concepts[composite databases]. It must be run directly on the databases that are part of a composite database. -==== - - -[WARNING] -==== -It is important to note that `neo4j-admin database copy` is an IOPS-intensive process. -Using this process for upgrading or migration purposes can have significant performance implications, depending on your disc specification. -It is therefore not appropriate for all use cases. - - -Estimating the processing time:: -+ --- -Estimations for how long the `neo4j-admin database copy` command takes can be made based on the following: - -* Neo4j, like many other databases, does IO in 8K pages. -* Your disc manufacturer will have a value for the maximum IOPS it can process. - -For example, if your disc manufacturer has provided a maximum of 5000 IOPS, you can reasonably expect up to 5000 such page operations a second. -Therefore, the maximal theoretical throughput you can expect is 40MB/s (or 144 GB/hour) on that disc. -You may then assume that the best-case scenario for running `neo4j-admin database copy` on that 5000 IOPS disc is that it takes at least 1 hour to process a 144 GB database. footnote:[The calculations are based on `MB/s = (IOPS * B) ÷ 10^6`, -where `B` is the block size in bytes; in the case of Neo4j, this is `8000`. GB/hour can then be calculated from `(MB/s * 3600) ÷ 1000`.] - -However, it is important to remember that the process must read 144 GB from the source database, and must also write to the target store (assuming the target store is of comparable size). -Additionally, there are internal processes during the copy that reads/modifies/writes the store multiple times. -Therefore, with an additional 144 GB of both read and write, the best-case scenario for running `neo4j-admin database copy` on a 5000 IOPS disc is that it takes *at least 3 hours to process a 144 GB database*. - -Finally, it is also important to consider that in almost all Cloud environments, the published IOPS value may not be the same as the actual value, or be able to continuously maintain the maximum possible IOPS. -The real processing time for this example _could_ be well above that estimation of 3 hours. --- - -For detailed information about supported methods of upgrade and migration, see the https://neo4j.com/docs/upgrade-migration-guide/current/[Neo4j Upgrade and Migration Guide]. +* `neo4j-admin database copy` is an IOPS-intensive process. +For more information, see <>. ==== [[copy-database-command]] @@ -53,30 +24,6 @@ For detailed information about supported methods of upgrade and migration, see t `neo4j-admin database copy` copies the _data store_ of an existing **offline** database to a new database. -[[copy-database-usage]] -=== Usage - -The `neo4j-admin database copy` command can be used to clean up database inconsistencies, compact stores, and do a direct migration from Neo4j 4.4 to any 5.x version. -It can process an optional set of filters, which you can use to remove any unwanted data before copying the database. -The command also reclaims the unused space of a database and creates a defragmented copy of that database or backup in the destination Neo4j instance. - -[NOTE] -==== -`neo4j-admin database copy` copies the _data store_ and creates the node label and relationship type lookup indexes. -Any additional _schema_ (indexes and constraints) defined are not included. -However, the command will output Cypher statements, which you can run to recreate the indexes and constraints. -==== - -[TIP] -==== -For a detailed example of how to reclaim unused space, see xref:performance/space-reuse.adoc#space-reuse-reclaim-space[Reclaim unused space]. -==== - -[WARNING] -==== -`neo4j-admin database copy` preserves the node IDs; however, the relationships get new IDs. -==== - [[copy-database-syntax]] === Syntax @@ -100,17 +47,24 @@ neo4j-admin database copy [--verbose] [--skip-properties=[,...]] [--skip-relationship-properties=[,...]] [--from-pagecache=] + [--temp-path=] ---- -`` -- Name of the target database. +=== Required parameters -`` -- Name of the source database. +To use this command, you must specify the parameters `` and ``. + +From Neo4j v5.5, you can use the same values for `` and `` if you do not need an actual copy of the database. +The command will replace the original database with the newly created copy. +* `` -- Name of the source database. + +* `` -- Name of the target database. +If the same as ``, it is copied to a temporary location before being moved to replace the original. [[copy-database-command-options]] -=== Options +=== Optional parameters [options="header", cols="2m,3a"] |=== @@ -219,6 +173,11 @@ Cannot be combined with `--skip-properties` or `--copy-only-relationship-propert | --from-pagecache | The size of the page cache to use for reading. + +| --temp-path +| Path to a directory to be used as a staging area when the source and target databases are the same. + +Default: The current directory. |=== [TIP] @@ -230,8 +189,10 @@ The `--from-pagecache` should be assigned whatever memory you can spare since Ne [[copy-database-examples]] == Examples -.Use `neo4j-admin database copy` to copy the data store of the database `neo4j`. -==== +=== Copying the data store of a database + +You can use `neo4j-admin database copy` to copy the data store of a database, for example, `neo4j`. + . Stop the database named `neo4j`: + [source, cypher] @@ -246,7 +207,7 @@ STOP DATABASE neo4j bin/neo4j-admin database copy neo4j copy ---- -. Run the following command to verify that database has been successfully copied. +. Run the following command to verify that the database has been successfully copied. + [source, shell] ---- @@ -254,8 +215,10 @@ ls -al ../data/databases ---- + [NOTE] +==== Copying a database does not automatically create it. Therefore, it will not be visible if you do `SHOW DATABASES` at this point. +==== . Create the copied database. + @@ -274,14 +237,13 @@ SHOW DATABASES . If your original database has a schema defined, change your active database to `copy` and recreate the schema using the schema commands saved in the file _-schema.cypher_. + [TIP] +==== `--to-path-schema` can be used to specify a different directory for the schema file. - ==== -.Use `neo4j-admin database copy` to filter the data you want to copy. -==== -The command can perform some basic forms of processing. -You can filter the data that you want to copy by removing nodes, labels, properties, and relationships. +=== Filtering data while copying a database + +You can use `neo4j-admin database copy` to filter out any unwanted data while copying a database, for example, by removing nodes, labels, properties, and relationships. [source, shell] ---- @@ -291,11 +253,77 @@ bin/neo4j-admin database copy neo4j copy --ignore-nodes-with-labels="Cat,Dog" The command creates a copy of the database `neo4j` but without the nodes with the labels `:Cat` and `:Dog`. [NOTE] +==== Labels are processed independently, i.e., the filter ignores any node with a label `:Cat`, `:Dog`, or both. +==== +[TIP] +==== +For a detailed example of how to use `neo4j-admin database copy` to filter out data for sharding a database, see xref:composite-databases/sharding-with-copy.adoc[Sharding data with the `copy` command]. ==== +[[compact-database]] +=== Further compacting an existing database + +You can use the command `neo4j-admin database copy` with the argument `-compact-node-store` to further compact the store of an existing database. + +This example uses the same values for `` and ``, which means that the command will compact the database in place by creating a new version of the database. +After running the command, you need to recreate the indexes using the generated script. +If the database belongs to a cluster, you also need to reseed the cluster. + [NOTE] ==== -For a detailed example of how to use `neo4j-admin database copy` to filter out data for sharding a database, see xref:composite-databases/sharding-with-copy.adoc[Sharding data with the `copy` command]. +Note that even though it is only one database copy in the end, you still need double the space during the operation. +==== + +. Stop the database named `neo4j`: ++ +[source, cypher] +---- +STOP DATABASE neo4j +---- + +. Compact the `neo4j` database using the command: ++ +[source, shell] +---- +bin/neo4j-admin database copy neo4j neo4j --compact-node-store +---- ++ +[TIP] +==== +`--temp-path` can be used to specify a different directory to use as a temporary staging area. ==== + +. Start the `neo4j` database. +This is the newly created version of the database. ++ +[source, cypher] +---- +START DATABASE neo4j +---- + +. If your original database has a schema defined, recreate the schema using the schema commands saved in the file _-schema.cypher_. + +[TIP] +==== +For a detailed example of how to reclaim unused space, see xref:performance/space-reuse.adoc#space-reuse-reclaim-space[Reclaim unused space]. +==== +[[copy-estimating-iops]] +== Estimating the processing time + +Estimations for how long the `neo4j-admin database copy` command takes can be made based on the following: + +* Neo4j, like many other databases, do IO in 8K pages. +* Your disc manufacturer will have a value for the maximum IOPS it can process. + +For example, if your disc manufacturer has provided a maximum of 5000 IOPS, you can reasonably expect up to 5000 such page operations a second. +Therefore, the maximal theoretical throughput you can expect is 40MB/s (or 144 GB/hour) on that disc. +You may then assume that the best-case scenario for running `neo4j-admin database copy` on that 5000 IOPS disc is that it takes at least 1 hour to process a 144 GB database. footnote:[The calculations are based on `MB/s = (IOPS * B) ÷ 10^6`, +where `B` is the block size in bytes; in the case of Neo4j, this is `8000`. GB/hour can then be calculated from `(MB/s * 3600) ÷ 1000`.] + +However, it is important to remember that the process must read 144 GB from the source database, and must also write to the target store (assuming the target store is of comparable size). +Additionally, there are internal processes during the copy that reads/modifies/writes the store multiple times. +Therefore, with an additional 144 GB of both read and write, the best-case scenario for running `neo4j-admin database copy` on a 5000 IOPS disc is that it takes *at least 3 hours to process a 144 GB database*. + +Finally, it is also important to consider that in almost all Cloud environments, the published IOPS value may not be the same as the actual value, or be able to continuously maintain the maximum possible IOPS. +The real processing time for this example _could_ be well above that estimation of 3 hours. \ No newline at end of file diff --git a/package-lock.json b/package-lock.json index 836a8a08e..893fc273b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -15,7 +15,6 @@ "@neo4j-antora/antora-modify-sitemaps": "^0.4.4", "@neo4j-antora/antora-page-roles": "^0.3.1", "@neo4j-antora/antora-table-footnotes": "^0.3.2", - "@neo4j-antora/antora-unlisted-pages": "^0.1.0", "@neo4j-documentation/macros": "^1.0.2", "@neo4j-documentation/remote-include": "^1.0.0" }, @@ -319,11 +318,6 @@ "resolved": "https://registry.npmjs.org/@neo4j-antora/antora-table-footnotes/-/antora-table-footnotes-0.3.2.tgz", "integrity": "sha512-DXEGVHMJumoKiY/ZCaGRTXl2OhPziPCHT+arj18TmpU50sUs+hyjOPuTkUXUvBwNZwm109Nm1PJPvKLVIJCZSg==" }, - "node_modules/@neo4j-antora/antora-unlisted-pages": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/@neo4j-antora/antora-unlisted-pages/-/antora-unlisted-pages-0.1.0.tgz", - "integrity": "sha512-z45k4/jicO6kY4Ze1efYXhnJOyvWszmgo8hobG8MTK95l3II1OvAibqeEx2V4NJB7LoHB7a1XEjNzqT29TLgAw==" - }, "node_modules/@neo4j-documentation/macros": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/@neo4j-documentation/macros/-/macros-1.0.2.tgz", @@ -3185,11 +3179,6 @@ "resolved": "https://registry.npmjs.org/@neo4j-antora/antora-table-footnotes/-/antora-table-footnotes-0.3.2.tgz", "integrity": "sha512-DXEGVHMJumoKiY/ZCaGRTXl2OhPziPCHT+arj18TmpU50sUs+hyjOPuTkUXUvBwNZwm109Nm1PJPvKLVIJCZSg==" }, - "@neo4j-antora/antora-unlisted-pages": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/@neo4j-antora/antora-unlisted-pages/-/antora-unlisted-pages-0.1.0.tgz", - "integrity": "sha512-z45k4/jicO6kY4Ze1efYXhnJOyvWszmgo8hobG8MTK95l3II1OvAibqeEx2V4NJB7LoHB7a1XEjNzqT29TLgAw==" - }, "@neo4j-documentation/macros": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/@neo4j-documentation/macros/-/macros-1.0.2.tgz", From f986c68daf4dc943af55fb3511a29981e8fe2d95 Mon Sep 17 00:00:00 2001 From: David Oliver Date: Thu, 9 Feb 2023 14:44:59 +0000 Subject: [PATCH 137/876] Fix the malformed link to the upgrade docs (#474) --- modules/ROOT/pages/index.adoc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/index.adoc b/modules/ROOT/pages/index.adoc index 2c3b4c3c7..4b04bfb0c 100644 --- a/modules/ROOT/pages/index.adoc +++ b/modules/ROOT/pages/index.adoc @@ -13,12 +13,13 @@ This is the Neo4j Operations Manual, which includes all the operational details [NOTE] ==== -For information on upgrading and migrating Neo4j, see link:{upgrade-current-uri}/[Neo4j Upgrade and Migration Guide]. +For all information on *upgrading and migrating Neo4j*, see link:{upgrade-current-uri}[the Neo4j Upgrade and Migration Guide]. + *Neo4j AuraDB* is a fully managed Neo4j database, hosted in the cloud and requires no installation. For more information, see the link:https://neo4j.com/aura/[AuraDB product page] and link:https://neo4j.com/docs/aura/current/[AuraDB documentation]. ==== -The latest version of Neo4j is {neo4j-version-minor}. +The latest version of Neo4j is *v{neo4j-version-minor}*. == Documentation updates for Neo4j 5 From b2f46003158bbb89927ce7388528a104aa14c866 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Fri, 10 Feb 2023 15:42:00 +0100 Subject: [PATCH 138/876] Fixing wrong slash in the query (#480) (#481) cherry-picked from https://github.com/neo4j/docs-operations/pull/480 --- modules/ROOT/pages/installation/windows.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/installation/windows.adoc b/modules/ROOT/pages/installation/windows.adoc index 0f45ce5d7..3c3fcbaf7 100644 --- a/modules/ROOT/pages/installation/windows.adoc +++ b/modules/ROOT/pages/installation/windows.adoc @@ -25,12 +25,12 @@ If you are using Community Edition, you can skip this step. See https://neo4j.com/terms/licensing/ for more information. + * Set it as an environment variable using `set NEO4J_ACCEPT_LICENSE_AGREEMENT=yes`. -* Run `/bin/neo4j-admin server license --accept-commercial` +* Run `\bin\neo4j-admin server license --accept-commercial` .. Use one of the following options to accept the evaluation license agreement. See https://neo4j.com/terms/enterprise_us/ for more information. + * Set it as an environment variable using `set NEO4J_ACCEPT_LICENSE_AGREEMENT=eval`. -* Run `/bin/neo4j-admin server license --accept-evaluation`. +* Run `\bin\neo4j-admin server license --accept-evaluation`. .. To run Neo4j as a console application, use: `\bin\neo4j console`. .. To install Neo4j as a service use: `\bin\neo4j windows-service install`. .. For additional commands and to learn about the Windows PowerShell module included in the Zip file, see xref:installation/windows.adoc#powershell[Windows PowerShell module]. From 66e73c5f696f259e9d8bfab2973d68d708e80eed Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Mon, 13 Feb 2023 10:06:49 +0000 Subject: [PATCH 139/876] Add an example of using multiple node IDs (#470) Co-authored-by: Nicola Vitucci --- .../tools/neo4j-admin/neo4j-admin-import.adoc | 76 +++++++++++++++++++ 1 file changed, 76 insertions(+) diff --git a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc index a7913be9a..30c82336a 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc @@ -829,6 +829,7 @@ ID:: This also implies using `string` as `id-type`. For each `ID` column, you can specify to store its values as different node properties. However, the composite value cannot be stored as a node property. + For more information, see <>. LABEL:: Read one or more labels from this field. Like array values, multiple labels are separated by `;`, or by the character specified with `--array-delimiter`. @@ -1101,6 +1102,81 @@ Now use the previously defined ID spaces when connecting the actors to movies. ---- ==== +[[import-tool-multiple-ids]] +== Using multiple node IDs + +From Neo4j v5.3, a node header can also contain multiple `ID` columns, where the relationship data references the composite value of all those columns. +This also implies using `string` as `id-type`. + +For each `ID` column, you can specify to store its values as different node properties. +However, the composite value cannot be stored as a node property. + +.Define multiple IDs as node properties +==== +You can define multiple `ID` columns in the node header. +For example, you can define a node header with two `ID` columns. + +.nodes_header.csv +[source, csv] +---- +:ID,:ID,name +---- + +.nodes.csv +[source, csv] +---- +aa,11,John +bb,22,Paul +---- + +Now use both IDs when defining the relationship: + +.relationships_header.csv +[source, csv] +---- +:START_ID,:TYPE,:END_ID +---- + +.relationships.csv +[source, csv] +---- +aa11,WORKS_WITH,bb22 +---- +==== + +[[multiple-IDs-Id-spaces]] +.Define multiple IDs stored in ID spaces +==== + +Define a `MyGroup` ID space in the _nodes_header.csv_ file. + +.nodes_header.csv +[source, csv] +---- +personId:ID(MyGroup),memberId:ID(MyGroup),name +---- + +.nodes.csv +[source, csv] +---- +aa,11,John +bb,22,Paul +---- + +Now use the defined ID space when connecting John with Paul, and use both IDs in the relationship. + +.relationships_header.csv +[source, csv] +---- +:START_ID(MyGroup),:TYPE,:END_ID(MyGroup) +---- + +.relationships.csv +[source, csv] +---- +aa11,WORKS_WITH,bb22 +---- +==== [[import-tool-header-format-skip-columns]] == Skipping columns From 158df26c79893c3a3791bef0acb9f561834c720f Mon Sep 17 00:00:00 2001 From: Ed Randall <68006845+edrandall-dev@users.noreply.github.com> Date: Mon, 13 Feb 2023 10:13:52 +0000 Subject: [PATCH 140/876] Dev aws gcp (#471) Co-authored-by: David Pond Co-authored-by: Reneta Popova --- modules/ROOT/content-nav.adoc | 5 +- .../ROOT/pages/cloud-deployments/index.adoc | 2 +- .../pages/cloud-deployments/neo4j-aws.adoc | 143 +++++++++++--- .../pages/cloud-deployments/neo4j-azure.adoc | 2 +- .../cluster-vm.adoc => neo4j-gcp.adoc} | 43 ++-- .../neo4j-gcp/automation-gcp.adoc | 183 ------------------ .../cloud-deployments/neo4j-gcp/index.adoc | 10 - .../neo4j-gcp/single-instance-vm.adoc | 153 --------------- 8 files changed, 141 insertions(+), 400 deletions(-) rename modules/ROOT/pages/cloud-deployments/{neo4j-gcp/cluster-vm.adoc => neo4j-gcp.adoc} (59%) delete mode 100644 modules/ROOT/pages/cloud-deployments/neo4j-gcp/automation-gcp.adoc delete mode 100644 modules/ROOT/pages/cloud-deployments/neo4j-gcp/index.adoc delete mode 100644 modules/ROOT/pages/cloud-deployments/neo4j-gcp/single-instance-vm.adoc diff --git a/modules/ROOT/content-nav.adoc b/modules/ROOT/content-nav.adoc index 0380f485a..3fe974e6e 100644 --- a/modules/ROOT/content-nav.adoc +++ b/modules/ROOT/content-nav.adoc @@ -14,10 +14,7 @@ * xref:cloud-deployments/index.adoc[] ** xref:cloud-deployments/neo4j-aws.adoc[] -** xref:cloud-deployments/neo4j-gcp/index.adoc[] -*** xref:cloud-deployments/neo4j-gcp/single-instance-vm.adoc[] -*** xref:cloud-deployments/neo4j-gcp/cluster-vm.adoc[] -*** xref:cloud-deployments/neo4j-gcp/automation-gcp.adoc[] +** xref:cloud-deployments/neo4j-gcp.adoc[] ** xref:cloud-deployments/neo4j-azure.adoc[] * xref:docker/index.adoc[] diff --git a/modules/ROOT/pages/cloud-deployments/index.adoc b/modules/ROOT/pages/cloud-deployments/index.adoc index a9c03558c..9573bb995 100644 --- a/modules/ROOT/pages/cloud-deployments/index.adoc +++ b/modules/ROOT/pages/cloud-deployments/index.adoc @@ -6,7 +6,7 @@ There are different options for deploying Neo4j in the cloud. Described here are: * xref:cloud-deployments/neo4j-aws.adoc[Neo4j on AWS] -- Deploying Neo4j on AWS. -* xref:cloud-deployments/neo4j-gcp/index.adoc[Neo4j on Google Cloud Platform] -- Deploying Neo4j on Google Cloud Platform (GCP). +* xref:cloud-deployments/neo4j-gcp.adoc[Neo4j on Google Cloud Platform] -- Deploying Neo4j on Google Cloud Platform (GCP). * xref:cloud-deployments/neo4j-azure.adoc[Neo4j on Microsoft Azure] -- Deploying Neo4j on Microsoft Azure. .Other cloud deployment options diff --git a/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc b/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc index 63ac495fd..488b6a2bf 100644 --- a/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc +++ b/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc @@ -3,52 +3,151 @@ [[aws]] = Neo4j on AWS -You can deploy Neo4j Enterprise Edition on Elastic Compute Cloud (EC2) instances in AWS directly from the link:https://aws.amazon.com/marketplace/pp/prodview-akmzjikgawgn4?sr=0-1&ref_=beagle&applicationId=AWSMPContessa[AWS Marketplace]. +Neo4j Enterprise Edition can be easily deployed on EC2 instances in Amazon Web Services (AWS) by using the link:https://aws.amazon.com/marketplace/pp/prodview-akmzjikgawgn4?sr=0-1&ref_=beagle&applicationId=AWSMPContessa[official listing for Neo4j Enterprise on the AWS Marketplace]. -The listing uses the https://github.com/neo4j-partners/amazon-cloud-formation-neo4j/tree/main/marketplace/neo4j.template.yaml[Neo4j CloudFormation template] (hosted in a public GitHub repository), which can be customized to meet more complex use cases. +The AWS Marketplace listing uses a CloudFormation template maintained by Neo4j. +The template's code is available on link:https://github.com/neo4j-partners/amazon-cloud-formation-neo4j/tree/main/marketplace[GitHub] and can be customized to meet more complex or bespoke use cases. +See <>. -CloudFormation templates for Neo4j v4.4 are also supported, as well as some custom templates that serve other commonly requested use cases. +// Does this matter? Is the purpose of a note for additional technical information? Or about calling your attention to an important caveat? + +// This is not a caveat, it's a design decision. +//The note below is the result of a support request to clarify that the marketplace listing uses a CloudFormation template and no longer uses custom AMIs. See https://trello.com/c/tMMaMPJs/680-aws-deployment-doc-update-requested. [NOTE] ==== -Note that Neo4j does not provide AMIs with a pre-installed version of the product. -The Neo4j Marketplace listings and custom listings on Github leverage CloudFormation templates and user-data scripting to deploy Neo4j. +Neo4j does not provide Amazon Machine Images (AMIs) with a pre-installed version of the product. +The Neo4j Marketplace listings and custom listings on Github use CloudFormation templates and user-data (post-install) scripts to deploy and configure Neo4j. ==== -For more information, see the following links: +== Supported Neo4j versions + +The Neo4j link:https://aws.amazon.com/marketplace/seller-profile?id=23ec694a-d2af-4641-b4d3-b7201ab2f5f9[AWS marketplace listing] can be configured to deploy either Neo4j Enterprise Edition v5 or v4.4. +The CloudFormation template always installs the latest minor version of Neo4j v5 or v4.4. + +== Clusters + +//does this get updated when the cluster is upgraded? +//try to avoid the word "nodes". +When you create a Neo4j cluster, the Auto Scaling group (ASG) is tagged with the minor version of the installed Neo4j. +If you add more EC2 instances to your ASG, they will be tagged with the same minor version, ensuring that all Neo4j cluster servers run on the same version, regardless of when the EC2 instances were created. -* link:https://github.com/neo4j-partners/amazon-cloud-formation-neo4j[All CloudFormation templates for Neo4j v5]. -* link:https://github.com/neo4j-partners/amazon-cloud-formation-neo4j/tree/Neo4j-4.4[All CloudFormation templates for Neo4j v4.4]. +== Licensing +Installing and starting Neo4j from the AWS marketplace constitutes an acceptance of the Neo4j license agreement. +When deploying Neo4j, users are required to confirm that they either have an enterprise license or accept the terms of the Neo4j evaluation license. + +If you require the Enterprise version of either Graph Data Science or Bloom, you need to provide a key issued by Neo4j as this will be required during the installation. + +To obtain a valid license for either Neo4j, Bloom, or GDS, reach out to your Neo4j account representative or get in touch using the link:https://neo4j.com/contact-us/[contact form]. + +[[cloudformation_template]] == Neo4j CloudFormation template -CloudFormation is an Infrastructure as Code (IaC) service that tells AWS how to deploy a set of interrelated resources. +AWS CloudFormation is a declarative Infrastructure as Code (IaC) language that is based on YAML and instructs AWS to deploy a set of cloud resources. +The Neo4j CloudFormation template repository has v5 on the `main` branch and v4 on the `Neo4j-4.4` branch: -The Neo4j CloudFormation templates have the following properties: +* link:https://github.com/neo4j-partners/amazon-cloud-formation-neo4j/tree/main/marketplace[CloudFormation template for Neo4j v5]. +* link:https://github.com/neo4j-partners/amazon-cloud-formation-neo4j/tree/Neo4j-4.4/marketplace[CloudFormation template for Neo4j v4.4]. -* Optionally install Graph Data Science (GDS). -It requires a license key to be provided. +The Neo4j CloudFormation template takes several parameters as inputs, deploys a set of cloud resources, and provides outputs that can be used to connect to the Neo4j cluster. -* Optionally install Bloom. -It requires a license key to be provided. +=== Input parameters -* Specify the number of desired Neo4j instances. +[cols="<31s,69",frame="topbot",options="header"] +|=== -* Select the EC2 instance type and disk size. +| Parameter Name +| Parameter Description -* Specify SSH CIDR range. +| Stack Name +| A name for the CloudFormation stack to be deployed, e.g., `my-neo4j-cluster`. +Stack name can include letters (A-Z and a-z), numbers (0-9), and dashes (-). +| Install Graph Data Science +| Optionally install Graph Data Science (GDS). +| Graph Data Science License Key +| License keys will be sent to and stored by Neo4j. +This information is used only for product activation purposes. -== Verify that Neo4j is running +| Install Bloom +| Optionally install Neo4j Bloom. + +| Bloom License Key +| License keys will be sent to and stored by Neo4j. +This information is used only for product activation purposes. + +| Password +| A password for the `neo4j` user. +Must be a minimum of 8 characters. + +| Number of Servers +| Specify the number of desired EC2 instances to be used to form a Neo4j cluster (a minimum of 3 instances is required to form a cluster.) + +| Instance type +| The class of EC2 Instance to use. + +| Disk Size +| Size in GB of the EBS volume on each EC2 instance. +Larger EBS volumes are typically faster than smaller ones, therefore 100GB is the recommended minimum size. + +| SSH CIDR +| Specify an address range from which EC2 instances are accessible on port `22`. +You can use `0.0.0.0/0` to allow access from any IP address. +This field must also be correctly populated to allow the use of EC2 instance-connect. + +|=== -When the CloudFormation stack is created, navigate to the *Outputs* tab and click the *Neo4jLoadBalancerURL*. +=== Deployed cloud resources -image:neo4j-lb.png[] +*Users are reminded that the deployment of cloud resources will incur costs.* -The URL points to the Neo4j Browser, where the specified credentials can be used to log in to Neo4j. +[NOTE] +==== +The Neo4j CloudFormation Template uses an Auto Scaling group (ASG) to deploy EC2 instances. +This means that to stop or terminate EC2 instances, you must first remove them from the ASG, otherwise, the ASG will automatically replace them. +==== + +The environment created by the CloudFormation template consists of the following AWS resources: + +* 1 VPC, with a CIDR range of `10.0.0.0/16`. +** 3 Subnets, distributed evenly across 3 Availability zones, with the following CIDR ranges: +*** `10.0.1.0/24` +*** `10.0.2.0/24` +*** `10.0.3.0/24` +** An internet gateway +** Routing tables (and associations) for all subnets. +* An auto-scaling group and launch configuration, which creates: +** 1, or between 3 and 10 EC2 instances (Depending on whether a single instance or an autonomous cluster is selected). +* 1 Network (Layer 4) Load Balancer. +** A target group for the EC2 instances. + +=== Template outputs + +After the installation finishes successfully, the CloudFormation template provides the following outputs, which can be found in the *Outputs* tab of the CloudFormation page on the AWS console. + +[cols="<31s,69",frame="topbot",options="header"] +|=== + +| Output Name +| Output Description + +| Neo4jBrowserURL +| The http URL of the Neo4j Browser. + +| Neo4jURI +| The Bolt URL of the Neo4j Browser. + +| Neo4jUsername +| The username `neo4j` and a reminder to use the password that was specified earlier when filling out the CloudFormation template. + +|=== + +== Verify that Neo4j is running -image:neo4j-service.png[] +When the CloudFormation stack is created, navigate to *Outputs* and open the *Neo4jBrowserURL* in a new tab. +Log into Neo4j using your credentials. == Clean up the resources and remove your stack diff --git a/modules/ROOT/pages/cloud-deployments/neo4j-azure.adoc b/modules/ROOT/pages/cloud-deployments/neo4j-azure.adoc index 8b82062fd..53317990b 100644 --- a/modules/ROOT/pages/cloud-deployments/neo4j-azure.adoc +++ b/modules/ROOT/pages/cloud-deployments/neo4j-azure.adoc @@ -15,7 +15,7 @@ This template is hosted in a public GitHub repository and can be found at link:h == Neo4j ARM template -ARM is an Infrastructure as Code (IaC) service that tells Azure how to deploy a set of interrelated resources. +Azure Resource Manager (ARM) is an Infrastructure as Code (IaC) service that tells Azure how to deploy a set of interrelated resources. The Neo4j ARM template has the following properties: diff --git a/modules/ROOT/pages/cloud-deployments/neo4j-gcp/cluster-vm.adoc b/modules/ROOT/pages/cloud-deployments/neo4j-gcp.adoc similarity index 59% rename from modules/ROOT/pages/cloud-deployments/neo4j-gcp/cluster-vm.adoc rename to modules/ROOT/pages/cloud-deployments/neo4j-gcp.adoc index d6970fb77..e2eeb8aad 100644 --- a/modules/ROOT/pages/cloud-deployments/neo4j-gcp/cluster-vm.adoc +++ b/modules/ROOT/pages/cloud-deployments/neo4j-gcp.adoc @@ -1,44 +1,35 @@ :description: This page describes how to deploy and run a Neo4j cluster from the GCP Marketplace. -[[cluster-gcp]] -= Clusters (VM-based) +[role=enterprise-edition] +[[gcp]] += Neo4j on GCP You can deploy a Neo4j cluster via the GCP Marketplace. -== Prerequisites - -* You have a Neo4j Enterprise license. -* You are familiar with the xref:clustering/introduction.adoc#clustering-introduction-operational[Cluster architecture]. -* You know how to access cloud-hosted Neo4j from your application. See the https://neo4j.com/docs/driver-manual/4.0/[Driver Manual^]. - - == Deploy Neo4j via the GCP Marketplace Deploy Neo4j Enterprise from the https://console.cloud.google.com/marketplace/product/neo4j/neo4j-enterprise-edition[Google Cloud Launcher console^] following the interactive prompts. -Once the deployment finishes, save the URL, username, and password. - - == Start using Neo4j Browser -Use your browser to access the cloud-based database URL, and log in with the initial username and password provided. -You may see an SSL warning screen because the out-of-the-box deployment uses an unsigned SSL certificate. -The initial password is set to a strong, random password and is saved as a metadata entry on the VMs. +Use your web browser to access the cloud-based database URL, and log in with the initial username `neo4j` and password you specified during the configuration stage. -To verify that the cluster has formed correctly, run the following Cypher statement: +[NOTE] +==== +The GCP console advises when the deployment is complete. +However, you need to wait another few minutes for the Neo4j deployment to complete on the GCP Virtual Machines before the Neo4j Browser is available. +Depending on the deployment options selected, this can take more than 5 minutes. +==== -[source, cypher] --- -CALL dbms.cluster.overview() --- - -The result is one leader and minimum two followers. -The IP addresses and endpoints must be the same as the ones for your running instances, displayed by the Compute Engine. +The Cypher command `SHOW SERVERS` displays all current servers running in the cluster, including both servers yet to be enabled (i.e. servers in the `Free` state) in the DBMS as well as dropped servers. +[source, cypher] +---- +SHOW SERVERS +---- == Access your instance via SSH -Cluster members are regular Google Compute Engine VMs. -Therefore, you can access any of them via SSH from the Deployment Manager screen, or by running the following command in the Google Cloud CLI: +You can access the deployed GCP Compute Engine Virtual Machines via SSH from the Deployment Manager screen, or by running the following command in the Google Cloud CLI: [source, shell] -- @@ -69,4 +60,4 @@ The template’s behavior and layout match the usual _neo4j.conf_ file. == Terminating the deployment You can use the deployment manager to delete the deployment. -To ensure data safety, the disks that back the VMs are not removed when you delete the cluster deployment. +To ensure data safety, the disks that back the VMs are not removed when you delete the cluster deployment. \ No newline at end of file diff --git a/modules/ROOT/pages/cloud-deployments/neo4j-gcp/automation-gcp.adoc b/modules/ROOT/pages/cloud-deployments/neo4j-gcp/automation-gcp.adoc deleted file mode 100644 index 6c7929f77..000000000 --- a/modules/ROOT/pages/cloud-deployments/neo4j-gcp/automation-gcp.adoc +++ /dev/null @@ -1,183 +0,0 @@ -:description: This page describes how to automate Neo4j deployments on GCP. -[[auto-deployments-gcp]] -= Neo4j deployments automation on Google Cloud Platform (GCP) - -Automate Neo4j deployment when you want to integrate Neo4j into your CI/CD pipeline to be able to create/destroy instances temporarily, or to spin up a sample instance. - - -== Prerequisites - -* You have https://cloud.google.com/sdk/install[installed and set up Google Cloud SDK^] to be able to use the `gcloud` command-line tool. -* You have https://cloud.google.com/sdk/docs/authorizing[authenticated your gcloud CLI^], to make sure it can interact with your GCP projects. - - -== Google Cloud Deployment Manager - -Neo4j provides Deployment Manager templates for Neo4j cluster (highly available clusters), and VM images for Neo4j Enterprise standalone. -Deployment Manager is a recipe that tells GCP how to deploy a whole set of interrelated resources. -By deploying all of this as a stack you can keep all of your resources together, and delete just one thing when you are done. - - -== Creating a Deployment Manager stack - -Depending on what Neo4j edition you want to deploy, you create a Deployment Manager stack by running a bash script. - -Each script contains the following configurations: - -* The URL of the Neo4j stack template that tells GCP what to deploy. -* Various parameters that control how much hardware you want to use. -* `MACHINE` - the GCP machine type you want to launch, which controls how much hardware you will be giving to your database. -* `DISK_TYPE` and `DISK_SIZE`- controls whether Neo4j uses standard spinning magnetic platters (pd-standard) or SSD disks (pd-ssd), and how many GB of storage you want to allocate. -Note that with some disk sizes, GCP warns that the root partition type may need to be resized if the underlying OS does not support the disk size. -This warning can be ignored, because the underlying OS will recognize any disk size. -* `ZONE` - specifies where to deploy Neo4j. -* `PROJECT` - the project ID you want to deploy on GCP. - - -// == Deploying Neo4j Enterprise Edition with a Causal Cluster -// -// To deploy Neo4j Enterprise Edition with a Causal Cluster, use the Causal Cluster template. -// [NOTE] -// You indicate how many core servers and read replicas you want in your cluster by configuring the `CORES` and `READ_REPLICAS` parameters. -// -// [source, shell, subs="attributes+"] -// -- -// #!/bin/bash -// export NAME=neo4j-cluster -// PROJECT=my-gcp-project-ID -// MACHINE=n1-standard-2 -// DISK_TYPE=pd-ssd -// DISK_SIZE=64 -// ZONE=us-east1-b -// CORES=3 -// READ_REPLICAS=0 -// NEO4J_VERSION={neo4j-version-exact} -// TEMPLATE_URL=https://storage.googleapis.com/neo4j-deploy/$NEO4J_VERSION/causal-cluster/neo4j-causal-cluster.jinja -// OUTPUT=$(gcloud deployment-manager deployments create $NAME \ -// --project $PROJECT \ -// --template "$TEMPLATE_URL" \ -// --properties "zone:'$ZONE',clusterNodes:'$CORES',readReplicas:'$READ_REPLICAS',bootDiskSizeGb:$DISK_SIZE,bootDiskType:'$DISK_TYPE',machineType:'$MACHINE'") -// echo $OUTPUT -// PASSWORD=$(echo $OUTPUT | perl -ne 'm/password\s+([^\s]+)/; print $1;') -// IP=$(echo $OUTPUT | perl -ne 'm/vm1URL\s+https:\/\/([^\s]+):/; print $1; ') -// echo NEO4J_URI=bolt+routing://$IP -// echo NEO4J_PASSWORD=$PASSWORD -// echo STACK_NAME=$NAME -// -- -// -// After you configure the parameters of what you are deploying, you call to `gcloud deployment-manager deployments create` to do the work. -// The variable `OUTPUT` contains all the information about your deployment. -// Then, you use `perl` to pull out the password and IP address of your new deployment, because it will have a strong randomly assigned password. -// -// [TIP] -// This command blocks and does not succeed until the entire stack is deployed and ready. -// This means that by the time you get the IP address back, your Neo4j is up. -// If you lose these stack outputs (IP, password, and so on), you can find them in your Deployment Manager window within the GCP console. -// -// To delete your deployment, take note of the `STACK_NAME` and use the utility script: -// -// [source, shell] -// -- -// #!/bin/bash -// PROJECT=my-google-project-id -// if [ -z $1 ] ; then -// echo "Usage: call me with deployment name" -// exit 1 -// fi -// gcloud -q deployment-manager deployments delete $1 --project $PROJECT -// # OPTIONAL! Destroy the disk -// # gcloud --quiet compute disks delete $(gcloud compute disks list --project $PROJECT --filter="name~'$1'" --uri) -// -- -// -// [NOTE] -// When you delete Neo4j stacks on GCP, the GCP disks are left behind, to make it hard for you to accidentally destroy your valuable data. -// To completely clean up your disks, uncomment the last line of the script. - - -== Deploying Neo4j Enterprise (or Community) Edition in standalone mode - -To deploy Neo4j Enterprise Edition in standalone mode, create a simple VM and configure its firewall/security rules. -It will not have high-availability failover capabilities, but it is a very fast way to get started. - -You choose a random password by running some random bytes through a hash. -The script also provides an example of polling and waiting until the VM service comes up, and then changing the Neo4j default password. - -The `launcher-public` project on GCP hosts Neo4j’s VM images for GCP. -In the example script, `neo4j-enterprise-1–3–5–3-apoc` is used, but other versions are also available. -By substituting a different image name here, you can use this same technique to run Neo4j Community Edition in standalone mode. - -[source, shell, subs="attributes+"] --- -#!/bin/bash -export PROJECT=my-gcp-project-id -export MACHINE=n1-standard-2 -export DISK_TYPE=pd-ssd -export DISK_SIZE=64GB -export ZONE=us-east1-b -export NEO4J_VERSION={neo4j-version-exact} -export PASSWORD=$(head -n 20 /dev/urandom | md5) -export STACK_NAME=neo4j-standalone -export IMAGE=neo4j-enterprise-1-3-5-3-apoc -# Setup firewalling. -echo "Creating firewall rules" -gcloud compute firewall-rules create "$STACK_NAME" \ - --allow tcp:7473,tcp:7687 \ - --source-ranges 0.0.0.0/0 \ - --target-tags neo4j \ - --project $PROJECT -if [ $? -ne 0 ] ; then - echo "Firewall creation failed. Bailing out" - exit 1 -fi -echo "Creating instance" -OUTPUT=$(gcloud compute instances create $STACK_NAME \ - --project $PROJECT \ - --image $IMAGE \ - --tags neo4j \ - --machine-type $MACHINE \ - --boot-disk-size $DISK_SIZE \ - --boot-disk-type $DISK_TYPE \ - --image-project launcher-public) -echo $OUTPUT -# Pull out the IP addresses, and toss out the private internal one (10.*) -IP=$(echo $OUTPUT | grep -oE '((1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.)\{3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])' | grep --invert-match "^10\.") -echo "Discovered new machine IP at $IP" -tries=0 -while true ; do - OUTPUT=$(echo "CALL dbms.changePassword('$PASSWORD');" | cypher-shell -a $IP -u neo4j -p "neo4j" 2>&1) - EC=$? - echo $OUTPUT - - if [ $EC -eq 0 ]; then - echo "Machine is up ... $tries tries" - break -fi - if [ $tries -gt 30 ] ; then - echo STACK_NAME=$STACK_NAME - echo "Machine is not coming up, giving up" - exit 1 - fi - tries=$(($tries+1)) - echo "Machine is not up yet ... $tries tries" - sleep 1; -done -echo NEO4J_URI=bolt://$IP:7687 -echo NEO4J_PASSWORD=$PASSWORD -echo STACK_NAME=$STACK_NAME -exit 0 --- - -To delete your deployment, take note of the `STACK_NAME` and use the utility script: - -[source, shell] --- -#!/bin/bash -export PROJECT=my-google-project-id -if [ -z $1 ] ; then - echo "Missing argument" - exit 1 -fi -echo "Deleting instance and firewall rules" -gcloud compute instances delete --quiet "$1" --project "$PROJECT" && gcloud compute firewall-rules --quiet delete "$1" --project "$PROJECT" -exit $? --- diff --git a/modules/ROOT/pages/cloud-deployments/neo4j-gcp/index.adoc b/modules/ROOT/pages/cloud-deployments/neo4j-gcp/index.adoc deleted file mode 100644 index 40a6575ed..000000000 --- a/modules/ROOT/pages/cloud-deployments/neo4j-gcp/index.adoc +++ /dev/null @@ -1,10 +0,0 @@ -[[gcp]] -= Neo4j on Google Cloud Platform -:description: This chapter describes the different options for deploying and running Neo4j on Google Cloud Platform. - -There are several options for running Neo4j on GCP, depending on what you want to do. - -* xref:cloud-deployments/neo4j-gcp/single-instance-vm.adoc[Single instances (VM-based)] -- Launching a single instance from an image. -* xref:cloud-deployments/neo4j-gcp/cluster-vm.adoc[Clusters (VM-Based)] -- Deploying Neo4j on GCP. -* xref:cloud-deployments/neo4j-gcp/automation-gcp.adoc[Neo4j deployments automation on GCP] – Automating Neo4j deployments on GCP. - diff --git a/modules/ROOT/pages/cloud-deployments/neo4j-gcp/single-instance-vm.adoc b/modules/ROOT/pages/cloud-deployments/neo4j-gcp/single-instance-vm.adoc deleted file mode 100644 index ea65f8c15..000000000 --- a/modules/ROOT/pages/cloud-deployments/neo4j-gcp/single-instance-vm.adoc +++ /dev/null @@ -1,153 +0,0 @@ -:description: Deploy a Neo4j standalone instance using an image from the GCP Marketplace. -[[single-instance-gcp]] -= Neo4j standalone instance (VM-based) - -You can deploy a Neo4j standalone instance using an image from the GCP Marketplace. - -== Prerequisites - -* You know how to run and operate Neo4j locally. -* You know how to access cloud-hosted Neo4j from your application. See the https://neo4j.com/docs/driver-manual/4.0/[Driver Manual^]. -* You have https://cloud.google.com/sdk/install[installed and set up Google Cloud SDK^] to be able to use the `gcloud` command-line tool. -* You have https://cloud.google.com/sdk/docs/authorizing[authenticated your gcloud CLI^], to interact with your GCP projects. - - -[[single-instance-gcp-create-a-firewall-rule]] -== Create a firewall rule to access your instance - -Create a firewall rule to be able to access your instance when it is launched: - -[source, gcloud command, subs="attributes+,+specialchars,+macros", role="noheader"] ----- -gcloud compute firewall-rules create allow-neo4j-bolt-http-https \ <1> - --allow tcp:7473,tcp:7474,tcp:7687 \ <2> - --source-ranges 0.0.0.0/0 \ <3> - --target-tags neo4j <4> ----- - -<1> Create a firewall rule with the name `allow-neo4j-bolt-http-https`. -<2> Allow traffic on ports: -+ -* `7473` (HTTPS, for Neo4j Browser and HTTP API). -* `7474` (HTTP, for Neo4j Browser and HTTP API). -* `7687` (Bolt Protocol). -+ -<3> The ranges, provided with the `--source-ranges` argument, allow the entire Internet to contact your new instance. -<4> The `--target-tags` argument specifies that this rule applies only to VMs tagged with `neo4j`. + -When you launch your instance, you have to apply that tag to it. - - -[[single-instance-gcp-create-a-compute-instance]] -== Create a Google compute instance from the Neo4j public image - -. List all available Neo4j public images. -+ -The images are published in a GCP project called `launcher-public`, so by listing images in that project, you can see what is available. -+ -.`launcher-public` images -[source, gcloud command, role="noheader"] ----- -gcloud compute images list --project launcher-public ----- -+ -.`launcher-public` images -- filtered on Neo4j 4.X versions -[source, gcloud command, role="noheader"] ----- -gcloud compute images list --project launcher-public | grep --extended-regexp "neo4j-(community|enterprise)-1-4-.*" ----- -+ -For example, the image `neo4j-enterprise-1-4-2-2-apoc` includes Neo4j Enterprise 4.2.2 with the APOC plugin. -+ -. Create a new instance. -+ -You create and launch an instance by using the following `gcloud` commands: -+ -[source, gcloud command, subs="attributes+,+specialchars,+macros", role="noheader"] ----- -gcloud config set project <1> -gcloud compute instances create my-neo4j-instance --image-project launcher-public \ <2> - --image \ <3> - --tags neo4j <4> ----- -+ -<1> Set your project configuration to ensure you know where you are launching your instance. -<2> Launch an image found in the provided public project `launcher-public`. -<3> Replace `` with the image name you want to launch. -<4> The `--tags` argument allows you to configure the correct network permissions. + -By default, Google blocks all external access to the network services unless you open them. -+ -. Note the `EXTERNAL_IP`. -+ -When the launch is successful, you get the following result: -+ -.Example output -[source, output example, role="noheader"] ----- -Created [https://www.googleapis.com/compute/v1/projects/testbed-187316/zones/us-east1-b/instances/my-neo4j-instance]. -NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS -my-neo4j-instance europe-north1-a n1-standard-1 192.0.2.0 203.0.113.0 RUNNING ----- -+ -Note the IP addressfootnote:[https://tools.ietf.org/html/rfc5737] in the `EXTERNAL_IP` column, this is for the Neo4j server. - -[TIP] -==== -The `gcloud` tool comes with many command-line options. -For more details on how to deal with machine type, memory, available storage, etc., consult https://cloud.google.com/sdk/gcloud/reference/compute/instances/create[the Google Cloud documentation^]. -==== - - -[[single-instance-gcp-access-neo4j]] -== Access your new instance - -Navigate to `http://[EXTERNAL_IP]:7474/browser` or `https://[EXTERNAL_IP]:7473/browser`, log in with the default username `neo4j` and password `neo4j`, and change the password, when prompted. - -[NOTE] -==== -Neo4j 3.X versions include a self-signed certificate for TLS. -Because you do not have a hostname or a valid SSL certificate configured by default, your browser will warn you that the certificate is not trusted. - -Neo4j 4.X versions do not include any certificate for TLS. -You can configure the certificate later. -==== - - -[[single-instance-gcp-access-compute-instance-ssh]] -== Access your instance via SSH - -You can run the following command to SSH into the instance: - -.ssh -[source, gcloud command, role="noheader"] ----- -gcloud compute ssh my-neo4j-instance ----- - -Inside the VM, you can check the status of the `neo4j` service: - -.systemctl -[source, shell command, role="noheader"] ----- -sudo systemctl status neo4j ----- - -[source, example output, role="noheader"] ----- -● neo4j.service - Neo4j Graph Database - Loaded: loaded (/etc/systemd/system/neo4j.service; enabled; vendor preset: enabled) - Active: active (running) since Thu 2021-01-01 13:01:02 UTC; 40min ago - Main PID: 937 (java) - Tasks: 62 (limit: 4401) - CGroup: /system.slice/neo4j.service - └─937 /usr/bin/java -cp /var/lib/neo4j/plugins:/etc/neo4j:/usr/share/neo4j/lib/*:/var/lib/neo4j/plugins/* -XX:+UseG1GC -XX:-OmitStackTraceInFastThrow ----- - -[[single-instance-gcp-delete-compute-instance]] -== Delete your instance - -You can run the following command to delete your instance: - -[source, gcloud command, role="nohead"] ----- -gcloud compute instances delete my-neo4j-instance ----- From 931871da2f6429cbf6b2e4be31ba8c8c13f0e5a9 Mon Sep 17 00:00:00 2001 From: Nils Ceberg Date: Mon, 13 Feb 2023 12:02:29 +0100 Subject: [PATCH 141/876] Document neo4j-admin server validate-config (#462) This new command is available since 5.5. --- modules/ROOT/pages/tools/neo4j-admin/index.adoc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/ROOT/pages/tools/neo4j-admin/index.adoc b/modules/ROOT/pages/tools/neo4j-admin/index.adoc index d5bca6eba..a1a1d712e 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/index.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/index.adoc @@ -97,6 +97,9 @@ For details, see xref:tools/neo4j-admin/neo4j-admin-report.adoc[Neo4j Admin repo For details, see xref:tools/neo4j-admin/unbind.adoc[Unbind a Neo4j cluster server]. +| `validate-config` +| Performs configuration validation without starting the server. + | `windows-service` | A command whose subcommands can be used to install, uninstall, and update Neo4j as a Windows service. From ab19d1bfb66bfd9d22f9b26b1ec48dd6110a3105 Mon Sep 17 00:00:00 2001 From: edrandall-dev Date: Mon, 13 Feb 2023 14:07:02 +0000 Subject: [PATCH 142/876] Updates --- .../pages/cloud-deployments/neo4j-aws.adoc | 69 ++++++++----------- 1 file changed, 30 insertions(+), 39 deletions(-) diff --git a/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc b/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc index 488b6a2bf..abd47adef 100644 --- a/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc +++ b/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc @@ -3,17 +3,12 @@ [[aws]] = Neo4j on AWS -Neo4j Enterprise Edition can be easily deployed on EC2 instances in Amazon Web Services (AWS) by using the link:https://aws.amazon.com/marketplace/pp/prodview-akmzjikgawgn4?sr=0-1&ref_=beagle&applicationId=AWSMPContessa[official listing for Neo4j Enterprise on the AWS Marketplace]. +Neo4j Enterprise Edition can be easily deployed on EC2 instances in Amazon Web Services (AWS) by using the link:https://aws.amazon.com/marketplace/pp/prodview-akmzjikgawgn4?sr=0-1&ref_=beagle&applicationId=AWSMPContessa[official listing for Neo4j Enterprise on the AWS Marketplace^]. The AWS Marketplace listing uses a CloudFormation template maintained by Neo4j. -The template's code is available on link:https://github.com/neo4j-partners/amazon-cloud-formation-neo4j/tree/main/marketplace[GitHub] and can be customized to meet more complex or bespoke use cases. +The template's code is available on link:https://github.com/neo4j-partners/amazon-cloud-formation-neo4j/tree/main/marketplace[GitHub^] and can be customized to meet more complex or bespoke use cases. See <>. -// Does this matter? Is the purpose of a note for additional technical information? Or about calling your attention to an important caveat? - -// This is not a caveat, it's a design decision. -//The note below is the result of a support request to clarify that the marketplace listing uses a CloudFormation template and no longer uses custom AMIs. See https://trello.com/c/tMMaMPJs/680-aws-deployment-doc-update-requested. - [NOTE] ==== Neo4j does not provide Amazon Machine Images (AMIs) with a pre-installed version of the product. @@ -22,15 +17,13 @@ The Neo4j Marketplace listings and custom listings on Github use CloudFormation == Supported Neo4j versions -The Neo4j link:https://aws.amazon.com/marketplace/seller-profile?id=23ec694a-d2af-4641-b4d3-b7201ab2f5f9[AWS marketplace listing] can be configured to deploy either Neo4j Enterprise Edition v5 or v4.4. +The Neo4j link:https://aws.amazon.com/marketplace/seller-profile?id=23ec694a-d2af-4641-b4d3-b7201ab2f5f9[AWS marketplace listing^] can be configured to deploy either Neo4j Enterprise Edition v5 or v4.4. The CloudFormation template always installs the latest minor version of Neo4j v5 or v4.4. -== Clusters +== Cluster version consistency -//does this get updated when the cluster is upgraded? -//try to avoid the word "nodes". -When you create a Neo4j cluster, the Auto Scaling group (ASG) is tagged with the minor version of the installed Neo4j. -If you add more EC2 instances to your ASG, they will be tagged with the same minor version, ensuring that all Neo4j cluster servers run on the same version, regardless of when the EC2 instances were created. +When you create a Neo4j cluster, an Auto Scaling group (ASG) is created and tagged with the minor version of the installed Neo4j database. +If you add more EC2 instances to your ASG, they will be tagged with the same minor version, ensuring that all Neo4j cluster servers are installed with the same version, regardless of when the EC2 instances were created. == Licensing @@ -39,18 +32,29 @@ When deploying Neo4j, users are required to confirm that they either have an ent If you require the Enterprise version of either Graph Data Science or Bloom, you need to provide a key issued by Neo4j as this will be required during the installation. -To obtain a valid license for either Neo4j, Bloom, or GDS, reach out to your Neo4j account representative or get in touch using the link:https://neo4j.com/contact-us/[contact form]. +To obtain a valid license for either Neo4j, Bloom, or GDS, reach out to your Neo4j account representative or get in touch using the link:https://neo4j.com/contact-us/[contact form^]. [[cloudformation_template]] == Neo4j CloudFormation template +=== Important considerations + +* The Neo4j CloudFormation template deploys a new VPC. +** AWS accounts are limited to an initial quota of 5 VPCs (you can view your current quota viewing the "Limits" page of the Amazon EC2 console) +** The VPC quota can be increased if needed by contacting AWS support. + +* The Neo4j CloudFormation Template uses an Auto Scaling group (ASG) to deploy EC2 instances. +** This means that to stop or terminate EC2 instances, you must first remove them from the ASG, otherwise, the ASG will automatically replace them. + +* The deployment of cloud resources will incur costs. + AWS CloudFormation is a declarative Infrastructure as Code (IaC) language that is based on YAML and instructs AWS to deploy a set of cloud resources. -The Neo4j CloudFormation template repository has v5 on the `main` branch and v4 on the `Neo4j-4.4` branch: +The Neo4j CloudFormation template repository contains code for Neo4j v5 on the `main` branch and code for Neo4j v4.4 on the `Neo4j-4.4` branch: * link:https://github.com/neo4j-partners/amazon-cloud-formation-neo4j/tree/main/marketplace[CloudFormation template for Neo4j v5]. * link:https://github.com/neo4j-partners/amazon-cloud-formation-neo4j/tree/Neo4j-4.4/marketplace[CloudFormation template for Neo4j v4.4]. -The Neo4j CloudFormation template takes several parameters as inputs, deploys a set of cloud resources, and provides outputs that can be used to connect to the Neo4j cluster. +The Neo4j CloudFormation template takes several parameters as inputs, deploys a set of cloud resources and provides outputs that can be used to connect to the Neo4j cluster. === Input parameters @@ -61,26 +65,22 @@ The Neo4j CloudFormation template takes several parameters as inputs, deploys a | Parameter Description | Stack Name -| A name for the CloudFormation stack to be deployed, e.g., `my-neo4j-cluster`. -Stack name can include letters (A-Z and a-z), numbers (0-9), and dashes (-). +| A name for the CloudFormation stack to be deployed, e.g., `my-neo4j-cluster`. Stack name can include letters (A-Z and a-z), numbers (0-9), and dashes (-). | Install Graph Data Science -| Optionally install Graph Data Science (GDS). +| An option to install Graph Data Science (GDS). Accepted values are `Yes` or `No`. | Graph Data Science License Key -| License keys will be sent to and stored by Neo4j. -This information is used only for product activation purposes. +| A valid GDS license key can be pasted into this field. License keys will be sent to and stored by Neo4j. This information is used only for product activation purposes. | Install Bloom -| Optionally install Neo4j Bloom. +| Optionally install Neo4j Bloom. Accepted values are `Yes` or `No`. | Bloom License Key -| License keys will be sent to and stored by Neo4j. -This information is used only for product activation purposes. +| A valid Bloom license key can be pasted into this field. License keys will be sent to and stored by Neo4j. This information is used only for product activation purposes. | Password -| A password for the `neo4j` user. -Must be a minimum of 8 characters. +| A password for the `neo4j` user. Must be a minimum of 8 characters. | Number of Servers | Specify the number of desired EC2 instances to be used to form a Neo4j cluster (a minimum of 3 instances is required to form a cluster.) @@ -89,26 +89,15 @@ Must be a minimum of 8 characters. | The class of EC2 Instance to use. | Disk Size -| Size in GB of the EBS volume on each EC2 instance. -Larger EBS volumes are typically faster than smaller ones, therefore 100GB is the recommended minimum size. +| Size (in GB) of the EBS volume on each EC2 instance. Larger EBS volumes are typically faster than smaller ones, therefore 100GB is the recommended minimum size. | SSH CIDR -| Specify an address range from which EC2 instances are accessible on port `22`. -You can use `0.0.0.0/0` to allow access from any IP address. -This field must also be correctly populated to allow the use of EC2 instance-connect. +| Specify an address range from which EC2 instances are accessible on port `22`. You can use `0.0.0.0/0` to allow access from any IP address. This field must also be correctly populated to allow the use of EC2 instance-connect. |=== === Deployed cloud resources -*Users are reminded that the deployment of cloud resources will incur costs.* - -[NOTE] -==== -The Neo4j CloudFormation Template uses an Auto Scaling group (ASG) to deploy EC2 instances. -This means that to stop or terminate EC2 instances, you must first remove them from the ASG, otherwise, the ASG will automatically replace them. -==== - The environment created by the CloudFormation template consists of the following AWS resources: * 1 VPC, with a CIDR range of `10.0.0.0/16`. @@ -123,6 +112,8 @@ The environment created by the CloudFormation template consists of the following * 1 Network (Layer 4) Load Balancer. ** A target group for the EC2 instances. + + === Template outputs After the installation finishes successfully, the CloudFormation template provides the following outputs, which can be found in the *Outputs* tab of the CloudFormation page on the AWS console. From ee9b97202e32e339846d064b118d0c19df08c58b Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Mon, 13 Feb 2023 15:34:05 +0100 Subject: [PATCH 143/876] =?UTF-8?q?Adding=20steps=20on=20how=20to=20disabl?= =?UTF-8?q?e=20file=20and=20directory=20access=20time=20updates=E2=80=A6?= =?UTF-8?q?=20(#486)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit … (#483) These steps are suggested in 3.5 but not in newer versions. --------- Co-authored-by: Reneta Popova Cherry-picked from https://github.com/neo4j/docs-operations/pull/483 Co-authored-by: Reneta Popova --- modules/ROOT/pages/performance/linux-file-system-tuning.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/performance/linux-file-system-tuning.adoc b/modules/ROOT/pages/performance/linux-file-system-tuning.adoc index 521ef8477..8705d4e88 100644 --- a/modules/ROOT/pages/performance/linux-file-system-tuning.adoc +++ b/modules/ROOT/pages/performance/linux-file-system-tuning.adoc @@ -6,8 +6,8 @@ Databases often produce many small and random reads when querying data, and few For maximum performance, it is recommended to store database and transaction logs on separate physical devices. This page covers Neo4j I/O behavior and how to optimize for operations on disk. -Often, recommended practice is to disable file and directory access time updates. -This way, the file system won't have to issue writes that update this meta-data, thus improving write performance. +It is recommended to disable file and directory access time updates by setting the `noatime,nodiratime` mount options in _fstab_, or when issuing the disk mount command. +This way, the file system will not have to issue writes that update this meta-data, thus improving write performance. Since databases can put a high and consistent load on a storage system for a long time, it is recommended to use a file system that has good aging characteristics. The EXT4 and XFS file systems are both supported. From aa44cc4af54e39fe1efe9bc2b9fadb65bb531194 Mon Sep 17 00:00:00 2001 From: Ed Randall Date: Mon, 13 Feb 2023 16:42:54 +0000 Subject: [PATCH 144/876] aws updates --- .../pages/cloud-deployments/neo4j-aws.adoc | 69 ++++++++++--------- 1 file changed, 36 insertions(+), 33 deletions(-) diff --git a/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc b/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc index abd47adef..448cff2ce 100644 --- a/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc +++ b/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc @@ -7,54 +7,44 @@ Neo4j Enterprise Edition can be easily deployed on EC2 instances in Amazon Web S The AWS Marketplace listing uses a CloudFormation template maintained by Neo4j. The template's code is available on link:https://github.com/neo4j-partners/amazon-cloud-formation-neo4j/tree/main/marketplace[GitHub^] and can be customized to meet more complex or bespoke use cases. -See <>. + [NOTE] ==== Neo4j does not provide Amazon Machine Images (AMIs) with a pre-installed version of the product. -The Neo4j Marketplace listings and custom listings on Github use CloudFormation templates and user-data (post-install) scripts to deploy and configure Neo4j. +The Neo4j Marketplace listings (and listings on GitHub) use CloudFormation templates which include a user-data (post-install) script to deploy and configure Neo4j. ==== == Supported Neo4j versions The Neo4j link:https://aws.amazon.com/marketplace/seller-profile?id=23ec694a-d2af-4641-b4d3-b7201ab2f5f9[AWS marketplace listing^] can be configured to deploy either Neo4j Enterprise Edition v5 or v4.4. -The CloudFormation template always installs the latest minor version of Neo4j v5 or v4.4. - -== Cluster version consistency +The CloudFormation template always installs the latest available minor version of each release. For example, the latest minor release of Neo4j v5 is `{neo4j-version-exact}`. -When you create a Neo4j cluster, an Auto Scaling group (ASG) is created and tagged with the minor version of the installed Neo4j database. -If you add more EC2 instances to your ASG, they will be tagged with the same minor version, ensuring that all Neo4j cluster servers are installed with the same version, regardless of when the EC2 instances were created. +== Neo4j CloudFormation template -== Licensing +AWS CloudFormation is a declarative Infrastructure as Code (IaC) language that is based on YAML and instructs AWS to deploy a set of cloud resources. +The Neo4j CloudFormation template repository contains code for Neo4j v5 on the `main` branch and code for Neo4j v4.4 on the `Neo4j-4.4` branch: -Installing and starting Neo4j from the AWS marketplace constitutes an acceptance of the Neo4j license agreement. -When deploying Neo4j, users are required to confirm that they either have an enterprise license or accept the terms of the Neo4j evaluation license. +* link:https://github.com/neo4j-partners/amazon-cloud-formation-neo4j/tree/main/marketplace[CloudFormation template for Neo4j v5]. +* link:https://github.com/neo4j-partners/amazon-cloud-formation-neo4j/tree/Neo4j-4.4/marketplace[CloudFormation template for Neo4j v4.4]. -If you require the Enterprise version of either Graph Data Science or Bloom, you need to provide a key issued by Neo4j as this will be required during the installation. +The Neo4j CloudFormation template takes several parameters as inputs, deploys a set of cloud resources and provides outputs that can be used to connect to the Neo4j cluster. -To obtain a valid license for either Neo4j, Bloom, or GDS, reach out to your Neo4j account representative or get in touch using the link:https://neo4j.com/contact-us/[contact form^]. +=== Important considerations -[[cloudformation_template]] -== Neo4j CloudFormation template -=== Important considerations +* The deployment of cloud resources will incur costs. +** Refer to the link:https://calculator.aws/#[AWS pricing calculator^]for more information. * The Neo4j CloudFormation template deploys a new VPC. -** AWS accounts are limited to an initial quota of 5 VPCs (you can view your current quota viewing the "Limits" page of the Amazon EC2 console) -** The VPC quota can be increased if needed by contacting AWS support. +** AWS accounts are limited to an initial quota of 5 VPCs (you can view your current quota by viewing the "Limits" page of the Amazon EC2 console) +** Your VPC quota can be increased if needed by contacting AWS support. * The Neo4j CloudFormation Template uses an Auto Scaling group (ASG) to deploy EC2 instances. ** This means that to stop or terminate EC2 instances, you must first remove them from the ASG, otherwise, the ASG will automatically replace them. -* The deployment of cloud resources will incur costs. - -AWS CloudFormation is a declarative Infrastructure as Code (IaC) language that is based on YAML and instructs AWS to deploy a set of cloud resources. -The Neo4j CloudFormation template repository contains code for Neo4j v5 on the `main` branch and code for Neo4j v4.4 on the `Neo4j-4.4` branch: - -* link:https://github.com/neo4j-partners/amazon-cloud-formation-neo4j/tree/main/marketplace[CloudFormation template for Neo4j v5]. -* link:https://github.com/neo4j-partners/amazon-cloud-formation-neo4j/tree/Neo4j-4.4/marketplace[CloudFormation template for Neo4j v4.4]. - -The Neo4j CloudFormation template takes several parameters as inputs, deploys a set of cloud resources and provides outputs that can be used to connect to the Neo4j cluster. +* SSH Keys are not generated as part of the CloudFormation template. +** Use EC2 Instance Connect (via the EC2 console) to connect to deployed EC2 instances if needed. === Input parameters @@ -80,10 +70,10 @@ The Neo4j CloudFormation template takes several parameters as inputs, deploys a | A valid Bloom license key can be pasted into this field. License keys will be sent to and stored by Neo4j. This information is used only for product activation purposes. | Password -| A password for the `neo4j` user. Must be a minimum of 8 characters. +| A password for the `neo4j` user (minimum of 8 characters) | Number of Servers -| Specify the number of desired EC2 instances to be used to form a Neo4j cluster (a minimum of 3 instances is required to form a cluster.) +| Specify the number of desired EC2 instances to be used to form a Neo4j cluster (a minimum of 3 instances is required to form a cluster). | Instance type | The class of EC2 Instance to use. @@ -92,7 +82,7 @@ The Neo4j CloudFormation template takes several parameters as inputs, deploys a | Size (in GB) of the EBS volume on each EC2 instance. Larger EBS volumes are typically faster than smaller ones, therefore 100GB is the recommended minimum size. | SSH CIDR -| Specify an address range from which EC2 instances are accessible on port `22`. You can use `0.0.0.0/0` to allow access from any IP address. This field must also be correctly populated to allow the use of EC2 instance-connect. +| Specify an address range from which EC2 instances are accessible on port `22`, via SSH. You can use `0.0.0.0/0` to allow access from any IP address. This field must also be correctly populated to allow the use of EC2 instance-connect. |=== @@ -105,7 +95,7 @@ The environment created by the CloudFormation template consists of the following *** `10.0.1.0/24` *** `10.0.2.0/24` *** `10.0.3.0/24` -** An internet gateway +** An internet gateway. ** Routing tables (and associations) for all subnets. * An auto-scaling group and launch configuration, which creates: ** 1, or between 3 and 10 EC2 instances (Depending on whether a single instance or an autonomous cluster is selected). @@ -113,7 +103,6 @@ The environment created by the CloudFormation template consists of the following ** A target group for the EC2 instances. - === Template outputs After the installation finishes successfully, the CloudFormation template provides the following outputs, which can be found in the *Outputs* tab of the CloudFormation page on the AWS console. @@ -135,12 +124,26 @@ After the installation finishes successfully, the CloudFormation template provid |=== -== Verify that Neo4j is running +== Verify that Neo4j is running and accessible When the CloudFormation stack is created, navigate to *Outputs* and open the *Neo4jBrowserURL* in a new tab. Log into Neo4j using your credentials. -== Clean up the resources and remove your stack +== Cluster version consistency + +When the CloudFormation template creates a new Neo4j cluster, an Auto Scaling group (ASG) is created and tagged with the minor version of the installed Neo4j database. +If you add more EC2 instances to your ASG, they will be tagged with the same minor version, ensuring that all Neo4j cluster servers are installed with the same version, regardless of when the EC2 instances were created. + +== Licensing + +Installing and starting Neo4j from the AWS marketplace constitutes an acceptance of the Neo4j license agreement. +When deploying Neo4j, users are required to confirm that they either have an enterprise license or accept the terms of the Neo4j evaluation license. + +If you require the Enterprise version of either Graph Data Science or Bloom, you need to provide a key issued by Neo4j as this will be required during the installation. + +To obtain a valid license for either Neo4j, Bloom, or GDS, reach out to your Neo4j account representative or get in touch using the link:https://neo4j.com/contact-us/[contact form^]. + +== Delete CloudFormation Stack and destroy resources Select the CloudFormation stack to be removed and click the *Delete* button. The stack deletion cleans up all AWS resources deployed by it. \ No newline at end of file From 50a3a3cc898d965cc499790a55a88cce85ee9f9f Mon Sep 17 00:00:00 2001 From: Ed Randall <68006845+edrandall-dev@users.noreply.github.com> Date: Mon, 13 Feb 2023 19:30:00 +0000 Subject: [PATCH 145/876] Update modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc Co-authored-by: Reneta Popova --- modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc b/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc index 448cff2ce..14365e8ab 100644 --- a/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc +++ b/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc @@ -12,7 +12,7 @@ The template's code is available on link:https://github.com/neo4j-partners/amazo [NOTE] ==== Neo4j does not provide Amazon Machine Images (AMIs) with a pre-installed version of the product. -The Neo4j Marketplace listings (and listings on GitHub) use CloudFormation templates which include a user-data (post-install) script to deploy and configure Neo4j. +The Neo4j Marketplace listings (and listings on GitHub) use CloudFormation templates that include a user-data (post-install) script to deploy and configure Neo4j. ==== == Supported Neo4j versions From f525e86bb69d442838d3fdca0cab0fc3d053a27f Mon Sep 17 00:00:00 2001 From: Ed Randall <68006845+edrandall-dev@users.noreply.github.com> Date: Mon, 13 Feb 2023 19:30:57 +0000 Subject: [PATCH 146/876] Update modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc Co-authored-by: Reneta Popova --- modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc b/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc index 14365e8ab..990e24091 100644 --- a/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc +++ b/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc @@ -18,7 +18,8 @@ The Neo4j Marketplace listings (and listings on GitHub) use CloudFormation templ == Supported Neo4j versions The Neo4j link:https://aws.amazon.com/marketplace/seller-profile?id=23ec694a-d2af-4641-b4d3-b7201ab2f5f9[AWS marketplace listing^] can be configured to deploy either Neo4j Enterprise Edition v5 or v4.4. -The CloudFormation template always installs the latest available minor version of each release. For example, the latest minor release of Neo4j v5 is `{neo4j-version-exact}`. +The CloudFormation template always installs the latest available minor version of each release. +For example, the latest minor release of Neo4j 5 is {neo4j-version}. == Neo4j CloudFormation template From fc46ac4bbd13d31449c18f79128558ea861df5a9 Mon Sep 17 00:00:00 2001 From: Ed Randall <68006845+edrandall-dev@users.noreply.github.com> Date: Mon, 13 Feb 2023 19:31:36 +0000 Subject: [PATCH 147/876] Update modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc Co-authored-by: Reneta Popova --- modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc b/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc index 990e24091..710755f90 100644 --- a/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc +++ b/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc @@ -29,7 +29,7 @@ The Neo4j CloudFormation template repository contains code for Neo4j v5 on the ` * link:https://github.com/neo4j-partners/amazon-cloud-formation-neo4j/tree/main/marketplace[CloudFormation template for Neo4j v5]. * link:https://github.com/neo4j-partners/amazon-cloud-formation-neo4j/tree/Neo4j-4.4/marketplace[CloudFormation template for Neo4j v4.4]. -The Neo4j CloudFormation template takes several parameters as inputs, deploys a set of cloud resources and provides outputs that can be used to connect to the Neo4j cluster. +The Neo4j CloudFormation template takes several parameters as inputs, deploys a set of cloud resources, and provides outputs that can be used to connect to a Neo4j DBMS. === Important considerations From 16b0f8f9446975aac606100e4429624fd0ed4a12 Mon Sep 17 00:00:00 2001 From: Ed Randall <68006845+edrandall-dev@users.noreply.github.com> Date: Mon, 13 Feb 2023 19:33:26 +0000 Subject: [PATCH 148/876] Update modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc Co-authored-by: Reneta Popova --- modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc b/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc index 710755f90..48c8dbedf 100644 --- a/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc +++ b/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc @@ -41,7 +41,7 @@ The Neo4j CloudFormation template takes several parameters as inputs, deploys a ** AWS accounts are limited to an initial quota of 5 VPCs (you can view your current quota by viewing the "Limits" page of the Amazon EC2 console) ** Your VPC quota can be increased if needed by contacting AWS support. -* The Neo4j CloudFormation Template uses an Auto Scaling group (ASG) to deploy EC2 instances. +* The Neo4j CloudFormation template uses an Auto Scaling group (ASG) to deploy EC2 instances. ** This means that to stop or terminate EC2 instances, you must first remove them from the ASG, otherwise, the ASG will automatically replace them. * SSH Keys are not generated as part of the CloudFormation template. From 423775417d1b56c437aa8eb5a91a577e1893647a Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Tue, 14 Feb 2023 12:30:19 +0000 Subject: [PATCH 149/876] Update the section about using imagePullSecret (#492) --- .../ROOT/pages/kubernetes/maintenance.adoc | 30 ++++++++++++------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/modules/ROOT/pages/kubernetes/maintenance.adoc b/modules/ROOT/pages/kubernetes/maintenance.adoc index 6eed5ead2..e644571f8 100644 --- a/modules/ROOT/pages/kubernetes/maintenance.adoc +++ b/modules/ROOT/pages/kubernetes/maintenance.adoc @@ -663,9 +663,14 @@ From v4.4.4, Neo4j supports using custom images from private registries by addin You can use an existing `imagePullSecret` for your Neo4j deployment by specifying its name in the _values.yaml_ file. The Neo4j Helm chart checks if the provided `imagePullSecret` exists in the Kubernetes cluster and uses it. -If a secret with the given name does not exist in the cluster, Helm chart throws an error. +If a Secret with the given name does not exist in the cluster, the Neo4j Helm chart throws an error. -.Using an already existing secret *mysecret* +[NOTE] +==== +For more information on how to set your Docker credentials in the cluster as a Secret, see the https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line[Kubernetes documentation]. +==== + +.Using an already existing Secret *mysecret* [source, yaml] ---- # values.yaml @@ -682,9 +687,9 @@ image: === Create and add a new `imagePullSecret` -You can create a new `imagePullSecret` for your Neo4j deployment by defining an equivalent `imageCredential` in the _values.yaml_ file. +Alternatively, you can create a new `imagePullSecret` for your Neo4j deployment by defining an equivalent `imageCredential` in the _values.yaml_ file. -The Neo4j Helm chart creates a secret with the given name and uses it as an `imagePullSecret` to pull the custom image defined. +The Neo4j Helm chart creates a Secret with the given name and uses it as an `imagePullSecret` to pull the custom image defined. The following example shows how to define a private docker registry `imageCredential` with the name `mysecret`. .Creating and adding `mysecret` as the `imagePullSecret` to the cluster. @@ -695,20 +700,23 @@ The following example shows how to define a private docker registry `imageCreden image: imagePullPolicy: IfNotPresent # set a customImage if you want to use your own docker image - customImage: demo_neo4j_image:v1 + customImage: custom_neo4j_image:v1 #imagePullSecrets list imagePullSecrets: - "mysecret" - #imageCredentials list for which secret of type docker-registry will be created automatically using the details provided - # registry, username, password, email are compulsory fields for an imageCredential, without any, helm chart will throw an error - # imageCredential name should be part of the imagePullSecrets list or else the respective imageCredential will be ignored and no secret creation will be done + #imageCredentials list for which Secret of type docker-registry will be created automatically using the details provided + # password and name are compulsory fields for an imageCredential, without these fields helm chart will throw an error + # registry, username, and email are optional fields, but either the username or the email must be provided + # imageCredential name should be part of the imagePullSecrets list or else the respective imageCredential will be ignored and no Secret creation will be done + # In case of a Secret already pre-existing you don't need to mention the imageCredential, just add the pre-existing secretName to the imagePullSecret list + # and that will be used as an imagePullSecret imageCredentials: - registry: "https://index.docker.io/v1/" - username: "demouser" - password: "demopass123" - email: "demo@company1.com" + username: "myusername" + password: "mypassword" + email: "myusername@example.com" name: "mysecret" ---- [[NodeSelector]] From 26cdba430134711afb0bc0d7faa9a53c9669f70f Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Tue, 14 Feb 2023 12:40:46 +0000 Subject: [PATCH 150/876] Add nodeSelectorLookup flag (#477) --- .../ROOT/pages/kubernetes/configuration.adoc | 8 +++++-- .../ROOT/pages/kubernetes/maintenance.adoc | 23 ++++++++++++++++++- 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/pages/kubernetes/configuration.adoc b/modules/ROOT/pages/kubernetes/configuration.adoc index df2f0bc9a..ae84a0e00 100644 --- a/modules/ROOT/pages/kubernetes/configuration.adoc +++ b/modules/ROOT/pages/kubernetes/configuration.adoc @@ -170,8 +170,12 @@ additionalVolumeMounts: [] #nodeSelector labels #please ensure the respective labels are present on one of the cluster nodes or else helm charts will throw an error nodeSelector: {} -# "label1: "value1" -# "label2: "value2" +# label1: "value1" +# label2: "value2" + +# disableLookups will disable all the lookups done in the helm charts +# You can enable this when executing helm commands with --dry-run command +disableLookups: false # Services for Neo4j services: diff --git a/modules/ROOT/pages/kubernetes/maintenance.adoc b/modules/ROOT/pages/kubernetes/maintenance.adoc index e644571f8..32b7598c3 100644 --- a/modules/ROOT/pages/kubernetes/maintenance.adoc +++ b/modules/ROOT/pages/kubernetes/maintenance.adoc @@ -739,4 +739,25 @@ If there is no node with the given labels, the Helm chart will throw an error. nodeSelector: nodeNumber: one name: node1 ----- \ No newline at end of file +---- + +.`nodeSelector` along with the `--dry-run` flag +[NOTE] +==== +When running `helm install --dry-run` or `helm template --dry-run` with `nodeSelector`, you must disable the lookup function of `nodeSelector` by setting `disableLookups: true`. +Otherwise, the commands will fail. + +You can either add the following to the _values.yaml_ file: + +[source, yaml] +---- +disableLookups: true +---- + +or, use `--set disableLookups=true` as part of the command, for example: + +[source, shell, role=nocopy] +---- +helm template standalone neo4j --set disableLookups=true .. ... .. --dry-run +---- +==== \ No newline at end of file From ff36b36fdeac26f13a30b0cc46dfef5f4e854916 Mon Sep 17 00:00:00 2001 From: Ed Randall <68006845+edrandall-dev@users.noreply.github.com> Date: Tue, 14 Feb 2023 15:18:03 +0000 Subject: [PATCH 151/876] Update modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc Co-authored-by: Reneta Popova --- modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc b/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc index 48c8dbedf..b26cf7c05 100644 --- a/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc +++ b/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc @@ -19,7 +19,7 @@ The Neo4j Marketplace listings (and listings on GitHub) use CloudFormation templ The Neo4j link:https://aws.amazon.com/marketplace/seller-profile?id=23ec694a-d2af-4641-b4d3-b7201ab2f5f9[AWS marketplace listing^] can be configured to deploy either Neo4j Enterprise Edition v5 or v4.4. The CloudFormation template always installs the latest available minor version of each release. -For example, the latest minor release of Neo4j 5 is {neo4j-version}. +For example, the latest minor release of Neo4j 5 is {neo4j-version-minor}. == Neo4j CloudFormation template From 2da3bc92b697be28a6891b6facbdf791e9540e0b Mon Sep 17 00:00:00 2001 From: Ed Randall <68006845+edrandall-dev@users.noreply.github.com> Date: Tue, 14 Feb 2023 15:18:14 +0000 Subject: [PATCH 152/876] Update modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc Co-authored-by: Reneta Popova --- modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc b/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc index b26cf7c05..649846773 100644 --- a/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc +++ b/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc @@ -38,7 +38,7 @@ The Neo4j CloudFormation template takes several parameters as inputs, deploys a ** Refer to the link:https://calculator.aws/#[AWS pricing calculator^]for more information. * The Neo4j CloudFormation template deploys a new VPC. -** AWS accounts are limited to an initial quota of 5 VPCs (you can view your current quota by viewing the "Limits" page of the Amazon EC2 console) +** AWS accounts are limited to an initial quota of 5 VPCs (you can view your current quota by viewing the *Limits* page of the Amazon EC2 console). ** Your VPC quota can be increased if needed by contacting AWS support. * The Neo4j CloudFormation template uses an Auto Scaling group (ASG) to deploy EC2 instances. From 32de8ed9c370cb0ffe68f81fcabaddb44c479fe4 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Tue, 14 Feb 2023 17:21:24 +0100 Subject: [PATCH 153/876] Removing wrong information about procedure (#494) (#497) Co-authored-by: Reneta Popova Cherry-picked from https://github.com/neo4j/docs-operations/pull/494 Co-authored-by: Reneta Popova --- modules/ROOT/pages/reference/configuration-settings.adoc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/reference/configuration-settings.adoc b/modules/ROOT/pages/reference/configuration-settings.adoc index 81c6938a3..a250deac4 100644 --- a/modules/ROOT/pages/reference/configuration-settings.adoc +++ b/modules/ROOT/pages/reference/configuration-settings.adoc @@ -1281,7 +1281,8 @@ m|+++Z+++ [cols="<1s,<4"] |=== |Description -a|Enables or disables tracking of how much time a query spends actively executing on the CPU. Calling `SHOW TRANSACTIONS` will display the time. This can also be logged in the query log by using `db.logs.query.time_logging_enabled`. +a|Enables or disables tracking of how much time a query spends actively executing on the CPU. Calling `SHOW TRANSACTIONS` will display the time, but not in the _query.log_. + +If you want the CPU time to be logged in the _query.log_, set `db.track_query_cpu_time=true` and `db.logs.query.time_logging_enabled=true` label:Enterprise[]. |Valid values a|db.track_query_cpu_time, a boolean |Dynamic a|true From ed1eb5b8243ba853e7a227aa5caf7282f7e994ca Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Tue, 14 Feb 2023 17:22:06 +0100 Subject: [PATCH 154/876] Adding section on id token for okta (#479) --- .../okta-claims.svg | 9 +++++ .../okta-sign-on-tab.svg | 9 +++++ .../tutorial/tutorial-sso-configuration.adoc | 40 +++++++++++++++++++ 3 files changed, 58 insertions(+) create mode 100644 modules/ROOT/images/sso-configuration-tutorials/okta-claims.svg create mode 100644 modules/ROOT/images/sso-configuration-tutorials/okta-sign-on-tab.svg diff --git a/modules/ROOT/images/sso-configuration-tutorials/okta-claims.svg b/modules/ROOT/images/sso-configuration-tutorials/okta-claims.svg new file mode 100644 index 000000000..ff6fe9765 --- /dev/null +++ b/modules/ROOT/images/sso-configuration-tutorials/okta-claims.svg @@ -0,0 +1,9 @@ + + + + + + + + + diff --git a/modules/ROOT/images/sso-configuration-tutorials/okta-sign-on-tab.svg b/modules/ROOT/images/sso-configuration-tutorials/okta-sign-on-tab.svg new file mode 100644 index 000000000..44d578d8c --- /dev/null +++ b/modules/ROOT/images/sso-configuration-tutorials/okta-sign-on-tab.svg @@ -0,0 +1,9 @@ + + + + + + + + + diff --git a/modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc b/modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc index beeeb3e00..6e15813b4 100644 --- a/modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc +++ b/modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc @@ -26,6 +26,8 @@ SSO works in the following way: == Okta +=== Access token + This example shows how to configure Okta for authentication and authorization using access tokens. . Configure the client with the appropriate redirect URI. @@ -76,6 +78,44 @@ The `token_type_principal` and the `token_type_authentication` are omitted, mean + image::sso-configuration-tutorials/oidc-okta-successful-login.png[title="Okta OIDC successful login"] +=== ID token + +This example shows how to configure Okta for authentication and authorization using ID tokens. + +. Follow the first two steps from the instructions for xref:#_access_token[Access token]. + +. Create the claims as indicated: ++ +image::sso-configuration-tutorials/okta-claims.svg[title="Okta claim creation panel"] ++ +[NOTE] +==== +In the case of access tokens, a default sub is already provided automatically. +However, for ID tokens, the name you give to your claim needs to be also indicated in the configuration `dbms.security.oidc.okta.claims.username=userid`. +==== ++ +. Configure the default authorization server (the one that shows api://default as audience) as indicated: ++ +[source, properties] +---- +dbms.security.authentication_providers=oidc-okta, native +dbms.security.authorization_providers=oidc-okta +dbms.security.oidc.okta.display_name=Okta +dbms.security.oidc.okta.auth_flow=pkce +dbms.security.oidc.okta.well_known_discovery_uri=https://trial-2696363.okta.com/oauth2/default/.well-known/openid-configuration +dbms.security.oidc.okta.audience=0oa42hwrygsUCFlLO697 +dbms.security.oidc.okta.claims.username=userid +dbms.security.oidc.okta.claims.groups=groups +dbms.security.oidc.okta.params=client_id=0oa42hwrygsUCFlLO697;response_type=code;scope=openid profile email +dbms.security.oidc.okta.authorization.group_to_role_mapping="admin_group" = admin; +dbms.security.oidc.okta.config=token_type_principal=id_token;token_type_authentication=id_token +---- ++ +. You should now find the audience under Okta's sign-on tab: ++ +image::sso-configuration-tutorials/okta-sign-on-tab.svg[title="Okta's sign-on tab"] + + == Azure Active Directory (AAD) This example shows how to configure AAD for authentication and authorization using ID tokens. From a99180b90a0106f5c19346ad151af6465c178de4 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Thu, 16 Feb 2023 11:51:29 +0100 Subject: [PATCH 155/876] Adding information about hardware requirements (#424) In case the user wants to run multiple databases. --- modules/ROOT/pages/installation/requirements.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/installation/requirements.adoc b/modules/ROOT/pages/installation/requirements.adoc index 96c5dd8f7..035fbc22a 100644 --- a/modules/ROOT/pages/installation/requirements.adoc +++ b/modules/ROOT/pages/installation/requirements.adoc @@ -22,7 +22,7 @@ Neo4j is supported on systems with x86_64 and ARM architectures on physical, vir [[deployment-requirements-hardware]] == Hardware requirements -In terms of hardware requirements, follow these guidelines: +In terms of minimum hardware requirements, follow these guidelines: .Hardware requirement guidelines. [cols="1,3a"] From 748cfbd5c155193b4adaaf7788b144161a025a84 Mon Sep 17 00:00:00 2001 From: Neil Dewhurst Date: Thu, 16 Feb 2023 13:47:48 +0000 Subject: [PATCH 156/876] Add edit this page links (#249) --- publish.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/publish.yml b/publish.yml index 837d627e5..c718e1626 100644 --- a/publish.yml +++ b/publish.yml @@ -8,6 +8,7 @@ content: sources: - url: https://github.com/neo4j/docs-operations.git branches: ['3.5', '4.0', '4.1', '4.2', '4.3', '4.4', 'dev'] + edit_url: https://github.com/neo4j/docs-operations/tree/{refname}/{path} exclude: - '!**/_includes/*' - '!**/readme.adoc' @@ -45,7 +46,7 @@ asciidoc: page-canonical-root: /docs page-pagination: true page-no-canonical: true - page-origin-private: true + page-origin-private: false page-hide-toc: false page-mixpanel: 4bfb2414ab973c741b6f067bf06d5575 includePDF: false From 19eafaed2e841e8fce13a9aa0d5d946d86763e17 Mon Sep 17 00:00:00 2001 From: Neil Dewhurst Date: Thu, 16 Feb 2023 17:11:53 +0000 Subject: [PATCH 157/876] Update Neo4j versions (#512) --- antora.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/antora.yml b/antora.yml index ae81dc37b..a8641ef41 100644 --- a/antora.yml +++ b/antora.yml @@ -7,7 +7,7 @@ nav: asciidoc: attributes: neo4j-version: '5' - neo4j-version-minor: '5.5' - neo4j-version-exact: '5.5.0' - neo4j-buildnumber: '5.5' - neo4j-debian-package-version: '1:5.5.0@' + neo4j-version-minor: '5.6' + neo4j-version-exact: '5.6.0' + neo4j-buildnumber: '5.6' + neo4j-debian-package-version: '1:5.6.0@' From fab076802f49e014008e85637820b34f6e1c9e90 Mon Sep 17 00:00:00 2001 From: Jack Waudby Date: Tue, 21 Feb 2023 15:29:54 +0000 Subject: [PATCH 158/876] add tags to appendix config reference, deprecate groups --- .../multi-data-center-routing.adoc | 2 +- .../reference/configuration-settings.adoc | 23 +++++++++++++++++-- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc b/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc index 82b0327dd..3ca04e5e1 100644 --- a/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc +++ b/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc @@ -56,7 +56,7 @@ Applying the same tag to multiple servers logically groups them together. Note that servers can have mulitple tags. Server tags are defined as a key that maps onto a set of servers in a cluster. -Server tags are defined on each server using the `xref:reference/configuration-settings.adoc#config_initial.server.tags[initial.server.tags]` parameter in _neo4j.conf_. +Server tags are defined on each server using the `xref:reference/configuration-settings.adoc#config_server.server.tags[initial.server.tags]` parameter in _neo4j.conf_. Each server in a cluster can be tagged with to zero or more server tags. .Definition of grouping servers using server tags diff --git a/modules/ROOT/pages/reference/configuration-settings.adoc b/modules/ROOT/pages/reference/configuration-settings.adoc index a250deac4..e733564ba 100644 --- a/modules/ROOT/pages/reference/configuration-settings.adoc +++ b/modules/ROOT/pages/reference/configuration-settings.adoc @@ -265,7 +265,8 @@ If this is set to `false` (default), the search for group membership will be per |<>|label:enterprise-edition[Enterprise only]Advertised cluster member discovery management communication. |<>|label:enterprise-edition[Enterprise only]Host and port to bind the cluster member discovery management communication. |<>|label:enterprise-edition[Enterprise only]A list of setting name patterns (comma separated) that are allowed to be dynamically changed. -|<>|label:enterprise-edition[Enterprise only]A list of tag names for the server used when configuring load balancing and replication policies. +|<>|label:enterprise-edition[Enterprise only]A list of tag names for the server used during database allocation and when configuring load balancing and replication policies. +|<>|label:enterprise-edition[Enterprise only]A list of tag names for the server used when configuring load balancing and replication policies. This setting is deprecated in favour of <>. |<>|Advertised address for this connector. |<>|Enable the http connector. |<>|Address the connector should bind to. @@ -570,7 +571,8 @@ If this is set to `false` (default), the search for group membership will be per * <>: label:enterprise-edition[Enterprise only]Advertised cluster member discovery management communication. * <>: label:enterprise-edition[Enterprise only]Host and port to bind the cluster member discovery management communication. * <>: label:enterprise-edition[Enterprise only]A list of setting name patterns (comma separated) that are allowed to be dynamically changed. -* <>: label:enterprise-edition[Enterprise only]A list of tag names for the server used when configuring load balancing and replication policies. +* <>: label:enterprise-edition[Enterprise only]A list of tag names for the server used during database allocation and when configuring load balancing and replication policies. +* <>: label:enterprise-edition[Enterprise only]A list of tag names for the server used when configuring load balancing and replication policies. This setting is deprecated in favour of <>. * <>: Advertised address for this connector. * <>: Enable the http connector. * <>: Address the connector should bind to. @@ -3526,6 +3528,20 @@ a|server.dynamic.setting.allowlist, a ',' separated list with elements of type ' m|+++*+++ |=== +[[config_server.tags]] +.initial.server.tags +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]A list of tag names for the server used by database allocation and when configuring load balancing and replication policies. +|Valid values +a|initial.server.tags, a ',' separated list with elements of type 'a string identifying a Server Tag'. +|Dynamic a|false +|Default value +m|++++++ +|=== + + [[config_server.groups]] .server.groups [cols="<1s,<4"] @@ -3537,8 +3553,11 @@ a|server.groups, a ',' separated list with elements of type 'a string identifyin |Dynamic a|true |Default value m|++++++ +|Deprecated +a|The `server.groups` configuration setting has been deprecated in favour of `initial.server.tags`. |=== + [[config_server.http.advertised_address]] .server.http.advertised_address [cols="<1s,<4"] From c5e26d878565dc7e161582ae6a1594c0464e14d5 Mon Sep 17 00:00:00 2001 From: Jack Waudby Date: Tue, 21 Feb 2023 16:31:28 +0000 Subject: [PATCH 159/876] point mdc routing and server mgmt to cypher manual --- .../clustering-advanced/multi-data-center-routing.adoc | 1 + modules/ROOT/pages/clustering/servers.adoc | 1 + 2 files changed, 2 insertions(+) diff --git a/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc b/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc index 3ca04e5e1..30ed4212c 100644 --- a/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc +++ b/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc @@ -58,6 +58,7 @@ Note that servers can have mulitple tags. Server tags are defined as a key that maps onto a set of servers in a cluster. Server tags are defined on each server using the `xref:reference/configuration-settings.adoc#config_server.server.tags[initial.server.tags]` parameter in _neo4j.conf_. Each server in a cluster can be tagged with to zero or more server tags. +Server tags can be altered at runtime via the `ALTER SERVER` command, consult the Cypher operations manual for further information. .Definition of grouping servers using server tags ==== diff --git a/modules/ROOT/pages/clustering/servers.adoc b/modules/ROOT/pages/clustering/servers.adoc index 50b981ebc..ebabd9710 100644 --- a/modules/ROOT/pages/clustering/servers.adoc +++ b/modules/ROOT/pages/clustering/servers.adoc @@ -248,6 +248,7 @@ neo4j@neo4j> ALTER SERVER '25a7efc7-d063-44b8-bdee-f23357f89f01' SET OPTIONS {mo Altering servers may cause databases to be moved, and should be performed with care. For example, if the server `25a7efc7-d063-44b8-bdee-f23357f89f01` hosts database `foo` in primary mode when the above command is executed, then another server must begin hosting `foo` in primary mode. Likewise, if `ALTER SERVER '25a7efc7-d063-44b8-bdee-f23357f89f01' SET OPTIONS {allowedDatabases:['bar','baz']};` is executed, then `foo` is forced to move. +For a description of all the server options, e.g., server tags, that can be altered via the `ALTER SERVER` command consult the Cypher operations manual. [NOTE] ==== From 5fc1c2f01518280c91484c995b69a2a34b66ab18 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Wed, 22 Feb 2023 11:46:10 +0100 Subject: [PATCH 160/876] Bug on set initial password code (#513) (#517) Previous formatting fix have added dbms to code and causing this bug Cherry-picked from https://github.com/neo4j/docs-operations/pull/513 --- modules/ROOT/pages/configuration/set-initial-password.adoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/pages/configuration/set-initial-password.adoc b/modules/ROOT/pages/configuration/set-initial-password.adoc index 55717e859..ed85c113e 100644 --- a/modules/ROOT/pages/configuration/set-initial-password.adoc +++ b/modules/ROOT/pages/configuration/set-initial-password.adoc @@ -16,14 +16,14 @@ The requirement has been introduced in *Neo4j 5.3*. *Syntax:* -`neo4j-admin dbms set-initial-password [--require-password-change]` +`neo4j-admin set-initial-password [--require-password-change]` .Use the `set-initial-password` command of neo4j-admin ==== Set the password for the native `neo4j` user to 'h6u4%kr' before starting the database for the first time. ---- -$neo4j-home> bin/neo4j-admin dbms set-initial-password h6u4%kr +$neo4j-home> bin/neo4j-admin set-initial-password h6u4%kr ---- ==== @@ -33,7 +33,7 @@ $neo4j-home> bin/neo4j-admin dbms set-initial-password h6u4%kr Set the password for the native `neo4j` user to 'secretpassword' before starting the database for the first time. You will be prompted to change this password to one of your own choice at first login. ---- -$neo4j-home> bin/neo4j-admin dbms set-initial-password secretpassword --require-password-change +$neo4j-home> bin/neo4j-admin set-initial-password secretpassword --require-password-change ---- ==== From 4f5dda97355bf9f4c188150259bd76dce9422298 Mon Sep 17 00:00:00 2001 From: Sum <89913753+yirensum@users.noreply.github.com> Date: Wed, 22 Feb 2023 10:55:32 +0000 Subject: [PATCH 161/876] Move cluster setup on docker to tutorial (#514) This is a PR to move clustering setup on docker to a tutorial, and is based off this trello card: https://trello.com/c/8NAaiJlC/271-move-docker-compose-example-to-a-tutorial --------- Co-authored-by: sumyiren Co-authored-by: Reneta Popova --- modules/ROOT/content-nav.adoc | 1 + modules/ROOT/pages/docker/clustering.adoc | 332 +---------------- modules/ROOT/pages/tutorial/index.adoc | 1 + .../tutorial/tutorial-clustering-docker.adoc | 337 ++++++++++++++++++ 4 files changed, 343 insertions(+), 328 deletions(-) create mode 100644 modules/ROOT/pages/tutorial/tutorial-clustering-docker.adoc diff --git a/modules/ROOT/content-nav.adoc b/modules/ROOT/content-nav.adoc index 3fe974e6e..351c25153 100644 --- a/modules/ROOT/content-nav.adoc +++ b/modules/ROOT/content-nav.adoc @@ -177,6 +177,7 @@ *** xref:tutorial/tutorial-composite-database.adoc[] *** xref:tutorial/tutorial-sso-configuration.adoc[] *** xref:tutorial/tutorial-immutable-privileges.adoc[] +*** xref:tutorial/tutorial-clustering-docker.adoc[] ** xref:routing-decisions.adoc[] diff --git a/modules/ROOT/pages/docker/clustering.adoc b/modules/ROOT/pages/docker/clustering.adoc index c9f332836..3d836ee98 100644 --- a/modules/ROOT/pages/docker/clustering.adoc +++ b/modules/ROOT/pages/docker/clustering.adoc @@ -1,9 +1,11 @@ :description: How to deploy a Neo4j cluster in a containerized environment without an orchestration tool. [role=enterprise-edition] [[docker-cc]] -= Deploy a Neo4j cluster on Docker += Deploy a Neo4j cluster on multiple Docker hosts -Neo4j supports clustering in a containerized environment without an orchestration tool. +Neo4j supports clustering in a containerized environment without an orchestration tool. +This section describes how to use Docker to set up a cluster across multiple machines. +For a tutorial on how to set up a cluster locally for testing purposes, see xref:tutorial/tutorial-clustering-docker.adoc[Deploy a Neo4j cluster in a Docker container]. [NOTE] ==== @@ -15,332 +17,6 @@ For more information, see: ==== -[[docker-cc-setup-dockercompose]] -== Deploy a Neo4j cluster using Docker Compose - -You can deploy a Neo4j cluster using Docker Compose. -Docker Compose is a management tool for Docker containers. -You use a YAML file to define the infrastructure of all your cluster servers in one file. -Then, by running the single command `docker-compose up`, you create and start all the members without the need to invoke each of them individually. -For more information about Docker Compose, see the https://docs.docker.com/compose/[Docker Compose official documentation]. - -*Prerequisites* - -* Verify that you have installed Docker Compose. -For more information, see the https://docs.docker.com/compose/install/[Install Docker Compose official documentation]. - -*Procedure* - -. Create a configuration file `neo4j.conf` which will be shared across cluster members and make it readable and writable for the user (eg., `chmod 640 neo4j.conf`) -+ -==== -[source, shell, subs="attributes+, +macros"] ----- -# Setting that specifies how much memory Neo4j is allowed to use for the page cache. -server.memory.pagecache.size=100M - -# Setting that specifies the initial JVM heap size. -server.memory.heap.initial_size=100M - -# The behavior of the initial discovery is determined by the parameters `dbms.cluster.discovery.type` and `dbms.cluster.discovery.endpoints`. -# The DNS strategy fetches the IP addresses of the cluster members using the DNS A records. -dbms.cluster.discovery.type=DNS - -# The value of `dbms.cluster.discovery.endpoints` should be set to a single domain name and the port of the discovery service. -# The domain name returns an A record for every server in the cluster when a DNS lookup is performed. -# Each A record returned by DNS should contain the IP address of the server in the cluster. -# The configured server uses all the IP addresses from the A records to join or form a cluster. -# The discovery port must be the same on all servers when using this configuration. -dbms.cluster.discovery.endpoints=neo4j-network:5000 - -# Address (the public hostname/IP address of the machine) -# and port setting that specifies where this instance advertises for discovery protocol messages from other members of the cluster. -server.discovery.advertised_address=$(hostname -i) - -# Address (the public hostname/IP address of the machine) -# and port setting that specifies where this instance advertises for Raft messages within the cluster. -server.cluster.raft.advertised_address=$(hostname) - - # Address (the public hostname/IP address of the machine) - # and port setting that specifies where this instance advertises for requests for transactions in the transaction-shipping catchup protocol. -server.cluster.advertised_address=$(hostname) - -# Enable server-side routing -dbms.routing.enabled=true - -# Use server-side routing for neo4j:// protocol connections. -dbms.routing.default_router=SERVER - -# The advertised address for the intra-cluster routing connector. -server.routing.advertised_address=$(hostname) ----- -==== -. Prepare your _docker-compose.yml_ file using the following example. -For more information, see the https://docs.docker.com/compose/compose-file/#service-configuration-reference[Docker Compose official Service configuration reference]. -+ -.Example _docker-compose.yml_ file -==== -[source, shell, subs="attributes+, +macros"] ----- -version: '3.8' - -# Custom top-level network -networks: - neo4j-internal: - -services: - - server1: - # Docker image to be used - image: $\{NEO4J_DOCKER_IMAGE} - - # Hostname - hostname: server1 - - # Service-level network, which specifies the networks, from the list of the top-level networks (in this case only neo4j-internal), that the server will connect to. - # Adds a network alias (used in neo4j.conf when configuring the discovery members) - networks: - neo4j-internal: - aliases: - - neo4j-network - - # The ports that will be accessible from outside the container - HTTP (7474) and Bolt (7687). - ports: - - "7474:7474" - - "7687:7687" - - # Uncomment the volumes to be mounted to make them accessible from outside the container. - volumes: - - ./neo4j.conf:/conf/neo4j.conf # This is the main configuration file. - - ./data/server1:/var/lib/neo4j/data - - ./logs/server1:/var/lib/neo4j/logs - - ./conf/server1:/var/lib/neo4j/conf - - ./import/server1:/var/lib/neo4j/import - #- ./metrics/server1:/var/lib/neo4j/metrics - #- ./licenses/server1:/var/lib/neo4j/licenses - #- ./ssl/server1:/var/lib/neo4j/ssl - - # Passes the following environment variables to the container - environment: - - NEO4J_ACCEPT_LICENSE_AGREEMENT - - NEO4J_AUTH - - EXTENDED_CONF - - NEO4J_EDITION - - NEO4J_initial_server_mode__constraint=PRIMARY - - # Simple check testing whether the port 7474 is opened. - # If so, the instance running inside the container is considered as "healthy". - # This status can be checked using the "docker ps" command. - healthcheck: - test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider localhost:7474 || exit 1"] - - # Set up the user - user: $\{USER_ID}:$\{GROUP_ID} - - server2: - image: $\{NEO4J_DOCKER_IMAGE} - hostname: server2 - networks: - neo4j-internal: - aliases: - - neo4j-network - ports: - - "7475:7474" - - "7688:7687" - volumes: - - ./neo4j.conf:/conf/neo4j.conf - - ./data/server2:/var/lib/neo4j/data - - ./logs/server2:/var/lib/neo4j/logs - - ./conf/server2:/var/lib/neo4j/conf - - ./import/server2:/var/lib/neo4j/import - #- ./metrics/server2:/var/lib/neo4j/metrics - #- ./licenses/server2:/var/lib/neo4j/licenses - #- ./ssl/server2:/var/lib/neo4j/ssl - environment: - - NEO4J_ACCEPT_LICENSE_AGREEMENT - - NEO4J_AUTH - - EXTENDED_CONF - - NEO4J_EDITION - - NEO4J_initial_server_mode__constraint=PRIMARY - healthcheck: - test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider localhost:7474 || exit 1"] - user: $\{USER_ID}:$\{GROUP_ID} - - server3: - image: $\{NEO4J_DOCKER_IMAGE} - hostname: server3 - networks: - neo4j-internal: - aliases: - - neo4j-network - ports: - - "7476:7474" - - "7689:7687" - volumes: - - ./neo4j.conf:/conf/neo4j.conf - - ./data/server3:/var/lib/neo4j/data - - ./logs/server3:/var/lib/neo4j/logs - - ./conf/server3:/var/lib/neo4j/conf - - ./import/server3:/var/lib/neo4j/import - #- ./metrics/server3:/var/lib/neo4j/metrics - #- ./licenses/server3:/var/lib/neo4j/licenses - #- ./ssl/server3:/var/lib/neo4j/ssl - environment: - - NEO4J_ACCEPT_LICENSE_AGREEMENT - - NEO4J_AUTH - - EXTENDED_CONF - - NEO4J_EDITION - - NEO4J_initial_server_mode__constraint=PRIMARY - healthcheck: - test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider localhost:7474 || exit 1"] - user: $\{USER_ID}:$\{GROUP_ID} - - server4: - image: $\{NEO4J_DOCKER_IMAGE} - hostname: server4 - networks: - neo4j-internal: - aliases: - - neo4j-network - ports: - - "7477:7474" - - "7690:7687" - volumes: - - ./neo4j.conf:/conf/neo4j.conf - - ./data/server4:/var/lib/neo4j/data - - ./logs/server4:/var/lib/neo4j/logs - - ./conf/server4:/var/lib/neo4j/conf - - ./import/server4:/var/lib/neo4j/import - #- ./metrics/server4:/var/lib/neo4j/metrics - #- ./licenses/server4:/var/lib/neo4j/licenses - #- ./ssl/server4:/var/lib/neo4j/ssl - environment: - - NEO4J_ACCEPT_LICENSE_AGREEMENT - - NEO4J_AUTH - - EXTENDED_CONF - - NEO4J_EDITION - - NEO4J_initial_server_mode__constraint=SECONDARY - healthcheck: - test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider localhost:7474 || exit 1"] - user: $\{USER_ID}:$\{GROUP_ID} ----- -==== -+ -. Set up the environment variables: - - `export USER_ID="$(id -u)"` - - `export GROUP_ID="$(id -g)"` - - `export NEO4J_DOCKER_IMAGE=neo4j:{neo4j-version}-enterprise` - - `export NEO4J_EDITION=docker_compose` - - `export EXTENDED_CONF=yes` - - `export NEO4J_ACCEPT_LICENSE_AGREEMENT=yes` - - `export NEO4J_AUTH=neo4j/your_password` -. Deploy your Neo4j cluster by running `docker-compose up` from your project folder. -. The instance will be available at the following addresses: - - Neo4j instance _server1_ will be available at http://localhost:7474[http://localhost:7474^]. - - Neo4j instance _server2_ will be available at http://localhost:7475[http://localhost:7475^]. - - Neo4j instance _server3_ will be available at http://localhost:7476[http://localhost:7476^]. - - Neo4j instance _server4_ will be available at http://localhost:7476[http://localhost:7477^]. -. Authenticate with the default `neo4j/your_password` credentials. -. Check the status of the cluster by running the following in Neo4j Browser: -+ -[source, cypher] ----- -SHOW SERVERS ----- -+ -.Example output: -+ -image:show-servers-docker.png[] - - -[[docker-cc-setup-env-variables]] -== Deploy a Neo4j Cluster using environment variables - -You can set up containers in a cluster to talk to each other using environment variables. -Each container must have a network route to each of the others, the `+NEO4J_initial_dbms_default__primaries__count+`, `+NEO4J_initial_dbms_default__secondaries__count+`, and `+NEO4J_dbms_cluster_discovery_endpoints+` environment variables must be set for all servers. - -[role=enterprise-edition] -[[docker-enterprise-edition-environment-variables]] -=== Cluster environment variables - -The following environment variables are specific to the Neo4j cluster, and are available in the Neo4j Enterprise Edition: - -* `+NEO4J_initial_server_mode__constraint+`: the database mode, defaults to `NONE`, can be set to `PRIMARY` or `SECONDARY`. -* `+NEO4J_dbms_cluster_discovery_endpoints+`: a comma-separated list of endpoints, which a server should contact to discover other cluster servers. -* `+NEO4J_server_discovery_advertised_address+`: hostname/IP address and port to advertise for member discovery management communication. -* `+NEO4J_server.cluster.advertised_address+`: hostname/IP address and port to advertise for transaction handling. -* `+NEO4J_server.cluster.raft.advertised_address+`: hostname/IP address and port to advertise for cluster communication. - -See xref:clustering/settings.adoc[] for more details of Neo4j cluster settings. - - -[[docker-cc-setup-single]] -=== Set up a Neo4j Cluster on a single Docker host - -Within a single Docker host, you can use the default ports for HTTP, HTTPS, and Bolt. -For each container, these ports are mapped to a different set of ports on the Docker host. - -Example of a `docker run` command for deploying a cluster with 3 servers: - -[source, shell, subs="attributes"] ----- -docker network create --driver=bridge neo4j-cluster - -docker run --name=server1 --detach --network=neo4j-cluster \ - --publish=7474:7474 --publish=7473:7473 --publish=7687:7687 \ - --hostname=server1 \ - --env NEO4J_initial_server_mode__constraint=PRIMARY \ - --env NEO4J_dbms_cluster_discovery_endpoints=server1:5000,server2:5000,server3:5000 \ - --env NEO4J_ACCEPT_LICENSE_AGREEMENT=yes \ - --env NEO4j_server_bolt_advertised_address=localhost:7687 \ - --env NEO4j_server_http_advertised_address=localhost:7474 \ - --env NEO4J_AUTH=neo4j/mypassword \ - neo4j:{neo4j-version-exact}-enterprise - -docker run --name=server2 --detach --network=neo4j-cluster \ - --publish=8474:7474 --publish=8473:7473 --publish=8687:7687 \ - --hostname=server2 \ - --env NEO4J_initial_server_mode__constraint=PRIMARY \ - --env NEO4J_dbms_cluster_discovery_endpoints=server1:5000,server2:5000,server3:5000 \ - --env NEO4J_ACCEPT_LICENSE_AGREEMENT=yes \ - --env NEO4j_server_bolt_advertised_address=localhost:8687 \ - --env NEO4j_server_http_advertised_address=localhost:8474 \ - --env NEO4J_AUTH=neo4j/mypassword \ - neo4j:{neo4j-version-exact}-enterprise - -docker run --name=server3 --detach --network=neo4j-cluster \ - --publish=9474:7474 --publish=9473:7473 --publish=9687:7687 \ - --hostname=server3 \ - --env NEO4J_initial_server_mode__constraint=PRIMARY \ - --env NEO4J_dbms_cluster_discovery_endpoints=server1:5000,server2:5000,server3:5000 \ - --env NEO4J_ACCEPT_LICENSE_AGREEMENT=yes \ - --env NEO4j_server_bolt_advertised_address=localhost:9687 \ - --env NEO4j_server_http_advertised_address=localhost:9474 \ - --env NEO4J_AUTH=neo4j/mypassword \ - neo4j:{neo4j-version-exact}-enterprise ----- - -Additional servers can be added to the cluster in an ad-hoc fashion. - -Example of a `docker run` command for adding a fourth server with a role `SECONDARY` to the cluster: - -[source, shell, subs="attributes"] ----- -docker run --name=read-server4 --detach --network=neo4j-cluster \ - --publish=10474:7474 --publish=10473:7473 --publish=10687:7687 \ - --hostname=read-server4 \ - --env NEO4J_initial_server_mode__constraint=SECONDARY \ - --env NEO4J_dbms_cluster_discovery_endpoints=server1:5000,server2:5000,server3:5000 \ - --env NEO4J_ACCEPT_LICENSE_AGREEMENT=yes \ - --env NEO4j_server_bolt_advertised_address=localhost:10687 \ - --env NEO4j_server_http_advertised_address=localhost:10474 \ - neo4j:{neo4j-version-exact}-enterprise ----- - - -[[docker-cc-setup-multiple]] -=== Set up a Neo4j Cluster on multiple Docker hosts - To create a highly-available cluster of containers, the Neo4j cluster servers can be deployed on different physical machines. When each container is running on its own physical machine, and the Docker network is not used, you have to define the advertised addresses to enable communication between the physical machines. diff --git a/modules/ROOT/pages/tutorial/index.adoc b/modules/ROOT/pages/tutorial/index.adoc index 4c2b663c6..cb97f0ffb 100644 --- a/modules/ROOT/pages/tutorial/index.adoc +++ b/modules/ROOT/pages/tutorial/index.adoc @@ -11,3 +11,4 @@ The following step-by-step tutorials cover common operational tasks or otherwise * xref:tutorial/tutorial-composite-database.adoc[Set up and use a composite database] -- This tutorial walks through the basics of setting up and using composite databases. * xref:tutorial/tutorial-sso-configuration.adoc[SSO configuration] -- This tutorial presents examples and solutions to common problems when configuring SSO. * xref:tutorial/tutorial-immutable-privileges.adoc[Administering immutable privileges] -- This tutorial describes methods for administering immutable privileges. +* xref:tutorial/tutorial-clustering-docker.adoc[Deploy a Neo4j cluster in a Docker container] -- This tutorial walks through setting up a Neo4j cluster on your local computer for testing purposes. diff --git a/modules/ROOT/pages/tutorial/tutorial-clustering-docker.adoc b/modules/ROOT/pages/tutorial/tutorial-clustering-docker.adoc new file mode 100644 index 000000000..983c0cd4b --- /dev/null +++ b/modules/ROOT/pages/tutorial/tutorial-clustering-docker.adoc @@ -0,0 +1,337 @@ +:description: How to deploy a Neo4j cluster in a containerized environment without an orchestration tool. +[role=enterprise-edition] +[[docker-cc]] += Deploy a Neo4j cluster in a Docker container + +Neo4j supports clustering in a containerized environment without an orchestration tool. +This tutorial walks through setting this up locally for testing purposes. +For production deployment across multiple servers, see xref:docker/clustering.adoc[Deploy a Neo4j cluster on multiple Docker hosts]. + +[NOTE] +==== +The examples on this page make use of both command expansion and DNS discovery method. +For more information, see: + +* xref:configuration/neo4j-conf.adoc#neo4j-conf-expand-commands[Command expansion] +* xref:clustering/setup/discovery.adoc#clustering-discovery-dns[Discovery using DNS with multiple records] +==== + +[[docker-cc-setup-dockercompose]] +== Deploy a Neo4j cluster using Docker Compose + +You can deploy a Neo4j cluster using Docker Compose. +Docker Compose is a management tool for Docker containers. +You use a YAML file to define the infrastructure of all your cluster servers in one file. +Then, by running the single command `docker-compose up`, you create and start all the members without the need to invoke each of them individually. +For more information about Docker Compose, see the https://docs.docker.com/compose/[Docker Compose official documentation]. + +*Prerequisites* + +* Verify that you have installed Docker Compose. +For more information, see the https://docs.docker.com/compose/install/[Install Docker Compose official documentation]. + +*Procedure* + +. Create a configuration file `neo4j.conf` which will be shared across cluster members and make it readable and writable for the user (eg., `chmod 640 neo4j.conf`) ++ +==== +[source,shell,subs="attributes+, +macros"] +---- +# Setting that specifies how much memory Neo4j is allowed to use for the page cache. +server.memory.pagecache.size=100M + +# Setting that specifies the initial JVM heap size. +server.memory.heap.initial_size=100M + +# The behavior of the initial discovery is determined by the parameters `dbms.cluster.discovery.type` and `dbms.cluster.discovery.endpoints`. +# The DNS strategy fetches the IP addresses of the cluster members using the DNS A records. +dbms.cluster.discovery.type=DNS + +# The value of `dbms.cluster.discovery.endpoints` should be set to a single domain name and the port of the discovery service. +# The domain name returns an A record for every server in the cluster when a DNS lookup is performed. +# Each A record returned by DNS should contain the IP address of the server in the cluster. +# The configured server uses all the IP addresses from the A records to join or form a cluster. +# The discovery port must be the same on all servers when using this configuration. +dbms.cluster.discovery.endpoints=neo4j-network:5000 + +# Address (the public hostname/IP address of the machine) +# and port setting that specifies where this instance advertises for discovery protocol messages from other members of the cluster. +server.discovery.advertised_address=$(hostname -i) + +# Address (the public hostname/IP address of the machine) +# and port setting that specifies where this instance advertises for Raft messages within the cluster. +server.cluster.raft.advertised_address=$(hostname) + + # Address (the public hostname/IP address of the machine) + # and port setting that specifies where this instance advertises for requests for transactions in the transaction-shipping catchup protocol. +server.cluster.advertised_address=$(hostname) + +# Enable server-side routing +dbms.routing.enabled=true + +# Use server-side routing for neo4j:// protocol connections. +dbms.routing.default_router=SERVER + +# The advertised address for the intra-cluster routing connector. +server.routing.advertised_address=$(hostname) +---- +==== +. Prepare your _docker-compose.yml_ file using the following example. +For more information, see the https://docs.docker.com/compose/compose-file/#service-configuration-reference[Docker Compose official Service configuration reference]. ++ +.Example _docker-compose.yml_ file +==== +[source,shell,subs="attributes+, +macros"] +---- +version: '3.8' + +# Custom top-level network +networks: + neo4j-internal: + +services: + + server1: + # Docker image to be used + image: $\{NEO4J_DOCKER_IMAGE} + + # Hostname + hostname: server1 + + # Service-level network, which specifies the networks, from the list of the top-level networks (in this case only neo4j-internal), that the server will connect to. + # Adds a network alias (used in neo4j.conf when configuring the discovery members) + networks: + neo4j-internal: + aliases: + - neo4j-network + + # The ports that will be accessible from outside the container - HTTP (7474) and Bolt (7687). + ports: + - "7474:7474" + - "7687:7687" + + # Uncomment the volumes to be mounted to make them accessible from outside the container. + volumes: + - ./neo4j.conf:/conf/neo4j.conf # This is the main configuration file. + - ./data/server1:/var/lib/neo4j/data + - ./logs/server1:/var/lib/neo4j/logs + - ./conf/server1:/var/lib/neo4j/conf + - ./import/server1:/var/lib/neo4j/import + #- ./metrics/server1:/var/lib/neo4j/metrics + #- ./licenses/server1:/var/lib/neo4j/licenses + #- ./ssl/server1:/var/lib/neo4j/ssl + + # Passes the following environment variables to the container + environment: + - NEO4J_ACCEPT_LICENSE_AGREEMENT + - NEO4J_AUTH + - EXTENDED_CONF + - NEO4J_EDITION + - NEO4J_initial_server_mode__constraint=PRIMARY + + # Simple check testing whether the port 7474 is opened. + # If so, the instance running inside the container is considered as "healthy". + # This status can be checked using the "docker ps" command. + healthcheck: + test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider localhost:7474 || exit 1"] + + # Set up the user + user: $\{USER_ID}:$\{GROUP_ID} + + server2: + image: $\{NEO4J_DOCKER_IMAGE} + hostname: server2 + networks: + neo4j-internal: + aliases: + - neo4j-network + ports: + - "7475:7474" + - "7688:7687" + volumes: + - ./neo4j.conf:/conf/neo4j.conf + - ./data/server2:/var/lib/neo4j/data + - ./logs/server2:/var/lib/neo4j/logs + - ./conf/server2:/var/lib/neo4j/conf + - ./import/server2:/var/lib/neo4j/import + #- ./metrics/server2:/var/lib/neo4j/metrics + #- ./licenses/server2:/var/lib/neo4j/licenses + #- ./ssl/server2:/var/lib/neo4j/ssl + environment: + - NEO4J_ACCEPT_LICENSE_AGREEMENT + - NEO4J_AUTH + - EXTENDED_CONF + - NEO4J_EDITION + - NEO4J_initial_server_mode__constraint=PRIMARY + healthcheck: + test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider localhost:7474 || exit 1"] + user: $\{USER_ID}:$\{GROUP_ID} + + server3: + image: $\{NEO4J_DOCKER_IMAGE} + hostname: server3 + networks: + neo4j-internal: + aliases: + - neo4j-network + ports: + - "7476:7474" + - "7689:7687" + volumes: + - ./neo4j.conf:/conf/neo4j.conf + - ./data/server3:/var/lib/neo4j/data + - ./logs/server3:/var/lib/neo4j/logs + - ./conf/server3:/var/lib/neo4j/conf + - ./import/server3:/var/lib/neo4j/import + #- ./metrics/server3:/var/lib/neo4j/metrics + #- ./licenses/server3:/var/lib/neo4j/licenses + #- ./ssl/server3:/var/lib/neo4j/ssl + environment: + - NEO4J_ACCEPT_LICENSE_AGREEMENT + - NEO4J_AUTH + - EXTENDED_CONF + - NEO4J_EDITION + - NEO4J_initial_server_mode__constraint=PRIMARY + healthcheck: + test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider localhost:7474 || exit 1"] + user: $\{USER_ID}:$\{GROUP_ID} + + server4: + image: $\{NEO4J_DOCKER_IMAGE} + hostname: server4 + networks: + neo4j-internal: + aliases: + - neo4j-network + ports: + - "7477:7474" + - "7690:7687" + volumes: + - ./neo4j.conf:/conf/neo4j.conf + - ./data/server4:/var/lib/neo4j/data + - ./logs/server4:/var/lib/neo4j/logs + - ./conf/server4:/var/lib/neo4j/conf + - ./import/server4:/var/lib/neo4j/import + #- ./metrics/server4:/var/lib/neo4j/metrics + #- ./licenses/server4:/var/lib/neo4j/licenses + #- ./ssl/server4:/var/lib/neo4j/ssl + environment: + - NEO4J_ACCEPT_LICENSE_AGREEMENT + - NEO4J_AUTH + - EXTENDED_CONF + - NEO4J_EDITION + - NEO4J_initial_server_mode__constraint=SECONDARY + healthcheck: + test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider localhost:7474 || exit 1"] + user: $\{USER_ID}:$\{GROUP_ID} +---- +==== ++ +. Set up the environment variables: +- `export USER_ID="$(id -u)"` +- `export GROUP_ID="$(id -g)"` +- `export NEO4J_DOCKER_IMAGE=neo4j:{neo4j-version}-enterprise` +- `export NEO4J_EDITION=docker_compose` +- `export EXTENDED_CONF=yes` +- `export NEO4J_ACCEPT_LICENSE_AGREEMENT=yes` +- `export NEO4J_AUTH=neo4j/your_password` +. Deploy your Neo4j cluster by running `docker-compose up` from your project folder. +. The instance will be available at the following addresses: +- Neo4j instance _server1_ will be available at http://localhost:7474[http://localhost:7474^]. +- Neo4j instance _server2_ will be available at http://localhost:7475[http://localhost:7475^]. +- Neo4j instance _server3_ will be available at http://localhost:7476[http://localhost:7476^]. +- Neo4j instance _server4_ will be available at http://localhost:7477[http://localhost:7477^]. +. Authenticate with the default `neo4j/your_password` credentials. +. Check the status of the cluster by running the following in Neo4j Browser: ++ +[source,cypher] +---- +SHOW SERVERS +---- ++ +.Example output: ++ +image:show-servers-docker.png[] + +[[docker-cc-setup-env-variables]] +== Deploy a Neo4j Cluster using environment variables + +You can set up containers in a cluster to talk to each other using environment variables. +Each container must have a network route to each of the others, the `+NEO4J_initial_dbms_default__primaries__count+`, `+NEO4J_initial_dbms_default__secondaries__count+`, and `+NEO4J_dbms_cluster_discovery_endpoints+` environment variables must be set for all servers. + +[role=enterprise-edition] +[[docker-enterprise-edition-environment-variables]] +=== Cluster environment variables + +The following environment variables are specific to the Neo4j cluster, and are available in the Neo4j Enterprise Edition: + +* `+NEO4J_initial_server_mode__constraint+`: the database mode, defaults to `NONE`, can be set to `PRIMARY` or `SECONDARY`. +* `+NEO4J_dbms_cluster_discovery_endpoints+`: a comma-separated list of endpoints, which a server should contact to discover other cluster servers. +* `+NEO4J_server_discovery_advertised_address+`: hostname/IP address and port to advertise for member discovery management communication. +* `+NEO4J_server.cluster.advertised_address+`: hostname/IP address and port to advertise for transaction handling. +* `+NEO4J_server.cluster.raft.advertised_address+`: hostname/IP address and port to advertise for cluster communication. + +See xref:clustering/settings.adoc[] for more details of Neo4j cluster settings. + +[[docker-cc-setup-single]] +=== Set up a Neo4j Cluster on a single Docker host + +Within a single Docker host, you can use the default ports for HTTP, HTTPS, and Bolt. +For each container, these ports are mapped to a different set of ports on the Docker host. + +Example of a `docker run` command for deploying a cluster with 3 servers: + +[source,shell,subs="attributes"] +---- +docker network create --driver=bridge neo4j-cluster + +docker run --name=server1 --detach --network=neo4j-cluster \ + --publish=7474:7474 --publish=7473:7473 --publish=7687:7687 \ + --hostname=server1 \ + --env NEO4J_initial_server_mode__constraint=PRIMARY \ + --env NEO4J_dbms_cluster_discovery_endpoints=server1:5000,server2:5000,server3:5000 \ + --env NEO4J_ACCEPT_LICENSE_AGREEMENT=yes \ + --env NEO4j_server_bolt_advertised_address=localhost:7687 \ + --env NEO4j_server_http_advertised_address=localhost:7474 \ + --env NEO4J_AUTH=neo4j/mypassword \ + neo4j:{neo4j-version-exact}-enterprise + +docker run --name=server2 --detach --network=neo4j-cluster \ + --publish=8474:7474 --publish=8473:7473 --publish=8687:7687 \ + --hostname=server2 \ + --env NEO4J_initial_server_mode__constraint=PRIMARY \ + --env NEO4J_dbms_cluster_discovery_endpoints=server1:5000,server2:5000,server3:5000 \ + --env NEO4J_ACCEPT_LICENSE_AGREEMENT=yes \ + --env NEO4j_server_bolt_advertised_address=localhost:8687 \ + --env NEO4j_server_http_advertised_address=localhost:8474 \ + --env NEO4J_AUTH=neo4j/mypassword \ + neo4j:{neo4j-version-exact}-enterprise + +docker run --name=server3 --detach --network=neo4j-cluster \ + --publish=9474:7474 --publish=9473:7473 --publish=9687:7687 \ + --hostname=server3 \ + --env NEO4J_initial_server_mode__constraint=PRIMARY \ + --env NEO4J_dbms_cluster_discovery_endpoints=server1:5000,server2:5000,server3:5000 \ + --env NEO4J_ACCEPT_LICENSE_AGREEMENT=yes \ + --env NEO4j_server_bolt_advertised_address=localhost:9687 \ + --env NEO4j_server_http_advertised_address=localhost:9474 \ + --env NEO4J_AUTH=neo4j/mypassword \ + neo4j:{neo4j-version-exact}-enterprise +---- + +Additional servers can be added to the cluster in an ad-hoc fashion. + +Example of a `docker run` command for adding a fourth server with a role `SECONDARY` to the cluster: + +[source,shell,subs="attributes"] +---- +docker run --name=read-server4 --detach --network=neo4j-cluster \ + --publish=10474:7474 --publish=10473:7473 --publish=10687:7687 \ + --hostname=read-server4 \ + --env NEO4J_initial_server_mode__constraint=SECONDARY \ + --env NEO4J_dbms_cluster_discovery_endpoints=server1:5000,server2:5000,server3:5000 \ + --env NEO4J_ACCEPT_LICENSE_AGREEMENT=yes \ + --env NEO4j_server_bolt_advertised_address=localhost:10687 \ + --env NEO4j_server_http_advertised_address=localhost:10474 \ + neo4j:{neo4j-version-exact}-enterprise +---- From 92f28feed98f6642d0ce9a775de26c4776b31826 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Wed, 22 Feb 2023 13:42:10 +0100 Subject: [PATCH 162/876] Changing the order of the paragraphs for clarity (#519) (#520) Customer couldn't find information about the default password when installing Neo4j, so this PR changes the order of paragraphs to make it easier for readers to find that information. --------- Cherry-picked from https://github.com/neo4j/docs-operations/pull/519 Co-authored-by: David Oliver --- .../pages/configuration/set-initial-password.adoc | 8 ++++---- modules/ROOT/pages/installation/linux/debian.adoc | 10 ++++++++++ modules/ROOT/pages/installation/linux/rpm.adoc | 12 +++++++++++- 3 files changed, 25 insertions(+), 5 deletions(-) diff --git a/modules/ROOT/pages/configuration/set-initial-password.adoc b/modules/ROOT/pages/configuration/set-initial-password.adoc index ed85c113e..4dba9492a 100644 --- a/modules/ROOT/pages/configuration/set-initial-password.adoc +++ b/modules/ROOT/pages/configuration/set-initial-password.adoc @@ -5,6 +5,9 @@ Use the `set-initial-password` command of `neo4j-admin` to define the password for the native user `neo4j`. This must be performed before starting up the database for the first time. +If the password is not set explicitly using this method, it will be set to the default password `neo4j`. +In that case, you will be prompted to change the default password at first login. + [NOTE] ==== label:Neo4j-5.3[] @@ -35,7 +38,4 @@ You will be prompted to change this password to one of your own choice at first ---- $neo4j-home> bin/neo4j-admin set-initial-password secretpassword --require-password-change ---- -==== - -If the password is not set explicitly using this method, it will be set to the default password `neo4j`. -In that case, you will be prompted to change the default password at first login. \ No newline at end of file +==== \ No newline at end of file diff --git a/modules/ROOT/pages/installation/linux/debian.adoc b/modules/ROOT/pages/installation/linux/debian.adoc index af982cb39..469484fb2 100644 --- a/modules/ROOT/pages/installation/linux/debian.adoc +++ b/modules/ROOT/pages/installation/linux/debian.adoc @@ -242,4 +242,14 @@ For operating systems that are not using `systemd`, some package-specific option On Debian-based distributions, Neo4j is enabled to start automatically on system boot by default. +[NOTE] +==== +Before starting up the database for the first time, it is recommended to use the `set-initial-password` command of `neo4j-admin` to define the password for the native user `neo4j`. + +If the password is not set explicitly using this method, it will be set to the default password `neo4j`. +In that case, you will be prompted to change the default password at first login. + +For more information, see xref:configuration/set-initial-password.adoc[]. +==== + For more information on operating the Neo4j system service, see xref:installation/linux/systemd.adoc[Neo4j system service]. diff --git a/modules/ROOT/pages/installation/linux/rpm.adoc b/modules/ROOT/pages/installation/linux/rpm.adoc index 6ce9e5032..7b7937f84 100644 --- a/modules/ROOT/pages/installation/linux/rpm.adoc +++ b/modules/ROOT/pages/installation/linux/rpm.adoc @@ -238,4 +238,14 @@ To enable Neo4j to start automatically on system boot, run the following command systemctl enable neo4j ---- -For more information on operating the Neo4j system service, see xref:installation/linux/systemd.adoc[Neo4j system service]. \ No newline at end of file +[NOTE] +==== +Before starting up the database for the first time, it is recommended to use the `set-initial-password` command of `neo4j-admin` to define the password for the native user `neo4j`. + +If the password is not set explicitly using this method, it will be set to the default password `neo4j`. +In that case, you will be prompted to change the default password at first login. + +For more information, see xref:configuration/set-initial-password.adoc[]. +==== + +For more information on operating the Neo4j system service, see xref:installation/linux/systemd.adoc[Neo4j system service]. \ No newline at end of file From 8097d21bca72c01b3e69ad25bb2c7ff501f9dc99 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 22 Feb 2023 18:32:47 +0000 Subject: [PATCH 163/876] Add a note about the location of the new config file (#526) Co-authored-by: David Oliver --- .../tools/neo4j-admin/migrate-configuration.adoc | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/tools/neo4j-admin/migrate-configuration.adoc b/modules/ROOT/pages/tools/neo4j-admin/migrate-configuration.adoc index acf909ccf..81a4e634a 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/migrate-configuration.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/migrate-configuration.adoc @@ -59,9 +59,9 @@ The `neo4j-admin migrate-configuration` command has the following options: The following example shows how to migrate a legacy configuration file to the current format: -[source, shell] +[source, shell, subs="attributes+"] ---- -$ neo4j-admin server migrate-configuration --from-path=/path/to/legacy/neo4j-enterprise-4.4.10/conf/ --to-path=/path/to/new/neo4j-enterprise-5.1.0/conf/ +$ neo4j-admin server migrate-configuration --from-path=/path/to/legacy/neo4j-enterprise-4.4.10/conf/ --to-path=/path/to/new/neo4j-enterprise-{neo4j-version-exact}/conf/ ---- .Example output @@ -96,3 +96,10 @@ dbms.jvm.additional=-Dlog4j2.disable.jmx=true MIGRATED -> server.jvm.additional= dbms.windows_service_name=neo4j MIGRATED -> server.windows_service_name=neo4j Keeping original configuration file at: /neo4j-enterprise-5.1.0/conf/neo4j.conf.old ---- + +[NOTE] +==== +The example output is not to be used to populate a new v5 _neo4j.conf_ file. + +The v5.x syntactically correct configuration file can be found at _/path/to/new/neo4j-enterprise-{neo4j-version-exact}/conf/_, where `/path/to/new/neo4j-enterprise-{neo4j-version-exact}/conf/` is the value of `--to-path=`. +==== From b6700b8900ef64ee4b085f8ce9a8daf7cb9767e8 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Thu, 23 Feb 2023 13:49:24 +0100 Subject: [PATCH 164/876] Adding context on why to create a temporary user (#499) (#530) This is an optional step and requires specific rights to be performed. Some lines about that are added now. --------- Cherry-picked from https://github.com/neo4j/docs-operations/pull/499#pullrequestreview-1311089810 Co-authored-by: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> --- modules/ROOT/pages/clustering/disaster-recovery.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/clustering/disaster-recovery.adoc b/modules/ROOT/pages/clustering/disaster-recovery.adoc index d4a515579..e53fe2ff3 100644 --- a/modules/ROOT/pages/clustering/disaster-recovery.adoc +++ b/modules/ROOT/pages/clustering/disaster-recovery.adoc @@ -58,7 +58,7 @@ The server may have to be considered indefinitely lost.) . *Validate the `system` database's availability.* .. Run `SHOW DATABASE system`. If the response doesn't contain a writer, the `system` database is unavailable and needs to be recovered, continue to step 3. -.. Run `CREATE USER 'temporaryUser' SET PASSWORD 'temporaryPassword'` to create a temporary user. +.. Optionally, you can create a temporary user to validate the `system` database's writability by running `CREATE USER 'temporaryUser' SET PASSWORD 'temporaryPassword'`. ... Confirm that the query was executed successfully and the temporary user was created as expected, by running `SHOW USERS`, then continue to xref:clustering/disaster-recovery.adoc#recover-servers[Recover servers]. If not, continue to step 3. . *Restore the `system` database.* From 1a99e84beb8e2797d2149f86683018eb31c404a3 Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Thu, 23 Feb 2023 14:23:49 +0100 Subject: [PATCH 165/876] Clarify info about Cypher Shell functionality (#531) To remove confusion if Cypher Shell supports implicit transactions or not. --- modules/ROOT/pages/tools/cypher-shell.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/tools/cypher-shell.adoc b/modules/ROOT/pages/tools/cypher-shell.adoc index e680c9b57..2fb060213 100644 --- a/modules/ROOT/pages/tools/cypher-shell.adoc +++ b/modules/ROOT/pages/tools/cypher-shell.adoc @@ -409,7 +409,7 @@ MATCH (n) RETURN n; [[cypher-shell-transactions]] == Transactions -Cypher Shell supports explicit transactions. +Cypher Shell supports explicit and implicit transactions. Transaction states are controlled using the keywords `:begin`, `:commit`, and `:rollback`. Both explicit and implicit transactions run from Cypher Shell will have default transaction metadata attached that follows the convention From 577940f902f0b7ce09082f0beeb72660cd3f4d8b Mon Sep 17 00:00:00 2001 From: Jack Waudby Date: Thu, 23 Feb 2023 13:43:02 +0000 Subject: [PATCH 166/876] alphabetical order --- .../reference/configuration-settings.adoc | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/modules/ROOT/pages/reference/configuration-settings.adoc b/modules/ROOT/pages/reference/configuration-settings.adoc index e733564ba..e52b76083 100644 --- a/modules/ROOT/pages/reference/configuration-settings.adoc +++ b/modules/ROOT/pages/reference/configuration-settings.adoc @@ -265,7 +265,6 @@ If this is set to `false` (default), the search for group membership will be per |<>|label:enterprise-edition[Enterprise only]Advertised cluster member discovery management communication. |<>|label:enterprise-edition[Enterprise only]Host and port to bind the cluster member discovery management communication. |<>|label:enterprise-edition[Enterprise only]A list of setting name patterns (comma separated) that are allowed to be dynamically changed. -|<>|label:enterprise-edition[Enterprise only]A list of tag names for the server used during database allocation and when configuring load balancing and replication policies. |<>|label:enterprise-edition[Enterprise only]A list of tag names for the server used when configuring load balancing and replication policies. This setting is deprecated in favour of <>. |<>|Advertised address for this connector. |<>|Enable the http connector. @@ -311,6 +310,7 @@ This setting will be deprecated in favour of <>|label:enterprise-edition[Enterprise only]If there is a Database Management System Panic (an irrecoverable error) should the neo4j process shut down or continue running. |<>|label:enterprise-edition[Enterprise only]The advertised address for the intra-cluster routing connector. |<>|The address the routing connector should bind to. +|<>|label:enterprise-edition[Enterprise only]A list of tag names for the server used during database allocation and when configuring load balancing and replication policies. |<>|Number of Neo4j worker threads. |<>|Comma-separated list of = for unmanaged extensions. |<>|Name of the Windows Service managing Neo4j when installed using `neo4j install-service`. @@ -571,7 +571,6 @@ If this is set to `false` (default), the search for group membership will be per * <>: label:enterprise-edition[Enterprise only]Advertised cluster member discovery management communication. * <>: label:enterprise-edition[Enterprise only]Host and port to bind the cluster member discovery management communication. * <>: label:enterprise-edition[Enterprise only]A list of setting name patterns (comma separated) that are allowed to be dynamically changed. -* <>: label:enterprise-edition[Enterprise only]A list of tag names for the server used during database allocation and when configuring load balancing and replication policies. * <>: label:enterprise-edition[Enterprise only]A list of tag names for the server used when configuring load balancing and replication policies. This setting is deprecated in favour of <>. * <>: Advertised address for this connector. * <>: Enable the http connector. @@ -617,6 +616,7 @@ This setting will be deprecated in favour of <>: label:enterprise-edition[Enterprise only]If there is a Database Management System Panic (an irrecoverable error) should the neo4j process shut down or continue running. * <>: label:enterprise-edition[Enterprise only]The advertised address for the intra-cluster routing connector. * <>: The address the routing connector should bind to. +* <>: label:enterprise-edition[Enterprise only]A list of tag names for the server used during database allocation and when configuring load balancing and replication policies. * <>: Number of Neo4j worker threads. * <>: Comma-separated list of = for unmanaged extensions. * <>: Name of the Windows Service managing Neo4j when installed using `neo4j install-service`. @@ -3528,19 +3528,6 @@ a|server.dynamic.setting.allowlist, a ',' separated list with elements of type ' m|+++*+++ |=== -[[config_server.tags]] -.initial.server.tags -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]A list of tag names for the server used by database allocation and when configuring load balancing and replication policies. -|Valid values -a|initial.server.tags, a ',' separated list with elements of type 'a string identifying a Server Tag'. -|Dynamic a|false -|Default value -m|++++++ -|=== - [[config_server.groups]] .server.groups @@ -4072,6 +4059,19 @@ a|server.routing.listen_address, a socket address in the format 'hostname:port', m|+++:7688+++ |=== +[[config_server.tags]] +.initial.server.tags +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]A list of tag names for the server used by database allocation and when configuring load balancing and replication policies. +|Valid values +a|initial.server.tags, a ',' separated list with elements of type 'a string identifying a Server Tag'. +|Dynamic a|false +|Default value +m|++++++ +|=== + [[config_server.threads.worker_count]] .server.threads.worker_count [cols="<1s,<4"] From b998cf6538f8816f5336ea2d9044cbd6b6474491 Mon Sep 17 00:00:00 2001 From: Jack Waudby Date: Thu, 23 Feb 2023 13:48:13 +0000 Subject: [PATCH 167/876] add tags info to enable servers --- modules/ROOT/pages/clustering/servers.adoc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/clustering/servers.adoc b/modules/ROOT/pages/clustering/servers.adoc index ebabd9710..2c6766ab4 100644 --- a/modules/ROOT/pages/clustering/servers.adoc +++ b/modules/ROOT/pages/clustering/servers.adoc @@ -122,12 +122,13 @@ The `ENABLE` command can take several options: [source,cypher, role=noplay] ---- neo4j@neo4j> ENABLE SERVER '25a7efc7-d063-44b8-bdee-f23357f89f01' OPTIONS - {modeConstraint:'PRIMARY', allowedDatabases:['foo']}; + {modeConstraint:'PRIMARY', allowedDatabases:['foo'], tags:['us','us-east']}; ---- `modeConstraint` is used to control whether a server can be used to host a database in only primary or secondary mode. `allowedDatabases` and `deniedDatabases` are collections of database names that filter which databases may be hosted on a server. The `allowedDatabases` and `deniedDatabases` are mutually exclusive and if both are specified, an error is returned. +Server tags are used during database allocation and when configuring load balancing and replication policies. [NOTE] ==== @@ -142,6 +143,7 @@ Servers can also provide default values for these options via their _neo4j.conf_ initial.server.mode_constraint='PRIMARY' initial.server.allowed_databases='foo' initial.server.denied_databases='bar','baz' +initial.server.tags='eu','eu-west' ---- If conflicting options are provided between _neo4j.conf_ and the `ENABLE SERVER` command, those provided to `ENABLE SERVER` are used. From ec27d5f5f94690c473e57fc9ea7b5fae26675bf9 Mon Sep 17 00:00:00 2001 From: Jack Waudby Date: Thu, 23 Feb 2023 13:52:23 +0000 Subject: [PATCH 168/876] link to servers page --- .../clustering-advanced/multi-data-center-routing.adoc | 3 ++- modules/ROOT/pages/clustering/servers.adoc | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc b/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc index 30ed4212c..a9f041d3f 100644 --- a/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc +++ b/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc @@ -58,7 +58,8 @@ Note that servers can have mulitple tags. Server tags are defined as a key that maps onto a set of servers in a cluster. Server tags are defined on each server using the `xref:reference/configuration-settings.adoc#config_server.server.tags[initial.server.tags]` parameter in _neo4j.conf_. Each server in a cluster can be tagged with to zero or more server tags. -Server tags can be altered at runtime via the `ALTER SERVER` command, consult the Cypher operations manual for further information. +Server tags can be altered at runtime via the `ALTER SERVER` command, +see xref:clustering/servers/alter-server-options.adoc[Altering server options] for more details. .Definition of grouping servers using server tags ==== diff --git a/modules/ROOT/pages/clustering/servers.adoc b/modules/ROOT/pages/clustering/servers.adoc index 2c6766ab4..07c604cba 100644 --- a/modules/ROOT/pages/clustering/servers.adoc +++ b/modules/ROOT/pages/clustering/servers.adoc @@ -237,6 +237,7 @@ Once this command has been executed successfully, the neo4j process on the serve == Controlling a server's metadata +[[alter-server-options]] === Altering server options A running server can have its options modified using the `ALTER SERVER` command. From ea449e4d77aed93fbf6f1b23de91805fec08c6aa Mon Sep 17 00:00:00 2001 From: Jack Waudby Date: Thu, 23 Feb 2023 13:53:18 +0000 Subject: [PATCH 169/876] fix link --- .../clustering-advanced/multi-data-center-routing.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc b/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc index a9f041d3f..90fe04352 100644 --- a/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc +++ b/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc @@ -59,7 +59,7 @@ Server tags are defined as a key that maps onto a set of servers in a cluster. Server tags are defined on each server using the `xref:reference/configuration-settings.adoc#config_server.server.tags[initial.server.tags]` parameter in _neo4j.conf_. Each server in a cluster can be tagged with to zero or more server tags. Server tags can be altered at runtime via the `ALTER SERVER` command, -see xref:clustering/servers/alter-server-options.adoc[Altering server options] for more details. +see xref:clustering/servers.adoc#alter-server-options[Altering server options] for more details. .Definition of grouping servers using server tags ==== From b69704ea1476c8ff3b41c92d5a35516c7a286f56 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 23 Feb 2023 14:59:48 +0000 Subject: [PATCH 170/876] Add the backup ports to the example command (#527) --- modules/ROOT/pages/backup-restore/online-backup.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/backup-restore/online-backup.adoc b/modules/ROOT/pages/backup-restore/online-backup.adoc index d81504fd3..91ccf7095 100644 --- a/modules/ROOT/pages/backup-restore/online-backup.adoc +++ b/modules/ROOT/pages/backup-restore/online-backup.adoc @@ -328,6 +328,6 @@ For example, to backup all databases that start with *n* from your three-node cl ==== [source, shell] ---- -neo4j-admin database backup --from=192.168.1.34,192.168.1.35,192.168.1.36 --to-path=/mnt/backups/neo4j --pagecache=4G n* +neo4j-admin database backup --from=192.168.1.34:6362,192.168.1.35:6362,192.168.1.36:6362 --to-path=/mnt/backups/neo4j --pagecache=4G "n*" ---- ==== \ No newline at end of file From e419f8f367102cbf4397c8127cd0a183f8ed5e5e Mon Sep 17 00:00:00 2001 From: Jack Waudby <33488812+jackwaudby@users.noreply.github.com> Date: Fri, 24 Feb 2023 09:10:14 +0000 Subject: [PATCH 171/876] Update modules/ROOT/pages/clustering/servers.adoc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Jens Pryce-Åklundh <112686610+JPryce-Aklundh@users.noreply.github.com> --- modules/ROOT/pages/clustering/servers.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/clustering/servers.adoc b/modules/ROOT/pages/clustering/servers.adoc index 07c604cba..e492d622a 100644 --- a/modules/ROOT/pages/clustering/servers.adoc +++ b/modules/ROOT/pages/clustering/servers.adoc @@ -251,7 +251,7 @@ neo4j@neo4j> ALTER SERVER '25a7efc7-d063-44b8-bdee-f23357f89f01' SET OPTIONS {mo Altering servers may cause databases to be moved, and should be performed with care. For example, if the server `25a7efc7-d063-44b8-bdee-f23357f89f01` hosts database `foo` in primary mode when the above command is executed, then another server must begin hosting `foo` in primary mode. Likewise, if `ALTER SERVER '25a7efc7-d063-44b8-bdee-f23357f89f01' SET OPTIONS {allowedDatabases:['bar','baz']};` is executed, then `foo` is forced to move. -For a description of all the server options, e.g., server tags, that can be altered via the `ALTER SERVER` command consult the Cypher operations manual. +For a description of all the server options (e.g., server tags) that can be altered via the `ALTER SERVER` command, see the xref:link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/server-management/#server-management-alter-server[Cypher Manual -> Modifying servers]. [NOTE] ==== From a8b601319749a4ad3627aac91deac9901b1fc4d2 Mon Sep 17 00:00:00 2001 From: Ed Randall <68006845+edrandall-dev@users.noreply.github.com> Date: Fri, 24 Feb 2023 11:24:24 +0000 Subject: [PATCH 172/876] Improvements to the Cloud Deployment docs (#515) - Changes to the "landing" page for cloud documentation - Overhauled the Azure page to standardise the sections and language with the Azure page - Some minor changes and improvements to the AWS page --- .../ROOT/pages/cloud-deployments/index.adoc | 25 +++- .../pages/cloud-deployments/neo4j-aws.adoc | 23 ++- .../pages/cloud-deployments/neo4j-azure.adoc | 131 ++++++++++++++---- package-lock.json | 11 ++ 4 files changed, 147 insertions(+), 43 deletions(-) diff --git a/modules/ROOT/pages/cloud-deployments/index.adoc b/modules/ROOT/pages/cloud-deployments/index.adoc index 9573bb995..773118c76 100644 --- a/modules/ROOT/pages/cloud-deployments/index.adoc +++ b/modules/ROOT/pages/cloud-deployments/index.adoc @@ -2,12 +2,27 @@ [[cloud]] = Cloud deployments -There are different options for deploying Neo4j in the cloud. -Described here are: +Neo4j's cloud marketplace listings represent a quick and easy way of getting started with graph databases on the cloud platform of your choice. +[cols="<25s,40,40",frame="topbot",options="header"] +|=== -* xref:cloud-deployments/neo4j-aws.adoc[Neo4j on AWS] -- Deploying Neo4j on AWS. -* xref:cloud-deployments/neo4j-gcp.adoc[Neo4j on Google Cloud Platform] -- Deploying Neo4j on Google Cloud Platform (GCP). -* xref:cloud-deployments/neo4j-azure.adoc[Neo4j on Microsoft Azure] -- Deploying Neo4j on Microsoft Azure. +| *Cloud partner* +| *Documentation link* +| *Partner Page* + +| Amazon Web Services +| xref:cloud-deployments/neo4j-aws.adoc[Neo4j on AWS] +| https://neo4j.com/partners/amazon/[Neo4j in the AWS Marketplace^] + +| Google Cloud +| xref:cloud-deployments/neo4j-gcp.adoc[Neo4j on Google Cloud Platform] +| https://neo4j.com/partners/google/[Neo4j in the GCP Marketplace^] + +| Microsoft Azure +| xref:cloud-deployments/neo4j-azure.adoc[Neo4j on Microsoft Azure] +| https://neo4j.com/partners/microsoft/[Neo4j in the Azure Marketplace^] + +|=== .Other cloud deployment options [TIP] diff --git a/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc b/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc index 649846773..2da7855aa 100644 --- a/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc +++ b/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc @@ -12,7 +12,7 @@ The template's code is available on link:https://github.com/neo4j-partners/amazo [NOTE] ==== Neo4j does not provide Amazon Machine Images (AMIs) with a pre-installed version of the product. -The Neo4j Marketplace listings (and listings on GitHub) use CloudFormation templates that include a user-data (post-install) script to deploy and configure Neo4j. +The Neo4j AWS Marketplace listings (and listings on GitHub) use CloudFormation templates that deploy and configure Neo4j dynamically with a shell script. ==== == Supported Neo4j versions @@ -33,7 +33,6 @@ The Neo4j CloudFormation template takes several parameters as inputs, deploys a === Important considerations - * The deployment of cloud resources will incur costs. ** Refer to the link:https://calculator.aws/#[AWS pricing calculator^]for more information. @@ -53,7 +52,7 @@ The Neo4j CloudFormation template takes several parameters as inputs, deploys a |=== | Parameter Name -| Parameter Description +| Description | Stack Name | A name for the CloudFormation stack to be deployed, e.g., `my-neo4j-cluster`. Stack name can include letters (A-Z and a-z), numbers (0-9), and dashes (-). @@ -77,7 +76,7 @@ The Neo4j CloudFormation template takes several parameters as inputs, deploys a | Specify the number of desired EC2 instances to be used to form a Neo4j cluster (a minimum of 3 instances is required to form a cluster). | Instance type -| The class of EC2 Instance to use. +| The class of EC2 Instances to use. | Disk Size | Size (in GB) of the EBS volume on each EC2 instance. Larger EBS volumes are typically faster than smaller ones, therefore 100GB is the recommended minimum size. @@ -91,11 +90,14 @@ The Neo4j CloudFormation template takes several parameters as inputs, deploys a The environment created by the CloudFormation template consists of the following AWS resources: -* 1 VPC, with a CIDR range of `10.0.0.0/16`. -** 3 Subnets, distributed evenly across 3 Availability zones, with the following CIDR ranges: +* 1 VPC, with a CIDR range (address space) of `10.0.0.0/16`. +** 3 Subnets (if a cluster has been selected), distributed evenly across 3 Availability zones, with the following CIDR ranges: *** `10.0.1.0/24` *** `10.0.2.0/24` *** `10.0.3.0/24` +** A single subnet (if a single instance has been selected) with the following CIDR range: +*** `10.0.1.0/24` +** A security group. ** An internet gateway. ** Routing tables (and associations) for all subnets. * An auto-scaling group and launch configuration, which creates: @@ -112,7 +114,7 @@ After the installation finishes successfully, the CloudFormation template provid |=== | Output Name -| Output Description +| Description | Neo4jBrowserURL | The http URL of the Neo4j Browser. @@ -125,15 +127,10 @@ After the installation finishes successfully, the CloudFormation template provid |=== -== Verify that Neo4j is running and accessible - -When the CloudFormation stack is created, navigate to *Outputs* and open the *Neo4jBrowserURL* in a new tab. -Log into Neo4j using your credentials. - == Cluster version consistency When the CloudFormation template creates a new Neo4j cluster, an Auto Scaling group (ASG) is created and tagged with the minor version of the installed Neo4j database. -If you add more EC2 instances to your ASG, they will be tagged with the same minor version, ensuring that all Neo4j cluster servers are installed with the same version, regardless of when the EC2 instances were created. +If you add more EC2 instances to your ASG, they will be installed with the same minor version, ensuring that all Neo4j cluster servers are installed with the same version, regardless of when the EC2 instances were created. == Licensing diff --git a/modules/ROOT/pages/cloud-deployments/neo4j-azure.adoc b/modules/ROOT/pages/cloud-deployments/neo4j-azure.adoc index 53317990b..ed098ff8b 100644 --- a/modules/ROOT/pages/cloud-deployments/neo4j-azure.adoc +++ b/modules/ROOT/pages/cloud-deployments/neo4j-azure.adoc @@ -1,41 +1,105 @@ -:description: Deploy Neo4j on Azure directly from the Azure Marketplace or by using the Neo4j Azure Resource Manager (ARM) template hosted on GitHub. +:description: Deploy Neo4j on Microsoft Azure directly from the Azure Marketplace or by using the Neo4j Azure Resource Manager (ARM) template hosted on GitHub. [role=enterprise-edition] [[azure]] = Neo4j on Azure -You can deploy a Neo4j standalone server or a cluster on Azure directly from the Azure Marketplace or by using the Neo4j Azure Resource Manager (ARM) template hosted on GitHub. +Neo4j Enterprise Edition can be easily deployed on Virtual Machine instances in Microsoft Azure by using the link:https://azuremarketplace.microsoft.com/en-us/marketplace/apps/neo4j.neo4j-ee?tab=Overview[official listing for Neo4j Enterprise on the Azure Marketplace^]. -The Azure Marketplace represents a straightforward method to deploy Neo4j on a VM instance in Azure. +The Azure Marketplace listing uses an Azure Resource Manager (ARM) template maintained by Neo4j. +The template's code is available on link:https://github.com/neo4j-partners/azure-resource-manager-neo4j/tree/main/marketplace[GitHub^] and can be customized to meet more complex or bespoke use cases. -Both Neo4j Enterprise Edition v5 and v4.4 can be deployed from the link:https://azuremarketplace.microsoft.com/en-us/marketplace/apps/neo4j.neo4j-ee[Neo4j Enterprise Edition listing on the Azure Marketplace]. -In addition to the Azure Marketplace listing, Neo4j provides an ARM template, which can be customized to meet more complex use cases. -This template is hosted in a public GitHub repository and can be found at link:https://github.com/neo4j-partners/azure-resource-manager-neo4j[Neo4j ARM template on GitHub]. +[NOTE] +==== +Neo4j does not provide Azure Marketplace Virtual Machine Images with a pre-installed version of the product. +The Neo4j Azure Marketplace listings (and listings on GitHub) use Azure Resource Manager (ARM) templates that deploy and configure Neo4j dynamically with a shell script. +==== + +== Supported Neo4j versions +The Neo4j link:https://azuremarketplace.microsoft.com/en-us/marketplace/apps/neo4j.neo4j-ee?tab=Overview[Azure marketplace listing^] can be configured to deploy either Neo4j Enterprise Edition v5 or v4.4. +The ARM template always installs the latest available minor version of each release. +For example, the latest minor release of Neo4j 5 is {neo4j-version-minor}. == Neo4j ARM template -Azure Resource Manager (ARM) is an Infrastructure as Code (IaC) service that tells Azure how to deploy a set of interrelated resources. +Azure Resource Manager (ARM) is a declarative Infrastructure as Code (IaC) language that is based on JSON and instructs Azure to deploy a set of cloud resources. + +The Neo4j ARM template takes several parameters as inputs, deploys a set of cloud resources, and provides outputs that can be used to connect to a Neo4j DBMS. + +=== Important considerations + +* The deployment of cloud resources will incur costs. +** Refer to the link:https://azure.microsoft.com/en-gb/pricing/calculator/[Azure pricing calculator^]for more information. + +* A resource group will need to be created. +** You will need to choose an empty resource group or create a new one. + +* An active Azure subscription is required. + +=== Input parameters (Instance Details) + +[cols="<31s,69",frame="topbot",options="header"] +|=== + +| Parameter Name +| Description + +| Region +| The Azure region in which cloud resources should be deployed. -The Neo4j ARM template has the following properties: +| Admin password +| A password for the `neo4j` user. The password must be between 12 and 72 characters long, and contain characters from at least 3 of the following groups: uppercase characters, lowercase characters, numbers, and special characters. +|=== -* **Virtual Machine Size:** Select the VM size for the machine(s) that will host your deployment. +=== Input parameters (Neo4j Config) -* **Node count:** Specify the number of desired Neo4j servers depending on whether you want to deploy a standalone or a cluster. +[cols="<31s,69",frame="topbot",options="header"] +|=== -* **Disk Size:** The disk size for a Neo4j server. +| Parameter Name +| Description -* Optionally install Graph Data Science (GDS). -It requires a license key to be provided. +| Virtual Machine Size +| The class of Azure VM Instances to use. -* Optionally install Bloom. -It requires a license key to be provided. +| Node Count +| The number of desired Virtual Machine instances to be used to form a Neo4j cluster (a minimum of 3 instances is required to form a cluster). -== Deploy Neo4j from the Azure Marketplace +| Disk Size +| Size (in GB) of the secondary volume on each Azure VM instance. -Deploy a Neo4j Enterprise cluster from the https://azuremarketplace.microsoft.com/en-us/marketplace/apps/neo4j.neo4j-ee[Azure Marketplace^] following the interactive prompts. +| Graph Database Version +| Select "5" for the latest minor version of Neo4j v5, or select "4.4" for the latest minor version of Neo4j v4.4 -It is recommended to create a new resource group to hold the artifacts of your deployment. +| Install Graph Data Science +| An option to install Graph Data Science (GDS). Accepted values are `Yes` or `No`. + +| Graph Data Science License Key +| A valid GDS license key can be pasted into this field. License keys will be sent to and stored by Neo4j. This information is used only for product activation purposes. + +| Install Bloom +| Optionally install Neo4j Bloom. Accepted values are `Yes` or `No`. + +| Bloom License Key +| A valid Bloom license key can be pasted into this field. License keys will be sent to and stored by Neo4j. This information is used only for product activation purposes. +|=== + +=== Deployed cloud resources + +The environment created by the ARM template consists of the following Azure resources: + +* 1 Virtual Network, with a CIDR range (address space) of `10.0.0.0/8`. +** A single subnet with the following CIDR range: +*** `10.0.0.0/16` +** A network security group. +* A Virtual Machine Scale-Set (VMSS), which creates: +** 1, or between 3 and 10 Virtual Machine instances (Depending on whether a single instance or an autonomous cluster is selected). +* 1 Load Balancer. + +=== Template outputs + +After the deployment finishes successfully, the ARM template provides the following outputs, which can be found in the *Outputs* section of the deployments page in the Azure console. [NOTE] ==== @@ -43,17 +107,34 @@ At the end of the deployment process, Azure runs a validation. If the validation fails, it might be because you have chosen VMs that are too large and exceed your Azure quota. ==== +[cols="<31s,69",frame="topbot",options="header"] +|=== + +| Output Name +| Output Description + +| neo4jBrowserURL +| The http URL of the Neo4j Browser. + +| username +| The username `neo4j` which will be required to log into the Neo4j Browser + +|=== + +== Cluster version consistency -== Verify that Neo4j is running +When the ARM template creates a new Neo4j cluster, a Virtual Machine Scale Set (VMSS) is created and tagged with the minor version of the installed Neo4j database. +If you add more VM instances to your VMSS, they will be installed using the same minor version, ensuring that all Neo4j cluster servers are installed with the same version, regardless of when the VM instances were created. -When the Neo4j deployment completes, navigate to the *Outputs* tab and copy the Neo4j Browser URL. +== Licensing -image:az-neo4j-url.png[] +Installing and starting Neo4j from the Azure marketplace constitutes an acceptance of the Neo4j license agreement. +When deploying Neo4j, users are required to confirm that they either have an enterprise license. -Then, in a web browser, paste the URL to open Neo4j Browser, where you can use the credentials that you specified to log into Neo4j. +If you require the Enterprise version of either Graph Data Science or Bloom, you need to provide a key issued by Neo4j as this will be required during the installation. -image:az-neo4j-service.png[] +To obtain a valid license for either Neo4j, Bloom, or GDS, reach out to your Neo4j account representative or get in touch using the link:https://neo4j.com/contact-us/[contact form^]. -== Clean up the resources and remove your deployment +== Delete Azure deployment Stack and destroy resources -You can remove the infrastructure by deleting the resource group you created as part of the deployment. \ No newline at end of file +In order to completely delete the deployment, the resource group can be deleted. \ No newline at end of file diff --git a/package-lock.json b/package-lock.json index 893fc273b..836a8a08e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -15,6 +15,7 @@ "@neo4j-antora/antora-modify-sitemaps": "^0.4.4", "@neo4j-antora/antora-page-roles": "^0.3.1", "@neo4j-antora/antora-table-footnotes": "^0.3.2", + "@neo4j-antora/antora-unlisted-pages": "^0.1.0", "@neo4j-documentation/macros": "^1.0.2", "@neo4j-documentation/remote-include": "^1.0.0" }, @@ -318,6 +319,11 @@ "resolved": "https://registry.npmjs.org/@neo4j-antora/antora-table-footnotes/-/antora-table-footnotes-0.3.2.tgz", "integrity": "sha512-DXEGVHMJumoKiY/ZCaGRTXl2OhPziPCHT+arj18TmpU50sUs+hyjOPuTkUXUvBwNZwm109Nm1PJPvKLVIJCZSg==" }, + "node_modules/@neo4j-antora/antora-unlisted-pages": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/@neo4j-antora/antora-unlisted-pages/-/antora-unlisted-pages-0.1.0.tgz", + "integrity": "sha512-z45k4/jicO6kY4Ze1efYXhnJOyvWszmgo8hobG8MTK95l3II1OvAibqeEx2V4NJB7LoHB7a1XEjNzqT29TLgAw==" + }, "node_modules/@neo4j-documentation/macros": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/@neo4j-documentation/macros/-/macros-1.0.2.tgz", @@ -3179,6 +3185,11 @@ "resolved": "https://registry.npmjs.org/@neo4j-antora/antora-table-footnotes/-/antora-table-footnotes-0.3.2.tgz", "integrity": "sha512-DXEGVHMJumoKiY/ZCaGRTXl2OhPziPCHT+arj18TmpU50sUs+hyjOPuTkUXUvBwNZwm109Nm1PJPvKLVIJCZSg==" }, + "@neo4j-antora/antora-unlisted-pages": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/@neo4j-antora/antora-unlisted-pages/-/antora-unlisted-pages-0.1.0.tgz", + "integrity": "sha512-z45k4/jicO6kY4Ze1efYXhnJOyvWszmgo8hobG8MTK95l3II1OvAibqeEx2V4NJB7LoHB7a1XEjNzqT29TLgAw==" + }, "@neo4j-documentation/macros": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/@neo4j-documentation/macros/-/macros-1.0.2.tgz", From 55c2d2e4f3ebd07633ada6421612860b937eeddb Mon Sep 17 00:00:00 2001 From: emmaholmbergohlsson Date: Fri, 24 Feb 2023 11:32:13 +0000 Subject: [PATCH 173/876] Tweaks to store copy of same db documentation (#534) --- modules/ROOT/pages/backup-restore/copy-database.adoc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/backup-restore/copy-database.adoc b/modules/ROOT/pages/backup-restore/copy-database.adoc index f80b87211..56027d53f 100644 --- a/modules/ROOT/pages/backup-restore/copy-database.adoc +++ b/modules/ROOT/pages/backup-restore/copy-database.adoc @@ -61,7 +61,7 @@ The command will replace the original database with the newly created copy. * `` -- Name of the source database. * `` -- Name of the target database. -If the same as ``, it is copied to a temporary location before being moved to replace the original. +If the same as ``, it is copied to a temporary location, by default the current working directory or the path as defined by `--temp-path`, before being moved to replace the original. [[copy-database-command-options]] === Optional parameters @@ -286,12 +286,13 @@ STOP DATABASE neo4j + [source, shell] ---- -bin/neo4j-admin database copy neo4j neo4j --compact-node-store +bin/neo4j-admin database copy neo4j neo4j --compact-node-store --temp-path= ---- + [TIP] ==== `--temp-path` can be used to specify a different directory to use as a temporary staging area. +If omitted, the current working directory will be used. ==== . Start the `neo4j` database. From 3e03c40d1dd2b532b32a5c543068288f292997e7 Mon Sep 17 00:00:00 2001 From: Stefano Ottolenghi Date: Mon, 27 Feb 2023 03:39:05 +0100 Subject: [PATCH 174/876] Fix typo in removed `dmbs.listTransactions()` procedure. --- modules/ROOT/pages/reference/procedures.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index 0ceeb2c8d..1c4a5e7b3 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -544,7 +544,7 @@ Replaced by: `TERMINATE TRANSACTIONS`. | label:removed[] + Replaced by: `SHOW TRANSACTIONS`. -| xref:reference/procedures.adoc#procedure_dbms_listtransactions[`dbms.lisTransactions()`] +| xref:reference/procedures.adoc#procedure_dbms_listtransactions[`dbms.listTransactions()`] | label:yes[] | label:yes[] | label:removed[] + From 507fb3a16ad45ef3364b4eef168277aee6a531c3 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Tue, 28 Feb 2023 11:11:32 +0100 Subject: [PATCH 175/876] Adding information about allocators (#541) (#542) Cherry-picked from https://github.com/neo4j/docs-operations/pull/541 --- modules/ROOT/pages/reference/procedures.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index 1c4a5e7b3..572a34a38 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -1608,7 +1608,7 @@ m|DBMS [cols="<15s,<85"] |=== | Description -a| With this method you can set the allocator, which is responsible to select servers for hosting databases. +a| With this method you can set the allocator, which is responsible to select servers for hosting databases. The only current option is `EQUAL_NUMBERS`. | Signature m|dbms.setDatabaseAllocator(allocator :: STRING?) | Mode From 06fd6e0f80ba148e6ed6d5f82bc2dc1f5f424087 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Tue, 28 Feb 2023 13:09:08 +0100 Subject: [PATCH 176/876] Adding more information about configuration (#539) (#543) Cherry-picked from https://github.com/neo4j/docs-operations/pull/539 Co-authored-by: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> --- modules/ROOT/pages/reference/configuration-settings.adoc | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/reference/configuration-settings.adoc b/modules/ROOT/pages/reference/configuration-settings.adoc index e52b76083..3689b4e0e 100644 --- a/modules/ROOT/pages/reference/configuration-settings.adoc +++ b/modules/ROOT/pages/reference/configuration-settings.adoc @@ -71,7 +71,8 @@ ifndef::nonhtmloutput[] |<>|The maximum time interval of a transaction within which it should be completed. |<>|Transaction creation tracing level. |<>|On serialization of transaction logs, they will be temporary stored in the byte buffer that will be flushed at the end of the transaction or at any moment when buffer will be full. -|<>|Specify if Neo4j should try to preallocate logical log file in advance. +|<>|Specify if Neo4j should try to preallocate the logical log file in advance. +It optimizes the filesystem by ensuring there is room to accommodate newly generated files and avoid file-level fragmentation. |<>|Tell Neo4j how long logical transaction logs should be kept to backup the database.For example, "10 days" will prune logical logs that only contain transactions older than 10 days.Alternatively, "100k txs" will keep the 100k latest transactions from each database and prune any older transactions. |<>|Specifies at which file size the logical log will auto-rotate. |<>|Defines whether memory for transaction state should be allocated on- or off-heap. @@ -1386,7 +1387,8 @@ m|By default the size of byte buffer is based on number of available cpu's with [cols="<1s,<4"] |=== |Description -a|Specify if Neo4j should try to preallocate logical log file in advance. +a|Specify if Neo4j should try to preallocate the logical log file in advance. +It optimizes filesystem by ensuring there is room to accommodate newly generated files and avoid file-level fragmentation. |Valid values a|db.tx_log.preallocate, a boolean |Dynamic a|true From 5b0f28923bf8aabb97d026be810c4fcdc4e948c8 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Wed, 1 Mar 2023 11:27:40 +0100 Subject: [PATCH 177/876] Adding note to differentiate this setting from a previous one (#537) (#549) And linking to the correct procedure in case users want to set a default database, as per request. --------- Cherry-picked from https://github.com/neo4j/docs-operations/pull/537 Co-authored-by: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> --- .../ROOT/pages/reference/configuration-settings.adoc | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/reference/configuration-settings.adoc b/modules/ROOT/pages/reference/configuration-settings.adoc index 3689b4e0e..5779117dc 100644 --- a/modules/ROOT/pages/reference/configuration-settings.adoc +++ b/modules/ROOT/pages/reference/configuration-settings.adoc @@ -2895,7 +2895,16 @@ m|+++EQUAL_NUMBERS+++ [cols="<1s,<4"] |=== |Description -a|Name of the default database (aliases are not supported). +a|Name of the default database (aliases are not supported). + +[NOTE] +==== +This setting is not the same as `dbms.default_database`, which was used to set the default database in Neo4j 4.x and earlier versions. + +The `initial.dbms.default_database` setting is meant to set the default database *before* the creation of the DBMS. +Once it is created, the setting is not valid anymore. + +To set the default database, use the xref:/clustering/databases.adoc#cluster-default-database[`dbms.setDefaultDatabase()`] procedure instead. +==== |Valid values a|initial.dbms.default_database, A valid database name containing only alphabetic characters, numbers, dots and dashes with a length between 3 and 63 characters, starting with an alphabetic character but not with the name 'system' |Default value From 06b7c6f2a7087d54e870e5cb798667baef6cc436 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Thu, 2 Mar 2023 11:59:06 +0100 Subject: [PATCH 178/876] Broken link #552 (#555) Cherry-picked from https://github.com/neo4j/docs-operations/pull/552 --- modules/ROOT/pages/clustering/setup/deploy.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/clustering/setup/deploy.adoc b/modules/ROOT/pages/clustering/setup/deploy.adoc index 7fbced7e5..48434d559 100644 --- a/modules/ROOT/pages/clustering/setup/deploy.adoc +++ b/modules/ROOT/pages/clustering/setup/deploy.adoc @@ -23,7 +23,7 @@ Setting this value to `0.0.0.0` makes Neo4j bind to all available network interf | xref:reference/configuration-settings.adoc#config_dbms.cluster.discovery.endpoints[`dbms.cluster.discovery.endpoints`] | This setting contains the network for at least one server in the cluster and must be set to the same value on all cluster members. The behavior of this setting can be modified by configuring the setting `dbms.cluster.discovery.type`. -This is described in detail in xref:clustering/setup/discovery.adoc[] +This is described in detail in xref:clustering/setup/discovery.adoc[]. | <> | The number of initial database hostings in primary mode. If not specified, it defaults to one hosting in primary mode. From 9c8a122ce5a6762125032f762a51b8ed1fc1d702 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Mon, 6 Mar 2023 12:18:57 +0100 Subject: [PATCH 179/876] Updating password example with one that has at least 8 characters (#554) (#556) As recommended by the new default for setting passwords. Cherry-picked from https://github.com/neo4j/docs-operations/pull/554 --- .../authentication-authorization/access-control.adoc | 12 ++++++------ .../ROOT/pages/composite-databases/introduction.adoc | 2 +- .../configuration/password-and-user-recovery.adoc | 2 +- .../ROOT/pages/manage-databases/remote-alias.adoc | 4 ++-- modules/ROOT/pages/monitoring/logging.adoc | 2 +- .../pages/tutorial/tutorial-composite-database.adoc | 2 +- .../pages/tutorial/tutorial-sso-configuration.adoc | 2 +- 7 files changed, 13 insertions(+), 13 deletions(-) diff --git a/modules/ROOT/pages/authentication-authorization/access-control.adoc b/modules/ROOT/pages/authentication-authorization/access-control.adoc index c1facd433..31ebfa2c3 100644 --- a/modules/ROOT/pages/authentication-authorization/access-control.adoc +++ b/modules/ROOT/pages/authentication-authorization/access-control.adoc @@ -99,11 +99,11 @@ These users can be created using the `CREATE USER` command (from the `system` da [source, cypher] ---- -CREATE USER charlie SET PASSWORD $secret1 CHANGE NOT REQUIRED; -CREATE USER alice SET PASSWORD $secret2 CHANGE NOT REQUIRED; -CREATE USER daniel SET PASSWORD $secret3 CHANGE NOT REQUIRED; -CREATE USER bob SET PASSWORD $secret4 CHANGE NOT REQUIRED; -CREATE USER tina SET PASSWORD $secret5 CHANGE NOT REQUIRED; +CREATE USER charlie SET PASSWORD $secretpassword1 CHANGE NOT REQUIRED; +CREATE USER alice SET PASSWORD $secretpassword2 CHANGE NOT REQUIRED; +CREATE USER daniel SET PASSWORD $secretpassword3 CHANGE NOT REQUIRED; +CREATE USER bob SET PASSWORD $secretpassword4 CHANGE NOT REQUIRED; +CREATE USER tina SET PASSWORD $secretpassword5 CHANGE NOT REQUIRED; ---- At this point the users have no ability to interact with the database, so these capabilities need to be granted by using roles. @@ -1058,7 +1058,7 @@ Now Tina should be able to create new users and assign them to roles: [source, cypher, role=systemdb] ---- -CREATE USER sally SET PASSWORD 'secret' CHANGE REQUIRED; +CREATE USER sally SET PASSWORD 'secretpassword' CHANGE REQUIRED; GRANT ROLE receptionist TO sally; SHOW USER sally PRIVILEGES AS COMMANDS; ---- diff --git a/modules/ROOT/pages/composite-databases/introduction.adoc b/modules/ROOT/pages/composite-databases/introduction.adoc index 83261c923..a0c503483 100644 --- a/modules/ROOT/pages/composite-databases/introduction.adoc +++ b/modules/ROOT/pages/composite-databases/introduction.adoc @@ -55,7 +55,7 @@ CREATE ALIAS cineasts.upcoming FOR DATABASE upcoming AT 'neo4j+s://other.dbms.com' USER $user - PASSWORD $password + PASSWORD $secretpassword ---- ==== diff --git a/modules/ROOT/pages/configuration/password-and-user-recovery.adoc b/modules/ROOT/pages/configuration/password-and-user-recovery.adoc index bdc544d3e..b4f36e1e3 100644 --- a/modules/ROOT/pages/configuration/password-and-user-recovery.adoc +++ b/modules/ROOT/pages/configuration/password-and-user-recovery.adoc @@ -118,7 +118,7 @@ In this example, the admin user is named `neo4j`. + [source, cypher] ---- -ALTER USER neo4j SET PASSWORD 'mynewpass' +ALTER USER neo4j SET PASSWORD 'mynewpassword' ---- . Exit the `cypher-shell` console: + diff --git a/modules/ROOT/pages/manage-databases/remote-alias.adoc b/modules/ROOT/pages/manage-databases/remote-alias.adoc index 061aa7737..513d1b058 100644 --- a/modules/ROOT/pages/manage-databases/remote-alias.adoc +++ b/modules/ROOT/pages/manage-databases/remote-alias.adoc @@ -52,7 +52,7 @@ It is recommended to create a custom role to track all users shared on a remote [source, Example Setup Administrator B] ---- -CREATE USER alice SET PASSWORD 'secret' +CREATE USER alice SET PASSWORD 'secretpassword' CREATE ROLE remote GRANT ACCESS ON DATABASE neo4j TO remote GRANT MATCH {*} ON GRAPH neo4j TO remote @@ -158,7 +158,7 @@ For example, the following command can be used to create a remote database alias [source, Cypher] ---- -CREATE ALIAS `remote-neo4j` FOR DATABASE `neo4j` AT "neo4j+s://location:7687" USER alice PASSWORD 'secret' +CREATE ALIAS `remote-neo4j` FOR DATABASE `neo4j` AT "neo4j+s://location:7687" USER alice PASSWORD 'secretpassword' ---- In order to do so, either link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/dbms-administration#access-control-dbms-administration-database-management[database management] diff --git a/modules/ROOT/pages/monitoring/logging.adoc b/modules/ROOT/pages/monitoring/logging.adoc index f0edcffa0..6a4238705 100644 --- a/modules/ROOT/pages/monitoring/logging.adoc +++ b/modules/ROOT/pages/monitoring/logging.adoc @@ -538,7 +538,7 @@ An example of the security log in a plain format: ---- 2019-12-09 13:45:00.796+0000 INFO [johnsmith]: logged in 2019-12-09 13:47:53.443+0000 ERROR [johndoe]: failed to log in: invalid principal or credentials -2019-12-09 13:48:28.566+0000 INFO [johnsmith]: CREATE USER janedoe SET PASSWORD '******' CHANGE REQUIRED +2019-12-09 13:48:28.566+0000 INFO [johnsmith]: CREATE USER janedoe SET PASSWORD '********' CHANGE REQUIRED 2019-12-09 13:48:32.753+0000 INFO [johnsmith]: CREATE ROLE custom 2019-12-09 13:49:11.880+0000 INFO [johnsmith]: GRANT ROLE custom TO janedoe 2019-12-09 13:49:34.979+0000 INFO [johnsmith]: GRANT TRAVERSE ON GRAPH * NODES A, B (*) TO custom diff --git a/modules/ROOT/pages/tutorial/tutorial-composite-database.adoc b/modules/ROOT/pages/tutorial/tutorial-composite-database.adoc index 4d3029772..7fdb02263 100644 --- a/modules/ROOT/pages/tutorial/tutorial-composite-database.adoc +++ b/modules/ROOT/pages/tutorial/tutorial-composite-database.adoc @@ -116,7 +116,7 @@ bin/cypher-shell -u neo4j -p neo4j [queryresult] ---- Password change required -new password: ***** +new password: ******** Connected to Neo4j 5 at neo4j://localhost:7687 as user neo4j. Type :help for a list of available commands or :exit to exit the shell. Note that Cypher queries must end with a semicolon. diff --git a/modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc b/modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc index 6e15813b4..e026d25cb 100644 --- a/modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc +++ b/modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc @@ -263,7 +263,7 @@ Therefore, it is recommended to use native (or another flavor) authorization by + [source] ---- -CREATE USER `alice@neo4j-test.com` SET PASSWORD 'pass'; +CREATE USER `alice@neo4j-test.com` SET PASSWORD 'secretpassword'; GRANT ROLE admin to `alice@neo4j-test.com`; ---- From f2fcafac3ea1c688f473af8c8ccae771aad7256f Mon Sep 17 00:00:00 2001 From: Ali Ince Date: Mon, 6 Mar 2023 11:37:48 +0000 Subject: [PATCH 180/876] Use SHOW SETTINGS instead of dbms.listConfig (#529) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR replaces samples of dbms.listConfig with SHOW SETTINGS statement. --------- Co-authored-by: David Oliver Co-authored-by: Jens Pryce-Åklundh <112686610+JPryce-Aklundh@users.noreply.github.com> Co-authored-by: Lasse Heemann --- modules/ROOT/pages/configuration/dynamic-settings.adoc | 8 ++++---- modules/ROOT/pages/configuration/neo4j-conf.adoc | 7 +++---- modules/ROOT/pages/kubernetes/configuration.adoc | 4 ++-- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/modules/ROOT/pages/configuration/dynamic-settings.adoc b/modules/ROOT/pages/configuration/dynamic-settings.adoc index 0a79c8c04..11cafa87e 100644 --- a/modules/ROOT/pages/configuration/dynamic-settings.adoc +++ b/modules/ROOT/pages/configuration/dynamic-settings.adoc @@ -18,15 +18,15 @@ If you want to change the configuration settings on all cluster members, you hav [[dynamic-settings-discover]] == Discover dynamic settings -Use the procedure `dbms.listConfig()` to discover which configuration values can be dynamically updated, or consult xref:reference/dynamic-settings-reference.adoc[Dynamic configuration settings reference]. +Use `SHOW SETTINGS` to discover which configuration values can be dynamically updated, or consult the xref:reference/dynamic-settings-reference.adoc[Dynamic configuration settings reference]. .Discover dynamic settings ==== [source, cypher] ---- -CALL dbms.listConfig() -YIELD name, dynamic -WHERE dynamic +SHOW SETTINGS +YIELD name, isDynamic +WHERE isDynamic RETURN name ---- diff --git a/modules/ROOT/pages/configuration/neo4j-conf.adoc b/modules/ROOT/pages/configuration/neo4j-conf.adoc index 646a5f624..5cc739b9a 100644 --- a/modules/ROOT/pages/configuration/neo4j-conf.adoc +++ b/modules/ROOT/pages/configuration/neo4j-conf.adoc @@ -110,16 +110,16 @@ If you want to have good control of the system behavior, it is recommended to se [[neo4j-conf-current-settings]] === List currently active settings -You can use the procedure `dbms.listConfig()` to list the currently active configuration settings and their values. +You can use `SHOW SETTINGS` to list the currently active configuration settings and their values. .List currently active configuration settings ==== [source, cypher] ---- -CALL dbms.listConfig() +SHOW SETTINGS YIELD name, value -WHERE name STARTS WITH 'dbms.default' +WHERE name STARTS WITH 'server.default' RETURN name, value ORDER BY name LIMIT 3; @@ -131,7 +131,6 @@ LIMIT 3; | name | value | +---------------------------------------------------+ | "server.default_advertised_address" | "localhost" | -| "initial.dbms.default_database" | "neo4j" | | "server.default_listen_address" | "localhost" | +---------------------------------------------------+ ---- diff --git a/modules/ROOT/pages/kubernetes/configuration.adoc b/modules/ROOT/pages/kubernetes/configuration.adoc index ae84a0e00..add8024d6 100644 --- a/modules/ROOT/pages/kubernetes/configuration.adoc +++ b/modules/ROOT/pages/kubernetes/configuration.adoc @@ -1034,7 +1034,7 @@ You should see the Neo4j browser. .. Verify that the cluster is online by running `:sysinfo` or `SHOW SERVERS`: + image::cluster-sysinfo.png[Cluster sysinfo] -.. Run `CALL dbms.listConfig('ssl') YIELD name, value` to verify that the configuration is deployed as expected. +.. Run `SHOW SETTINGS YIELD name, value WHERE name CONTAINS 'ssl'` to verify that the configuration is deployed as expected. * Cypher Shell: .. Open a terminal and connect to one of the cluster pods: @@ -1075,7 +1075,7 @@ neo4j@server-1-0:~/bin$ SHOW SERVERS; | "cbad7ed6-0c13-4ba7-b6a1-f20c5552dfcd" | "server-2.neo4j.svc.cluster.local:7687" | "Enabled" | "Available" | ["neo4j", "system"] | +-----------------------------------------------------------------------------------------------------------------------------------+ ---- -.. Run `CALL dbms.listConfig('ssl') YIELD name, value;` to verify that the configuration is deployed as expected. +.. Run `SHOW SETTINGS YIELD name, value WHERE name CONTAINS 'ssl'` to verify that the configuration is deployed as expected. + .Example output ---- From 0448ed92132c9b1a8aa94639dd3fca614b700d52 Mon Sep 17 00:00:00 2001 From: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> Date: Wed, 8 Mar 2023 11:04:57 +0100 Subject: [PATCH 181/876] fixed bug in linux tarball installation instructions (#560) --- modules/ROOT/pages/installation/linux/tarball.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/installation/linux/tarball.adoc b/modules/ROOT/pages/installation/linux/tarball.adoc index b092d3846..eca9ecbbc 100644 --- a/modules/ROOT/pages/installation/linux/tarball.adoc +++ b/modules/ROOT/pages/installation/linux/tarball.adoc @@ -19,7 +19,7 @@ tar zxf neo4j-enterprise-{neo4j-version-exact}-unix.tar.gz [source, shell, subs="attributes"] ---- mv neo4j-enterprise-{neo4j-version-exact} /opt/ -ln -s /opt/neo4j-enterprise-{neo4j-version-exact}/opt/neo4j +ln -s /opt/neo4j-enterprise-{neo4j-version-exact} /opt/neo4j ---- . Create a `neo4j` user and group: + @@ -88,7 +88,7 @@ TimeoutSec=120 [Install] WantedBy=multi-user.target -Reload systemctl to pick up the new service file +//Reload systemctl to pick up the new service file systemctl daemon-reload ---- From e1d0105b24c55fca0faae8d43989743eba2f354c Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Wed, 8 Mar 2023 13:40:17 +0100 Subject: [PATCH 182/876] Remove the mention of a metric that doesn't exist #559 (#566) Cherry-picked from https://github.com/neo4j/docs-operations/pull/559 Co-authored-by: emmaholmbergohlsson --- modules/ROOT/pages/monitoring/metrics/essential.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/monitoring/metrics/essential.adoc b/modules/ROOT/pages/monitoring/metrics/essential.adoc index 6c5897380..0ea22f0af 100644 --- a/modules/ROOT/pages/monitoring/metrics/essential.adoc +++ b/modules/ROOT/pages/monitoring/metrics/essential.adoc @@ -54,7 +54,7 @@ They can help with capacity planning. | Description | Heap usage -| `.dbms.vm.heap.used` and `.dbms.vm.heap.total` +| `.dbms.vm.heap.used` | If Neo4j consistently uses 100% of the heap, increase the initial and max heap size. For more information, see xref:performance/memory-configuration.adoc[]. From b9d2c222a224b486c99aad63d9700c11f4315e6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A1bio=20Botelho?= Date: Thu, 9 Mar 2023 15:36:39 +0000 Subject: [PATCH 183/876] Rename procedure (#540) Rename secondaryReplicationToggle -> secondaryReplicationDisable. PM decided it was a better name https://trello.com/c/Y6fEeZZ0/128-fix-the-naming-of-dbmsclusterreadreplicatoggle --- modules/ROOT/pages/reference/procedures.adoc | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index 572a34a38..d1831de2b 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -236,7 +236,7 @@ In 4.2, signature changed to `db.listLocks() :: (mode :: STRING?, resourceType : | label:admin-only[] // New in 5.6 -// | xref:reference/procedures.adoc#procedure_dbms_cluster_secondaryreplicationtoggle[`dbms.cluster.secondaryReplicationToggle()`] +// | xref:reference/procedures.adoc#procedure_dbms_cluster_secondaryreplicationdisable[`dbms.cluster.secondaryReplicationDisable()`] // | label:no[] // | label:yes[] // | label:admin-only[] @@ -1343,8 +1343,8 @@ m|READ |=== // New in 5.6 -// [[procedure_dbms_cluster_secondaryreplicationtoggle]] -// .dbms.cluster.secondaryReplicationToggle() label:enterprise-edition[] label:admin-only[] +// [[procedure_dbms_cluster_secondaryreplicationdisable]] +// .dbms.cluster.secondaryReplicationDisable() label:enterprise-edition[] label:admin-only[] // [cols="<15s,<85"] // |=== // | Description @@ -1375,17 +1375,17 @@ m|READ // .Pause transaction pulling for database `neo4j` // [source, cypher, role="noheader"] // ---- -// CALL dbms.cluster.secondaryReplicationToggle("neo4j", true) +// CALL dbms.cluster.secondaryReplicationDisable("neo4j", true) // ---- // .Resume transaction pulling for database `neo4j` // [source, cypher, role="noheader"] // ---- -// CALL dbms.cluster.secondaryReplicationToggle("neo4j", false) +// CALL dbms.cluster.secondaryReplicationDisable("neo4j", false) // ---- // | Signature -// m|dbms.cluster.secondaryReplicationToggle(databaseName :: STRING?, pause :: BOOLEAN?) :: (state :: STRING?) +// m|dbms.cluster.secondaryReplicationDisable(databaseName :: STRING?, pause :: BOOLEAN?) :: (state :: STRING?) // | Mode // m|READ // // | Default roles @@ -1809,4 +1809,4 @@ m|tx.setMetaData(data :: MAP?) :: VOID m|DBMS // | Default roles // m|reader, editor, publisher, architect, admin -|=== \ No newline at end of file +|=== From 9e5f1acd0ebb6b75f40bfcea307a3102fd92be0b Mon Sep 17 00:00:00 2001 From: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> Date: Fri, 10 Mar 2023 10:48:55 +0100 Subject: [PATCH 184/876] Dev deprecations setting and procedure (#568) --- .../pages/reference/configuration-settings.adoc | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/modules/ROOT/pages/reference/configuration-settings.adoc b/modules/ROOT/pages/reference/configuration-settings.adoc index 5779117dc..7cf8badda 100644 --- a/modules/ROOT/pages/reference/configuration-settings.adoc +++ b/modules/ROOT/pages/reference/configuration-settings.adoc @@ -71,7 +71,7 @@ ifndef::nonhtmloutput[] |<>|The maximum time interval of a transaction within which it should be completed. |<>|Transaction creation tracing level. |<>|On serialization of transaction logs, they will be temporary stored in the byte buffer that will be flushed at the end of the transaction or at any moment when buffer will be full. -|<>|Specify if Neo4j should try to preallocate the logical log file in advance. +|<>|Specify if Neo4j should try to preallocate the logical log file in advance. It optimizes the filesystem by ensuring there is room to accommodate newly generated files and avoid file-level fragmentation. |<>|Tell Neo4j how long logical transaction logs should be kept to backup the database.For example, "10 days" will prune logical logs that only contain transactions older than 10 days.Alternatively, "100k txs" will keep the 100k latest transactions from each database and prune any older transactions. |<>|Specifies at which file size the logical log will auto-rotate. @@ -282,8 +282,8 @@ If this is set to `false` (default), the search for group membership will be per |<>|Number of GC logs to keep. |<>|Size of each GC log that is kept. |<>|Path to the logging configuration of user logs. -|<>|label:enterprise-edition[Enterprise only]The maximum number of databases. -This setting will be deprecated in favour of <> in a future version. +|<>|label:enterprise-edition[Enterprise only] label:deprecated[Deprecated in 5.6] The maximum number of databases. +This setting is deprecated in favor of <> in 5.6. |<>|Initial heap size. |<>|Maximum heap size. |<>|Defines the size of the off-heap memory blocks cache. @@ -380,6 +380,7 @@ ifdef::nonhtmloutput[] * <>: Transaction creation tracing level. * <>: On serialization of transaction logs, they will be temporary stored in the byte buffer that will be flushed at the end of the transaction or at any moment when buffer will be full. * <>: Specify if Neo4j should try to preallocate logical log file in advance. +It optimizes the filesystem by ensuring there is room to accommodate newly generated files and avoid file-level fragmentation. * <>: Tell Neo4j how long logical transaction logs should be kept to backup the database.For example, "10 days" will prune logical logs that only contain transactions older than 10 days.Alternatively, "100k txs" will keep the 100k latest transactions from each database and prune any older transactions. * <>: Specifies at which file size the logical log will auto-rotate. * <>: Defines whether memory for transaction state should be allocated on- or off-heap. @@ -588,8 +589,8 @@ If this is set to `false` (default), the search for group membership will be per * <>: Number of GC logs to keep. * <>: Size of each GC log that is kept. * <>: Path to the logging configuration of user logs. -* <>: label:enterprise-edition[Enterprise only]The maximum number of databases. -This setting will be deprecated in favour of <> in a future version. +* <>: label:enterprise-edition[Enterprise only] label:deprecated[Deprecated in 5.6] The maximum number of databases. +This setting is deprecated in favor of <> in 5.6. * <>: Initial heap size. * <>: Maximum heap size. * <>: Defines the size of the off-heap memory blocks cache. @@ -1387,7 +1388,7 @@ m|By default the size of byte buffer is based on number of available cpu's with [cols="<1s,<4"] |=== |Description -a|Specify if Neo4j should try to preallocate the logical log file in advance. +a|Specify if Neo4j should try to preallocate the logical log file in advance. It optimizes filesystem by ensuring there is room to accommodate newly generated files and avoid file-level fragmentation. |Valid values a|db.tx_log.preallocate, a boolean @@ -3745,7 +3746,7 @@ a|server.max_databases, a long which is minimum `2` |Default value m|+++100+++ |Deprecated -a|The `server.max_databases` configuration setting will be deprecated in favour of <> in a future version. +a|The `server.max_databases` configuration setting deprecated in favor of <> in 5.6. |=== [[config_server.memory.heap.initial_size]] From 3c396b15fe71a771c68f7a85c0b88765977274b5 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Tue, 14 Mar 2023 14:36:29 +0100 Subject: [PATCH 185/876] Fix typo on Netty version (#570) (#571) Cherry-picked from https://github.com/neo4j/docs-operations/pull/570 --- modules/ROOT/pages/security/ssl-framework.adoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/pages/security/ssl-framework.adoc b/modules/ROOT/pages/security/ssl-framework.adoc index 43df42a2c..87f08c7f1 100644 --- a/modules/ROOT/pages/security/ssl-framework.adoc +++ b/modules/ROOT/pages/security/ssl-framework.adoc @@ -31,9 +31,9 @@ See table below. - Using non static versions of tcnative will require installation of platform-specific OpenSSL dependencies as described in https://netty.io/wiki/forked-tomcat-native.html. - Set `xref:reference/configuration-settings.adoc#config_dbms.netty.ssl.provider[dbms.netty.ssl.provider]=OPENSSL`. -- Restart Neo4j +- Restart Neo4j. -Most supported versions of Neo4j use Netty 41.77.Final, which requires tcnative 2.0.52. +Most supported versions of Neo4j use Netty 4.1.77.Final, which requires tcnative 2.0.52. Only Neo4j 3.5 still uses older versions of Netty. See the table below for detailed information: @@ -252,7 +252,7 @@ The SSL policies are configured by assigning values to parameters of the followi If the address does not match those fields, the client disconnects. | `false` | `ciphers` | A comma-separated list of ciphers suites allowed during cipher negotiation. Valid values depend on the current JRE and SSL provider. - For Ciphers supported by the Oracle JRE, see the link:https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html#jsse-cipher-suite-names[Oracle official documentation]. + For Ciphers supported by the Oracle JRE, see the link:https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html#jsse-cipher-suite-names[Oracle official documentation]. | Java platform default allowed cipher suites. | `tls_versions` | A comma-separated list of allowed TLS versions. | `TLSv1.2` | `client_auth` | Whether or not clients must be authenticated. From 3a618bb83b21c340ed45a80e612a4c5bcf9c3755 Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Wed, 15 Mar 2023 16:43:45 +0100 Subject: [PATCH 186/876] Community edition supports Slotted runtime (#575) --- modules/ROOT/pages/introduction.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/introduction.adoc b/modules/ROOT/pages/introduction.adoc index 6b8fa8d38..08e030419 100644 --- a/modules/ROOT/pages/introduction.adoc +++ b/modules/ROOT/pages/introduction.adoc @@ -159,7 +159,7 @@ a| High_limit (link:https://neo4j.com/docs/operations-manual/current/tools/neo4j | {check-mark} | _Slotted_ Cypher runtime -| +| {check-mark} | {check-mark} | _Pipelined_ Cypher runtime (faster) From f4d5bd76329a92c3f1b4e3cd7540f483888df406 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Thu, 16 Mar 2023 14:24:10 +0100 Subject: [PATCH 187/876] Bug reversion (#578) (#579) A previous change was made but it was a misunderstanding of the request, as it should not have removed the dbms from the command, but rather include it somewhere else. reverting the change. Cherry-picked from https://github.com/neo4j/docs-operations/pull/578 --- modules/ROOT/pages/configuration/set-initial-password.adoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/pages/configuration/set-initial-password.adoc b/modules/ROOT/pages/configuration/set-initial-password.adoc index 4dba9492a..a21ddf9a6 100644 --- a/modules/ROOT/pages/configuration/set-initial-password.adoc +++ b/modules/ROOT/pages/configuration/set-initial-password.adoc @@ -19,14 +19,14 @@ The requirement has been introduced in *Neo4j 5.3*. *Syntax:* -`neo4j-admin set-initial-password [--require-password-change]` +`neo4j-admin dbms set-initial-password [--require-password-change]` .Use the `set-initial-password` command of neo4j-admin ==== Set the password for the native `neo4j` user to 'h6u4%kr' before starting the database for the first time. ---- -$neo4j-home> bin/neo4j-admin set-initial-password h6u4%kr +$neo4j-home> bin/neo4j-admin dbms set-initial-password h6u4%kr ---- ==== @@ -36,6 +36,6 @@ $neo4j-home> bin/neo4j-admin set-initial-password h6u4%kr Set the password for the native `neo4j` user to 'secretpassword' before starting the database for the first time. You will be prompted to change this password to one of your own choice at first login. ---- -$neo4j-home> bin/neo4j-admin set-initial-password secretpassword --require-password-change +$neo4j-home> bin/neo4j-admin dbms set-initial-password secretpassword --require-password-change ---- ==== \ No newline at end of file From 8e4dc57a185012ff2e5be0df21a981fafae4714a Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Thu, 16 Mar 2023 15:04:33 +0100 Subject: [PATCH 188/876] Removing information no longer correct (#577) (#580) This was valid until Java 8, 11 or higher no longer align to this. Cherry-picked from https://github.com/neo4j/docs-operations/pull/577#pullrequestreview-1343807015 --- modules/ROOT/pages/reference/configuration-settings.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/reference/configuration-settings.adoc b/modules/ROOT/pages/reference/configuration-settings.adoc index 7cf8badda..eced6270d 100644 --- a/modules/ROOT/pages/reference/configuration-settings.adoc +++ b/modules/ROOT/pages/reference/configuration-settings.adoc @@ -3646,7 +3646,7 @@ m|+++:7473+++ [cols="<1s,<4"] |=== |Description -a|Additional JVM arguments. Argument order can be significant. To use a Java commercial feature, the argument to unlock commercial features must precede the argument to enable the specific feature in the config value string. For example, to use Flight Recorder, `-XX:+UnlockCommercialFeatures` must come before `-XX:+FlightRecorder`. +a|Additional JVM arguments. Argument order can be significant. To use a Java commercial feature, the argument to unlock commercial features must precede the argument to enable the specific feature in the config value string. |Valid values a|server.jvm.additional, one or more jvm arguments |=== From a7b7083cd413a560f5630477705e2d374905cb5a Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Tue, 21 Mar 2023 14:58:00 +0100 Subject: [PATCH 189/876] Fixing new default value changed in 5.2 (#588) (#592) Cherry-picked from https://github.com/neo4j/docs-operations/pull/588 --- modules/ROOT/pages/reference/configuration-settings.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/reference/configuration-settings.adoc b/modules/ROOT/pages/reference/configuration-settings.adoc index eced6270d..6408f8e8f 100644 --- a/modules/ROOT/pages/reference/configuration-settings.adoc +++ b/modules/ROOT/pages/reference/configuration-settings.adoc @@ -1914,7 +1914,7 @@ a|Limit the amount of memory that all of the running transactions can consume, i a|dbms.memory.transaction.total.max, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `10.00MiB` or is `0B` |Dynamic a|true |Default value -m|+++0B+++ +m|+++70% of the heap size limit+++ |=== [[config_dbms.netty.ssl.provider]] From 48678fbe55874606eeae3a87dd97e305505be6f9 Mon Sep 17 00:00:00 2001 From: David Oliver Date: Tue, 21 Mar 2023 17:37:31 +0000 Subject: [PATCH 190/876] Remove the asterisks in the Cypher Shell example (#594) --- modules/ROOT/pages/tools/cypher-shell.adoc | 28 +++++++++++----------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/modules/ROOT/pages/tools/cypher-shell.adoc b/modules/ROOT/pages/tools/cypher-shell.adoc index 2fb060213..4a40912b8 100644 --- a/modules/ROOT/pages/tools/cypher-shell.adoc +++ b/modules/ROOT/pages/tools/cypher-shell.adoc @@ -261,22 +261,22 @@ The output is the following: [queryresult] ---- Available commands: - *:begin* Open a transaction - *:commit* Commit the currently open transaction - *:connect* Connects to a database - *:disconnect* Disconnects from database - *:exit* Exit the logger - *:help* Show this help message - *:history* Statement history - *:impersonate* Impersonate user - *:param* Set the value of a query parameter - *:params* Print all query parameter values - *:rollback* Rollback the currently open transaction - *:source* Executes Cypher statements from a file - *:use* Set the active database + :begin Open a transaction + :commit Commit the currently open transaction + :connect Connects to a database + :disconnect Disconnects from database + :exit Exit the logger + :help Show this help message + :history Statement history + :impersonate Impersonate user + :param Set the value of a query parameter + :params Print all query parameter values + :rollback Rollback the currently open transaction + :source Executes Cypher statements from a file + :use Set the active database For help on a specific command type: - :help *command* + :help command Keyboard shortcuts: Up and down arrows to access statement history. From ea3e62dcd1110437a485007b099424a3f7a2c5a4 Mon Sep 17 00:00:00 2001 From: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> Date: Wed, 22 Mar 2023 11:03:45 +0100 Subject: [PATCH 191/876] Dev uncomment procedure (#597) --- modules/ROOT/pages/reference/procedures.adoc | 106 +++++++++---------- 1 file changed, 53 insertions(+), 53 deletions(-) diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index d1831de2b..49da5c1f9 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -236,10 +236,10 @@ In 4.2, signature changed to `db.listLocks() :: (mode :: STRING?, resourceType : | label:admin-only[] // New in 5.6 -// | xref:reference/procedures.adoc#procedure_dbms_cluster_secondaryreplicationdisable[`dbms.cluster.secondaryReplicationDisable()`] -// | label:no[] -// | label:yes[] -// | label:admin-only[] +| xref:reference/procedures.adoc#procedure_dbms_cluster_secondaryreplicationdisable[`dbms.cluster.secondaryReplicationDisable()`] +| label:no[] +| label:yes[] +| label:admin-only[] // Clustering is an Enterprise feature, the naming is weird. // dbms.routing.getRoutingTable() does the same thing. @@ -1342,55 +1342,55 @@ m|READ // m|admin |=== -// New in 5.6 -// [[procedure_dbms_cluster_secondaryreplicationdisable]] -// .dbms.cluster.secondaryReplicationDisable() label:enterprise-edition[] label:admin-only[] -// [cols="<15s,<85"] -// |=== -// | Description -// a| -// The toggle can pause or resume the pulling of new transactions for a specific database. -// If paused, the database secondary does not pull new transactions from the other cluster members for the specific database. -// The database secondary is still available for reads, you can perform a backup, etc. - -// [TIP] -// ==== -// _What is it for?_ - -// You can perform a point-in-time backup, as the backup will contain only the transactions up to the point where the transaction pulling was paused. -// Follow these steps to do so: - -// . Connect directly to the server hosting the database in secondary mode. (Neo4j Driver use `bolt://` or use the HTTP API). -// . Pause transaction pulling for the specified database. -// . Back up the database, see xref:backup-restore/online-backup.adoc[Back up an online database]. - -// If connected directly to a server hosting a database in secondary mode, Data Scientists can execute analysis on a specific database that is paused, the data will not unexpectedly change while performing the analysis. -// ==== - -// [NOTE] -// ==== -// This procedure can only be executed on a database which runs in a secondary role on the connected server. -// ==== - -// .Pause transaction pulling for database `neo4j` -// [source, cypher, role="noheader"] -// ---- -// CALL dbms.cluster.secondaryReplicationDisable("neo4j", true) -// ---- - -// .Resume transaction pulling for database `neo4j` -// [source, cypher, role="noheader"] -// ---- -// CALL dbms.cluster.secondaryReplicationDisable("neo4j", false) -// ---- - -// | Signature -// m|dbms.cluster.secondaryReplicationDisable(databaseName :: STRING?, pause :: BOOLEAN?) :: (state :: STRING?) -// | Mode -// m|READ -// // | Default roles -// // m|admin -// |=== +New in 5.6 +[[procedure_dbms_cluster_secondaryreplicationdisable]] +.dbms.cluster.secondaryReplicationDisable() label:enterprise-edition[] label:admin-only[] +[cols="<15s,<85"] +|=== +| Description +a| +The toggle can pause or resume the pulling of new transactions for a specific database. +If paused, the database secondary does not pull new transactions from the other cluster members for the specific database. +The database secondary is still available for reads, you can perform a backup, etc. + +[TIP] +==== +_What is it for?_ + +You can perform a point-in-time backup, as the backup will contain only the transactions up to the point where the transaction pulling was paused. +Follow these steps to do so: + +. Connect directly to the server hosting the database in secondary mode. (Neo4j Driver use `bolt://` or use the HTTP API). +. Pause transaction pulling for the specified database. +. Back up the database, see xref:backup-restore/online-backup.adoc[Back up an online database]. + +If connected directly to a server hosting a database in secondary mode, Data Scientists can execute analysis on a specific database that is paused, the data will not unexpectedly change while performing the analysis. +==== + +[NOTE] +==== +This procedure can only be executed on a database which runs in a secondary role on the connected server. +==== + +.Pause transaction pulling for database `neo4j` +[source, cypher, role="noheader"] +---- +CALL dbms.cluster.secondaryReplicationDisable("neo4j", true) +---- + +.Resume transaction pulling for database `neo4j` +[source, cypher, role="noheader"] +---- +CALL dbms.cluster.secondaryReplicationDisable("neo4j", false) +---- + +| Signature +m|dbms.cluster.secondaryReplicationDisable(databaseName :: STRING?, pause :: BOOLEAN?) :: (state :: STRING?) +| Mode +m|READ +// | Default roles +// m|admin +|=== [[procedure_dbms_cluster_uncordonServer]] .dbms.cluster.uncordonServer() label:enterprise-edition[] label:admin-only[] From 5214c5d5a127cc86a80ee5cba6e45c215f52ba8b Mon Sep 17 00:00:00 2001 From: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> Date: Wed, 22 Mar 2023 14:58:47 +0100 Subject: [PATCH 192/876] deprecate procedure (#599) --- modules/ROOT/pages/reference/procedures.adoc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index 49da5c1f9..0faf6ae61 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -233,7 +233,7 @@ In 4.2, signature changed to `db.listLocks() :: (mode :: STRING?, resourceType : | xref:reference/procedures.adoc#procedure_dbms_cluster_readreplicatoggle[`dbms.cluster.readReplicaToggle()`] | label:no[] | label:yes[] -| label:admin-only[] +| label:admin-only[] label:deprecated[] Deprecated in 5.6 and replaced by xref:reference/procedures.adoc#procedure_dbms_cluster_secondaryreplicationdisable[`dbms.cluster.secondaryReplicationDisable()`]. // New in 5.6 | xref:reference/procedures.adoc#procedure_dbms_cluster_secondaryreplicationdisable[`dbms.cluster.secondaryReplicationDisable()`] @@ -1294,7 +1294,7 @@ m|READ //deprecate in 5.6 [[procedure_dbms_cluster_readreplicatoggle]] -.dbms.cluster.readReplicaToggle() label:enterprise-edition[] label:admin-only[] +.dbms.cluster.readReplicaToggle() label:enterprise-edition[] label:admin-only[] label:deprecated[] [cols="<15s,<85"] |=== | Description @@ -1302,6 +1302,7 @@ a| The toggle can pause or resume the pulling of new transactions for a specific database. If paused, the database secondary does not pull new transactions from the other cluster members for the specific database. The database secondary is still available for reads, you can perform a backup, etc. +Deprecated in 5.6 and replaced by xref:reference/procedures.adoc#procedure_dbms_cluster_secondaryreplicationdisable[`dbms.cluster.secondaryReplicationDisable()`]. [TIP] ==== From f2aef0dec246818b76598f453f84fa754cff35e4 Mon Sep 17 00:00:00 2001 From: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> Date: Wed, 22 Mar 2023 15:14:38 +0100 Subject: [PATCH 193/876] update version to 5.7 (#601) --- antora.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/antora.yml b/antora.yml index a8641ef41..144241230 100644 --- a/antora.yml +++ b/antora.yml @@ -7,7 +7,7 @@ nav: asciidoc: attributes: neo4j-version: '5' - neo4j-version-minor: '5.6' - neo4j-version-exact: '5.6.0' - neo4j-buildnumber: '5.6' - neo4j-debian-package-version: '1:5.6.0@' + neo4j-version-minor: '5.7' + neo4j-version-exact: '5.7.0' + neo4j-buildnumber: '5.7' + neo4j-debian-package-version: '1:5.7.0@' From 174b8fb48102d06e58b21232bf9933dffc9bd8b4 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Thu, 23 Mar 2023 11:16:31 +0100 Subject: [PATCH 194/876] Clarification of configuration on enabling the file (#590) (#604) Cherry-picked from https://github.com/neo4j/docs-operations/pull/590 --- modules/ROOT/pages/configuration/neo4j-conf.adoc | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/modules/ROOT/pages/configuration/neo4j-conf.adoc b/modules/ROOT/pages/configuration/neo4j-conf.adoc index 5cc739b9a..a3a2afdcc 100644 --- a/modules/ROOT/pages/configuration/neo4j-conf.adoc +++ b/modules/ROOT/pages/configuration/neo4j-conf.adoc @@ -199,9 +199,8 @@ If they fail, Neo4j does not evaluate the script commands in _neo4j.conf_, and t On Unix (both Linux and Mac OS):: -* The _neo4j.conf file_ must only be writeable (but not executable) by its owner. -* The neo4j.conf file must only be readable by its group and owner. -* The Neo4j process must run as a user who is either the owner of the _neo4j.conf_ file or in the group of the _neo4j.conf_ file. +* The _neo4j.conf_ file must, at least, be readable by its owner or by the user-group to which the owner belongs. +* The Neo4j process must run as a user who is either the owner of the _neo4j.conf_ file or in the user-group which owns the _neo4j.conf_ file. [NOTE] ==== @@ -212,8 +211,7 @@ For example, the _neo4j.conf_ file can have no group permissions and only be rea On Windows:: -* The _neo4j.conf_ file must only be writeable (but not executable) by the user that the Neo4j process runs as. -* The _neo4j.conf_ file must only be readable by the user that the Neo4j process runs as. +* The _neo4j.conf_ file must, at least, be readable by the user that the Neo4j process runs as. === Logging From 7fb1113d4b77cf5258800ff0d01871204b0a46bc Mon Sep 17 00:00:00 2001 From: Love Kristofer Leifland Date: Thu, 23 Mar 2023 12:33:19 +0100 Subject: [PATCH 195/876] Document new Cypher Shell :param syntax (#602) Document new Cypher Shell `:param` syntax. - Feature PR https://github.com/neo-technology/neo4j/pull/19964 - Trello https://trello.com/c/mF4YMm8D --- modules/ROOT/pages/tools/cypher-shell.adoc | 51 +++++++++++++--------- 1 file changed, 30 insertions(+), 21 deletions(-) diff --git a/modules/ROOT/pages/tools/cypher-shell.adoc b/modules/ROOT/pages/tools/cypher-shell.adoc index 4a40912b8..b4db22c2e 100644 --- a/modules/ROOT/pages/tools/cypher-shell.adoc +++ b/modules/ROOT/pages/tools/cypher-shell.adoc @@ -122,8 +122,8 @@ It can also be specified by the environment variable `NEO4J_DATABASE`. --param PARAM | Optional argument -| Add a parameter to this session. -For example, `-P "number => 3"` or `-P "country => 'Spain'"`. +| Add parameters to this session. +For example, `-P '{number: 3, country: 'Spain'}'`. This argument can be specified multiple times. | @@ -269,8 +269,7 @@ Available commands: :help Show this help message :history Statement history :impersonate Impersonate user - :param Set the value of a query parameter - :params Print all query parameter values + :param Set, list or clear query parameters :rollback Rollback the currently open transaction :source Executes Cypher statements from a file :use Set the active database @@ -350,40 +349,50 @@ type example.cypher | bin/cypher-shell.bat -u neo4j -p --format plain [[cypher-shell-parameters]] == Query parameters -Cypher Shell CLI supports querying based on parameters. -This is often used while scripting. +Cypher Shell supports querying based on parameters. +Use `:param ` to set parameters or the older arrow syntax `:param name => `. +List current parameters with `:param`. +Clear parameters with `:param clear`. + +Parameters can be set to any Cypher expression. +Some expressions need to be evaluated online and require an open session. +The parameter expression is evaluated once. +For example, `:param {now: datetime()}` will set the parameter `now` to the current date and time at the time of setting the parameter. .Use parameters within Cypher Shell ==== -. Set the parameter `thisAlias` to `Robin` using the `:param` keyword: +. Set the parameter `alias` to `Robin` and `born` to `date('1940-03-20')` using the `:param` keyword: + [source, shell] ---- -:param thisAlias => 'Robin' +:param {alias: 'Robin', born: date('1940-03-20')} ---- -. Check the parameter using the `:params` keyword: +. Check the current parameters using the `:params` keyword: + [source, shell] ---- -:params +:param ---- + [queryresult] ---- -:param thisAlias => 'Robin' +{ + alias: 'Robin', + born: date('1981-08-01') +} ---- + -. Now use the parameter `thisAlias` in a Cypher query: +. Now use the `alias` and `born` parameters in a Cypher query: + [source, shell] ---- -CREATE (:Person {name : 'Dick Grayson', alias : $thisAlias }); +CREATE (:Person {name : 'Dick Grayson', alias : $alias, born: $born }); ---- + [queryresult] ---- -Added 1 nodes, Set 2 properties, Added 1 labels +Added 1 nodes, Set 3 properties, Added 1 labels ---- + . Verify the result: @@ -395,13 +404,13 @@ MATCH (n) RETURN n; + [queryresult] ---- -+-----------------------------------------------------------------+ -| n | -+-----------------------------------------------------------------+ -| (:Person {name: "Bruce Wayne", alias: "Batman"}) | -| (:Person {name: "Selina Kyle", alias: ["Catwoman", "The Cat"]}) | -| (:Person {name: "Dick Grayson", alias: "Robin"}) | -+-----------------------------------------------------------------+ ++--------------------------------------------------------------------+ +| n | ++--------------------------------------------------------------------+ +| (:Person {name: "Bruce Wayne", alias: "Batman"}) | +| (:Person {name: "Selina Kyle", alias: ["Catwoman", "The Cat"]}) | +| (:Person {name: "Dick Grayson", alias: "Robin", born: 1940-03-20}) | ++--------------------------------------------------------------------+ 3 rows available after 2 ms, consumed after another 2 ms ---- ==== From efaa020c2b48b9c63baf4e5cac0bc8ca4210ba9a Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Thu, 23 Mar 2023 14:12:04 +0100 Subject: [PATCH 196/876] More information when setting Prometheus endpoint (#587) (#609) Cherry-picked from https://github.com/neo4j/docs-operations/pull/587 Co-authored-by: Reneta Popova --- modules/ROOT/pages/monitoring/metrics/expose.adoc | 11 +++++++++++ .../ROOT/pages/reference/configuration-settings.adoc | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/monitoring/metrics/expose.adoc b/modules/ROOT/pages/monitoring/metrics/expose.adoc index 3055b86c0..f306253fc 100644 --- a/modules/ROOT/pages/monitoring/metrics/expose.adoc +++ b/modules/ROOT/pages/monitoring/metrics/expose.adoc @@ -106,3 +106,14 @@ server.metrics.prometheus.endpoint=localhost:2004 ---- When Neo4j is fully started, a Prometheus endpoint will be available at the configured address. + +[WARNING] +==== +You should never expose the Prometheus endpoint directly to the Internet. +If security is of paramount importance, you should set `server.metrics.prometheus.endpoint=localhost:2004` and configure a reverse HTTP proxy on the same machine that handles the authentication, SSL, caching, etc. +==== +If you can afford to send unencrypted metrics within the internal network, such as `server.metrics.prometheus.endpoint=10.0.0.123:2004`, all servers within the same netmask will be able to access it. + +If you specify anything more permissible, such as `server.metrics.prometheus.endpoint=0.0.0.0:2004`, you should have a firewall rule to prevent any unauthorized access. +Data in transit will still not be encrypted, so it should never go other any insecure networks. + diff --git a/modules/ROOT/pages/reference/configuration-settings.adoc b/modules/ROOT/pages/reference/configuration-settings.adoc index 6408f8e8f..2e1fbada8 100644 --- a/modules/ROOT/pages/reference/configuration-settings.adoc +++ b/modules/ROOT/pages/reference/configuration-settings.adoc @@ -4030,7 +4030,7 @@ m|+++false+++ |Description a|label:enterprise-edition[Enterprise only]The hostname and port to use as Prometheus endpoint. |Valid values -a|server.metrics.prometheus.endpoint, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address +a|server.metrics.prometheus.endpoint, a socket address in the format `hostname:port`, `hostname`, or `:port`. If missing, port and hostname are acquired from `server.default_listen_address`. |Default value m|+++localhost:2004+++ |=== From 9376db769f70a8be7b51e62b367c511184c27b43 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Mon, 27 Mar 2023 09:59:30 +0100 Subject: [PATCH 197/876] Disable strict validation for backup (#603) Trello card: [Omission in Kubernetes Doc Operations Section](https://trello.com/c/NFUBlAl5/4789-omission-in-kubernetes-doc-operations-section) --- modules/ROOT/pages/kubernetes/maintenance.adoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/ROOT/pages/kubernetes/maintenance.adoc b/modules/ROOT/pages/kubernetes/maintenance.adoc index 32b7598c3..d52f61642 100644 --- a/modules/ROOT/pages/kubernetes/maintenance.adoc +++ b/modules/ROOT/pages/kubernetes/maintenance.adoc @@ -301,6 +301,8 @@ spec: env: - name: NEO4J_ACCEPT_LICENSE_AGREEMENT value: "yes" + - name: NEO4J_server_config_strict__validation_enabled + value: "false" volumeMounts: - mountPath: /backup name: backups From 27d783afc5499749025bf4d4ad368351283e45d7 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Mon, 27 Mar 2023 14:08:07 +0200 Subject: [PATCH 198/876] Fixing broken link to clustering database configuration (#589) (#622) Cherry-picked from https://github.com/neo4j/docs-operations/pull/589 --- modules/ROOT/pages/manage-databases/configuration.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/manage-databases/configuration.adoc b/modules/ROOT/pages/manage-databases/configuration.adoc index a21a8ccec..01066351f 100644 --- a/modules/ROOT/pages/manage-databases/configuration.adoc +++ b/modules/ROOT/pages/manage-databases/configuration.adoc @@ -104,7 +104,7 @@ The database is created if it does not exist when the instance starts. [NOTE] ==== In a clustered setup, the value of `initial.dbms.default_database` is only used to set the initial default database. -To change the default database at a later point, see <>. +To change the default database at a later point, see xref:clustering/databases#cluster-default-database[Change the default database]. ==== [NOTE] From 9276ad3210f942c0c5e63b187cc8afd179c61988 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Tue, 28 Mar 2023 15:46:33 +0200 Subject: [PATCH 199/876] Examples of seed uri config options (#624) (#626) Cherry-picked from https://github.com/neo4j/docs-operations/pull/624 --- modules/ROOT/pages/clustering/databases.adoc | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/modules/ROOT/pages/clustering/databases.adoc b/modules/ROOT/pages/clustering/databases.adoc index 73deb9a9e..790a3589c 100644 --- a/modules/ROOT/pages/clustering/databases.adoc +++ b/modules/ROOT/pages/clustering/databases.adoc @@ -201,6 +201,17 @@ Each configuration value is specified as a name followed by `=` and the value, a CREATE DATABASE foo OPTIONS { existingData: 'use', seedURI: 's3:/myBucket/myBackup,backup’, seedConfig: 'region=eu-west-1' } ---- +The available configuration options are: + +* `file:` +* `ftp:` +* `http:` +* `https:` +* `s3:` - use this to specify the path to your S3 bucket. +For example, `seedURI: 's3:/myBucket/myBackup,backup'` +* `region:` - use this together with `s3:` to set the AWS region that hosts the S3 bucket. +For example, `seedConfig: 'region=eu-west-1'`. + Some seed providers may also want to pass credentials into the provider. These are specified with the `seedCredentials` option. Seed credentials are securely passed from the Cypher command to each server hosting the database. From 54e8b659fbb1ffd695fd7b082bcc078bae62176d Mon Sep 17 00:00:00 2001 From: Balazs Lendvai <56266523+gfx54b@users.noreply.github.com> Date: Thu, 30 Mar 2023 09:12:25 +0000 Subject: [PATCH 200/876] Replace dbms.cluster.discovery.type setting with ~.resolver_type (#630) --- modules/ROOT/pages/clustering/settings.adoc | 8 ++++---- modules/ROOT/pages/clustering/setup/deploy.adoc | 2 +- modules/ROOT/pages/clustering/setup/discovery.adoc | 10 +++++----- modules/ROOT/pages/docker/ref-settings.adoc | 4 ++-- .../pages/kubernetes/multi-dc-cluster/aks.adoc | 8 ++++---- .../pages/reference/configuration-settings.adoc | 14 +++++++------- .../pages/tutorial/tutorial-clustering-docker.adoc | 4 ++-- 7 files changed, 25 insertions(+), 25 deletions(-) diff --git a/modules/ROOT/pages/clustering/settings.adoc b/modules/ROOT/pages/clustering/settings.adoc index e08469f29..ead386bdb 100644 --- a/modules/ROOT/pages/clustering/settings.adoc +++ b/modules/ROOT/pages/clustering/settings.adoc @@ -35,7 +35,7 @@ However, if enabling more than 10 servers, it is recommended to start making the **Example:** `dbms.cluster.minimum_initial_system_primaries_count=3` specifies that the cluster is considered bootstrapped and the DBMS online when at least 3 `system` database primaries have discovered one another. -| xref:reference/configuration-settings.adoc#config_dbms.cluster.discovery.type[`dbms.cluster.discovery.type`] +| xref:reference/configuration-settings.adoc#config_dbms.cluster.discovery.resolver_type[`dbms.cluster.discovery.resolver_type`] | This setting specifies the strategy that the instance uses to determine the addresses for other instances in the cluster to contact for _bootstrapping_. Possible values are: @@ -60,15 +60,15 @@ Detailed information about discovery and discovery configuration options is give | xref:reference/configuration-settings.adoc#config_dbms.cluster.discovery.endpoints[`dbms.cluster.discovery.endpoints`] | One or more network addresses used to discover other servers in the cluster. -The exact method by which endpoints are resolved to other cluster members is determined by the value of `dbms.cluster.discovery.type`. +The exact method by which endpoints are resolved to other cluster members is determined by the value of `dbms.cluster.discovery.resolver_type`. In the default case, the initial discovery members are given as a comma-separated list of address/port pairs, and the default port for the discovery service is `:5000`. It is good practice to set this parameter to the same value on all servers in the cluster. -The behavior of this setting can be modified by configuring the setting `dbms.cluster.discovery.type`. +The behavior of this setting can be modified by configuring the setting `dbms.cluster.discovery.resolver_type`. This is described in detail in xref:clustering/setup/discovery.adoc#clustering-discovery-dns[Discovery using DNS with multiple records]. -**Example:** `dbms.cluster.discovery.type=LIST` combined with `server01.example.com:5000,server02.example.com:5000,server03.example.com:5000` attempt to reach Neo4j instances listening on _server01.example.com_, _server02.example.com_ and _server03.example.com_; all on port `5000`. +**Example:** `dbms.cluster.discovery.resolver_type=LIST` combined with `server01.example.com:5000,server02.example.com:5000,server03.example.com:5000` attempt to reach Neo4j instances listening on _server01.example.com_, _server02.example.com_ and _server03.example.com_; all on port `5000`. | xref:reference/configuration-settings.adoc#config_server.discovery.advertised_address[`server.discovery.advertised_address`] | The address/port setting that specifies where the instance advertises that it listens for discovery protocol messages from other members of the cluster. diff --git a/modules/ROOT/pages/clustering/setup/deploy.adoc b/modules/ROOT/pages/clustering/setup/deploy.adoc index 48434d559..9c590989d 100644 --- a/modules/ROOT/pages/clustering/setup/deploy.adoc +++ b/modules/ROOT/pages/clustering/setup/deploy.adoc @@ -22,7 +22,7 @@ In the typical case, this should be set to the fully qualified domain name or th Setting this value to `0.0.0.0` makes Neo4j bind to all available network interfaces. | xref:reference/configuration-settings.adoc#config_dbms.cluster.discovery.endpoints[`dbms.cluster.discovery.endpoints`] | This setting contains the network for at least one server in the cluster and must be set to the same value on all cluster members. -The behavior of this setting can be modified by configuring the setting `dbms.cluster.discovery.type`. +The behavior of this setting can be modified by configuring the setting `dbms.cluster.discovery.resolver_type`. This is described in detail in xref:clustering/setup/discovery.adoc[]. | <> | The number of initial database hostings in primary mode. diff --git a/modules/ROOT/pages/clustering/setup/discovery.adoc b/modules/ROOT/pages/clustering/setup/discovery.adoc index 6705ee914..794bd89bf 100644 --- a/modules/ROOT/pages/clustering/setup/discovery.adoc +++ b/modules/ROOT/pages/clustering/setup/discovery.adoc @@ -18,14 +18,14 @@ This can be the case, for example, when using container orchestration to deploy Additional mechanisms for using DNS are provided for the cases where it is not practical or possible to explicitly list the addresses of cluster members to discover. The discovery configuration is just used for initial discovery and a running cluster continuously exchanges information about changes to the topology. -The behavior of the initial discovery is determined by the parameters `xref:reference/configuration-settings.adoc#config_dbms.cluster.discovery.type[dbms.cluster.discovery.type]` and `xref:reference/configuration-settings.adoc#config_dbms.cluster.discovery.endpoints[dbms.cluster.discovery.endpoints]`, and is described in the following sections. +The behavior of the initial discovery is determined by the parameters `xref:reference/configuration-settings.adoc#config_dbms.cluster.discovery.resolver_type[dbms.cluster.discovery.resolver_type]` and `xref:reference/configuration-settings.adoc#config_dbms.cluster.discovery.endpoints[dbms.cluster.discovery.endpoints]`, and is described in the following sections. [[clustering-discovery-list]] == Discovery using a list of server addresses If the addresses of the other cluster members are known upfront, they can be listed explicitly. -Use the default `dbms.cluster.discovery.type=LIST` and hard code the addresses in the configuration of each machine. +Use the default `dbms.cluster.discovery.resolver_type=LIST` and hard code the addresses in the configuration of each machine. This alternative is illustrated by xref:clustering/setup/deploy.adoc#cluster-example-configure-a-three-primary-cluster[Configure a cluster with three servers] example. @@ -37,7 +37,7 @@ Once a server has joined a cluster, further membership changes are communicated The following DNS-based mechanisms can be used to get the addresses of other servers in the cluster for discovery: -`dbms.cluster.discovery.type=DNS`:: +`dbms.cluster.discovery.resolver_type=DNS`:: With this configuration, the initial discovery members are resolved from _DNS A_ records to find the IP addresses to contact. The value of `dbms.cluster.discovery.endpoints` should be set to a single domain name and the port of the discovery service. For example: `dbms.cluster.discovery.endpoints=cluster01.example.com:5000`. @@ -51,7 +51,7 @@ The discovery port must be the same on all servers when using this configuration If this is not possible, consider using the discovery type `SRV` instead. ==== -`dbms.cluster.discovery.type=SRV`:: +`dbms.cluster.discovery.resolver_type=SRV`:: With this configuration, the initial discovery members are resolved from _DNS SRV_ records to find the IP addresses/hostnames and discovery service ports to contact. The value of `dbms.cluster.discovery.endpoints` should be set to a single domain name and the port set to `0`. For example: `dbms.cluster.discovery.endpoints=cluster01.example.com:0`. @@ -68,7 +68,7 @@ Then, the addresses of the other servers can be obtained using the List Service The following settings are used to configure for this scenario: -* Set `dbms.cluster.discovery.type=K8S`. +* Set `dbms.cluster.discovery.resolver_type=K8S`. * Set `xref:reference/configuration-settings.adoc#config_dbms.kubernetes.label_selector[dbms.kubernetes.label_selector]` to the label selector for the cluster services. For more information, see the https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors[Kubernetes official documentation^]. * Set `xref:reference/configuration-settings.adoc#config_dbms.kubernetes.service_port_name[dbms.kubernetes.service_port_name]` to the name of the service port used in the Kubernetes service definition for the Core's discovery port. diff --git a/modules/ROOT/pages/docker/ref-settings.adoc b/modules/ROOT/pages/docker/ref-settings.adoc index 1a7ea9338..59f5ef1fe 100644 --- a/modules/ROOT/pages/docker/ref-settings.adoc +++ b/modules/ROOT/pages/docker/ref-settings.adoc @@ -220,8 +220,8 @@ For more information on the configuration descriptions, valid values, and defaul | `dbms.cluster.discovery.log_level` | `+NEO4J_dbms_cluster_discovery_log__level+` -| `dbms.cluster.discovery.type` -| `+NEO4J_dbms_cluster_discovery_type+` +| `dbms.cluster.discovery.resolver_type` +| `+NEO4J_dbms_cluster_discovery_resolver__type+` | `dbms.cluster.minimum_initial_system_primaries_count` | `+NEO4J_dbms_cluster_minimum__initial__system__primaries__count+` diff --git a/modules/ROOT/pages/kubernetes/multi-dc-cluster/aks.adoc b/modules/ROOT/pages/kubernetes/multi-dc-cluster/aks.adoc index 975638659..fb4fda888 100644 --- a/modules/ROOT/pages/kubernetes/multi-dc-cluster/aks.adoc +++ b/modules/ROOT/pages/kubernetes/multi-dc-cluster/aks.adoc @@ -502,7 +502,7 @@ services: loadBalancerIP: 10.30.1.101 multiCluster: true config: - dbms.cluster.discovery.type: LIST + dbms.cluster.discovery.resolver_type: LIST dbms.cluster.discovery.endpoints: "10.30.1.101:5000, 10.30.2.101:5000, 10.30.3.101:5000" server.discovery.advertised_address: "10.30.1.101:5000" server.cluster.advertised_address: "10.30.1.101:6000" @@ -530,7 +530,7 @@ services: loadBalancerIP: 10.30.2.101 multiCluster: true config: - dbms.cluster.discovery.type: LIST + dbms.cluster.discovery.resolver_type: LIST dbms.cluster.discovery.endpoints: "10.30.1.101:5000, 10.30.2.101:5000, 10.30.3.101:5000" server.discovery.advertised_address: "10.30.2.101:5000" server.cluster.advertised_address: "10.30.2.101:6000" @@ -558,7 +558,7 @@ services: loadBalancerIP: 10.30.3.101 multiCluster: true config: - dbms.cluster.discovery.type: LIST + dbms.cluster.discovery.resolver_type: LIST dbms.cluster.discovery.endpoints: "10.30.1.101:5000, 10.30.2.101:5000, 10.30.3.101:5000" server.discovery.advertised_address: "10.30.3.101:5000" server.cluster.advertised_address: "10.30.3.101:6000" @@ -703,4 +703,4 @@ After the application gateway is created and the deployment is complete, you can . Add port `:7474`. + Neo4j Browser opens. . Log in with your credentials (e.g., `neo4j`/`my-password`). -. Verify that the cluster is up and running using the Cypher command `SHOW DATABASES`. \ No newline at end of file +. Verify that the cluster is up and running using the Cypher command `SHOW DATABASES`. diff --git a/modules/ROOT/pages/reference/configuration-settings.adoc b/modules/ROOT/pages/reference/configuration-settings.adoc index 2e1fbada8..59ca86b7a 100644 --- a/modules/ROOT/pages/reference/configuration-settings.adoc +++ b/modules/ROOT/pages/reference/configuration-settings.adoc @@ -79,7 +79,7 @@ It optimizes the filesystem by ensuring there is room to accommodate newly gener |<>|label:enterprise-edition[Enterprise only]The catch up protocol times out if the given duration elapses with no network activity. |<>|label:enterprise-edition[Enterprise only]A comma-separated list of endpoints which a server should contact in order to discover other cluster members. |<>|label:enterprise-edition[Enterprise only]The level of middleware logging. -|<>|label:enterprise-edition[Enterprise only]Configure the discovery type used for cluster name resolution. +|<>|label:enterprise-edition[Enterprise only]Configure the discovery resolver type used for cluster members resolution. |<>|label:enterprise-edition[Enterprise only]Minimum number of machines initially required to formed a clustered DBMS. |<>|label:enterprise-edition[Enterprise only]Time out for protocol negotiation handshake. |<>|label:enterprise-edition[Enterprise only]Maximum chunk size allowable across network by clustering machinery. @@ -387,7 +387,7 @@ It optimizes the filesystem by ensuring there is room to accommodate newly gener * <>: label:enterprise-edition[Enterprise only]The catch up protocol times out if the given duration elapses with no network activity. * <>: label:enterprise-edition[Enterprise only]A comma-separated list of endpoints which a server should contact in order to discover other cluster members. * <>: label:enterprise-edition[Enterprise only]The level of middleware logging. -* <>: label:enterprise-edition[Enterprise only]Configure the discovery type used for cluster name resolution. +* <>: label:enterprise-edition[Enterprise only]Configure the discovery resolver type used for cluster member resolution. * <>: label:enterprise-edition[Enterprise only]Minimum number of machines initially required to formed a clustered DBMS. * <>: label:enterprise-edition[Enterprise only]Time out for protocol negotiation handshake. * <>: label:enterprise-edition[Enterprise only]Maximum chunk size allowable across network by clustering machinery. @@ -1469,14 +1469,14 @@ a|dbms.cluster.discovery.log_level, one of [DEBUG, INFO, WARN, ERROR, NONE] m|+++WARN+++ |=== -[[config_dbms.cluster.discovery.type]] -.dbms.cluster.discovery.type +[[config_dbms.cluster.discovery.resolver_type]] +.dbms.cluster.discovery.resolver_type [cols="<1s,<4"] |=== |Description -a|label:enterprise-edition[Enterprise only]Configure the discovery type used for cluster name resolution. +a|label:enterprise-edition[Enterprise only]Configure the discovery resolver type used for cluster member resolution. |Valid values -a|dbms.cluster.discovery.type, one of [DNS, LIST, SRV, K8S] which may require different settings depending on the discovery type: `DNS requires [dbms.cluster.discovery.endpoints], LIST requires [], SRV requires [dbms.cluster.discovery.endpoints], K8S requires [dbms.kubernetes.label_selector, dbms.kubernetes.service_port_name]` +a|dbms.cluster.discovery.resolver_type, one of [DNS, LIST, SRV, K8S] which may require different settings depending on the discovery type: `DNS requires [dbms.cluster.discovery.endpoints], LIST requires [], SRV requires [dbms.cluster.discovery.endpoints], K8S requires [dbms.kubernetes.label_selector, dbms.kubernetes.service_port_name]` |Default value m|+++LIST+++ |=== @@ -1486,7 +1486,7 @@ m|+++LIST+++ [cols="<1s,<4"] |=== |Description -a|label:enterprise-edition[Enterprise only]Minimum number of machines initially required to form a clustered DBMS. The cluster is considered formed when at least this many members have discovered each other, bound together and bootstrapped a highly available system database. As a result, at least this many of the cluster's initial machines must have '<>' set to 'PRIMARY'.NOTE: If '<>' is set to 'LIST' and '<>' is empty then the user is assumed to be deploying a standalone DBMS, and the value of this setting is ignored. +a|label:enterprise-edition[Enterprise only]Minimum number of machines initially required to form a clustered DBMS. The cluster is considered formed when at least this many members have discovered each other, bound together and bootstrapped a highly available system database. As a result, at least this many of the cluster's initial machines must have '<>' set to 'PRIMARY'.NOTE: If '<>' is set to 'LIST' and '<>' is empty then the user is assumed to be deploying a standalone DBMS, and the value of this setting is ignored. |Valid values a|dbms.cluster.minimum_initial_system_primaries_count, an integer which is minimum `1` |Default value diff --git a/modules/ROOT/pages/tutorial/tutorial-clustering-docker.adoc b/modules/ROOT/pages/tutorial/tutorial-clustering-docker.adoc index 983c0cd4b..70df5c56c 100644 --- a/modules/ROOT/pages/tutorial/tutorial-clustering-docker.adoc +++ b/modules/ROOT/pages/tutorial/tutorial-clustering-docker.adoc @@ -43,9 +43,9 @@ server.memory.pagecache.size=100M # Setting that specifies the initial JVM heap size. server.memory.heap.initial_size=100M -# The behavior of the initial discovery is determined by the parameters `dbms.cluster.discovery.type` and `dbms.cluster.discovery.endpoints`. +# The behavior of the initial discovery is determined by the parameters `dbms.cluster.discovery.resolver_type` and `dbms.cluster.discovery.endpoints`. # The DNS strategy fetches the IP addresses of the cluster members using the DNS A records. -dbms.cluster.discovery.type=DNS +dbms.cluster.discovery.resolver_type=DNS # The value of `dbms.cluster.discovery.endpoints` should be set to a single domain name and the port of the discovery service. # The domain name returns an A record for every server in the cluster when a DNS lookup is performed. From 01cedcf76bcce303e11a57ddb24d933951d6863a Mon Sep 17 00:00:00 2001 From: JPryce-Aklundh Date: Fri, 31 Mar 2023 14:48:51 +0200 Subject: [PATCH 201/876] update links to cypher manual administration sections --- .../access-control.adoc | 12 ++++++------ .../built-in-roles.adoc | 2 +- .../introduction.adoc | 2 +- .../ldap-integration.adoc | 2 +- .../manage-execute-permissions.adoc | 16 ++++++++-------- .../sso-integration.adoc | 2 +- modules/ROOT/pages/clustering/databases.adoc | 2 +- modules/ROOT/pages/clustering/servers.adoc | 2 +- .../pages/composite-databases/introduction.adoc | 10 +++++----- .../pages/manage-databases/configuration.adoc | 8 ++++---- modules/ROOT/pages/manage-databases/errors.adoc | 2 +- .../pages/manage-databases/introduction.adoc | 6 +++--- modules/ROOT/pages/manage-databases/queries.adoc | 2 +- .../pages/manage-databases/remote-alias.adoc | 16 ++++++++-------- .../ROOT/pages/monitoring/query-management.adoc | 2 +- .../pages/monitoring/transaction-management.adoc | 2 +- modules/ROOT/pages/reference/procedures.adoc | 4 ++-- modules/ROOT/pages/routing-decisions.adoc | 2 +- .../tutorial/tutorial-immutable-privileges.adoc | 4 ++-- 19 files changed, 49 insertions(+), 49 deletions(-) diff --git a/modules/ROOT/pages/authentication-authorization/access-control.adoc b/modules/ROOT/pages/authentication-authorization/access-control.adoc index 31ebfa2c3..13e2fa5a6 100644 --- a/modules/ROOT/pages/authentication-authorization/access-control.adoc +++ b/modules/ROOT/pages/authentication-authorization/access-control.adoc @@ -82,7 +82,7 @@ This same database would be used by a number of different users, each with diffe Unlike applications which often require users to be modeled within the application itself, databases provide user management resources such as roles and privileges. This allows users to be created entirely within the database security model, a strategy that allows the separation of access to the data and the data itself. -For more information, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/[Cypher Manual -> Access control]. +For more information, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/[Cypher Manual -> Access control]. The following examples show two different approaches to using Neo4j security features to support the _healthcare_ database application. The first approach uses xref:authentication-authorization/built-in-roles/auth-built-in-roles[Built-in roles], whereas the second uses more advanced resources with fine-grained privileges for <>. @@ -258,7 +258,7 @@ SHOW ROLE itadmin PRIVILEGES AS COMMANDS; [NOTE] ==== -Privileges that were granted or denied earlier can be revoked using link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/manage-privileges/#access-control-revoke-privileges[the `REVOKE` command]. +Privileges that were granted or denied earlier can be revoked using link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/manage-privileges/#access-control-revoke-privileges[the `REVOKE` command]. ==== To provide the IT administrator `tina` these privileges, they must be assigned the new role `itadmin`: @@ -472,7 +472,7 @@ If the `researcherB` role is revoked to Charlie, but `researcherW` is granted, w [NOTE] ==== -Privileges that were granted or denied earlier can be revoked using link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/manage-privileges/#access-control-revoke-privileges[the `REVOKE` command]. +Privileges that were granted or denied earlier can be revoked using link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/manage-privileges/#access-control-revoke-privileges[the `REVOKE` command]. ==== === Privileges of `doctor` @@ -749,7 +749,7 @@ GRANT DELETE ON GRAPH healthcare RELATIONSHIPS HAS, DIAGNOSIS TO receptionist; [NOTE] ==== -Privileges that were granted or denied earlier can be revoked using link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/manage-privileges/#access-control-revoke-privileges[the `REVOKE` command]. +Privileges that were granted or denied earlier can be revoked using link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/manage-privileges/#access-control-revoke-privileges[the `REVOKE` command]. ==== === Privileges of `nurse` @@ -796,7 +796,7 @@ SHOW USER daniel PRIVILEGES AS COMMANDS; [NOTE] ==== -Privileges that were granted or denied earlier can be revoked using link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/manage-privileges/#access-control-revoke-privileges[the `REVOKE` command]. +Privileges that were granted or denied earlier can be revoked using link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/manage-privileges/#access-control-revoke-privileges[the `REVOKE` command]. ==== Now the intention is that a nurse can perform the actions of a receptionist, which means they should be able to read and write the `address` field of the `Patient` nodes. @@ -1051,7 +1051,7 @@ neo4j@system> SHOW USER tina PRIVILEGES AS COMMANDS; ==== No other privilege management privileges were granted here. How much power this role should have would depend on the requirements of the system. -Refer to the section link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/built-in-roles/[Cypher Manual -> The `admin` role] for a complete list of privileges to consider. +Refer to the section link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/built-in-roles/[Cypher Manual -> The `admin` role] for a complete list of privileges to consider. ==== Now Tina should be able to create new users and assign them to roles: diff --git a/modules/ROOT/pages/authentication-authorization/built-in-roles.adoc b/modules/ROOT/pages/authentication-authorization/built-in-roles.adoc index 1ba71eefd..0da3d645f 100644 --- a/modules/ROOT/pages/authentication-authorization/built-in-roles.adoc +++ b/modules/ROOT/pages/authentication-authorization/built-in-roles.adoc @@ -417,4 +417,4 @@ The subset of the functionality which is available with Community Edition is als |=== More information about the built-in roles and their privileges can be found in -link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/built-in-roles[Neo4j Cypher Manual]. +link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/built-in-roles[Neo4j Cypher Manual]. diff --git a/modules/ROOT/pages/authentication-authorization/introduction.adoc b/modules/ROOT/pages/authentication-authorization/introduction.adoc index b789ff831..db918e997 100644 --- a/modules/ROOT/pages/authentication-authorization/introduction.adoc +++ b/modules/ROOT/pages/authentication-authorization/introduction.adoc @@ -25,7 +25,7 @@ For more information, see xref:configuration/password-and-user-recovery.adoc[Pas When triggered, Neo4j logs an error containing a timestamp and the message `failed to log in: too many failed attempts` in the _security.log_. ==== + -The Cypher commands to manage users, roles, and permissions are described in detail in link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/[Cypher Manual -> Administration]. +The Cypher commands to manage users, roles, and permissions are described in detail in link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/[Cypher Manual -> Administration]. Various scenarios that illustrate the use of the native auth provider are available in xref:authentication-authorization/access-control.adoc[Fine-grained access control]. *LDAP auth provider*:: diff --git a/modules/ROOT/pages/authentication-authorization/ldap-integration.adoc b/modules/ROOT/pages/authentication-authorization/ldap-integration.adoc index 6d3b14cd3..8caf73488 100644 --- a/modules/ROOT/pages/authentication-authorization/ldap-integration.adoc +++ b/modules/ROOT/pages/authentication-authorization/ldap-integration.adoc @@ -123,7 +123,7 @@ dbms.security.ldap.authorization.group_to_role_mapping=\ <3> Mapping of two LDAP groups to a Neo4j built-in role. <4> Mapping of an LDAP group to a custom-defined role. Custom-defined roles, such as `rolename`, must be explicitly created using the `CREATE ROLE rolename` command before they can be used to grant privileges. -See link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/manage-users[the Cypher Manual -> Creating roles]. +See link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/manage-users[the Cypher Manual -> Creating roles]. ==== [[auth-ldap-configure-provider-ad]] diff --git a/modules/ROOT/pages/authentication-authorization/manage-execute-permissions.adoc b/modules/ROOT/pages/authentication-authorization/manage-execute-permissions.adoc index cf22f8ca5..95802bccf 100644 --- a/modules/ROOT/pages/authentication-authorization/manage-execute-permissions.adoc +++ b/modules/ROOT/pages/authentication-authorization/manage-execute-permissions.adoc @@ -22,12 +22,12 @@ Please refer to link:{neo4j-docs-base-uri}/java-reference/{page-version}/extendi [[auth-manage-procedure-permissions]] == Manage procedure permissions -Procedure permissions can be managed using the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/dbms-administration#access-control-dbms-administration-execute[native execute privileges]. +Procedure permissions can be managed using the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/dbms-administration#access-control-dbms-administration-execute[native execute privileges]. These control whether the user is allowed to both execute a procedure, and which set of privileges apply during the execution. -A procedure may be run using the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/dbms-administration#access-control-execute-procedure[`EXECUTE PROCEDURE` privilege]. +A procedure may be run using the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/dbms-administration#access-control-execute-procedure[`EXECUTE PROCEDURE` privilege]. -This allows the user to execute procedures that match the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/dbms-administration#access-control-name-globbing[globbed procedures]. +This allows the user to execute procedures that match the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/dbms-administration#access-control-name-globbing[globbed procedures]. .Grant privilege to execute procedure ==== @@ -48,7 +48,7 @@ GRANT TRAVERSE ON GRAPH * RELATIONSHIP R1 TO role When calling the `db.schema.visualization` procedure that user will only see the `A` and `B` nodes and `R1` relationships, even though there might exist other nodes and relationships. ==== -A procedure may also be executed with elevated privileges using the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/dbms-administration#access-control-execute-boosted-procedure[`EXECUTE BOOSTED PROCEDURE` privilege]. +A procedure may also be executed with elevated privileges using the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/dbms-administration#access-control-execute-boosted-procedure[`EXECUTE BOOSTED PROCEDURE` privilege]. [NOTE] -- @@ -74,12 +74,12 @@ When calling the `db.schema.visualization` procedure that user will see all node [[auth-manage-function-permissions]] == Manage user-defined function permissions -User-defined function permissions can be managed using the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/dbms-administration#access-control-dbms-administration-execute[native execute privileges]. +User-defined function permissions can be managed using the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/dbms-administration#access-control-dbms-administration-execute[native execute privileges]. These control if the user is both allowed to execute a user-defined function, and which set of privileges apply during the execution. -A user-defined function may be executed using the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/dbms-administration#access-control-execute-user-defined-function[`EXECUTE USER DEFINED FUNCTION` privilege]. +A user-defined function may be executed using the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/dbms-administration#access-control-execute-user-defined-function[`EXECUTE USER DEFINED FUNCTION` privilege]. -This allows the user to execute user-defined functions that match the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/dbms-administration#access-control-name-globbing[globbed user-defined function]. +This allows the user to execute user-defined functions that match the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/dbms-administration#access-control-name-globbing[globbed user-defined function]. .Grant privilege to execute user-defined function ==== @@ -100,7 +100,7 @@ When calling the user-defined function `MATCH (a:A) RETURN apoc.any.properties(a ==== A user-defined function may also be executed with elevated privileges using the -link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/dbms-administration#access-control-execute-boosted-user-defined-function[`EXECUTE BOOSTED USER DEFINED FUNCTION` privilege]. +link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/dbms-administration#access-control-execute-boosted-user-defined-function[`EXECUTE BOOSTED USER DEFINED FUNCTION` privilege]. [NOTE] -- diff --git a/modules/ROOT/pages/authentication-authorization/sso-integration.adoc b/modules/ROOT/pages/authentication-authorization/sso-integration.adoc index 4441d0cd7..ee173eb38 100644 --- a/modules/ROOT/pages/authentication-authorization/sso-integration.adoc +++ b/modules/ROOT/pages/authentication-authorization/sso-integration.adoc @@ -181,7 +181,7 @@ dbms.security.oidc.mysso.authorization.group_to_role_mapping=\ <3> Mapping of two identity provider groups to a Neo4j built-in role. <4> Mapping of an identity provider group to a custom-defined role. Custom-defined roles, such as `rolename`, must be explicitly created using the `CREATE ROLE rolename` command before they can be used to grant privileges. -See link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/manage-users[the Cypher Manual -> Creating roles]. +See link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/manage-users[the Cypher Manual -> Creating roles]. ==== [[auth-sso-configure-provider]] diff --git a/modules/ROOT/pages/clustering/databases.adoc b/modules/ROOT/pages/clustering/databases.adoc index 790a3589c..5d32a772d 100644 --- a/modules/ROOT/pages/clustering/databases.adoc +++ b/modules/ROOT/pages/clustering/databases.adoc @@ -9,7 +9,7 @@ If a database is no longer needed, the command `DROP DATABASE` deletes the datab == `CREATE DATABASE` -The command to create a database in a cluster is not significantly different from the command to create a database in a non-clustered environment (see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/databases[Cypher Manual -> Database management] for more information on database management on single servers). +The command to create a database in a cluster is not significantly different from the command to create a database in a non-clustered environment (see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/databases[Cypher Manual -> Database management] for more information on database management on single servers). The difference in a clustered environment is that the topology can be specified, i.e. how many primaries and secondaries are desired for the database. To create a database `foo` with 3 servers hosting the database in primary mode and 2 servers in secondary mode, the command looks like this: diff --git a/modules/ROOT/pages/clustering/servers.adoc b/modules/ROOT/pages/clustering/servers.adoc index e492d622a..b3bd12256 100644 --- a/modules/ROOT/pages/clustering/servers.adoc +++ b/modules/ROOT/pages/clustering/servers.adoc @@ -251,7 +251,7 @@ neo4j@neo4j> ALTER SERVER '25a7efc7-d063-44b8-bdee-f23357f89f01' SET OPTIONS {mo Altering servers may cause databases to be moved, and should be performed with care. For example, if the server `25a7efc7-d063-44b8-bdee-f23357f89f01` hosts database `foo` in primary mode when the above command is executed, then another server must begin hosting `foo` in primary mode. Likewise, if `ALTER SERVER '25a7efc7-d063-44b8-bdee-f23357f89f01' SET OPTIONS {allowedDatabases:['bar','baz']};` is executed, then `foo` is forced to move. -For a description of all the server options (e.g., server tags) that can be altered via the `ALTER SERVER` command, see the xref:link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/server-management/#server-management-alter-server[Cypher Manual -> Modifying servers]. +For a description of all the server options (e.g., server tags) that can be altered via the `ALTER SERVER` command, see the xref:link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/server-management/#server-management-alter-server[Cypher Manual -> Modifying servers]. [NOTE] ==== diff --git a/modules/ROOT/pages/composite-databases/introduction.adoc b/modules/ROOT/pages/composite-databases/introduction.adoc index a0c503483..9d871b48a 100644 --- a/modules/ROOT/pages/composite-databases/introduction.adoc +++ b/modules/ROOT/pages/composite-databases/introduction.adoc @@ -24,7 +24,7 @@ These graphs are added to the composite database by means of database aliases. A Neo4j DBMS can have multiple composite databases, and they can be created both in single-instance deployments, and in cluster deployments. Composite databases are managed using administrative commands. -They are created with the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/databases#administration-databases-create-composite-database[`CREATE COMPOSITE DATABASE`] command. +They are created with the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/databases#administration-databases-create-composite-database[`CREATE COMPOSITE DATABASE`] command. .Creating a composite database ==== @@ -34,7 +34,7 @@ CREATE COMPOSITE DATABASE cineasts ---- ==== -Constituent graphs are added with the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/aliases#alias-management-create-database-alias[`CREATE ALIAS`] administrative command, for example: +Constituent graphs are added with the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/aliases#alias-management-create-database-alias[`CREATE ALIAS`] administrative command, for example: .Creating an alias on a composite database ==== @@ -59,7 +59,7 @@ CREATE ALIAS cineasts.upcoming ---- ==== -The link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/databases#administration-databases-show-databases[`SHOW DATABASE`] administrative command includes composite databases. +The link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/databases#administration-databases-show-databases[`SHOW DATABASE`] administrative command includes composite databases. Their `type` is reported as `"composite"`, and the `constituents` column lists the names of the aliases contained. @@ -80,7 +80,7 @@ SHOW DATABASE cineasts YIELD name, type, constituents ==== -The link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/aliases#alias-management-show-alias[`SHOW ALIASES FOR DATABASE`] administrative command can be used to inspect aliases on composite databases in further detail. +The link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/aliases#alias-management-show-alias[`SHOW ALIASES FOR DATABASE`] administrative command can be used to inspect aliases on composite databases in further detail. .Showing composite database aliases ==== @@ -98,4 +98,4 @@ SHOW ALIASES FOR DATABASE ---- ==== -For a full description of the administrative commands for managing composite databases, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/databases[Cypher Manual -> Database management]. +For a full description of the administrative commands for managing composite databases, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/databases[Cypher Manual -> Database management]. diff --git a/modules/ROOT/pages/manage-databases/configuration.adoc b/modules/ROOT/pages/manage-databases/configuration.adoc index 01066351f..668850e03 100644 --- a/modules/ROOT/pages/manage-databases/configuration.adoc +++ b/modules/ROOT/pages/manage-databases/configuration.adoc @@ -11,7 +11,7 @@ Administrative commands should not be used during a rolling upgrade. For more information, see link:{neo4j-docs-base-uri}/upgrade-migration-guide/upgrade/upgrade-4.4/causal-cluster/[Upgrade and Migration Guide -> Upgrade a cluster]. -For detailed information on Cypher administrative commands, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/databases[Cypher Manual -> Database management]. +For detailed information on Cypher administrative commands, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/databases[Cypher Manual -> Database management]. ==== Before using administrative commands, it is important to understand the difference between stopped databases, and dropped databases: @@ -75,9 +75,9 @@ For example, `main.db` is a valid database name. ==== It is possible to create an alias to refer to an existing database to avoid these restrictions. -For more information, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/aliases#alias-management-create-database-alias[Cypher Manual -> Creating database aliases]. +For more information, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/aliases#alias-management-create-database-alias[Cypher Manual -> Creating database aliases]. -For detailed information on Cypher administrative commands, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control[Cypher Manual -> Access Control]. +For detailed information on Cypher administrative commands, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control[Cypher Manual -> Access Control]. For examples of using the Cypher administrative commands to manage multiple active databases, see xref:manage-databases/queries.adoc[Queries]. @@ -147,7 +147,7 @@ Regardless of settings of `server.databases.default_to_read_only`, `server.datab [NOTE] ==== -Another way of preventing writes is to set the database access to read-only using the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/databases#administration-databases-alter-database[ALTER DATABASE] command. +Another way of preventing writes is to set the database access to read-only using the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/databases#administration-databases-alter-database[ALTER DATABASE] command. ==== diff --git a/modules/ROOT/pages/manage-databases/errors.adoc b/modules/ROOT/pages/manage-databases/errors.adoc index 4aaf0ec58..e8803c372 100644 --- a/modules/ROOT/pages/manage-databases/errors.adoc +++ b/modules/ROOT/pages/manage-databases/errors.adoc @@ -173,7 +173,7 @@ neo4j@system> SHOW DATABASE foo; ---- ==== -If repeated retries of a command have no effect, or if a database is in a `dirty` state, you may drop and recreate the database, as detailed in link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/databases[Cypher manual -> Database management]. +If repeated retries of a command have no effect, or if a database is in a `dirty` state, you may drop and recreate the database, as detailed in link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/databases[Cypher manual -> Database management]. [NOTE] ==== diff --git a/modules/ROOT/pages/manage-databases/introduction.adoc b/modules/ROOT/pages/manage-databases/introduction.adoc index cf7e9324c..fee27497e 100644 --- a/modules/ROOT/pages/manage-databases/introduction.adoc +++ b/modules/ROOT/pages/manage-databases/introduction.adoc @@ -77,11 +77,11 @@ All installations include the `system` database. All installations include a built-in database named `system`, which contains meta-data and security configuration. The `system` database behaves differently than all other databases. -In particular, when connected to this database you can only perform a specific set of administrative functions, as described in detail in link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/databases[Cypher Manual -> Database management]. +In particular, when connected to this database you can only perform a specific set of administrative functions, as described in detail in link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/databases[Cypher Manual -> Database management]. Most of the available administrative commands are restricted to users with specific administrative privileges. An example of configuring security privileges is described in xref:authentication-authorization/access-control.adoc[Fine-grained access control]. -Security administration is described in detail in link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control[Cypher Manual -> Access Control] . +Security administration is described in detail in link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control[Cypher Manual -> Access Control] . The following image illustrates an installation of Neo4j with multiple active databases, named `marketing`, `sales`, and `hr`: @@ -111,4 +111,4 @@ Per-user home databases are controlled via the Cypher administration commands. To set a home database for a user, this user must exist as a record in Neo4j. Therefore, for deployments using xref:authentication-authorization/introduction.adoc[auth providers] other than native, you create a native user with a matching username and then set a home database for that user. -For more information on creating native users and configuring a home database for a user, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/manage-users[Cypher Manual -> User Management]. +For more information on creating native users and configuring a home database for a user, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/manage-users[Cypher Manual -> User Management]. diff --git a/modules/ROOT/pages/manage-databases/queries.adoc b/modules/ROOT/pages/manage-databases/queries.adoc index fcc8c9eb9..6fa261ca7 100644 --- a/modules/ROOT/pages/manage-databases/queries.adoc +++ b/modules/ROOT/pages/manage-databases/queries.adoc @@ -4,7 +4,7 @@ [TIP] ==== -For detailed information on Cypher administrative commands, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/databases[Cypher Manual -> Database management]. +For detailed information on Cypher administrative commands, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/databases[Cypher Manual -> Database management]. ==== [NOTE] diff --git a/modules/ROOT/pages/manage-databases/remote-alias.adoc b/modules/ROOT/pages/manage-databases/remote-alias.adoc index 513d1b058..30c9465dd 100644 --- a/modules/ROOT/pages/manage-databases/remote-alias.adoc +++ b/modules/ROOT/pages/manage-databases/remote-alias.adoc @@ -6,7 +6,7 @@ A remote database alias can be used to provide connection to one or more graphs, on one or more remote standalone servers or clusters. Although remote database aliases do not store any data, they enable users or applications to perform queries on remote databases as if they were on the local DBMS server. -All configuration can be done with link:https://neo4j.com/docs/cypher-manual/current/databases/[Administration commands] on a running system. +All configuration can be done with link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/databases[Administration commands] on a running system. Any changes are automatically synchronized across all instances of a cluster. The following steps describe the setup required to define a remote database alias both for local and remote DBMSs. @@ -32,12 +32,12 @@ In the example above, _Bob_ is the administrator responsible for deciding which Meanwhile, _Alice_ is the administrator that assigns who has access to the privileges set by _Bob_. In the example, _Alice_ will assign that access to _Carol_. -See link:https://neo4j.com/docs/cypher-manual/current/access-control/dbms-administration/[Cypher manual -> DBMS administration] for more information. +See link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/dbms-administration[Cypher manual -> DBMS administration] for more information. ==== _Carol_ can use her own regular credentials to access the remote database `Db1` in DBMS after _Alice_ assigns this privilege to her user profile. This configuration will also allow _Carol_ to access `Db2` in **DBMS B**. -If the administrators decide this should not be the case, then _Bob_ must define the appropriate privileges (see link:https://neo4j.com/docs/cypher-manual/current/access-control/[Cypher manual -> Access control] for further information). +If the administrators decide this should not be the case, then _Bob_ must define the appropriate privileges (see link:link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/[Cypher manual -> Access control] for further information). == Configuration of a remote DBMS (_Bob_) @@ -147,7 +147,7 @@ bin/neo4j start --expand-commands == Managing remote database aliases -You can use the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/aliases[alias commands] to manage remote database aliases. +You can use the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/aliases[alias commands] to manage remote database aliases. In this case, it is strongly recommended to connect to a remote database alias with a secured connection. Please note that only client-side SSL is supported. @@ -161,8 +161,8 @@ For example, the following command can be used to create a remote database alias CREATE ALIAS `remote-neo4j` FOR DATABASE `neo4j` AT "neo4j+s://location:7687" USER alice PASSWORD 'secretpassword' ---- -In order to do so, either link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/dbms-administration#access-control-dbms-administration-database-management[database management] -or link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/dbms-administration#access-control-dbms-administration-alias-management[alias management] privileges are required. +In order to do so, either link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/dbms-administration#access-control-dbms-administration-database-management[database management] +or link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/dbms-administration#access-control-dbms-administration-alias-management[alias management] privileges are required. The permission to create an alias can be granted like this: [source, Cypher] @@ -170,7 +170,7 @@ The permission to create an alias can be granted like this: GRANT CREATE ALIAS ON DBMS TO administrator ---- -Here is how to grant the link:https://neo4j.com/docs/cypher-manual/current/access-control/database-administration/#access-control-database-administration-access[`ACCESS` privileges] to use the remote database alias: +Here is how to grant the link:link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/database-administration#access-control-database-administration-access[`ACCESS` privileges] to use the remote database alias: [source, Cypher] ---- @@ -208,7 +208,7 @@ USE `remote-neo4j` MATCH (n) RETURN * * Connecting to a remote database alias as a home database. This needs to be set by Administrator A. -See more about link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/dbms-administration#access-control-dbms-administration-user-management[User Management]. +See more about link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/dbms-administration#access-control-dbms-administration-user-management[User Management]. [source, Cypher] ---- diff --git a/modules/ROOT/pages/monitoring/query-management.adoc b/modules/ROOT/pages/monitoring/query-management.adoc index edfae2c3a..7e2746a0b 100644 --- a/modules/ROOT/pages/monitoring/query-management.adoc +++ b/modules/ROOT/pages/monitoring/query-management.adoc @@ -68,7 +68,7 @@ CALL dbms.listActiveLocks( "query-614" ) Queries are terminated by terminating the transaction on which they are running. This is done using the `TERMINATE TRANSACTIONS transactionIds` command. The `transactionIds` can be found using the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/clauses/transaction-clauses#query-listing-transactions[`SHOW TRANSACTIONS` command]. -The link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/database-administration#access-control-database-administration-transaction[`TERMINATE TRANSACTION` privilege] determines what transactions can be terminated. +The link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/database-administration#access-control-database-administration-transaction[`TERMINATE TRANSACTION` privilege] determines what transactions can be terminated. However, the xref:authentication-authorization/terminology.adoc#term-current-user[current user] can always terminate all of their own transactions. *Syntax:* diff --git a/modules/ROOT/pages/monitoring/transaction-management.adoc b/modules/ROOT/pages/monitoring/transaction-management.adoc index 010d55efe..feb21a057 100644 --- a/modules/ROOT/pages/monitoring/transaction-management.adoc +++ b/modules/ROOT/pages/monitoring/transaction-management.adoc @@ -51,7 +51,7 @@ db.lock.acquisition.timeout=10s To list the currently running transactions within an instance, use the `SHOW TRANSACTIONS` command. -The link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/database-administration#access-control-database-administration-transaction[`SHOW TRANSACTION` privilege] determines what transactions are returned by the command. +The link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/database-administration#access-control-database-administration-transaction[`SHOW TRANSACTION` privilege] determines what transactions are returned by the command. However, the xref:authentication-authorization/terminology.adoc#term-current-user[current user] can always view all of their own currently executing transactions. *Syntax:* diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index 0faf6ae61..c40bff2e6 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -25,7 +25,7 @@ SHOW PROCEDURES Some procedures can only be run by users with `Admin` privileges. These are labeled with label:admin-only[]. -For more information, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/manage-privileges/[Cypher Manual -> Manage Privileges]. +For more information, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/manage-privileges/[Cypher Manual -> Manage Privileges]. ==== == List of procedures @@ -780,7 +780,7 @@ m|SCHEMA // m|architect, admin | Replaced by a|`CREATE CONSTRAINT ... IS NODE KEY`. -For more information, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/database-administration[Database administration]. +For more information, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/database-administration[Database administration]. |=== diff --git a/modules/ROOT/pages/routing-decisions.adoc b/modules/ROOT/pages/routing-decisions.adoc index 7fd699746..d34ee5e36 100644 --- a/modules/ROOT/pages/routing-decisions.adoc +++ b/modules/ROOT/pages/routing-decisions.adoc @@ -15,7 +15,7 @@ Before the query is executed, these are the decisions taken during query routing Step 1: Determine the name of the target database:: Pick the first of these that has a value: . link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/clauses/use[Cypher `USE` clause] -** Note that link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/databases[administration commands] implicitly have `USE system`. +** Note that link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/databases[administration commands] implicitly have `USE system`. . link:{neo4j-docs-base-uri}/drivers-apis/[Driver session database] . xref:manage-databases/introduction.adoc#manage-databases-default[Home or default database] Step 2: Reuse open transaction:: diff --git a/modules/ROOT/pages/tutorial/tutorial-immutable-privileges.adoc b/modules/ROOT/pages/tutorial/tutorial-immutable-privileges.adoc index 3fd65aaf5..d9cb87838 100644 --- a/modules/ROOT/pages/tutorial/tutorial-immutable-privileges.adoc +++ b/modules/ROOT/pages/tutorial/tutorial-immutable-privileges.adoc @@ -4,9 +4,9 @@ :description: This tutorial describes methods for administering immutable privileges. This tutorial describes how to administer immutable privileges, which are useful assets for restricting the actions of users who themselves are able to administer privileges. -They offer a way to prevent such users from simply removing any restrictions by using their link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/dbms-administration#access-control-dbms-administration-privilege-management[privilege management] privileges. +They offer a way to prevent such users from simply removing any restrictions by using their link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/dbms-administration#access-control-dbms-administration-privilege-management[privilege management] privileges. -In other words, having link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/access-control/dbms-administration#access-control-dbms-administration-privilege-management[privilege management] privileges is not sufficient to add or remove immutable privileges. +In other words, having link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/dbms-administration#access-control-dbms-administration-privilege-management[privilege management] privileges is not sufficient to add or remove immutable privileges. The only way immutable privileges can be added or removed is when auth is disabled. [CAUTION] From f5aba5151a88bec0eea08a9262f10fa7905e7c60 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Fri, 31 Mar 2023 16:10:21 +0100 Subject: [PATCH 202/876] Fix the table Available commands per category (#632) --- modules/ROOT/pages/tools/neo4j-admin/index.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/tools/neo4j-admin/index.adoc b/modules/ROOT/pages/tools/neo4j-admin/index.adoc index a1a1d712e..40726a76c 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/index.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/index.adoc @@ -55,7 +55,7 @@ For details, see xref:configuration/set-initial-password.adoc[Set an initial pas | `unbind-system-db` | Removes and archives the cluster state of the `system` database so the instance can rebind to a new cluster state of the `system` database. -.12+| `server` +.13+| `server` | `console` | Starts DBMS server in the console. From fd98f9ad33293aed0c828783f7cbf42547e3c089 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Fri, 31 Mar 2023 16:12:42 +0100 Subject: [PATCH 203/876] Remove sharded and federated composite dbs (#633) --- modules/ROOT/pages/introduction.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/introduction.adoc b/modules/ROOT/pages/introduction.adoc index 08e030419..a6bac80a4 100644 --- a/modules/ROOT/pages/introduction.adoc +++ b/modules/ROOT/pages/introduction.adoc @@ -298,7 +298,7 @@ a| APOC 450+ link:https://neo4j.com/docs/apoc/5/[Core Procedures and Functions] | | {check-mark} -| Sharded and federated Composite databases +| Composite databases | | {check-mark} From 4d64a5fe2886942a35665da60f26ce865365fe2c Mon Sep 17 00:00:00 2001 From: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> Date: Mon, 3 Apr 2023 09:47:25 +0200 Subject: [PATCH 204/876] Dev cluster dr (#634) --- .../pages/clustering/disaster-recovery.adoc | 23 +++++++++++++++++-- modules/ROOT/pages/clustering/glossary.adoc | 2 +- modules/ROOT/pages/clustering/index.adoc | 1 + 3 files changed, 23 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/pages/clustering/disaster-recovery.adoc b/modules/ROOT/pages/clustering/disaster-recovery.adoc index e53fe2ff3..8ed8ca7b3 100644 --- a/modules/ROOT/pages/clustering/disaster-recovery.adoc +++ b/modules/ROOT/pages/clustering/disaster-recovery.adoc @@ -31,8 +31,17 @@ Consequently, in a disaster where multiple servers go down, some databases may k == Guide to disaster recovery -The following guide defines three stages of disaster recovery. -Always run the guide in the order it is described and only move to the next stage once the current one is validated to work properly. +There are three main steps to recover a cluster from a disaster. +Depending on the disaster scenario, some steps may not be required, but it is recommended to complete each step in order to ensure that the cluster is fully operational. + +The first step is to ensure that the `system` database is available in the cluster. +The `system` database defines the configuration for the other databases and therefore it is vital to ensure that it is available before doing anything else. + +Once the `system` database's availability is verified, whether it was recovered or unaffected by the disaster, the next step is to recover lost servers to make sure the cluster's topology requirements are met. + +Only after the `system` database is available and the cluster topology is satisfied, can the databases be managed. + +The steps are described in detail in the following sections. [NOTE] ==== @@ -61,6 +70,7 @@ If the response doesn't contain a writer, the `system` database is unavailable a .. Optionally, you can create a temporary user to validate the `system` database's writability by running `CREATE USER 'temporaryUser' SET PASSWORD 'temporaryPassword'`. ... Confirm that the query was executed successfully and the temporary user was created as expected, by running `SHOW USERS`, then continue to xref:clustering/disaster-recovery.adoc#recover-servers[Recover servers]. If not, continue to step 3. ++ . *Restore the `system` database.* + [NOTE] @@ -68,6 +78,14 @@ If not, continue to step 3. Only do the steps below if the `system` database's availability could not be validated by the first two steps in this section. ==== + +[NOTE] +==== +Recall that the cluster remains fault tolerant, and thus able to serve both reads and writes, as long as a majority of the primaries are available. +In case of a disaster affecting one or more server(s), but where the majority of servers are still available, it is possible to add a new server to the cluster and recover the `system` database (and any other affected user databases) on it by copying the `system` database (and affected user databases) from one of the available servers. +This method prevents downtime for the other databases in the cluster. +If this is the case, ie. if a majority of servers are still available, follow the instructions in <>. +==== ++ The following steps creates a new `system` database from a backup of the current `system` database. This is required since the current `system` database has lost too many members in the server failover. @@ -86,6 +104,7 @@ Either: .. Ensure that `dbms.cluster.discovery.endpoints` are set correctly on all servers, see xref:clustering/setup/discovery.adoc[Cluster server discovery] for more information. .. Return to step 1. + [[recover-servers]] === Recover servers diff --git a/modules/ROOT/pages/clustering/glossary.adoc b/modules/ROOT/pages/clustering/glossary.adoc index 0580cddcd..57718c510 100644 --- a/modules/ROOT/pages/clustering/glossary.adoc +++ b/modules/ROOT/pages/clustering/glossary.adoc @@ -51,7 +51,7 @@ A minimum of three servers is required for the cluster to be fault-tolerant. Multiple databases can be hosted on a Database Management Server (DBMS). [[glossary-dbms]] -| Database Management Server (DBMS) +| Database Management System (DBMS) | The Neo4j services and system database running on an instance of a single server or cluster to provide one or more databases. [[glossary-deallocate]] diff --git a/modules/ROOT/pages/clustering/index.adoc b/modules/ROOT/pages/clustering/index.adoc index ae0bd4e74..70aa08ea7 100644 --- a/modules/ROOT/pages/clustering/index.adoc +++ b/modules/ROOT/pages/clustering/index.adoc @@ -16,6 +16,7 @@ This chapter describes the following: * Monitoring -- Monitoring of a cluster. ** xref:clustering/monitoring/show-servers-monitoring.adoc[Monitoring servers] -- The tools available for monitoring the servers in a cluster. ** xref:clustering/monitoring/show-databases-monitoring.adoc[Monitoring databases] -- The tools available for monitoring the databases in a cluster. +* xref:clustering/disaster-recovery.adoc[Disaster recovery] -- How to recover a cluster in the event of a disaster. * xref:clustering/settings.adoc[Settings reference] -- A summary of the most important cluster settings. * xref:clustering/clustering-advanced/index.adoc[Advanced clustering] -- Some more advanced features of Neo4j clusters. ** xref:clustering/clustering-advanced/multi-data-center-routing.adoc[Multi-data center routing] -- Clusters on mutli-data centers. From be5d4dc8fc02e18189180b8b9c75974a664d1071 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Mon, 3 Apr 2023 11:42:27 +0100 Subject: [PATCH 205/876] Fix inconsistencies in docker settings (#642) --- modules/ROOT/pages/docker/ref-settings.adoc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/ROOT/pages/docker/ref-settings.adoc b/modules/ROOT/pages/docker/ref-settings.adoc index 59f5ef1fe..7b4eec5fc 100644 --- a/modules/ROOT/pages/docker/ref-settings.adoc +++ b/modules/ROOT/pages/docker/ref-settings.adoc @@ -41,19 +41,19 @@ For more information on the configuration descriptions, valid values, and defaul | `+NEO4J_client_allow__telemetry+` | `db.checkpoint` -| `+NEO4J_dbms_checkpoint+` +| `+NEO4J_db_checkpoint+` | `db.checkpoint.interval.time` -| `+NEO4J_dbms_checkpoint_interval_time+` +| `+NEO4J_db_checkpoint_interval_time+` | `db.checkpoint.interval.tx` -| `+NEO4J_dbms_checkpoint_interval_tx+` +| `+NEO4J_db_checkpoint_interval_tx+` | `db.checkpoint.interval.volume` | `+NEO4J_db_checkpoint_interval_volume+` | `db.checkpoint.iops.limit` -| `+NEO4J_dbms_checkpoint_iops_limit+` +| `+NEO4J_db_checkpoint_iops_limit+` | `db.cluster.catchup.pull_interval` | `+NEO4J_db_cluster_catchup_pull__interval+` From d0870fcfc0220603c04e2245ca649e59a8c11841 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Mon, 3 Apr 2023 16:18:16 +0200 Subject: [PATCH 206/876] Adding more context to the `sub` information on the SSO tutorial (#625) (#645) Cherry-picked from https://github.com/neo4j/docs-operations/pull/625 Co-authored-by: Phil Wright <95368282+phil198@users.noreply.github.com> --- .../pages/tutorial/tutorial-sso-configuration.adoc | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc b/modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc index e026d25cb..6f61524ce 100644 --- a/modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc +++ b/modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc @@ -23,6 +23,16 @@ SSO works in the following way: . The client (e.g., Bloom, Neo4j Browser, etc.) asks the user for credentials and contacts the identity provider. . The identity provider responds with a JSON Web Token (JWT), a JSON file containing fields (claims) relative to the user (email, audience, groups, etc.). . The client provides the server with the JWT, and the server verifies its signature with the JWKs. ++ +[IMPORTANT] +==== +JWTs must *always* contain a value for `sub` even when using a different claim for `username`. +It is the only claim guaranteed to be unique and stable. +Other claims, such as `email` or `preferred_username` are less secure and may change over time. +They should *not* be used for authentication. +Neo4j may assign permissions to a user based on this username value in a hybrid authorization configuration. +Thus, changing the username claim from `sub` is not recommended. +==== == Okta @@ -165,9 +175,6 @@ dbms.security.oidc.azure.config=token_type_principal=id_token;token_type_authent [IMPORTANT] ==== `sub` is the only claim guaranteed to be unique and stable. -Other claims, such as `email` or `preferred_username`, may change over time and should *not* be used for authentication. -Neo4j may assign permissions to a user based on this username value in a hybrid authorization configuration. -Thus, changing the username claim from `sub` is not recommended. For details, see https://learn.microsoft.com/en-us/azure/active-directory/develop/id-tokens#using-claims-to-reliably-identify-a-user-subject-and-object-id[Microsoft documentation] as well as the https://openid.net/specs/openid-connect-core-1_0.html#ClaimStability[OpenId spec]. ==== + From eaf9dce85f7006e4ad0c29f6848caddf2945a44f Mon Sep 17 00:00:00 2001 From: JPryce-Aklundh Date: Tue, 4 Apr 2023 10:10:03 +0200 Subject: [PATCH 207/876] post review update --- .../ROOT/pages/authentication-authorization/introduction.adoc | 2 +- .../pages/authentication-authorization/ldap-integration.adoc | 2 +- .../pages/authentication-authorization/sso-integration.adoc | 2 +- modules/ROOT/pages/clustering/servers.adoc | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/ROOT/pages/authentication-authorization/introduction.adoc b/modules/ROOT/pages/authentication-authorization/introduction.adoc index db918e997..03ada1331 100644 --- a/modules/ROOT/pages/authentication-authorization/introduction.adoc +++ b/modules/ROOT/pages/authentication-authorization/introduction.adoc @@ -25,7 +25,7 @@ For more information, see xref:configuration/password-and-user-recovery.adoc[Pas When triggered, Neo4j logs an error containing a timestamp and the message `failed to log in: too many failed attempts` in the _security.log_. ==== + -The Cypher commands to manage users, roles, and permissions are described in detail in link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/[Cypher Manual -> Administration]. +The Cypher commands to manage users, roles, and permissions are described in detail in link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/[Cypher Manual -> Access control]. Various scenarios that illustrate the use of the native auth provider are available in xref:authentication-authorization/access-control.adoc[Fine-grained access control]. *LDAP auth provider*:: diff --git a/modules/ROOT/pages/authentication-authorization/ldap-integration.adoc b/modules/ROOT/pages/authentication-authorization/ldap-integration.adoc index 8caf73488..a62ee4863 100644 --- a/modules/ROOT/pages/authentication-authorization/ldap-integration.adoc +++ b/modules/ROOT/pages/authentication-authorization/ldap-integration.adoc @@ -123,7 +123,7 @@ dbms.security.ldap.authorization.group_to_role_mapping=\ <3> Mapping of two LDAP groups to a Neo4j built-in role. <4> Mapping of an LDAP group to a custom-defined role. Custom-defined roles, such as `rolename`, must be explicitly created using the `CREATE ROLE rolename` command before they can be used to grant privileges. -See link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/manage-users[the Cypher Manual -> Creating roles]. +See link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/manage-roles[the Cypher Manual -> Creating roles]. ==== [[auth-ldap-configure-provider-ad]] diff --git a/modules/ROOT/pages/authentication-authorization/sso-integration.adoc b/modules/ROOT/pages/authentication-authorization/sso-integration.adoc index ee173eb38..c17e8352f 100644 --- a/modules/ROOT/pages/authentication-authorization/sso-integration.adoc +++ b/modules/ROOT/pages/authentication-authorization/sso-integration.adoc @@ -181,7 +181,7 @@ dbms.security.oidc.mysso.authorization.group_to_role_mapping=\ <3> Mapping of two identity provider groups to a Neo4j built-in role. <4> Mapping of an identity provider group to a custom-defined role. Custom-defined roles, such as `rolename`, must be explicitly created using the `CREATE ROLE rolename` command before they can be used to grant privileges. -See link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/manage-users[the Cypher Manual -> Creating roles]. +See link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/manage-roles[the Cypher Manual -> Creating roles]. ==== [[auth-sso-configure-provider]] diff --git a/modules/ROOT/pages/clustering/servers.adoc b/modules/ROOT/pages/clustering/servers.adoc index b3bd12256..b5e1dc6c3 100644 --- a/modules/ROOT/pages/clustering/servers.adoc +++ b/modules/ROOT/pages/clustering/servers.adoc @@ -251,7 +251,7 @@ neo4j@neo4j> ALTER SERVER '25a7efc7-d063-44b8-bdee-f23357f89f01' SET OPTIONS {mo Altering servers may cause databases to be moved, and should be performed with care. For example, if the server `25a7efc7-d063-44b8-bdee-f23357f89f01` hosts database `foo` in primary mode when the above command is executed, then another server must begin hosting `foo` in primary mode. Likewise, if `ALTER SERVER '25a7efc7-d063-44b8-bdee-f23357f89f01' SET OPTIONS {allowedDatabases:['bar','baz']};` is executed, then `foo` is forced to move. -For a description of all the server options (e.g., server tags) that can be altered via the `ALTER SERVER` command, see the xref:link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/server-management/#server-management-alter-server[Cypher Manual -> Modifying servers]. +For a description of all the server options (e.g., server tags) that can be altered via the `ALTER SERVER` command, see the xref:link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/servers/#server-management-alter-server[Cypher Manual -> Modifying servers]. [NOTE] ==== From b28201b5c9427d2f124c6be24f32b0dbf408bc09 Mon Sep 17 00:00:00 2001 From: Jack Waudby <33488812+jackwaudby@users.noreply.github.com> Date: Tue, 4 Apr 2023 10:40:59 +0100 Subject: [PATCH 208/876] Edge cases when deallocation is prevented (#639) Add a note for cases when deallocation can fail. --------- Co-authored-by: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> --- modules/ROOT/pages/clustering/servers.adoc | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/modules/ROOT/pages/clustering/servers.adoc b/modules/ROOT/pages/clustering/servers.adoc index e492d622a..213a09f1b 100644 --- a/modules/ROOT/pages/clustering/servers.adoc +++ b/modules/ROOT/pages/clustering/servers.adoc @@ -207,6 +207,15 @@ neo4j@neo4j> DRYRUN DEALLOCATE DATABASES FROM SERVER '135ad202-5405-4d3c-9822-df +------------------------------------------------------------------------------------------------------------------------------------------+ ---- +[NOTE] +==== +Deallocation is currently prevented in the following situations. + +* If a database the server is hosting is offline. +* If the server is hosting a database with an allocation of 1 primary. +* If a quorum of servers hosting the database in primary mode are cordoned. +==== + === Dropping a server Once `DEALLOCATE DATABASES` is executed for a server, its databases begin being moved. From 4f09c0eb6f741e106c4d5ce8ed005afd0315037c Mon Sep 17 00:00:00 2001 From: Jack Waudby <33488812+jackwaudby@users.noreply.github.com> Date: Tue, 4 Apr 2023 10:41:41 +0100 Subject: [PATCH 209/876] Add database state metrics (#636) We have recently introduced metrics that track the states databases are in on a server. This PR updates the docs to reflect this. --------- Co-authored-by: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> --- modules/ROOT/pages/monitoring/metrics/reference.adoc | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/modules/ROOT/pages/monitoring/metrics/reference.adoc b/modules/ROOT/pages/monitoring/metrics/reference.adoc index bfeff5df4..8f4cd5d60 100644 --- a/modules/ROOT/pages/monitoring/metrics/reference.adoc +++ b/modules/ROOT/pages/monitoring/metrics/reference.adoc @@ -145,6 +145,14 @@ By default, database metrics include: |.db.operation.count.recovered|Count of database operations that failed previously but have recovered. (counter) |=== +[options="header",cols="<3m,<4"] +|=== +|Name |Description +|.db.state.count.hosted|Databases hosted on this server. Databases in states `started`, `store copying`, or `draining` are considered hosted. (gauge) +|.db.state.count.failed|Databases in a failed state on this server. (gauge) +|.db.state.count.desired_started|Databases that desire to be started on this server. (gauge) +|=== + .Database data metrics [options="header",cols="<3m,<4"] From 2663f457443e82177a2f0431a277180082518ff0 Mon Sep 17 00:00:00 2001 From: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> Date: Wed, 5 Apr 2023 11:40:16 +0200 Subject: [PATCH 210/876] add info about s3 default (#646) Co-authored-by: Tony Butterfield <1846725+tonbut@users.noreply.github.com> --- modules/ROOT/pages/clustering/databases.adoc | 10 ++++++++++ .../ROOT/pages/reference/configuration-settings.adoc | 6 +++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/pages/clustering/databases.adoc b/modules/ROOT/pages/clustering/databases.adoc index 5d32a772d..b2b684ae8 100644 --- a/modules/ROOT/pages/clustering/databases.adoc +++ b/modules/ROOT/pages/clustering/databases.adoc @@ -156,6 +156,13 @@ The sources of seeds are called _seed providers_. The mechanism is pluggable, allowing new sources of seeds to be supported (see link:https://www.neo4j.com/docs/java-reference/current/extending-neo4j/project-setup/#extending-neo4j-plugin-seed-provider[Java Reference -> Implement custom seed providers] for more information). The product has built-in support for seed from a mounted file system (file), FTP server, HTTP/HTTPS server and Amazon S3. + +[NOTE] +==== +S3 is supported by default, but the other providers require configuration of xref:reference/configuration-settings.adoc#config_dbms.databases.seed_from_uri_providers[`dbms.databases.seed_from_uri_providers`]. +Neo4j 5 comes bundled with necessary libraries for AWS S3 connectivity and thus, `aws cli` is not required. +==== + The `URLConnectionSeedProvider` supports the following: ** file: @@ -219,6 +226,9 @@ For this to work, Neo4j on each server in the cluster must be configured with id This is identical to the configuration required by remote aliases, see xref:manage-databases/remote-alias.adoc#remote-alias-config-DBMS_admin-A[Configuration of DBMS with remote database alias]. If this configuration is not performed, the `seedCredential` option fails. +For example, in the case of `S3SeedProvider`(the default provider), `seedCredentials: '[accessKey];[secretKey]'` +where accessKey and secretKey are provided by AWS. + ==== Seed provider reference [cols="1,2,2",options="header"] diff --git a/modules/ROOT/pages/reference/configuration-settings.adoc b/modules/ROOT/pages/reference/configuration-settings.adoc index 59ca86b7a..f65e36acf 100644 --- a/modules/ROOT/pages/reference/configuration-settings.adoc +++ b/modules/ROOT/pages/reference/configuration-settings.adoc @@ -1769,9 +1769,9 @@ m|+++0.75+++ [cols="<1s,<4"] |=== |Description -a|label:enterprise-edition[Enterprise only]Databases may be created from an existing 'seed' (a database backup or dump) stored at some source URI. Different types of seed source are supported by different implementations of `com.neo4j.dbms.seeding.SeedProvider`. For example, seeds stored at 's3://' and 'https://' URIs are supported by the builtin `S3SeedProvider` and `URLConnectionSeedProvider` respectively. This list specifies enabled seed providers. If a seed source (URI scheme) is supported by multiple providers in the list, the first matching provider will be used. If the list is set to empty, the seed from uri functionality is effectively disabled. +a|label:enterprise-edition[Enterprise only]Databases may be created from an existing 'seed' (a database backup or dump) stored at some source URI. Different types of seed source are supported by different implementations of `com.neo4j.dbms.seeding.SeedProvider`. For example, seeds stored at `s3://` and `https://` URIs are supported by the builtin `S3SeedProvider` and `URLConnectionSeedProvider` respectively. This list specifies enabled seed providers. If a seed source (URI scheme) is supported by multiple providers in the list, the first matching provider will be used. If the list is set to empty, the seed from uri functionality is effectively disabled. |Valid values -a|dbms.databases.seed_from_uri_providers, a ',' separated list with elements of type 'a string'. +a|dbms.databases.seed_from_uri_providers, a `,` separated list with elements of type `a string`. |Default value m|+++S3SeedProvider+++ |=== @@ -1795,7 +1795,7 @@ m|+++UTC+++ |Description a|label:enterprise-edition[Enterprise only]Address for Kubernetes API. |Valid values -a|dbms.kubernetes.address, a socket address in the format 'hostname:port', 'hostname' or ':port' +a|dbms.kubernetes.address, a socket address in the format `hostname:port`, `hostname` or `:port` |Default value m|+++kubernetes.default.svc:443+++ |=== From 751d52d6769e7347bbab9ea4a1a9f1f0f116f032 Mon Sep 17 00:00:00 2001 From: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> Date: Wed, 5 Apr 2023 11:49:31 +0200 Subject: [PATCH 211/876] tiny edit (#648) --- modules/ROOT/pages/clustering/databases.adoc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/ROOT/pages/clustering/databases.adoc b/modules/ROOT/pages/clustering/databases.adoc index b2b684ae8..11aee99e1 100644 --- a/modules/ROOT/pages/clustering/databases.adoc +++ b/modules/ROOT/pages/clustering/databases.adoc @@ -226,8 +226,7 @@ For this to work, Neo4j on each server in the cluster must be configured with id This is identical to the configuration required by remote aliases, see xref:manage-databases/remote-alias.adoc#remote-alias-config-DBMS_admin-A[Configuration of DBMS with remote database alias]. If this configuration is not performed, the `seedCredential` option fails. -For example, in the case of `S3SeedProvider`(the default provider), `seedCredentials: '[accessKey];[secretKey]'` -where accessKey and secretKey are provided by AWS. +For example, in the case of `S3SeedProvider`(the default provider), `seedCredentials: [accessKey];[secretKey]` where `accessKey` and `secretKey` are provided by AWS. ==== Seed provider reference From b09c31acd2fe6e5a524082cccfbeac74ea7bbd17 Mon Sep 17 00:00:00 2001 From: Nick Giles <100630647+nick-giles-neo@users.noreply.github.com> Date: Tue, 11 Apr 2023 06:53:22 +0100 Subject: [PATCH 212/876] Fix small typos in exposing metrics page (#649) --- modules/ROOT/pages/monitoring/metrics/expose.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/monitoring/metrics/expose.adoc b/modules/ROOT/pages/monitoring/metrics/expose.adoc index f306253fc..e8da3143c 100644 --- a/modules/ROOT/pages/monitoring/metrics/expose.adoc +++ b/modules/ROOT/pages/monitoring/metrics/expose.adoc @@ -114,6 +114,6 @@ If security is of paramount importance, you should set `server.metrics.prometheu ==== If you can afford to send unencrypted metrics within the internal network, such as `server.metrics.prometheus.endpoint=10.0.0.123:2004`, all servers within the same netmask will be able to access it. -If you specify anything more permissible, such as `server.metrics.prometheus.endpoint=0.0.0.0:2004`, you should have a firewall rule to prevent any unauthorized access. -Data in transit will still not be encrypted, so it should never go other any insecure networks. +If you specify anything more permissive, such as `server.metrics.prometheus.endpoint=0.0.0.0:2004`, you should have a firewall rule to prevent any unauthorized access. +Data in transit will still not be encrypted, so it should never go over any insecure networks. From 4c562150f38fc008856758c93ae85484f95dd511 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Tue, 11 Apr 2023 11:54:22 +0100 Subject: [PATCH 213/876] Add a warning that neo4j-admin database upload does not support private linking (#652) --- .../pages/tools/neo4j-admin/upload-to-aura.adoc | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/modules/ROOT/pages/tools/neo4j-admin/upload-to-aura.adoc b/modules/ROOT/pages/tools/neo4j-admin/upload-to-aura.adoc index 22d6ae23a..5351641c9 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/upload-to-aura.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/upload-to-aura.adoc @@ -8,7 +8,7 @@ The following table shows the compatibility between the dump version that you wa [options="header" cols="50%, 50%"] |=== -| Dump version +| Dump version | Aura version | v5.x @@ -31,16 +31,16 @@ This operation is secured and TLS encrypted end to end. The `neo4j-admin database upload` command has the following syntax: ---- -neo4j-admin database upload [-h] +neo4j-admin database upload [-h] [--expand-commands] [--verbose] [--overwrite-destination[=true|false]] - --from-path= + --from-path= [--to=] [--to-password=] --to-uri= [--to-user=] - + ---- @@ -98,7 +98,7 @@ Alternatively, you can use the `NEO4J_USERNAME` environment variable. | | -| Name of the database dump that should be uploaded. +| Name of the database dump that should be uploaded. |=== == Limitations @@ -128,6 +128,12 @@ You should use the `--overwrite-destination=true` option to overwrite the target Otherwise, the command aborts and throws an error. ==== +[CAUTION] +==== +This command does not currently support https://neo4j.com/docs/aura/platform/security/#_vpc_isolation[private linking]. +Please https://aura.support.neo4j.com/hc/en-us/requests/new[raise a support ticket] if you have public traffic disabled and need to use this command. +==== + [source, shell,role=nocopy] ---- $neo4j-home> bin/neo4j-admin database upload --from-path= --to-uri= --overwrite-destination=true From 8e4c70c794f7bc32f4d48861c199ee841a5a6c76 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 12 Apr 2023 10:31:56 +0100 Subject: [PATCH 214/876] Restore is not possible to a previous version (#653) --- modules/ROOT/pages/backup-restore/restore-backup.adoc | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/backup-restore/restore-backup.adoc b/modules/ROOT/pages/backup-restore/restore-backup.adoc index 1577f301b..82ceaa440 100644 --- a/modules/ROOT/pages/backup-restore/restore-backup.adoc +++ b/modules/ROOT/pages/backup-restore/restore-backup.adoc @@ -6,7 +6,13 @@ [[restore-backup-command]] == Command -A database backup artifact can be restored using the `restore` command of `neo4j-admin`. +A database backup artifact can be restored within the same or to a later Neo4j version using the `restore` command of `neo4j-admin`. + +[NOTE] +==== +Restoring a database backup to a previous Neo4j version is not supported. +==== + You must create the database (using `CREATE DATABASE` against the `system` database) after the restore operation finishes, unless you are replacing an existing database. `neo4j-admin database restore` must be invoked as the `neo4j` user to ensure the appropriate file permissions. For more information, see xref:manage-databases/configuration.adoc#manage-databases-administration[Administrative commands]. From 74e01f9c6559958ac503b31ec8cf5afec02f0f8e Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 12 Apr 2023 14:36:45 +0100 Subject: [PATCH 215/876] Fix typo in docker introduction (#663) The environment variable `NEO4J_AUTH` was spelled as `NEO4J_ATUH` Cherry-picked from #651 Co-authored-by: Alex Thomas --- modules/ROOT/pages/docker/introduction.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/docker/introduction.adoc b/modules/ROOT/pages/docker/introduction.adoc index 773875e70..e06790051 100644 --- a/modules/ROOT/pages/docker/introduction.adoc +++ b/modules/ROOT/pages/docker/introduction.adoc @@ -72,7 +72,7 @@ docker run \ [NOTE] ==== -With no persistent storage for the databases, `NEO4J_ATUH` takes effect each time the container is recreated, even if you have changed the password. +With no persistent storage for the databases, `NEO4J_AUTH` takes effect each time the container is recreated, even if you have changed the password. However, with persistent storage for the databases, `NEO4J_AUTH` only takes effect on the initial startup. It is ignored when the container is recreated and cannot override a changed password. From 5e6d6d92ab99bf08443a9e6605eb8ec797c66311 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Thu, 13 Apr 2023 11:43:48 +0200 Subject: [PATCH 216/876] =?UTF-8?q?Updating=20description=20of=20neo4j-imp?= =?UTF-8?q?ort=20data=20command=20after=20incremental=20i=E2=80=A6=20(#666?= =?UTF-8?q?)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit …mport implementation (#664) Cherry-picked from https://github.com/neo4j/docs-operations/pull/664 Co-authored-by: Reneta Popova --- modules/ROOT/pages/monitoring/metrics/essential.adoc | 2 +- modules/ROOT/pages/tutorial/neo4j-admin-import.adoc | 9 +++------ 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/modules/ROOT/pages/monitoring/metrics/essential.adoc b/modules/ROOT/pages/monitoring/metrics/essential.adoc index 0ea22f0af..538d1aab7 100644 --- a/modules/ROOT/pages/monitoring/metrics/essential.adoc +++ b/modules/ROOT/pages/monitoring/metrics/essential.adoc @@ -141,4 +141,4 @@ Useful for identifying spikes or increases in the data load. [NOTE] ==== For the complete list of all available metrics in Neo4j, see xref:monitoring/metrics/reference.adoc[]. -==== +==== \ No newline at end of file diff --git a/modules/ROOT/pages/tutorial/neo4j-admin-import.adoc b/modules/ROOT/pages/tutorial/neo4j-admin-import.adoc index 10e319291..5a303c2c4 100644 --- a/modules/ROOT/pages/tutorial/neo4j-admin-import.adoc +++ b/modules/ROOT/pages/tutorial/neo4j-admin-import.adoc @@ -2,11 +2,8 @@ = Neo4j-admin import :description: This tutorial provides detailed examples to illustrate the capabilities of importing data from CSV files with the command `neo4j-admin database import`. -This tutorial provides detailed examples to illustrate the capabilities of importing data from CSV files with the command `neo4j-admin database import`. - -The xref:tools/neo4j-admin/neo4j-admin-import.adoc[`neo4j-admin database import`] is a command for loading large amounts of data from CSV files into an **unused non-existing** database. -Importing data from CSV files with `neo4j-admin database import` can only be done once into an **unused** database, it is used for the initial graph population only. -The `neo4j-admin database import` command can be used on the local Neo4j instance even if the instance is running or not. +This tutorial provides detailed examples to illustrate the capabilities of importing data from CSV files with the command xref:tools/neo4j-admin/neo4j-admin-import.adoc[`neo4j-admin database import`]. +The import command is used for loading large amounts of data from CSV files and supports full and incremental import into a running or stopped Neo4j DBMS. [IMPORTANT] ==== @@ -510,7 +507,7 @@ The call to `neo4j-admin database import` would look like this: .shell [source] ---- -bin/neo4j-admin database import full --nodes=Movie=import/movies5a.csv --nodes=Movie:Sequel=import/sequels5a.csv --nodes=Actor=import/actors5a.csv --relationships=import/roles5a.csv +bin/neo4j-admin database import full --nodes=Movie=import/movies5a.csv --nodes=Movie:Sequel=import/sequels5a.csv --nodes=Actor=import/actors5a.csv --relationships=import/roles5a.csv neo4j ---- From 69a715fd7a6f8c009277d60ae736d28636e0d7b4 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 13 Apr 2023 13:38:58 +0100 Subject: [PATCH 217/876] Docker additional configuration settings via an environment variable for JVM no longer override the default JVM configurations (#669) --- modules/ROOT/pages/docker/configuration.adoc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/ROOT/pages/docker/configuration.adoc b/modules/ROOT/pages/docker/configuration.adoc index 888f55191..1dede2dff 100644 --- a/modules/ROOT/pages/docker/configuration.adoc +++ b/modules/ROOT/pages/docker/configuration.adoc @@ -52,6 +52,11 @@ For example: --env NEO4J_server_jvm_additional="-Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.password.file=$HOME/conf/jmx.password -Dcom.sun.management.jmxremote.access.file=$HOME/conf/jmx.access -Dcom.sun.management.jmxremote.port=3637" ---- +[NOTE] +==== +From Neo4j 5.6 onwards, Docker additional configuration settings via an environment variable for JVM no longer override the default JVM configurations but are appended to them. +==== + [[docker-conf-volume]] == Mounting the _/conf_ volume From 5e8d7932214880643a02e30f0f6eed061e96fbee Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 13 Apr 2023 14:16:53 +0100 Subject: [PATCH 218/876] Update the syntax to reflect the code and add a note of the database parameter (#668) --- .../pages/backup-restore/restore-dump.adoc | 87 ++++++++----------- 1 file changed, 38 insertions(+), 49 deletions(-) diff --git a/modules/ROOT/pages/backup-restore/restore-dump.adoc b/modules/ROOT/pages/backup-restore/restore-dump.adoc index 506bc9598..62edffb40 100644 --- a/modules/ROOT/pages/backup-restore/restore-dump.adoc +++ b/modules/ROOT/pages/backup-restore/restore-dump.adoc @@ -24,72 +24,61 @@ If you are not replacing an existing database, you must create the database (usi [source,role=noheader] ---- -neo4j-admin database load [-h] - [--verbose] - [--expand-commands] - [--info] - [--overwrite-destination[=true|false]] - [--from-path= | --from-stdin] - [--additional-config=] - +neo4j-admin database load [-h] [--expand-commands] [--info] [--verbose] [--overwrite-destination[=true|false]] + [--additional-config=] [--from-path= | --from-stdin] ---- - -- Name of the database to load. -Can contain `*` and `?` for globbing. +=== Description -[[restore-dump-command-options]] -=== Options - -[options="header",cols="m,m,a"] -|=== -| Option -| Default -| Description - -| --verbose -| -| Enable verbose output. - -| --expand-commands -| -| Allow command expansion in config value evaluation. +Load a database from an archive. +__ must be a directory containing an archive(s) created with the dump command. +If neither `--from-path` or `--from-stdin` is supplied `server.directories.dumps.root` setting will be searched for the archive. +Existing databases can be replaced by specifying `--overwrite-destination`. +It is not possible to replace a database that is mounted in a running Neo4j server. +If `--info` is specified, then the database is not loaded, but information (i.e. file count, byte count, and format of load file) about the archive is printed instead. -| --info -| -| Print meta-data information about the archive file, such as file count, byte count, and format of the load file. +=== Parameters -| --overwrite-destination -| false -| If an existing database should be replaced. - -| --from-path -| -| Path to the directory containing archive(s) created with the `neo4j-admin database dump` command. - -| --from-stdin -| -| Read dump from standard input. +[parameters] +---- + Name of the database to load. Can contain `*` and `?` for globbing. +---- -| --additional-config -| -| Configuration file with additional configuration. -|=== +=== Options +[options] +---- + --additional-config= + Configuration file with additional configuration. + --expand-commands Allow command expansion in config value evaluation. + --from-path= Path to directory containing archive(s) created with the dump command. + --from-stdin Read dump from standard input. + -h, --help Show this help message and exit. + --info Print meta-data information about the archive file, instead of loading the contained + database. + --overwrite-destination[=true|false] + If an existing database should be replaced. + Default: false + --verbose Enable verbose output. +---- [[restore-dump-example]] == Example -The following is an example of how to load the dump of the `neo4j` database created in the section xref:backup-restore/offline-backup.adoc#offline-backup-example[Back up an offline database], using the `neo4j-admin database load` command. +The following is an example of how to load the dump of the `neo4j` database (_neo4j.dump_) created in the section xref:backup-restore/offline-backup.adoc#offline-backup-example[Back up an offline database], using the `neo4j-admin database load` command. When replacing an existing database, you have to shut it down before running the command. +The `--overwrite-destination` option is required because you are replacing an existing database. -[source,shell] +If you are not replacing an existing database, you must create the database (using `CREATE DATABASE` against the `system` database) after the load operation finishes. + +[source,shell, role="nocopy"] ---- -bin/neo4j-admin database load --from-path=/dumps/neo4j neo4j --overwrite-destination +./neo4j-admin database load --from-path=/full-path/data/dumps --overwrite-destination=true ---- -[NOTE] +[TIP] ==== -Unless you are replacing an existing database, you must create the database (using `CREATE DATABASE` against the `system` database) after the load operation finishes. +The command looks for a file called _.dump_ where `` is the database specified in the command. ==== [NOTE] From 88976a472ebbdd97a71c3bea64a9165ff75a6cd0 Mon Sep 17 00:00:00 2001 From: Mark Dixon <1756429+mnd999@users.noreply.github.com> Date: Fri, 14 Apr 2023 12:05:00 +0100 Subject: [PATCH 219/876] Better document the username and groups config items (#674) The groups config item gained support for a single string in 5.4.0 so we should reflect that. Also explain in more detail what is supported. --------- Co-authored-by: Reneta Popova --- .../pages/authentication-authorization/sso-integration.adoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/pages/authentication-authorization/sso-integration.adoc b/modules/ROOT/pages/authentication-authorization/sso-integration.adoc index c17e8352f..18b186ba3 100644 --- a/modules/ROOT/pages/authentication-authorization/sso-integration.adoc +++ b/modules/ROOT/pages/authentication-authorization/sso-integration.adoc @@ -114,12 +114,12 @@ The default is `false`, to read the claim from the token. | xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.claims.username[dbms.security.oidc..claims.username] | sub | true -| The claim to use for the database username. +| The claim to use for the database username. Neo4j expects to find a string claim in the JWT or user_info response with this name. | xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.claims.groups[dbms.security.oidc..claims.groups] | | true -| The claim to use for the database roles. +| The claim to use for the database roles. Neo4j expects to find a claim in the JWT or user_info response with this name. The claim may be a string claim representing a single role or a string array claim representing multiple roles. | xref:reference/configuration-settings.adoc#config_dbms.security.oidc.-provider-.authorization.group_to_role_mapping[dbms.security.oidc..authorization.group_to_role_mapping] | @@ -247,7 +247,7 @@ dbms.security.oidc.mysso.claims.client_id=myclientid . Configure Claims: + Provide the name of the claims that map to the database username and roles. -`username` is expected to be a string claim and `roles` is expected to be a list of strings. +`username` is expected to be a string claim, and `roles` is expected to be a list of strings representing a set of roles or a single string representing a single role. + [source, properties] ---- From 11d7e09ed0d35ed1326476645e80066b72077d73 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Fri, 14 Apr 2023 13:08:40 +0200 Subject: [PATCH 220/876] Updating a last command that was still install-service (#673) (#675) Instead of the correct `windows-service` Cherry-picked from https://github.com/neo4j/docs-operations/pull/673 --- modules/ROOT/pages/installation/windows.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/installation/windows.adoc b/modules/ROOT/pages/installation/windows.adoc index 3c3fcbaf7..194267044 100644 --- a/modules/ROOT/pages/installation/windows.adoc +++ b/modules/ROOT/pages/installation/windows.adoc @@ -213,7 +213,7 @@ Invoke-Neo4j status + [source,powershell] ---- -Invoke-Neo4j install-service -Verbose +Invoke-Neo4j windows-service -Verbose ---- * Available commands for administrative tasks: From 979db9119a750ff02295766ce980713c8bd6f1a9 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Fri, 14 Apr 2023 13:15:11 +0200 Subject: [PATCH 221/876] Fixing incorrect reference (#665) (#676) Cherry-picked from https://github.com/neo4j/docs-operations/pull/665 --- modules/ROOT/pages/installation/requirements.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/installation/requirements.adoc b/modules/ROOT/pages/installation/requirements.adoc index 035fbc22a..6bdb5da4a 100644 --- a/modules/ROOT/pages/installation/requirements.adoc +++ b/modules/ROOT/pages/installation/requirements.adoc @@ -70,7 +70,7 @@ For server-based, on-premise environments: | *Memory* | 8GB minimum. Actual requirements depend on workloads. In some cases, it is recommended to use instances with memory that fits the size of the graph in use. -| *Storage* | RAID/SAN or SSD with greater than 5000K IOP. +| *Storage* | RAID/SAN or SSD with greater than 5000 IOPS. NVMe SSD is recommended. Storage size depends on the size of the databases. |=== From 832fe022e288ec81ea3d849b18c36d27f1911c8b Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Fri, 14 Apr 2023 14:16:24 +0100 Subject: [PATCH 222/876] Update parameters and options (#680) --- .../pages/backup-restore/restore-dump.adoc | 68 +++++++++++++------ 1 file changed, 49 insertions(+), 19 deletions(-) diff --git a/modules/ROOT/pages/backup-restore/restore-dump.adoc b/modules/ROOT/pages/backup-restore/restore-dump.adoc index 62edffb40..0a02fcf72 100644 --- a/modules/ROOT/pages/backup-restore/restore-dump.adoc +++ b/modules/ROOT/pages/backup-restore/restore-dump.adoc @@ -39,28 +39,58 @@ If `--info` is specified, then the database is not loaded, but information (i.e. === Parameters -[parameters] ----- - Name of the database to load. Can contain `*` and `?` for globbing. ----- +.`neo4j-admin database load` parameters +[options="header", cols="5m,10a,2m"] +|=== +| Parameter +| Description +| Default +| +|Name of the database to load. +Can contain `*` and `?` for globbing. +|neo4j +|=== === Options -[options] ----- - --additional-config= - Configuration file with additional configuration. - --expand-commands Allow command expansion in config value evaluation. - --from-path= Path to directory containing archive(s) created with the dump command. - --from-stdin Read dump from standard input. - -h, --help Show this help message and exit. - --info Print meta-data information about the archive file, instead of loading the contained - database. - --overwrite-destination[=true|false] - If an existing database should be replaced. - Default: false - --verbose Enable verbose output. ----- +.`neo4j-admin database load` options +[options="header", cols="5m,10a,2m"] +|=== +| Option +| Description +| Default + +|--additional-config= +|Configuration file with additional configuration. +| + +|--expand-commands +|Allow command expansion in config value evaluation. +| + +|--from-path= +|Path to a directory containing archive(s) created with the dump command. +| + +|--from-stdin +|Read dump from standard input. +| + +|-h, --help +|Show this help message and exit. +| + +|--info +|Print meta-data information about the archive file, instead of loading the contained database. +| + +|--overwrite-destination[=true\|false] +|If an existing database should be replaced. +|false + +|--verbose +|Enable verbose output. +|=== [[restore-dump-example]] == Example From 6f156aae56314c237809ca9599e7db1869f5d8c5 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Mon, 17 Apr 2023 15:01:02 +0200 Subject: [PATCH 223/876] Update of configuration to the latest format (#684) (#685) From `server.security.oidc.*` to the new `dbms.security.oidc.*` Cherry-picked from https://github.com/neo4j/docs-operations/pull/684 --- .../ROOT/pages/kubernetes/configuration.adoc | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/modules/ROOT/pages/kubernetes/configuration.adoc b/modules/ROOT/pages/kubernetes/configuration.adoc index add8024d6..b0c3ec093 100644 --- a/modules/ROOT/pages/kubernetes/configuration.adoc +++ b/modules/ROOT/pages/kubernetes/configuration.adoc @@ -1139,18 +1139,18 @@ For more information on how to configure your identity provider and what setting [source, yaml] ---- config: - server.security.oidc.azure.audience: "00f3a7d3-d855-4849-9e3c-57d7b6e12794" - server.security.oidc.azure.params: "client_id=00f3a7d3-d855-4849-9e3c-57d7b6e12794;response_type=code;scope=openid profile email" - server.security.oidc.azure.well_known_discovery_uri: "https://login.microsoftonline.com/da501982-4ca7-420c-8926-1e65b5bf565f/v2.0/.well-known/openid-configuration" - server.security.authorization_providers: "oidc-azure,native" - server.security.authentication_providers: "oidc-azure,native" - server.security.oidc.azure.display_name: "Azure SSO on K8s" - server.security.oidc.azure.auth_flow: "pkce" + dbms.security.oidc.azure.audience: "00f3a7d3-d855-4849-9e3c-57d7b6e12794" + dbms.security.oidc.azure.params: "client_id=00f3a7d3-d855-4849-9e3c-57d7b6e12794;response_type=code;scope=openid profile email" + dbms.security.oidc.azure.well_known_discovery_uri: "https://login.microsoftonline.com/da501982-4ca7-420c-8926-1e65b5bf565f/v2.0/.well-known/openid-configuration" + dbms.security.authorization_providers: "oidc-azure,native" + dbms.security.authentication_providers: "oidc-azure,native" + dbms.security.oidc.azure.display_name: "Azure SSO on K8s" + dbms.security.oidc.azure.auth_flow: "pkce" server_type_principal=id_token;token_type_authentication=id_token" - server.security.oidc.azure.config: "principal=unique_name;code_challenge_method=S256; - server.security.oidc.azure.claims.username: "sub" - server.security.oidc.azure.claims.groups: "groups" - server.security.oidc.azure.authorization.group_to_role_mapping: "e197354c-bd75-4524-abbc-d44325904567=editor;fa31ce67-9e4d-4999-bf6d-25c55258d116=publisher" + dbms.security.oidc.azure.config: "principal=unique_name;code_challenge_method=S256; + dbms.security.oidc.azure.claims.username: "sub" + dbms.security.oidc.azure.claims.groups: "groups" + dbms.security.oidc.azure.authorization.group_to_role_mapping: "e197354c-bd75-4524-abbc-d44325904567=editor;fa31ce67-9e4d-4999-bf6d-25c55258d116=publisher" ---- [IMPORTANT] From 3afba8440d8b87a0def3d39c508c85c02f1bfa44 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Mon, 17 Apr 2023 14:01:12 +0100 Subject: [PATCH 224/876] Update neo4j-admin database check syntax and options to reflect the code (#682) --- .../neo4j-admin/consistency-checker.adoc | 156 +++++++++--------- 1 file changed, 82 insertions(+), 74 deletions(-) diff --git a/modules/ROOT/pages/tools/neo4j-admin/consistency-checker.adoc b/modules/ROOT/pages/tools/neo4j-admin/consistency-checker.adoc index bf5596a59..9a8931d86 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/consistency-checker.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/consistency-checker.adoc @@ -4,114 +4,122 @@ You can use the `neo4j-admin database check` command to check the consistency of a database, a dump, or a backup. The `neo4j-admin` tool is located in the _/bin_ directory. -If checking the consistency of a database, note that it has to be stopped first or else the consistency check will result in an error. - -[NOTE] -==== -It is not recommended to use an NFS to check the consistency of a database, a dump, or a backup as this slows the process down significantly. -==== == Syntax The `neo4j-admin database check` command has the following syntax: +[source,role=noheader] ---- -neo4j-admin database check [-h] - [--expand-commands] - [--force] - [--verbose] - [--check-counts[=true|false]] - [--check-graph[=true|false]] - [--check-indexes[=true|false]] - [--check-property-owners[=true|false]] - [--additional-config=] - [--max-off-heap-memory=] - [--report-path=] - [--threads=] - [[--from-path-data= --from-path-txn=] | [--from-path= [--temp-path=]]] +neo4j-admin database check [-h] [--expand-commands] [--force] [--verbose] + [--check-counts[=true|false]] [--check-graph[=true|false]] + [--check-indexes[=true|false]] [--check-property-owners[=true|false]] + [--additional-config=] [--max-off-heap-memory=] + [--report-path=][--threads=] + [[--from-path-data= --from-path-txn=] | [--from-path= [--temp-path=]]] ---- -`` -- Name of the database to check. +=== Description -== Options +This command allows for checking the consistency of a database, a dump, or a backup. +It cannot be used with a database that is currently in use. -The `neo4j-admin database check` command has the following options: +Some checks can be quite expensive, so it may be useful to turn some of them off for very large databases. +Increasing the heap size might be a good idea. + +[NOTE] +==== +It is not recommended to use an NFS to check the consistency of a database, a dump, or a backup as this slows the process down significantly. +==== -[options="header",cols="1m,2a,3a"] +=== Parameters + +.`neo4j-admin database check` parameters +[options="header", cols="1m,3a"] |=== -| Option -| Possible values +| Parameter | Description -| -h, --help -| -| Show this help message and exit. +| +|Name of the database to check. +|=== -| --expand-commands -| -| Allow command expansion in config value evaluation. +=== Options -| --force -| `true` or `false` (Default: `false`) -| Force a consistency check to be run, despite resources, and may run a more thorough check. +The `neo4j-admin database check` command has the following options: + +.`neo4j-admin database check` options +[options="header", cols="5m,6a,4m"] +|=== +| Option +| Description +| Default | --verbose -| `true` or `false` (Default: `false`) | Enable verbose output. +| + +|-h, --help +|Show this help message and exit. +| -| --check-graph -| `true` or `false` (Default: `true`) -| Perform checks between nodes, relationships, properties, types, and tokens. +|--expand-commands +|Allow command expansion in config value evaluation. +| -| --check-counts -| `true` or `false` -| Perform consistency checks on the counts. Requires the `check-graph` option to be `true` (which is by default) and will implicitly enable `` if it is not explicitly disabled. Default: ``. +|--additional-config= +| Configuration file with additional configuration. +| -| --check-indexes -| `true` or `false` (Default: `true`) -| Perform checks on indexes. +|--force +| `Force a consistency check to be run, despite resources, and may run a more thorough check. +| -| --check-property-owners -| `true` or `false` (Default: `false`) -| Perform consistency checks on the ownership of properties. Requires the `check-graph` option to be `true` (which is by default) and will implicitly enable `` if it is not explicitly disabled. +|--check-indexes[=true\|false] +|Perform consistency checks on indexes. +|true -| --additional-config -| `` -| Path to a configuration file that contains additional configuration options. +|--check-graph[=true\|false] +|Perform consistency checks between nodes, relationships, properties, types, and tokens. +|true -| --max-off-heap-memory -| `` (Default: `90%`) -| Maximum memory that `neo4j-admin`` can use for page cache and various caching data structures to improve performance. -Value can be plain numbers, like `10000000` or e.g. `20G` for 20 gigabytes, or even e.g. `70%`, which will amount to 70% of currently free memory on the machine. +|--check-counts[=true\|false] +| Perform consistency checks on the counts. Requires , and may implicitly enable if it were not explicitly disabled. +| -| --report-path -| `` (Default: `.`) -| Path to where a consistency report will be written. Interpreted as a directory, unless it has an extension of _.report_. +| --check-property-owners[=true\|false] +| Perform consistency checks on the ownership of properties. Requires , and may implicitly enable if it were not explicitly disabled. +|false -| --threads -| `` (Default: the number of CPUs on the machine) -| Number of threads used to check the consistency. +| --report-path= +| Path to where a consistency report will be written. Interpreted as a directory, unless it has an extension of `.report`. +| . -| --from-path-data -| `` (Default: xref:reference/configuration-settings.adoc#config_server.directories.data, [`server.directories.data`]/databases) -| Path to the databases directory, containing the database directory to source from. +|--max-off-heap-memory= +| Maximum memory that `neo4j-admin` can use for page cache and various caching data structures to improve performance. +Value can be plain numbers, like `10000000` or e.g. `20G` for 20 gigabytes, or even e.g. `70%`, which will amount to 70% of currently free memory on the machine. +|90% -| --from-path-txn -| `` (Default: xref:reference/configuration-settings.adoc#config_server.directories.transaction.logs.root[`server.directories.transaction.logs.root`]) -| Path to the transactions_ directory, containing the transaction directory for the database to source from. +|--threads= +|Number of threads used to check the consistency. +|The number of CPUs on the machine. -| --from-path -| `` -| Path to the directory containing dump/backup artifacts whose consistency will be checked. +|--from-path-data= +|Path to the databases directory, containing the database directory to source from. +| xref:reference/configuration-settings.adoc#config_server.directories.data, [`server.directories.data`]/databases -| --temp-path -| `` -| Path to a directory to be used as a staging area to extract dump/backup artifacts if needed. +|--from-path-txn= +|Path to the transactions directory, containing the transaction directory for the database to source from. +| xref:reference/configuration-settings.adoc#config_server.directories.transaction.logs.root[`server.directories.transaction.logs.root`] -| +|--from-path= +|Path to a directory containing dump/backup artifacts to check the consistency of. | -| Name of the database to check. + +|--temp-path= +|Path to a directory to be used as a staging area to extract dump/backup artifacts, if needed. +| |=== == Output From ef9e38f772c92ecdcfa4069f90d3c653650c1ece Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Mon, 17 Apr 2023 15:04:03 +0200 Subject: [PATCH 225/876] New information about disk monitoring (#662) (#686) Cherry-picked from https://github.com/neo4j/docs-operations/pull/662 Co-authored-by: Reneta Popova --- modules/ROOT/pages/monitoring/metrics/essential.adoc | 6 +++++- modules/ROOT/pages/monitoring/metrics/expose.adoc | 9 ++++----- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/modules/ROOT/pages/monitoring/metrics/essential.adoc b/modules/ROOT/pages/monitoring/metrics/essential.adoc index 538d1aab7..b8e90a285 100644 --- a/modules/ROOT/pages/monitoring/metrics/essential.adoc +++ b/modules/ROOT/pages/monitoring/metrics/essential.adoc @@ -39,9 +39,11 @@ For more information, see xref:performance/memory-configuration.adoc[]. | Observe the rate of your data growth so you can plan for additional storage before you run out. This applies to all disks that Neo4j is writing to. You might also choose to write the log files to a different disk. +[NOTE] +An out of disk event may disrupt system availability and cause the database going offline, thus creating the risk of database or log file corruption. To avoid that, system monitoring tools should be configured to monitor available disk space on all drives used for databases, indexes, and transactions logs. +For more recommendations, see xref:performance/disks-ram-and-other-tips.adoc#performance-storage[Disks, RAM and other tips], as well as xref:clustering/monitoring/show-servers-monitoring.adoc[Monitoring servers] and xref:clustering/monitoring/show-databases-monitoring.adoc[Monitoring databases] in a Neo4j cluster. |=== - == Neo4j load metrics The Neo4j load metrics monitor the strain that Neo4j is being put under. @@ -109,6 +111,8 @@ It might break into separate charts. It should show one line, ever-increasing, and if one of the lines levels off or falls behind, it is clear that this instance is no longer replicating data, and action is needed to rectify the situation. |=== +See more about how to xref:clustering/monitoring/endpoints.adoc[Monitor cluster endpoints for status information]. + == Workload metrics These metrics help monitor the workload of a Neo4j instance. diff --git a/modules/ROOT/pages/monitoring/metrics/expose.adoc b/modules/ROOT/pages/monitoring/metrics/expose.adoc index e8da3143c..893442b99 100644 --- a/modules/ROOT/pages/monitoring/metrics/expose.adoc +++ b/modules/ROOT/pages/monitoring/metrics/expose.adoc @@ -7,10 +7,10 @@ Neo4j supports the following ways of exposing data for monitoring purposes: * Neo4j Ops Manager -- a UI-based tool that enables a DBA (or any administrator) to monitor, administer, and operate all of the Neo4j DBMSs in an Enterprise. -* CSV files -- retrieve metrics from CSV files (`true` by default). -* JMX MBeans -- expose metrics over JMX MBeans (`true` by default). -* Graphite -- send metrics to https://graphiteapp.org/[Graphite] or any monitoring tool based on the Graphite protocol (`false` by default). -* Prometheus -- publish metrics for polling as https://prometheus.io/[Prometheus] endpoint (`false` by default). +* CSV files -- retrieve metrics from CSV files. Enabled by default. +* JMX MBeans -- expose metrics over JMX MBeans. Enabled by default. +* Graphite -- send metrics to https://graphiteapp.org/[Graphite] or any monitoring tool based on the Graphite protocol. Disabled by default. +* Prometheus -- publish metrics for polling as https://prometheus.io/[Prometheus] endpoint. Disabled by default. == Neo4j Ops Manager @@ -43,7 +43,6 @@ server.metrics.csv.rotation.compression=ZIP xref:reference/configuration-settings.adoc#config_server.metrics.csv.rotation.compression[`server.metrics.csv.rotation.compression`] selects the compression scheme to use on the files after rotation. Since CSV files are highly compressible, it is recommended to enable compression of the files to save disk space. - == JMX MBeans From version 4.2.2 onwards, the JMX metrics are exposed by default over JMX MBeans. From 379df56175b146c591ff54e6af30afcba489b96c Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Mon, 17 Apr 2023 14:12:07 +0100 Subject: [PATCH 226/876] Update neo4j-admin server report syntax and options to reflect the code (#683) --- .../tools/neo4j-admin/neo4j-admin-report.adoc | 108 +++++++++++------- 1 file changed, 64 insertions(+), 44 deletions(-) diff --git a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-report.adoc b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-report.adoc index 18281fd88..dde547289 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-report.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-report.adoc @@ -5,68 +5,42 @@ //Check Mark :check-mark: icon:check[] -You can use the `neo4j-admin server report` command to collect information about a Neo4j installation and save it to an archive. +The `neo4j-admin server report` command collects information about the Neo4j deployment and saves it to an archive (ZIP/TAR) for remote assessments. == Syntax The `neo4j-admin server report` command has the following syntax: +[source,role=noheader] ---- neo4j-admin server report [-h] - [--expand-commands] - [--list] - [--verbose] + [--expand-commands] [--list] [--verbose] [--ignore-disk-space-check[=true|false]] - [--additional-config=] - [--to-path=] - [...] + [--additional-config=] [--to-path=] + [...] [COMMAND] ---- -The intended usage of the report tool is to simplify the support process by collecting the relevant information in a standard way. +=== Description + +The command collects information about the system and packages everything in an archive. +If you specify `all`, everything is included. +You can also finetune the selection by passing classifiers to the tool, e.g `logs tx threads`. + This tool does not send any information automatically. To share this information with the Neo4j Support organization, you have to send it manually. -== Options and classifiers - -The `neo4j-admin server report` command has the following options and classifiers: +=== Parameters -.Options -[options="header", cols="<2m,^1a,<4a"] +.`neo4j-admin server report` parameters +[options="header", cols="1m,3m"] |=== -| Option -| Possible values -| Description - -| -h, --help -| -| Show this help message and exit. - -| `--expand-commands` -| -| Allow command expansion in config value evaluation. - -| --list -| -| List all available classifiers. - -| --verbose -| -| Enable verbose output. +| Parameter +| Default -| --ignore-disk-space-check -| `true` or `false` (Default: `false`) -| Ignore disk full warning. - -| --to-path -| `` (Default: _/tmp_) -| Destination directory for reports. +|[...] +|[config, logs, metrics, plugins, ps, sysprop, threads, tree, version] |=== -By default, the tool tries to estimate the final size of the report and uses that to assert that there is enough disk space available for it. -If there is not enough available space, the tool aborts. -However, this estimation is pessimistic and does not consider the compression. -Therefore, if you are confident that you do have enough disk space, you can disable this check with the option `--ignore-disk-space-check`. - [[classifiers]] .Classifiers [options="header", cols="<1m,^1a,<4a"] @@ -137,6 +111,52 @@ However, the heap, the raft logs, and the transaction logs may contain data. Additionally, even though the standard _neo4j.conf_ file does not contain password information, for specific configurations, it may have this type of information. Therefore, be aware of your organization's data security rules before using the classifiers `heap`, `tx`, `raft`, and `config`. +=== Options + +The `neo4j-admin server report` command has the following options: + +.`neo4j-admin server report` options +[options="header", cols="5m,6a,2m"] +|=== +| Option +| Description +| Default + +|--additional-config= +|Configuration file with additional configuration. +| + +|--expand-commands +|Allow command expansion in config value evaluation. +| + +|-h, --help +|Show this help message and exit. +| + +|--ignore-disk-space-check[=true\|false] +|Ignore disk full warning. +|false + + +|--list +|List all available classifiers. +| + +|--to-path= +|Destination directory for reports. Defaults to a system tmp directory. +| + +|--verbose +|Enable verbose output. +| +|=== + +By default, the tool tries to estimate the final size of the report and uses that to assert that there is enough disk space available for it. +If there is not enough available space, the tool aborts. +However, this estimation is pessimistic and does not consider compression. +Therefore, if you are confident that you do have enough disk space, you can disable this check with the option `--ignore-disk-space-check`. + == Examples [NOTE] From eb0cf30054797e3aa5acdd2e2347e3d461e8ee66 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Mon, 17 Apr 2023 15:10:18 +0100 Subject: [PATCH 227/876] Update neo4j-admin database info syntax and options to reflect the code (#689) --- .../neo4j-admin/neo4j-admin-store-info.adoc | 78 ++++++++++--------- 1 file changed, 42 insertions(+), 36 deletions(-) diff --git a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-store-info.adoc b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-store-info.adoc index cff1a52e7..a71b21cb3 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-store-info.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-store-info.adoc @@ -2,7 +2,8 @@ [[neo4j-admin-store-info]] = Display store information -You can use the `neo4j-admin database info` command to get the following information about the _store format_ of a given _database store_: +You can use the `neo4j-admin database info` command to print information about a Neo4j database store. +The following information about the _store format_ of a given _database store_ can be retrieved: * The store format version. * When the store format version was introduced. @@ -16,57 +17,62 @@ The `neo4j-admin database info` command is located in the xref:configuration/fil The `neo4j-admin database info` command should be invoked against an *offline* database store or a backup and has the following syntax: ---- -neo4j-admin database info [-h] [--expand-commands] - [--verbose] - [--additional-config=] - [--format=text|json] - [--from-path=] - [] - +neo4j-admin database info [-h] [--expand-commands] [--verbose] + [--additional-config=] + [--format=text|json] + [--from-path=] [] ---- +=== Parameters + +.`neo4j-admin database info` parameters +[options="header", cols="1m,3a,1m"] +|=== +| Parameter +| Description +| Default + +|[] +|Name of the database to show info for. +Can contain * and ? for globbing. +Note that * and ? have special meaning in some shells and might need to be escaped or used with quotes. +| * +|=== -== Options +=== Options The `neo4j-admin database info` command has the following options: -.Options -[options="header", cols="1m,1a, 3a"] +.`neo4j-admin database info` options +[options="header", cols="5m,6a,4m"] |=== -| Name -| Possible values +| Option | Description +| Default -| -h, --help -| -| Show this help message and exit. - -| --expand-commands +|--additional-config= +|Configuration file with additional configuration. | -| Allow command expansion in config value evaluation. -| --verbose +|--expand-commands +| Allow command expansion in config value evaluation. | -| Enable verbose output. -| --additional-config -| -| Configuration file with additional configuration. +|--format=text\|json +|The format of the returned information. +|text -| --format -| `text` or `json` -| The format to use for the returned information. -Default is `text`. +|--from-path= +|Path to databases directory. +| -| --from-path -| -| Path to databases directory. +|-h, --help +| Show this help message and exit. +| -| -| -| Name of the database to show info for. -Can contain `\*` and `?` for globbing. -Default is `*`. +|--verbose +| Enable verbose output. +| |=== From da345b65c2cd7f84a00e8b1ed2a6b7538b2cc1b8 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Tue, 18 Apr 2023 14:19:43 +0100 Subject: [PATCH 228/876] Update neo4j-admin database restore syntax and options to reflect the code (#693) --- .../pages/backup-restore/restore-backup.adoc | 103 +++++++++--------- 1 file changed, 50 insertions(+), 53 deletions(-) diff --git a/modules/ROOT/pages/backup-restore/restore-backup.adoc b/modules/ROOT/pages/backup-restore/restore-backup.adoc index 82ceaa440..ab2cb55f0 100644 --- a/modules/ROOT/pages/backup-restore/restore-backup.adoc +++ b/modules/ROOT/pages/backup-restore/restore-backup.adoc @@ -28,89 +28,86 @@ This recovery operation is resource intensive and can be decoupled from the rest [source,role=noheader] ---- - -neo4j-admin database restore --from-path=[,...] - [--overwrite-destination=] - [--restore-until=] - [--to-path-data=] - [--to-path-txn=] - [--verbose] - [--expand-commands] - [--force] - +neo4j-admin database restore [-h] [--expand-commands] + [--verbose] [--overwrite-destination[=true|false]] + [--additional-config=] + --from-path=[,...] + [--restore-until=] + [--to-path-data=] [--to-path-txn=] + [] ---- +=== Parameters + +.`neo4j-admin database restore` parameters +[options="header", cols="1m,3a"] +|=== +| Parameter +| Description + +| +|Name of the database after restore. Usage of this parameter is only allowed if the `--from-path` option points to a path to a single artifact. +|=== + + [[restore-backup-command-options]] === Options -[options="header",cols="m,m,a"] +.`neo4j-admin database restore` options +[options="header", cols="5m,6a,4m"] |=== | Option -| Default | Description +| Default + +|--additional-config= +|Configuration file with additional configuration or override the existing configuration settings in the _neo4j.conf_ file. +| -| --from-path +|--expand-commands +|Allow command expansion in config value evaluation. | -| A single path or a comma-separated list of paths pointing to a backup artifact file. + +|--from-path=[,...] +|A single path or a comma-separated list of paths pointing to a backup artifact file. An artifact file can be 1) a full backup, in which case it is restored directly or, 2) a differential backup, in which case the command tries first to find in the folder a backup chain ending at that specific differential backup and then restores that chain. +| -| --overwrite-destination +|-h, --help +|Show this help message and exit. | -| Replace an existing database. + +|--overwrite-destination[=true\|false] +|If an existing database should be replaced. This option is not safe on a cluster since clusters have additional state that would be inconsistent with restored database. In a cluster, restore to a new database to avoid this problem. +|false -| --restore-until -| -| Differential backup artifacts contains transaction logs that can be replayed and applied to stores contained in full backup artifacts when restoring a backup chain. +|--restore-until= +| Differential backup artifacts contain transaction logs that can be replayed and applied to stores contained in full backup artifacts when restoring a backup chain. The database applies logs until the recovery predicate is satisfied. Currently supported predicates are: `` and ``. -- to restore a database up to a transaction id, the required transaction predicate should look like: -`--restore-until=123`, where 123 is a provided -transaction id. +- to restore a database up to a transaction id, the required transaction predicate should look like `--restore-until=123`, where 123 is a provided transaction id. The restore recovers transaction logs up to - but not including - transaction 123. -- to restore a database up to a specific date, the required date predicate should look like: -`--restore-until=2021-09-11 10:15:30`, where n2021-09-11 10:15:30 is a UTC date. +- to restore a database up to a specific date, the required date predicate should look like `--restore-until=2021-09-11 10:15:30`, where n2021-09-11 10:15:30 is a UTC date. The restore recovers transactions that were committed before the provided date. - -| --to-path-data | -| Base directory for databases. -Usage of this option is only allowed if the `--from-path` parameter points to one directory. -| --to-path-txn -| -| Base directory for transaction logs. +| --to-path-data= +|Base directory for databases. Usage of this option is only allowed if the `--from-path` parameter points to one directory. - -| --verbose | -| Enable verbose output. -| --expand-commands +|--to-path-txn= +|Base directory for transaction logs. +Usage of this option is only allowed if the `--from-path` parameter points to one directory. | -| Allow command expansion in config value evaluation. -| --additional-config +|--verbose +|Enable verbose output. | -| Configuration file to provide additional or override the existing configuration settings in the _neo4j.conf_ file. -|=== - -[[backup-backup-command-parameters]] -=== Parameters - -[options="header",cols="m,m,a"] -|=== -| Parameter -| Default -| Description - -| -| -| Name for the restored database. - |=== [[restore-backup-example]] From cb1a66d01791faba5bdeac250b11a9e47d5dff62 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Tue, 18 Apr 2023 15:23:39 +0100 Subject: [PATCH 229/876] Update neo4j-admin database backup syntax and options to reflect the code (#694) --- .../pages/backup-restore/online-backup.adoc | 155 ++++++++---------- 1 file changed, 72 insertions(+), 83 deletions(-) diff --git a/modules/ROOT/pages/backup-restore/online-backup.adoc b/modules/ROOT/pages/backup-restore/online-backup.adoc index 91ccf7095..c9e66aeed 100644 --- a/modules/ROOT/pages/backup-restore/online-backup.adoc +++ b/modules/ROOT/pages/backup-restore/online-backup.adoc @@ -41,7 +41,8 @@ image::backup-chain.png[title="Backup chain",role="middle"] [[backup-command-usage]] === Usage -The `neo4j-admin database backup` command can be used for performing both full and differential backups of an **online** database. +The `neo4j-admin database backup` command can be used for performing an online full or differential backup from a running Neo4j Enterprise server. +Neo4j's backup service must have been configured on the server beforehand. The command can be run both locally and remotely. However, it uses a significant amount of resources, such as memory and CPU. Therefore, it is recommended to perform the backup on a separate dedicated machine. @@ -58,115 +59,103 @@ For more information, see xref:backup-restore/online-backup.adoc#online-backup-c [source,role=noheader] ---- -neo4j-admin database backup --to-path= - [--from=[,]...] - [--type=] - [--compress=] - [--keep-failed=] - [--pagecache=] - [--include-metadata=] - [--parallel-recovery=] - [--inspect-path=] - [--verbose] - [--expand-commands] - [--additional-config=] - +neo4j-admin database backup [-h] [--expand-commands] [--verbose] + [--compress[=true|false]] [--keep-failed[=true|false]] + [--parallel-recovery[=true|false]] + [--additional-config=] + [--include-metadata=none|all|users|roles] + [--inspect-path=] [--pagecache=] + [--to-path=] [--type=] + [--from=[,...]]... + [] ---- +[[backup-backup-command-parameters]] +=== Parameters -[[backup-command-options]] -=== Options - -[options="header",cols="m,m,a"] +.`neo4j-admin database backup` parameters +[options="header", cols="1m,3a,1m"] |=== -| Option +| Parameter | Default | Description -| --to-path -| -| Directory to place backup in. - -| --from -| localhost:6362 -| Comma-separated list of host and port of Neo4j instances, each of which are tried in order. - -| --type -| AUTO -| Type of backup to perform. Possible values are: `FULL`, `DIFF`, `AUTO`. +| +|Name of the remote database to backup. Can contain `*` and `?` for globbing (required unless `--inspect-path` is used). +|neo4j +|=== -| --compress -| true -| Request backup artifact to be compressed. -If disabled, backup artifact creation is faster but the size of the produced artifact is approximately equal to the size of backed-up database. +[TIP] +==== +With a single `*` as a value, you can back up all the databases of the DBMS. +==== -| --keep-failed -| false -| Request failed backup to be preserved for further post-failure analysis. -If enabled, a directory with the failed backup database is preserved. +[[backup-command-options]] +=== Options -| --pagecache -| 8m -| The size of the page cache to use for the backup process. +.`neo4j-admin database backup` options +[options="header", cols="5m,6a,4m"] +|=== +| Option +| Description +| Default -| --include-metadata +|--additional-config= +|Configuration file with additional configuration or override the existing configuration settings in the _neo4j.conf_ file. | -| Include metadata in the backup. -Metadata contains security settings related to the database. -Cannot be used for backing up the `system` database. - -- `roles` - commands to create the roles and privileges (for both database and graph) that affect the use of the database. -- `users` - commands to create the users that can use the database and their role assignments. -- `all` - include roles and users. -| --parallel-recovery -| false -| Allow multiple threads to apply transactions to a backup in parallel. -For some databases and workloads, this may reduce execution times significantly. +|--compress[=true\|false] +|Request backup artifact to be compressed. If disabled, backup artifact creation is faster but the size of the produced artifact will be approximately equal to the size of backed-up database. +|true -[NOTE] -==== -`parallel-recovery` is an experimental option. -Consult Neo4j support before use. -==== - -| --inspect-path +| --expand-commands +|Allow command expansion in config value evaluation. | -| List and show the metadata of the backup artifact(s). -Accepts a folder or a file. -| --verbose +|--from=[,...] +|Comma-separated list of host and port of Neo4j instances, each of which are tried in order. | -| Enable verbose output. -| --expand-commands +|-h, --help +|Show this help message and exit. | -| Allow command expansion in config value evaluation. -| --additional-config +|--include-metadata=none\|all\|users\|roles +|Include metadata in file. Can't be used for backing system database. +- roles - commands to create the roles and privileges (for both database and graph) that affect the use of the database +- users - commands to create the users that can use the database and their role assignments +- all - include roles and users +- none - don't include any metadata +|all + +|--inspect-path= +|List and show the metadata of the backup artifact(s). Accepts a folder or a file. | -| Configuration file to provide additional or override the existing configuration settings in the _neo4j.conf_ file. -|=== -[[backup-backup-command-parameters]] -=== Parameters +|--keep-failed[=true\|false] +|Request failed backup to be preserved for further post-failure analysis. If enabled, a directory with the failed backup database is preserved. +|false -[options="header",cols="m,m,a"] -|=== -| Parameter -| Default -| Description +|--pagecache= +|The size of the page cache to use for the backup process. +| + +|--parallel-recovery[=true\|false] +| Allow multiple threads to apply pulled transactions to a backup in parallel. For some databases and workloads, this may reduce backup times significantly. +Note: this is an EXPERIMENTAL option. Consult Neo4j support before use. +|false -| +|--to-path= +|Directory to place backup in (required unless `--inspect-path` is used). | -| Name of the remote database to back up. -The value can contain `*` and `?` for globbing, in which cases all matching databases are backed up. +|--type= +|Type of backup to perform. Possible values are: `FULL`, `DIFF`, `AUTO`. +|AUTO -[TIP] -==== -With a single `*` as a value, you can back up all the databases of the DBMS. -==== +|--verbose +|Enable verbose output. +| |=== [[backup-command-exit-codes]] From a1780c2eb43d455dd77c78eb892844e782fb6325 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Tue, 18 Apr 2023 15:41:37 +0100 Subject: [PATCH 230/876] Update neo4j-admin server memory-recommendation syntax and options to reflect the code (#691) --- .../tools/neo4j-admin/neo4j-admin-memrec.adoc | 60 ++++++++++--------- 1 file changed, 31 insertions(+), 29 deletions(-) diff --git a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-memrec.adoc b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-memrec.adoc index d549c1239..3dc0e3449 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-memrec.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-memrec.adoc @@ -9,57 +9,59 @@ You can use the `neo4j-admin server memory-recommendation` command to get an ini The `neo4j-admin server memory-recommendation` command has the following syntax: ---- -neo4j-admin server memory-recommendation [-h] - [--docker] - [--expand-commands] - [--verbose] - [--additional-config=] +neo4j-admin server memory-recommendation [-h] [--docker] [--expand-commands] + [--verbose] [--additional-config=] [--memory=] ---- -The command gives heuristic memory settings recommendations for the Neo4j JVM heap and pagecache. +=== Description + +The command prints heuristic memory settings recommendations for the Neo4j JVM heap and pagecache. It either uses the total system memory or the amount of memory specified in the `--memory` argument. -The heuristic also assumes that the system is dedicated to running Neo4j. -If this is not the case, then use the `--memory` argument to specify how much memory can be expected to be dedicated to Neo4j. -The default output is formatted so you can copy and paste it into xref:configuration/file-locations.adoc[_neo4j.conf_]. +The heuristic assumes that the system is dedicated to running Neo4j. +If this is not the case, then use the --memory argument to specify how much memory can be expected to be dedicated to Neo4j. +The output is formatted such that it can be copy-pasted into the _neo4j.conf_ file. + The argument `--docker` outputs environmental variables that can be passed to a Neo4j Docker container. For a detailed example, see xref:docker/operations.adoc#docker-neo4j-memrec[Use Neo4j Admin for memory recommendations]. -== Options +=== Options The `neo4j-admin server memory-recommendation` command has the following options: -.Options -[options="header", cols="1a,2m,3a"] +.`neo4j-admin server memory-recommendation` options +[options="header", cols="5m,6a,4m"] |=== | Option -| Default | Description +| Default -| `-h`, `--help` -| -| Show this help message and exit. +|--additional-config= +|Configuration file with additional configuration. +| -| `--docker` +|--docker +|The recommended memory settings are produced in the form of environment variables that can be +directly passed to a Neo4j docker container. The recommended use is to save the generated +environment variables to a file and pass the file to a docker container using `--env-file` +docker option. | -| Enable output formatted as environmental variables that can be passed to a Neo4j Docker container. -The recommended use is to save the generated environment variables to a file and pass that file to a Docker container using `--env-file` Docker option. -| `--expand-commands` +|--expand-commands +|Allow command expansion in config value evaluation. | -| Expand the commands to be run. -| `--verbose` +|-h, --help +|Show this help message and exit. | -| Enable verbose output. -| `--additional-config` -| `` -| Configuration file to supply additional configuration in. +|--memory= +|Recommend memory settings with respect to the given amount of memory, instead of the total memory of the system running the command. Valid units are: `k`, `K`, `m`, `M`, `g`, `G`. +|The memory capacity of the machine. -| `--memory` -| `` (Default: The memory capacity of the machine.) -| Recommend memory settings for the given amount of memory, instead of the total memory of the system running the command. Valid units are: `k`, `K`, `m`, `M`, `g`, `G`. +|--verbose +|Enable verbose output. +| |=== == Considerations From ed9409a942707591961a9207bf385f9920f03487 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Tue, 18 Apr 2023 16:03:59 +0100 Subject: [PATCH 231/876] Add disableSubPathExpr: true to plugins yaml (#699) --- .../ROOT/pages/kubernetes/configuration.adoc | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/modules/ROOT/pages/kubernetes/configuration.adoc b/modules/ROOT/pages/kubernetes/configuration.adoc index b0c3ec093..56a2e975b 100644 --- a/modules/ROOT/pages/kubernetes/configuration.adoc +++ b/modules/ROOT/pages/kubernetes/configuration.adoc @@ -558,7 +558,7 @@ Some examples of possible Neo4j configurations:: [[configure-neo4j-name]] == Set neo4j.name parameter -Starting from Neo4j 5.0.0, standalone servers and cluster servers have no distinction. +Starting from Neo4j 5.0.0, standalone servers and cluster servers have no distinction. This means a standalone server can be upgraded to a cluster by adding more servers. Therefore, the `neo4j.name` parameter, which value links together servers in a cluster, is mandatory, and the installation will fail if it is not specified. `neo4j.name` must be unique within a namespace. @@ -826,7 +826,7 @@ ssl: sources: [ ] ---- -Now you are ready to <> using the configured _ssl-values.yaml_ file and the Neo4j Helm charts. +Now you are ready to <> using the configured _ssl-values.yaml_ file and the Neo4j Helm charts. === Configure an SSL policy using a `generic` Kubernetes secret @@ -842,7 +842,7 @@ For more information, see xref:kubernetes/quickstart-cluster/prerequisites.adoc[ + [source, shell] ---- -cat public.crt| base64 +cat public.crt| base64 ---- + [source, shell] @@ -932,7 +932,7 @@ ssl: sources: [ ] ---- -Now you are ready to deploy the Neo4j cluster using the _ssl-values.yaml_ file and the Neo4j Helm charts. +Now you are ready to deploy the Neo4j cluster using the _ssl-values.yaml_ file and the Neo4j Helm charts. [[deploy-neo4j-cluster-ssl]] === Deploy a Neo4j cluster with SSL certificates @@ -1155,10 +1155,10 @@ config: [IMPORTANT] ==== -`sub` is the only claim guaranteed to be unique and stable. -Other claims, such as `email` or `preferred_username`, may change over time and should *not* be used for authentication. -Neo4j may assign permissions to a user based on this username value in a hybrid authorization configuration. -Thus, changing the username claim from `sub` is not recommended. +`sub` is the only claim guaranteed to be unique and stable. +Other claims, such as `email` or `preferred_username`, may change over time and should *not* be used for authentication. +Neo4j may assign permissions to a user based on this username value in a hybrid authorization configuration. +Thus, changing the username claim from `sub` is not recommended. For details, see https://learn.microsoft.com/en-us/azure/active-directory/develop/id-tokens#using-claims-to-reliably-identify-a-user-subject-and-object-id[Microsoft documentation] as well as the https://openid.net/specs/openid-connect-core-1_0.html#ClaimStability[OpenId spec]. ==== @@ -1375,6 +1375,7 @@ volumes: data: mode: defaultStorageClass licenses: + disableSubPathExpr: true mode: volume volume: secret: @@ -1388,7 +1389,7 @@ env: NEO4J_PLUGINS: '["graph-data-science", "bloom"]' config: gds.enterprise.license_file: "/licenses/gds.license" - dbms.security.procedures.unrestricted: "gds.*,bloom.*" + dbms.security.procedures.unrestricted: "gds.*,apoc.*,bloom.*" server.unmanaged_extension_classes: "com.neo4j.bloom.server=/bloom,semantics.extension=/rdf" dbms.security.http_auth_allowlist: "/,/browser.*,/bloom.*" dbms.bloom.license_file: "/licenses/bloom.license" From 019a42282b0de78562911609221aa8a67603ed5f Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Tue, 18 Apr 2023 17:02:25 +0100 Subject: [PATCH 232/876] Update import syntax & options to reflect the code (#677) --- .../tools/neo4j-admin/neo4j-admin-import.adoc | 583 +++++++++--------- 1 file changed, 283 insertions(+), 300 deletions(-) diff --git a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc index 30c82336a..34135d725 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc @@ -29,7 +29,7 @@ This section describes the `neo4j-admin database import` option. [TIP] ==== -For information on `LOAD CSV`, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/clauses/load-csv[Cypher Manual -> `LOAD CSV`]. +For information on `LOAD CSV`, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/clauses/load-csv[Cypher Manual -> `LOAD CSV`]. For in-depth examples of using the command `neo4j-admin database import`, refer to the xref:tutorial/neo4j-admin-import.adoc[Tutorials -> Neo4j Admin import]. ==== @@ -62,107 +62,39 @@ Instead, you have to add these afterward (see link:{neo4j-docs-base-uri}/cypher- The syntax for importing a set of CSV files is: ---- -neo4j-admin database import full [-h] - [--expand-commands] - [--verbose] - [--auto-skip-subsequent-headers[=true|false]] - [--ignore-empty-strings[=true|false]] - [--ignore-extra-columns[=true|false]] - [--legacy-style-quoting[=true|false]] - [--multiline-fields[=true|false]] - [--normalize-types[=true|false]] - [--overwrite-destination[=true|false]] - [--skip-bad-entries-logging[=true|false]] - [--skip-bad-relationships[=true|false]] - [--skip-duplicate-nodes[=true|false]] - [--trim-strings[=true|false]] - [--additional-config=] - [--array-delimiter=] - [--bad-tolerance=] - [--delimiter=] - [--format=] - [--high-parallel-io=on|off|auto] - [--id-type=string|integer|actual] - [--input-encoding=] - [--max-off-heap-memory=] - [--quote=] - [--read-buffer-size=] - [--report-file=] - [--threads=] - --nodes=[q`d@E(@eL)k)=w-<2!7NL`{TpiHaFFf#Bkqgw;8#$7*` zFll%v2O&Evqr1a0joly4YVnrfP)D&A^*XBU0Vd67jRF)AV$Kj@MGmd9d^#qqlB!_5 zuP_^@pEaogJR9fj+PUx5XEF}N7n$POW#r~z2Xju?xn5Q4+O;d6`cRi)WSp^}p^61z zEW!4fh7d5`BI3vl`)#Om-nVz+{{6E9AA(a!s#YG8nYovq!*)x{}k3R&}o3o$3ySG%#E)%v}nsJHakVF2|9FTs(i(FNs*i4Cs0RCxX`w+pssaf@& zT_Z4ihc{M*@^h+JKM;ss>pe-F1%@fuDgAi&5c4if`lzFha)zWx5P0AQa5W!Zk3N0+ zIL~8WvSf*>lbTEx`!DSl%ur!%ytT+;hO0HC(GQII8d*1_&gr&FUhZkl8#(38z(+*I zF(Nz-kOn?tG3roxu!_-~(`u^5mSPO5MvP<_vqc9*8w{go)hFK;s8%%<>;(N%4Jw(y z4=1KuyzH<{r+E@u8fqjq`T%}CWB;^aKQNXb#-+7;hXK_>eL90UoNsoa20>ip9XOCX zFL>9NF}2zoRvRT@TyhSu-YqUSgSP5-OIu!fuu9v)gIcdsTjGF=pgMQ!C+EOomjglF zS|n1wf8X>(n#I!w0otHuSP-2y>Ug?zt&6v-SFc_i6K2%F^v#(|hA3~;N#+t(ZR`sO zZ!EWYT0ZRtnZU}C0gau$9Qz(v?=BtXF8n!TeZ$=8hdN6l=PENRHe7tzZw=|r5G{BXLcIyf9hj}F!EC!cp7 zf5=IG$#-jeuni%yel9vxKF!m?oQ5IVX#j^%$ia*H zqf9=}%Yd@Zuih0TUB3)3ucF67If^;Fc^A{3`TB~XL-R_7>emaa)7p4dp^R}mm5ahXklP>wE>4Xx}dVpI#lAodN!3_eK3cvd5tJhw8 z?dz|_M#S3eE)I_$_WLZ6thvBf~IpM3sc^siMW-?7;P z->x=`g1bhVF*15JWhlKpB=k1G}a*%=) z>Og$$&RBv0M&qu%OcMya^Ugbv>=REs@v_SNasCV^3=ebwTZ^7yHlgwvkmQAt;pUpEf%K5ArZ#A5EMg$q* zV{vW7c<{joVT8O494-dumI*k|gVRg+pceLRsflz&SeYTUqx>X!4haF|NPc6+j0wYv z9xsqpeaoj6D8kKPMl+(Hu!M)VK`XOLwQ$!{(0gXpum-|7W_*MPDqxr;3T9Dy|5qNY z^Z@}j-5tP_`_*``e!4ludlh8yS{Vn~?%$tRx- zv&XUZkAM7w!k>QnsZ*y;kWB)|o_+RNUL+)gPe1*X_e$o&-go)+8G^|fJ^1UN}sjhIK+&Jx`T;Q^i+gYh@c*~4 zz2#BJ`BOv;=@ro4h*ye>_vp<%@~Pv~S&4rS!(;wDBSV?yar^P;Bex;0VPc{4r=EHW zraN}*Se`y7fBoSPf0!|221ks2|NZyZUw=KpV#9|IhX`PUK}CjCvIUWE>GD22@W2CV zZm@9P93z~K*lz?cW0#F;Vq|13aQE=ECS$||F75ZH698I*O*l4|gKTt946hf=I}9B$ zt5%)d1g9Bav&>rN$&2x|cd3nVt(=-th47F-z7p>;pe+sz0=;|pCeVfrb$s<`z<>dK zqveV#uHehT4DjKHAMy(sB|+J#1Mx+vLRC8Nyz@ql8U;F>amE>+efHV&&p(f~{I0w1 z!lsQxd)8TJK}PvZ0@NH6x*Y3x&pr1<)qB|O`pGAsAnG9sD1&Ou<*_Lr`9Kd%!VJKB zNDyeuw((XdTdwu~eT8I#czf_yzf5-7Lhd$ytzy?wQDCYnU!pWj(CU_+!6%JoBEElo z%si=!FTR*3&Xb)wb!z|q{bA1>tPP(=X1ey;YcW0}vGJ78Ip-Xn4nxqyuzcY7fK}^` zWZo+nJi53(w4SF!BH*x>pn1nMxA3Aue8S!Wpij@4w{~wQOu{NbzH@4X#3+U_UYU-E zhtaLsXN8Jc&0Cv=Nnaz%pvoBCfW1bEy>x?sp#nx_W^QehFNY=b@c`&4&vE3)k+dth;yb&TyP3MNQZ$A3uOYzxn2y&~D0S&6=eqL;N6m)hn;O^7`wq zQ;6f4H$=F;s-rSU2@vQEb+x4m^EKA&d+)usTeogZvP+jPm5N;~KjDvkE2!K#rM5fAnNK}#J1N_BpoL#nMfE`Bd zs(gir7!+&*AWqc+$;{vgZiDh<2^xrc_lYN-Kx0N!B9sBE36B^C$y>oAe*gXVd82qV zLxv2&@p0pgHyS;2W%uagv!?%Q zi0X#Cj1Y}k%zqEICa;r@p6JtP4@VqvgrB{w$wTkaM;}EMhQ|FaKVe`z>7Mdh!ajw zgMaIDODtch@^Ra@KATuuKdrK|YL>6i%TLX?>hO#V85$nxJRr=iPht+_7LkTV9gH9N zr(vQ9aPp#J21j?tG!45UQ6HBFj*_S{0dy6Yxjr|#LIsc4S%$2D5}zjfKRLZ$UiAd^ zY3GB%&yV1#zu(4Vu$KY>qAhq8bZGEyCApVC?@i^ij~SF%wa`H7Rv?+IwjIl~jyN3y zOmGxKh@o>NWl%T3QA&JQpeGWczD#z}U{r*1>4hQXVQd(vaUP4W7kx zz_tms#kI_S8)I&w(}*1#5d?xx1#|;l95I?CcFCKD(aUJdJBc1|6ef9Du6*aRbPvScCtnYs04De>GtNEZ)ShCTZhS%13Db8dJm}k zy0curl}x^J)iXJ0V=wn$*gC}P}7{Uvr9oue}WjC0BdW@P$UY6;8 zL{|Gy_I;Hda!OX6dPz>tXpXRgDrOWStsAPLQNdnDg#bnfrzA~H42kT7;bjYtTVuig z=%bG?abtDFzepS}w#SDbei-+&G1XsfdRbZU@{2CIh-fkbegFE`zj8noHTAFjDpMz# zIy-X^YT3=j0(~BUWsK{6i7tgCZPY<=*XLv0P3)30aI03oH1L43tTJ_~9(F}yQ*vvC zp^N9p1JWyCAc;3pPj4PQpPQSpcW=h_?Sw64?An!q8N+wv6R(p~JVjnK214}5s7YY? zph1Jsp5fE!BWf5^RhJRnjti%;QPuFsAgv&wM~x;0WWWLoQu>3yV}aq_0%+JF4aUrS z&wCRrTguzNf8T!}Ke%FPfNRM<@|bc%U3H_x2Eq)3OVW6k1f3G=u#~jooD*=3_-f~R z0Vd}*=)0EnI<(@jO!yp@M)LZtpz`oG!~#a)IVwi$(YcJQ_T*wh;m1B|wfMN}^g zHjin?IFSk{;p30j-x+gOdv=fAwd4Jm)qGaS%&K-+%|DeXQ`={KpVeRxhQSYL5J_OT z@O<`WR)ZOD-i-1a`P=9C%3oGi29ClSH6nlcUTU*>;cMuszPXN@h<%2hUART;D?BVD zRgd?Rh&FYZf=n6tlrKBg5*Q5Y5J(Po8RS*EV)r4z@n95AYpnliV)0L4nPD`6Y!QFK ztFL?XAw94woQna{P2#c3bnKctcUH#kU4bm5Oy}<9&b%nV88Ry|$?7p66!LcAr}RVL z16fxw?SvzoNKq#b=y;b1Z8dh$sLHq)a5wT20)I%4?iW;blF492gq1?deZDQ!hYR{4 z6iBp5Qr?*B!mW;oW4x2lIwIY~N*}WapB2iMZJwD~>A-%X%9GtPgC+gVXc zc$1w`3FZf)JliG?JoyS$?Kbkt=EGD-1i<|j4;xC_3esMEy&&g;%&#v~5OpuQhG z{QvgO1j>ry-v4)2W|#q7qcJM(qC!+uR6H6`d2vfr#651r7<1zKR8AfyQ4^mgJ`*)h zj~L^=1mhMLqW)b-j=Q4bf=bX3d_<#xh_cBHGxPrpKPif;?!Mi9yYIa-^Q$xGPIYx{ z{q3&$)o-a^1y>7~SL8XK|w?)vwO^@wtX3PxJwfiv@qMMzW1 zC*9-eH26SlkZZyHFxmqdYx2M~0v4Y*+5!~&tlvQmLRHe6w%$z-jk1vxSRBhcFtGEznT5{I6gAfjT%+F!r`8YOE!$Vd#D^DO)^JXjm<0mWt4=n( zjDrBn9W1aIr^o|ss^gSpYU4$~VY8}cV$wm1{SAyeW)n70j7`?ozD2#ACq=xjZjFA; zyLA=Xm$!4yM6wZDTlbZg0f)D=9#~V8u~iz+?yE%koRI&Q#BRYlvo{qMIbA?b{_)2J zxCQq0d5kp^6y(M>ALE+ohUwFFE=IMb#YOfizX8m6K*6%X1 zrXl0AcNk76P<s4R^@?4XXnDDOQwFYq@f(yu6YZW*j!4vPX#C+&!`@KOv<8Kg|snX9xTny%n2K2$`hP6v>$qMC7ba5;HWUv_nMb}XNZ@2~c@ z_d7e$7%uGUWHU&8ZS8>Cx&d`{U%@A6BW^)+I}Qu63Quj5I-Z3&nMW>3)Q6TAcd)Td zxQhe0?z#n>AbDIh*6B6_K+m!6_BSXMuYX03iqq+g{53oeuaYztvm1_V3I%FF?X zS({nIOdPD@nGTo;Ovq#D>hz&fmkf2jezu-7f!ck*?;XTj4luCOOOH=`YsQ;1XJhR< z=E#%kKly0h-`=19!QVGuf4$oJ`tEZoTL#pwy-v+~8|1fCVll@+vSm~9P^{0`qN7B* z^j92F1A_~R1p%E4x^H*pwS;`kdCK~8;6ZWnoB8@6~#*8e9 zG>~B5^WJ-fEw^;gK`~*zQf{%}0PvVj$epUH;WB$VEl&r{^_SY^2j5D*Z-Q`jcnuefhTqLPS6DFm7HXW+4jGxYD0rX zfACwBqE`$h_L~w=yD&nr_w-*%bhQZ59n~ElD%HyHx2{7JpE;0LuQp6QHpo{_uqeiWxrPaXG1(|yH(doV+gug zm#of;B&{PjKcWusU)`Vw18=B<&G|rpdN7?f9z=s7C^?n!xnk}9H6Vk-W-b7)6h0Q1 z+?^SLu3?GB6u?}-Dt^Um&`gBDGQYM<^5F2JbDku|~b@a!BZlZiy(?z``XNORgC zXSm*YWv@-GMU^( zYK6lG;TmBa8LAMWpazSiu@;Bw6P$d^1H4=rp8WEo;;ZsA*Tw$3gFi9fBxrxaMt*vAN`0LpyG6c^#KzQ4stm}fwSju7Zp}{{B(v5 zN-w4ZrwA_#BF%csN!QCVBfvOAn;qQV&#|;mN3^1N_>7 zTMSixP2kcYV@W%cEm$DtdeMvXf3&_ks^ zko>dGI*Y*wR-7}2jO6<3uV+*uZJs)H>Vyds@Mgn!MCO5-jFY*U`Z(4C3d)I}C|{X9 zIFyWiy*Nl`$(8gOc{@B>;EQGzQYw*V=|5*q(k>;)&zh2Tz{VTfMF7O6)1V4;DI_0u zot27LMi|A6%!`+I4{yzP&sR=hOA;S_=~%G9q*_8mRjf~$4$R;;5i=kLapKGr zGFkW$X_P(?Oq}N;kYav`AY(8=F8P@FypTGWvQh)%2U5+LOeeYla8{Q*FAgJ_O=Pvi zr5qr5$t9Pdk;0MQfBn~gopa7PoFa!A;IYRZi_IiHCL!3ILKuN$oLf95GZfYOnGusB z?p99PN2anVqF@p>5fZ{2XF~MIO3`gTdqVtzj7k}p^6L*zs*-^jI6P%=nO`CV1|Y#i zi1X3PuMAS+5k15%k2MW)FLYQD*_dY-iC_zrCEF2493cezo_p?r26G-WR2EvoA)Yu< zU{E06VqmhuM(WNWr3jrN!fXkL!|6xRZyc#koH&uQARl<(0fs7z@(V7wAfgZcEe0l= zr2Pj3SX$4(p9y?z9ujZ+Nk070r_=U*;t(38(+(zaFZmV;;sTHl1?vo`wFH)UOb~G^ zN|=wfx|wm$$~s{+<;%|a8QFBga-X?6cFAF6b!v<+TopFljWmO@-l8$e{drho%ZD{*-ZQwxO)>Md!}D>o8nqXs&{3HSU?>>| z{MxvO)zgd9k>s#!hbK;?55qu=1v|Vl0=Mzw$8)05F~=P9@WT(^e*5h()9?_2m`DiF zA5%Hme)-E^a_e`$`(0{0nNL~rvobJE*i|trF(1Ja*@+sjegv4oSzr-NSA}vj=`%tJ zMBup{iefVN;t1b4dw4LRhwcV?0>|$gBTk4hI3OXDLq~{XE($BmP=zXUlo10^fD(Ih zSxj@liDTqt3k(tg%h-gCrnf#DO+BdC5b{f-iK-3A3@^mF8f6Hq1}r*FgM6a)&QAnF zW#~nQ9++UC002M$NklY~&B6T&zW%tD?Fd|u1~5||5!@C)(IkMs6>RoN7t zlod1so<9_6O-}@f6 zW*7sbLMvK-U2V17l$%FDV8ifaZ1N2dh!9wL^UEmi zanBgP!*CSXc3>LDrb@@^0=pbWB4RDk`q_12Q})6OFW^7}VvmgovTM!+GZ_$Tp^avR z&FL2=F?A$jY*HuEO%@HAEudrX`b+&dUl#Pv8)P=K=`;xU-@=4)7lyE*o-)HLD3d?>5zHk+lYpo%-mv1Wt9yZ zef8B>GgF*-=9x~OqL*;|DBJiA%*nzFHC`aM5tv^SBM?9!!CjGjMr5nDTa3pQqw~uV z${;m?nN&hA7_+QL5ltZp_Xk?o8-d32;1C!;1B)93)M8xX-;J4q;*8N9##us}QyamA zb^yn#`0*}7U?ckq<9X8*t0K-0FqcHo<)@J3gBZco1EnvIKQhx|eJT4dO)b?BLA@%@ z76LmXdL8BhrU3aha{;5m1V)0yE3)3_5f~>Di1RhbFP&#}F{SyBhLIPZgP03&G8*6C z0@H`ToR`YE1=XiczHb)zr=511-)KY%^9XV|hDTT)m<;sms*n!Dr;nubVH2Xosw^4J zz%&tigfcE9khn71ZTv++34pmW+RcqfoG+Zfr4!*236mepcw9L&R~etn2<1T-hFECQ zN$2&^A`4>NJ)z=3dSq+#oSfz|ViePX)I=J5;4INV1)7OS>qv=N_C>!G)6WEvpouF% z@%UN2hWrgOEQ3G)m9DQA5q`!93qT!z&${IDq?#H^D6#+U7ke=`>lkugtgPJ~Nm z{F6sgq9+0dVMO0(5k)T~koui$q%ao{7{g7ybyQUU8!b#T^bFn7As`JyN_V#)(jX-@ zba$74w9+At8I_QfAKi#PjUEpS>FcC1u4VRX!J_{{0R* zSA@s^$TOnGNrJ(GY%fz02S>#kTvRO9`My#kx#BmCPd`{fBIP>i*SR+LFRIzV%y^Pq zRv$F5#FedBO+Ko3{djZ}90sz)x`feE-s}C`G!ca_f(U{}zhU@lR>mLa!FfVD>Q{GY zCML#{FICIk9$TX5lvIzc!kvhwMrkgyg`M!j(0-WZ*cl z!)L{a7LOxnL@V7UU*#)Pa~p7^V@$YOv?zsn%e0Rshn#!r@hh#pr-;?fX&>F5jG&ni z0vk7)bd0{UDKOffM|csnfp|+-c_V{@K|97y~SyC;B- zgNk~U^*-qe)K2m{UMaIq01sYcQ22SG9(GvJ$LivrWqH%m37ml1H=Zb`~~;_ai~ z7%#gPxP)p7og$ys^e;tZb_a1(Iw zo%r&ogt4+~W@~;dLM(Im@sX6A~BAmeS=264TybC%;J z4J4B1$To;)D12B-Ol(Rzs}t7ABW`@g?GEl8jEfYjZ{vh?BK4kfw)9nIbeStL!+a)q ztQ;f)AW@2VAigM*W4~6;>vO}-1AThDJwZGB&y_61MJ4P~xlpI82*y$JvxqYuy(%4hfv}{xIbk!{I9WG_B z-xi9gMqi2|5$6(HRecV#?w`UFfhca=#G{>mTCqKk4%v~43R^^fD~fShDJ)PVDSlBj zZO3W2p*!h`9p6V%mc>^oP4GG1R*SlkX$@1<~x zELBuqnsoL0NE;JatbN^WoI0@a6B@efPYu@w6=edm@YrBj_+mCg8NV?9Z~LmZY{B-P z9_)9Q6!~3;(@d8M;j#lr4$1+>Jto`|)C-deW%#NnA~NH#ztU6Sb(mA=#*41)zAeM1 zgLYo_{v2XJU~KC`3DgFxQ~h^8CZXZ^sKHl8lscp2w-cRqVEWj%i6)v1rOK|$PeyT4 zh}EM>^O|!enxJ#M;J;8A(a2z9M2bOSDZZ;)5(XQuQ~A@V3Dg^7swPjbSbo7EDguXb zZab+=jZ$M12LuvRcf+y84@7D+;tVJ1Pz%kO&Vm!IquCraARezJCaD7QISZ&*QHM#9 zaEyudR4wp^-5+5VUuqoc<6bGuoeGNC_3LoGi@Xt{!#J@B#3{=swwU$~{30%b&Z(B1bDIHKc8j$ z_5k+n%w{JlfF=jT1O%+7jX8du1;RrkhZK~F`=Y#u*)TY!`+_8k)d|<9CL8Tcy}$N2 z3jIlR0Yu6vT)mugW(vjG*LkV``wu*6CVmS0pRIpeteMwu^{6w{J{cj}{p^Jh1g*QY&x!Vig=tFa{PsKE=F-2?>|#cjl)lstc(9Xt-{+h-=>Yx0(+irA)q9 z7hUDoPQ9F_y&#uTh&UWOIdp{UeWlR*)3$5AR8Ltd)GUh42v6Ot{n<*`5S|gM@3)D% z^7k)nY*BgtthF>fedgu;mH2uF2MtCyvQV{&;X6x;kH@_|vJhgn_QMFxV2o-CP$kp} z-T(RSpDm*6rl3de2}PwyH-p^U$&CTgs5+Fht`NVa)2t#Ugeb8;RO@AhUyB`jT)fOffWm8xPt@J0>X8(iDr}>}NsxD8Q zcDH=DZ%PEDG7OG&-$@rV^=C7VHP?VZ3)wd09@#Bdg~z6S$fJNef9~QHTcjCQT!~LO zg&R|k6G|EQ@^3El|CY^;ROgz&30~&gzrp6jdvB+td>>?Ov9o^8ILP?W*x${~)_Dx& zp}zim`6Dh)l|B*m9F4Mh1N5f0l+6&y*1k9g=X+9DQ}6ZWhnACifQLqQ!=ZH-)|yD}#Z6rK*szHu*e`sD(<$H|YhYK^XXEqqW55Hju{H8OsS{S&lqi$V zp(vbY>6&}`_kFZT;W0lhLd~zc_ryhaU3=BS(mdZP#Tj{A9m%ldRILMEG z=jQfuI*R2SyNt$OP{X!`>67V|MIIE%udJfpR5H9HA&*jpFs#b$@-FfaXJkZ_bup?C zCJ26^tc8RRFP*~$qOz?c3tLEDTykF|nifiZZGN4*?cwdRSh(5f@t@C=!^_}Aab=}Hch2kc=ihrIb@l=qkN}XEu>JKv{BeZ01uoZg9Py5Sz>lH zS0Ibkq_{XwjMputYJ&ku^?!8?{`PgkYsP#Q(ygnlJ<7BZ>ReihelZ{k9YD>mx*{UU za<~LY#672s%Bh1Jb~%@q2-@KRlg8SH#pMy=P4(~8evZ^6$w*<&9=l($4*mD)lSAOfWU_ug z7BMhN9;9YxD=sacS$%ZaKQ`xg`_&bQVQX)7kfe>H=W+~4uH-;j=n&s$&(}Bha~gst zon`+Wqgur9Zr}~hnP0s?+BOBsWP7H3tNmhTsDu@RwzSq%mCuKP-<}W>g^o~>c_8`u z#LHZ^G5ezl`Ed0~!`iBmzDdc`oPmSIRKnDOlJSfJuvCDziV4qCiX9!sG|L(Dqr57G zfX(4c8&}5Z(^VE(HATU264co8(W8}Ju8tjUuMzt`z4$}i$s zye)G|Q6K24N|rJV5aD3gTOQPhkeoiC-9c6q+sc4zCrWIVCV+Vk$a(Y{W@``z7HDtb z7bb|)-TN0p>ZVVC@w6%uzl5POk z)-7sJp;#RZy>SuKAy;$|#f)P};(+a|5x*Jx4)db)XgY2GtCGeMXpmRtX7^`ON9l{` z%7KQl2qaRWn6`7$0C4+}-X*n&)D z;pX|+1nq!{qe|$FzsxK26=}F={xX1AUKj#a#A>x3Q7zn&FJR87zud>H>0Nx^;k&*7#OnQwW@iE@hAMp8^E%hk6m>%uQhm&r>@&XWf|gh;KafW7{Bmr2bipNq!5qK*UW z61dj!2=K$+<$c&;_un8}u>IcV2PB}k17Ew5_&H7+5cm;>5DDWH}4rmyd96MNR__kjNDjW2_;lF=FUS7o@Ij3yEz->puLlwV8 zb#!RvI&?|rTJUXkh2nGb%a(OuYRo>T5qS`ZfUmtk>YtR)Pmp;SH-wF3>AL-N8aQ9| z>;RM>hy3m5Sc4b9nSzyV8Tcpo#XVdk=!kFi4}hI^k;XNsLiRXb&Ae!3SPo<|B0{2k zCtQg$8Ts-$u3z>PI5xz_W#B&gjPlNNBz0@Qe!SV*`|SP7g~@!ujp$GD>xW2duK^18 zZS`|HX_XQGXNg{D`@_|8dYya&{cK74M#+cfgQ90}(!hPil}JG$_fAv~d@z*6DEW7B z{%`iF4=MxZOEOL7G4x=w_-sK=#W6E>*A71+DAtZs7-XRN4q(PrD z*|a0RCt5xoTfJU33ID*8;3*7bH>9Di0ztrUX(pZrH>+HYz6+S6VqM=xVn`? zs8`!BGwmX02>ZP|rVgN|>KD(aRw<~nbU{0Z4trblMEFf#x=*@HqFv8SR6XtwuYI||@fMtWl9f?BSO+8w4pWT= zh5x!eo`t_o*aK9i`P7(hpF5#G!oD>Qobx?GOU&uLM~CyJWosNsUuj-iA2&#nA00)I zA~;Zox`{G6Mth#2oL<*Xt6-F0@ps%}k#m0}#w1P1KFfoIUD%)DdZzg3whnNb_2)c7 zFGjetNpCpF@%Tik>#YSAXu||)5p{`fKnG}eXKY@;VI?;=C>A12ucFokx=$D|Flj zjf~P7zcaVucDlKd#1=sE%UBV8b~&E1b18d|^l7PqS~e(3ZN7?&MPGXoQ+d>z^__?A zq+Ox;dz;m^dhx4`GzLG(_3dZy*G+ssn zGjW)$q;sk&V>787qxF-}XgK^A5(R}SOXxgcNscXcB0V$ulgO!qf(UCr>6|Dq2Wk1s zLrpo|v;%TZDiY4-{*QbKt)W^;&|5&rWJwyjX?lp<)~lCsGBXntC0PC{eKWTlI0d+m z0g2YtJf7Oyf=#WU>f7U*am!_G<4{2Gn_@>OfuRDKV?k1yLf{UkH}yyItUTT1?VBH5 zBGKrzwK>#BiBVMNP)W?lDEc(_!K@h*k%eH6g|A0pM@^0Mc)T)qM*DWt{aw~VdEa-< z1DH=aPce;}D~K3NXZ8OX=Za2WndIefTLt}yE82u z(=md9&YA+P%FhoNdf5A7)~cr0N?hh!PGG9jE!$^xYF@OgqHt-U41gE=SC`*_63{#% zU?F)^lD0?Cr2?HHWu;{7kz|@i&<;usde?t(9EC!a@SYGtRpT$H@~}^pTLeYMz_-p2 z#p}8w`XF@LLzz}qCG8I4CUx>zS8ClTQMPVkvn_DtCbZ1VofZ_cq&@eu|DY)ONPz_@ps)(72p@na7MrUGY zzU;tM#l9(xdTMj?C;#^K=Bs-4@j^MRxp6>sVWfD}aDS7hhMtUfm;ZvhuK z@}q8n>FFW@Q4EnmBnae7TP(3m^0`s^ui@(4=|uH!ccuLhX`GJUUdy1iq_gRh;->|B`iT67ezW_cOu_{i zU?|W^6vHH-II0!#2T_Sn$C9BhK4&t4=&Q5C3vy+3Bri+^8Ll}quVYvII?h+kG`;I8 zXuGCYIvY|!0owXu$wSs9HtdP797&NBoQlJp03AspG}X|MVz@o69(HaNcD4A ze?_7zKVS2eCTFy)d2p+E!MXI-wm2i(@^;o`V=B};Jfa^TCae3yy5M;Dx?Z!!KgQ6r z-aNu}4@ic~V@YaJDBj8`@Wc;%DV;+!VJ%LWNoBrrwMgs)mYs>jCaWk2Y45R-{8pK8 zovqgW#pEPwUUD|nQ1BeYE?yZ7|#Vo_i#+!!N&?H#GJX!JFrC)0^IxSxx5 z6dikdO@4Vgxj@6$Jow)DqK5Itr`bur*@wSncz*A4@hL zV!Ob!ZFE#9slNTu6Qupv#Duw}^l7*g*5+GC1v|eL=?tddPwS-9E+m`mV(FfE+=?;4 zi}Zx+HxFzxjpM06yM!@B#~1S*UeRk9EPr{;$T_b_he{lG8;x7QZ0DxxAQYC9DJ{P% zMauek9{-EY;HccJryDowPm;Z8*l!@I8!HibJntgJ97Oyx+GLQDSg)C_vVL zVO3^47HGzb1?2yD`IP3lr2nUDfb!vgnQf&gVR%$KKw~s89v`3lvTwvWvj^j{n>kOW zyvUKCW?>Tf*0P@|&k2EAXKWRwCHE%Q*Z*SE^W>N=V#&1E(OZ$GkTq~#Xlhao5sA{1 zT4MHV4M~YGN`HpH07wW2;mn>zskOz5r^q1!ZzcoIQ;bhVfnl_}x~B^-&o(#2VocPy|aBun!qkIpc zueXGs!}Y9J`RaMo|l=@c1&jobLE1`*GE90JuUx(KD`~b^-!)?t^`(QLpWpkj%+a z>hC4$DR79>U&n*x`VT!N_AeXBsxCFFkYfDeOtBM_l<``l~^yiW)1`6~h1 zm|)5Ef~EpWpRdLQ;^dovf&h>OOm&GPDzN{uqdr0Ujc@pnFo2}=ZNcDlhS|O9*I0jW zLqpYQ?dLa0^Og&xZ{noiZ01;15uC(n^nX~=Lt)CUH<^4sz%PZ7j0vfUk)~bsI01pg zAfimS9){3y(a_H$T2`Yo_Sh}h<%3BKZ@9xd=OKED7y5JAPaIghR+w0;>6XV_j0B+?)?c7HV%^VgFUM zE?O?!wOrZhJWw=!HW%TaM{r^ztMl2tu!0GpiOQHquW4o#^=0T4)mw{ibYe9poyS8K zDk!!DA%yVIx24~iVt?UwqvceF5;D9tCz$k73g*@P5mym=oa+CT|fV0Gqz8bM-|Aqg$~rf(%HawSiS`?lhV(2WIJc|uHkxso_Gvh7$ z$Jc-Czf+4c5^9v6DWyPc@rUw(p1kn6Cs#wNmJ(yK{lv>qjv-|4X5gfRx6M(>wB+Tc zS0$dlqGK*YjO{|6#$6^=i|LWEr6s#;pJgPlVqC+U`J;29BU4T;X8LYEL ze4Rd}P>h97s{Rk09j6YUBM-Juvut$>Pn3cBK^+igAR5X6&60}M2pABAJVPII+(A9^t?8!xiW-=*J#jhOYjuV*=P% zWo~QKW<;zFp^z#$frx4fCmNG0V4fsWoPZY8lVm{+Cu8eH_r0;1k>3}zJ}GNY z)_E+wuNE>63p8uJX3380*L!Zy0mw@c41Pyq6T3o4xHPFs|91|orpTxDRqX=;k4*V& zf?PDEA^sVd%zO!nS2yy$qEZI z6`BWZqg7gJ6Kv-_tXBUJ>K(>WvzW2giZvX4omErMw^GYtt8<=p;M^(iP$_OaSpd_2 zNJQ=~iTt--FQt*zPaH#nc8J0jrE=Ej^8yeZV(D63u8;~tV*qJ8 z1SWJ`XH+p|{Q?iDJpVnreHpmsVJC*GNQO47)W-(_NI8eEU@v!#?B7G(7W%^tYKCmS z)xRk!;bx`o|Nem*l9vdA9SYeql_*2~`M?_@JZJE|a#m;3GYe}vf(GG&?DXNb(Hz50 z6Yt-5cy6y>N(F3vh0eYlWRwpY+uVd5RbVXJX`cCb38g?`q`9F0MWZEn0{8!Mg}yj} zySul+sN=TQ^30FVz0b4?GTka?kXg2FvI=U=GAHR2>+{9s`HXn}Hk_mcjw%xPksZ<7 z`404oil<*|{-gAYbNbZ<-_lA9lP>-l{&6)HHRlFkvGjopblxP9Gj+ zT**Q9IYCqre3TkOHnw|p^WOjV%vs-%jUo3DrID0Vo`8GUcH@>H#2qLgY)J_vFFVOsU zQ9OY0h#-+qvjT=*6= z5DK;0Y8%no&Sm~vmrMx0`0#7-X{vV4p(sNfDx(FFcX#n~ws=u}p( zvl`X!$NM*0He2HNW=&4E`dWn9cb)?9eauHaN9Jn(Z+WUA=}2}m(q+AjWto`e+VKh0 zJp)p~J)2HmD&6Z5pI)ugK{W}-Xge=0K~%Hg($n23XSt4BRf z0k(y<$m!pqiw{o(@MDv?OLMAcIh%SjqZ!M*V`6h}yxsPGTX9*#_upM0ClUHPd06e) zlws*R(XXc0T4@KJ!j7UeE9WcOPZ|aM^>2Mt(sBoC2`yqz_gJupC=7Z zEaIi%6g`Sh6S6?*6-iCK!+jX1Ecl;N_2iAu@0yWEl^s|gOb1$Lr>2?#CY|Y~*&o2E zi+z;hT?5uyJF5b%SQQ%oPTP0k0GV~goomwvx2!V6+zva(6PRV4 zotpzf%dWEC0-s?5@K*W9W;szRAHc|ydE$ZV7g#nFf#1Etm2NUKxCTmUT;#pU9+iG$ zWoIAvkBLAXt0;!w+(AV;y*r?1x=jtiF#s9&Z@nQ=1@JYOmJYeCgtjP4tvS&(z|Zz6 z+8A6}<|h0Gm3gqi_73$#8_aH7o4s^VUvz}!38<5de0jY#hLVWAEWoxHbM3cNZ2yzz z+kdYE90PZm*4B3=^1j}T*kWyzuD#XQjo}Y|MS;j(*yHKb9z11}UQDLNC9v&N;ZFRRWXfibThUE%_`2eu4n~R>8EJoYO$jj^c$%#gq zi5@WcPl~?pb>)10bxWG5$TJR1Q~?B#(#pmqvk68Mv4>rEKg}Df@Q%@pWbk4LRsoaH zsGqX}r)sOJCfD2u7PxfQ8Zqi(KLN3(;XQ|dXC2BeyGT_{zEVrAOW`yVi2Ry?>_el8 zk8j}b=|X=w{a_k3PNWHA5_+9J!Cb6jiFF`5_n{wPXn;K1FCLqbfalQ*ylX7}pJK{D z9O^#bvYpF>IBMZn-kb?QrLPjo-f>^;a;gdhZ%}k166p*G0el)jPwbk5T7Q}+DQ8^* z^8;)0Lub`xWgI zy^aLPN}uzh+3FW);yU8+<8=%gWMl_qnb8^8Gz^58tP|62O^WR2_mjJwDWhA{`i6?` z|HBTSm)s)N84wFAQJ}5?uyPv!CEBtTCv+29RgcrtezO^EQk^LG1fb#grOYTj+a{mF zHGX5n5)IG-EdTPWmSZl9AIZQ^af8(s!%PSRGB>y5{*((_015P>fedhp+y;0R4Al5* zg$zGHUxC2A9GP$h)sj$PXP>*YjPbMU`hHcM9T4_Ck*St<&Ie|smpVjtX8e6CTwsEI@o;o=K*^=QA77> zR`_eSh<7~}zOr$2f>!qTdl=<+nWKNw04j8Nx!-{5B)E$BEic!e%eV*;0hc*3SqwgCp(Ez4ejWXkaB zs6nzhC{ls?^4s?{I`u?odhSH~Z_)M|?bhpOB?V6bOb~l1L-zTCWJHK-kW)%UY#JA) zq%8ddOsX>|XI!2*_#4!wsLcVNRBNfb6ohUj$DGB(3>Zh|l;McpP&uCh%en!uw_rz> zZ;+?8*ceVsz)LXeaY@=(560;S2o=ox2VjBw_LEqNd2Kv(YpR2`=lp7xf%Q57UAG)Sj(4W(jP-IwukiLoZxm)U2jA^bIKaAR0gPwa>l7S z-cQ)fNmkZ4mhhbqqe1lakXGV>QK9FJj7sUT{^IFo0PvJhFo>utlxBeClFP`TyM)z} z3t|a`%P9D@csp*tMVE~eTLx3s8!j%=#R=Y5_F(t;od62=j>E5ISF7F*QyVi6S%J(G zuGVAi(Vvz?OM2S16%7Ma!gd;DgG#X$S~dc-P7m z2#g&5nQs|SGriz(Vq{F!at6|LBSXj|1+!j6j(zQ8wPpD&_?Q+@U3zY$yEhqaSl6s zMeT6ou8aNN-B$AT1kAy>EhJev|48tRy0O-4YLdM?tQ53}3O8v3&RLTIi<-KQ&z*x9 zrO=d0MBr>5xAb>24uu844i~My_*Slk-RAqzodu@%;BvCNYb`D0-;yp?ZgNil$7MvP z3s~3x<1)-u4QtVKUY6_HX(C2Z{kl5Yj@F?kN&ep>n~iu@sF>|}$$hD8ylT=58F^+r z0do+CzpFpa0uzjT#;_>_@wu&Q$7(~XE}xTm^_H!rd*=t!b9dHm$K2O_0Y3Qh%l$T^ zsfl@6$Plm&XBJEQ>Q{i5fO}+`l@4`vj&y>Kc4eELDyuZ!djD!-ENW{g#S(%VC19YQ zl0!{?7sv5jkxk9`YaMPvkPT2NH4Rd$xOqPr5yJ__232^9k5%NQ@}>_nMe&uA{MQY= zL^9Se^4LJOdWt!qo-%$WDh@s8w030Im(*2g#roOxvhLJ9O^?GgE5#Ud+#a$L;2S7> z7Z5+%*e!xz-u(7&`5FPmM>2qgbL2y0r;-L!WTo(&qr-sO$85P;H+nbbOKzd-TbJSe zo7=7JXWAkOFOq*){F%-N#65b}&&T6_9cY~s9hrlU;~4Fkgh2STVB&daDR@LSgA|8E zsY0RHkQW^(72)d2_T$mLQw4pK*2kmw29%0m^~z`#tUs+%8;5eX#}Y{Tqj{ zJd|_^TzM`Bo3fu+{X*ER<%cuwd3i@G5aUngXWBSLdO9_5q$6olO!z7CklWMov3wtn zjEeCo-=(M&1G3&{+~>P=K=u#4!zdEBOUZ6l(~B4*RjuLoHu>DwcP*?=J{Vj&+&9)k zKD+=PZo6UC;OaJ}8ffF&vx|t5t)|=H7F7+At|SeXbD2v|Lap%`c)2x0Pw#H0RP|6*(YD9X7XVbHcs=GFL0!~;3{?;A0Fym z_0<+ezc||0vyXR{8pVn=pgsCvr}Ui>yNrAb09?w?vM~1xd{= zGkhdcG$8Ude*uXarD423V%k?KJEC_|L1AC0oNpWbGcH9%Fs`UUrQ4Xo4uv? zvXH&~DKM#eRNJyy{Vms|Caj-2_91MJe|vKt^Z#P|KLHg?a5FwXP%*wO;Q2zMHVR5h zd^?(beBdj28X?cum1@)P$R;&psw_Qm zsD%!yvy|Ev<&dm={qhP~hOG<)sHC_*viyv1pAb=r;cRx5a#)93SRfCAsG)_~BVW@+uRD>i)t;8)qQU~ zD`|(%n?V71nlAQ`QKVM~j9pU4P*;g{`m{!=n-tmgc`3aN zFn@;>=u*uuGA+Okt|}0};3ZmucKJ8G&2`7*$8sg?$8p-q6Rbyr{RcpPB98vX$q60n zS$~vUy*_UJ`S^Wt6HvdRPP2_YNRhKqY9C-iKB@f&sMiFfL7iyAJ)D(D7y-N0y=;-eqcc67Ke3Q^GKELI`en7zh9Wem+WPOe(=@dBVb!sz>#=@l@$qbSRKbc^0`U0E$ z%#{5KkgEfb4#4grB1v_{z-DHUdr;x2#Omp3I@B&jB|0DqJq0v~15V9@9#~K*FuQ67 z51P*G>)#leTuQS*^@OMfxMs_^jcynh9WPXwP0F~q?F}Zuc=2%Ko@Bjt#Ibk$37a~9piJjN`TQEaV+QXB-3 z)*TDe-05vlHjva7Brr6|tE1kF6m?}VTgd83J8d%R+ph*?f7qkV7tF@1 z)UWv0;d)ZTp#>TX!ABuGZO&sC$mK+Y2;cRZs@qKi*SzU(7V%BfWR)zt#%L$Lg2jix z-?>R)jd!he*=(oK2=QFbLzz~{93i$iny{;080K_}iWR6x=RdVf9W7j47s;~qvFW?9QCWYnYH|gmk*!3i8Lo>LQs8FUV{8q zZxME&P&~a+RQT`QQA5(8fg|t%M8?$NkexU1mCNY)A3`=9_aFj_9igA#`CVT4-BABs zr?tr^v#Yn%B=L)x*Ncb;JePn46IS1@C+vaOMnw0LEed+u$T@; zI>11jP3_Y!X+_foO(u@!Se%U8!<*TLblbOZH!_FD7D)?LVLC|`yBg_`Ow2Lh2P)7w z0u8M1bN7v7tjrO(2cS?e>E7Z8q1JIx>`j+=kfaH@gR(zmcN8q}%6?hgz;+;Ywn z5(JJs!-El|4^5>8Q`g`9otU~MaYSH!1iA}CUbKe-x7$gJyBKCpKnDp79zGgi6Yad! z@qhBRzzNmwIUY;rM&*hrG{_q0t)}p24uPg`?TI(GP0El}S!YhGZKnQUFP=KMubj;w z2>c0=gEha9B^CRaj_&m8958VtxfAidgT*m*ikSF(6TFsvsf!4h`5glei^{efN;@{1 z%gjM=SuAn=^^2BdcHRF_Z<<;9)>xV>Hj{<)n)fANA-OQYjm(+jD6x3yb)f6vlSLHI zRTVs-Yb5mH7k#*#Zd8`>z7BtVztM&ILP{-{D}$&W zWo>89x;UFqy%+UhEB>{mI2>NQ4Val;rbd>+6`#wKaS!k&h<`1ogR7JZ$o0rSdJc*G z0Du9YOJ~=}y2THq3ujtq`v|QLeDSa^Yc8~%Ai0mb$1phum`aMHPa&xI<_rS1gl~!# z?9XR_%LvNcSS{gbW7CN`2lTs`x_hvItmo#}zG0DTgwRLEDxnF?vX6Jnr4W zvoWH|Kj6j}P~$n*2Oi)NRzg*uofDy;Kux@DW5i!vuDC?(KOoW^qrBP>adD6`?_b9W z7qdQv&UHc?duJL-F?{w^@a~s~V=JZXwVQta2uTZp{E6*?aU{?gaD^}$ZW8`V&Her{ zJhqaRYrpAjHTlLHx>p^n(CyrWjJ%m-C=an`uz97B7&;5FIgWGm2P0t4Rn7f8xNB2v z>JPsGQce!&3)-Nc$6r0a^EbE~v8fAS>`qP@1KWzaN(GjVK)tE4R5LuiDN#Tg22=)! z2njaU$fhV8fo8iO(=q;VODST%4#4i}cHTc_YxqgiEZ9iC2`DT-z#zp>Ste9cq@Pmr zW1)O{Hd~m+LX3EvS%N9Fx5+SpSCO=!P&pucYY-4ce-PLtI%qQ_r-^O+*pp0klI6i9 zMd}In_K!4?A-t$JFi z#9Kx-9erz|q3!Y{AuGRq@7V-)C3ad|9I>V8rvE}x4bzD|{wk5yTbk-|zgxiC4sQ3? zfpcn)%A$PfSNB78U_b#F8fZg@-y$Hv1$7KhwhB}J&@bXPkLeEzYdKb=9>kOrOpeKN znZVaG zs9+W1vCMmasM}$R%eVt{-CL=4&obNsRvP6V@Urx=haPIBtL&Y^7$Tr!1{Brw-JJd8 z2=E{`r`S|f_)7*oeejRzw}twX7sV{0t@S_&ih*#f`SDxMQ7CO75{*k(`fd(2bTV(m zG>-VyKvCtn-B7 zZp}SvI9rzNFmsyIzQ;GoErU1^j_&GKK&uQPFv*S=0yZlXzu92_y@siRTnh4GvTtPNVSsKdJUMPcv2?fWW zg^bC2*39GZDS)ZJvwlFq4{VQsn@QaA_H-^GY8GTo50x`BiX9@bF-s(q6-z1s-7_)h zbL6LeHHq|nyxo(GEG5qv9cqVE46=o6NKxgzFXEgE8}9@SviG4&;zHcbDwN6RNr;o> zX;i-7({O4Q@NrEy>&2Q7K29mJ_pyEhzyuAj+5?Pv-};SoPWLlrp5v{_&c>@{V96zxr1-~3uw&g zr1|_MeX|(~3@@T9*u#Fl&5KX=wSZA6UD_+;A{3WJjQXEP8z}*H51=R;7k=vyIC_Y?(0p8v2-?<%hIO+$`tkra=L?))4RKm3^{n-(SWrPST5L6)Q=U79ebF66L_%U-shj|dprPlU~ zb7jDMS0uD7mZ-_X1tm$5&*rH6VWUX{%%)sDF+c@d2So`N=syQZ5qWbe70J`Z6FV$J zG}UMtX#x)zRjk(EZ>02n##n@7a0u+Z5%M^aR(STWP2c^^0er;L;yl3CGdm`8+V{O3!s)mM6h!Ss_Wauph3Mw z^P#I(?$H2L)z;csG;Sg#t`JjAf#rABgY5(q;d6Q0VS!=Wj4vZtSn9Q^Cg&D{r1|kZ zh+eEiwZuioRo*5aCAeth{A7LKc?g(SVzCxRMu{rl~%H(nGgud#^uJgCfbEs`X$--i7spKFG*}I4#hSQewC($V~l-#$2tS<%dF?g zd)AJguL9s}Sc#1`P<2h%Ld1ly{d>MYgm`d^06nJS#>~kQKyEC6(k_ZqRF*5>zx~J4 zs3EC+GXtX4$>E_vu$c82yp#zpFG+}8bimX>?Vz=QbWX-|Wny!feDy3}<`V0iu%1=5 z3MkUa1!I&LL@qwyuz1?6n4Tc;rMTF!GW7mD!}eS0$5+<;Nbr~s-F6^^wbWgHqqxm~ zS^++zP#OHd&*5;i0x_6_J^QT=?`))ZeW#m&zb$xvoKG)I;*;6oPHUCmfIsrmDpKDh HjD!9Uq2djS literal 0 HcmV?d00001 diff --git a/modules/ROOT/pages/backup-restore/copy-database.adoc b/modules/ROOT/pages/backup-restore/copy-database.adoc index 56027d53f..cdd3013f4 100644 --- a/modules/ROOT/pages/backup-restore/copy-database.adoc +++ b/modules/ROOT/pages/backup-restore/copy-database.adoc @@ -13,8 +13,8 @@ However, the command will output Cypher statements, which you can run to recreat ==== * `neo4j-admin database copy` preserves the node IDs (unless `--compact-node-store` is used), but the relationships get new IDs. * `neo4j-admin database copy` is not supported for use on the `system` database. -* `neo4j-admin database copy` is not supported for use on xref:composite-databases/introduction.adoc#composite-databases-concepts[composite databases]. -It must be run directly on the databases that are part of a composite database. +* `neo4j-admin database copy` is not supported for use on xref:composite-databases/index.adoc[Composite databases]. +It must be run directly on the databases that are associated with that Composite database. * `neo4j-admin database copy` is an IOPS-intensive process. For more information, see <>. ==== @@ -60,7 +60,7 @@ The command will replace the original database with the newly created copy. * `` -- Name of the source database. -* `` -- Name of the target database. +* `` -- Name of the target database. If the same as ``, it is copied to a temporary location, by default the current working directory or the path as defined by `--temp-path`, before being moved to replace the original. [[copy-database-command-options]] diff --git a/modules/ROOT/pages/backup-restore/offline-backup.adoc b/modules/ROOT/pages/backup-restore/offline-backup.adoc index 302b18bda..4506f7698 100644 --- a/modules/ROOT/pages/backup-restore/offline-backup.adoc +++ b/modules/ROOT/pages/backup-restore/offline-backup.adoc @@ -87,6 +87,6 @@ bin/neo4j-admin database dump neo4j --to-path=/dumps/neo4j [NOTE] ==== -`neo4j-admin database dump` cannot be applied to xref:composite-databases/introduction.adoc#composite-databases-concepts[composite databases]. -It must be run directly on the databases that are part of a composite database. +`neo4j-admin database dump` cannot be applied to xref:composite-databases/index.adoc[Composite databases]. +It must be run directly on the databases that are associated with that Composite database. ==== diff --git a/modules/ROOT/pages/backup-restore/planning.adoc b/modules/ROOT/pages/backup-restore/planning.adoc index c6ac87a17..677d99705 100644 --- a/modules/ROOT/pages/backup-restore/planning.adoc +++ b/modules/ROOT/pages/backup-restore/planning.adoc @@ -96,8 +96,8 @@ The recommended way to restore a database in a cluster is to xref:clustering/dat [NOTE] ==== -The Neo4j Admin commands `backup`, `restore`, `dump`, `load`, `copy`, and `check-consistency` are not supported for use on xref:composite-databases/introduction.adoc#composite-databases-concepts[composite databases]. -They must be run directly on the databases that are part of a composite database. +The Neo4j Admin commands `backup`, `restore`, `dump`, `load`, `copy`, and `check-consistency` are not supported for use on xref:composite-databases/index.adoc[Composite databases]. +They must be run directly on the databases that are associated with that Composite database. ==== .The following table describes the commands' capabilities and usage. @@ -133,7 +133,7 @@ They must be run directly on the databases that are part of a composite database | {check-mark} | {cross-mark} -| Run against a composite databases +| Run against a Composite databases | {cross-mark} | {cross-mark} | {cross-mark} diff --git a/modules/ROOT/pages/backup-restore/restore-dump.adoc b/modules/ROOT/pages/backup-restore/restore-dump.adoc index 0a02fcf72..cb694876d 100644 --- a/modules/ROOT/pages/backup-restore/restore-dump.adoc +++ b/modules/ROOT/pages/backup-restore/restore-dump.adoc @@ -121,6 +121,6 @@ For more information, see xref:clustering/databases.adoc#cluster-seed[Seed a clu [NOTE] ==== -`neo4j-admin database load` cannot be applied to xref:composite-databases/introduction.adoc#composite-databases-concepts[composite databases]. -It must be run directly on the databases that are part of a composite database. +`neo4j-admin database load` cannot be applied to xref:composite-databases/index.adoc[Composite databases]. +It must be run directly on the databases that are associated with that Composite database. ==== diff --git a/modules/ROOT/pages/clustering/monitoring/show-databases-monitoring.adoc b/modules/ROOT/pages/clustering/monitoring/show-databases-monitoring.adoc index 4b23c4935..5c4f73cfe 100644 --- a/modules/ROOT/pages/clustering/monitoring/show-databases-monitoring.adoc +++ b/modules/ROOT/pages/clustering/monitoring/show-databases-monitoring.adoc @@ -34,7 +34,7 @@ This node is either the leader for this database in a cluster _or_ this is a sta | statusMessage | String | A message explaining the current state of the database, which could be an error encountered by the Neo4j server when transitioning the database to `requestedStatus`, if any. | default | Boolean | Whether this database is the default for this DBMS. | home | Boolean | Whether this database is the home database for this user. -| constituents | List | A list of alias names making up this composite database, null for non-composite databases. +| constituents | List | A list of alias names making up this Composite database, null for non-Composite databases. |=== Note that for failed databases, `currentStatus` and `requestedStatus` are different. @@ -46,7 +46,7 @@ For example: The possible statuses are `initial`, `offline`, `store copying`, `deallocating`, `unknown`, `dirty`, and `quarantined`. -Additionally, note that databases hosted on servers that are offline are also returned by the `SHOW DATABASES` command. +Additionally, note that databases hosted on servers that are offline are also returned by the `SHOW DATABASES` command. For such databases the `address` column displays `NULL`, the `currentStatus` column displays `unknown`, and the `statusMessage` displays `Server is unavailable`. .Listing databases in standalone Neo4j @@ -142,7 +142,7 @@ This node is either the leader for this database in a cluster _or_ this is a sta | statusMessage | String | A message explaining the current state of the database, which could be an error encountered by the Neo4j server when transitioning the database to `requestedStatus`, if any. | default | Boolean | Whether this database is the default for this DBMS. | home | Boolean | Whether this database is the home database for this user. -| constituents | List | A list of alias names making up this composite database, null for non-composite databases. +| constituents | List | A list of alias names making up this Composite database, null for non-Composite databases. |=== .Listing statuses for database _foo_ @@ -208,5 +208,5 @@ It is the same as creation time unless the database has been stopped at some poi May be different between members when changes have not propagated. | 2342 | `replicationLag` | Integer | The difference in transaction numbers between this server and the writer of this database. If this is persistently high, there may be a problem. | 1 -| `constituents` | List | A list of alias names making up this composite database, null for non-composite databases. | "[]" +| `constituents` | List | A list of alias names making up this Composite database, null for non-Composite databases. | "[]" |=== diff --git a/modules/ROOT/pages/clustering/servers.adoc b/modules/ROOT/pages/clustering/servers.adoc index 547bf6058..c885e4453 100644 --- a/modules/ROOT/pages/clustering/servers.adoc +++ b/modules/ROOT/pages/clustering/servers.adoc @@ -128,11 +128,11 @@ neo4j@neo4j> ENABLE SERVER '25a7efc7-d063-44b8-bdee-f23357f89f01' OPTIONS `modeConstraint` is used to control whether a server can be used to host a database in only primary or secondary mode. `allowedDatabases` and `deniedDatabases` are collections of database names that filter which databases may be hosted on a server. The `allowedDatabases` and `deniedDatabases` are mutually exclusive and if both are specified, an error is returned. -Server tags are used during database allocation and when configuring load balancing and replication policies. +Server tags are used during database allocation and when configuring load balancing and replication policies. [NOTE] ==== -`allowedDatabases` and `deniedDatabases` do not affect composite databases, they are always available everywhere. +`allowedDatabases` and `deniedDatabases` do not affect Composite databases, they are always available everywhere. ==== If no options are set, a server can host any database in any mode. @@ -264,7 +264,7 @@ For a description of all the server options (e.g., server tags) that can be alte [NOTE] ==== -`allowedDatabases` and `deniedDatabases` do not affect composite databases, they are always available everywhere. +`allowedDatabases` and `deniedDatabases` do not affect Composite databases, they are always available everywhere. ==== As with the `DEALLOCATE DATABASES FROM SERVER ...` command, if the alteration of a server's options renders it impossible for the cluster to satisfy one or more of the databases' topologies, then the command fails and no changes are made. diff --git a/modules/ROOT/pages/composite-databases/administration.adoc b/modules/ROOT/pages/composite-databases/administration.adoc new file mode 100644 index 000000000..07768aea2 --- /dev/null +++ b/modules/ROOT/pages/composite-databases/administration.adoc @@ -0,0 +1,93 @@ +:description: This section describes the administration and operation of Composite databases. +[role=enterprise-edition] +[[composite-databases-administration]] += Managing Composite databases + +Composite databases are managed using administrative commands. +They are created with the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/databases#administration-databases-create-composite-database[`CREATE COMPOSITE DATABASE`^] command. + +== Create a Composite database + +==== +[source, cypher] +---- +CREATE COMPOSITE DATABASE cineasts +---- +==== + +Constituent graphs are added with the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/aliases#alias-management-create-database-alias[`CREATE ALIAS`^] administrative command, for example: + +== Create an alias on a Composite database + +==== +[source, cypher] +---- +CREATE ALIAS cineasts.latest + FOR DATABASE movies2022 +---- +==== + +Aliases can also be created for databases on other DBMSs: + +== Create an alias for a remote database on a Composite database + +==== +[source, cypher] +---- +CREATE ALIAS cineasts.upcoming + FOR DATABASE upcoming + AT 'neo4j+s://other.dbms.com' + USER $user + PASSWORD $secretpassword +---- +==== + +The link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/databases#administration-databases-show-databases[`SHOW DATABASE`^] administrative command includes Composite databases. + +Their `type` is reported as `"composite"`, and the `constituents` column lists the names of the aliases contained. + +== Show a Composite database + +==== +[source, cypher] +---- +SHOW DATABASE cineasts YIELD name, type, constituents +---- +---- ++---------------------------------------------------------------------+ +| name | type | constituents | ++---------------------------------------------------------------------+ +| "cineasts" | "composite" | ["cineasts.latest", "cineasts.upcoming"] | ++---------------------------------------------------------------------+ + +---- +==== + + +The link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/aliases#alias-management-show-alias[`SHOW ALIASES FOR DATABASE`^] administrative command can be used to inspect aliases on Composite databases in further detail. + +== Show Composite database aliases + +==== +[source, cypher] +---- +SHOW ALIASES FOR DATABASE +---- +---- ++----------------------------------------------------------------------------------------+ +| name | database | location | url | user | ++----------------------------------------------------------------------------------------+ +| "cineasts.latest" | "movies2022" | "local" | NULL | NULL | +| "cineasts.upcoming" | "upcoming" | "remote" | "neo4j+s://other.dbms.com" | "cineast" | ++----------------------------------------------------------------------------------------+ +---- +==== + +For a full description of the administrative commands for managing Composite databases, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/databases[Cypher Manual -> Database management^]. + + +[[composite-databases-connecting]] +== Connect to drivers and applications + +Drivers and client applications connect to Composite databases just like standard databases. +For more information, see the respective link:{neo4j-docs-base-uri}/[Neo4j Driver manual^]. diff --git a/modules/ROOT/pages/composite-databases/considerations.adoc b/modules/ROOT/pages/composite-databases/considerations.adoc deleted file mode 100644 index dae39e58e..000000000 --- a/modules/ROOT/pages/composite-databases/considerations.adoc +++ /dev/null @@ -1,19 +0,0 @@ -[role=enterprise-edition] -[[composite-databases-further-considerations]] -= Further considerations -:description: This section presents considerations about composite databases that developers and administrators must be aware of. - -== Sharding an existing database -An existing database can be sharded with the help of the `neo4j-admin database copy` command. -See xref:composite-databases/sharding-with-copy.adoc[Sharding data with the copy command] for an example. - -== Composite database transactions - -Composite databases do not support `WRITE` transactions that span across multiple graphs. -To avoid common mistakes that may lead to data corruption, `WRITE` operations on more than one graph within the same transaction, are not allowed. -Transactions with queries that read from multiple graphs, or read from multiple graphs and write to a single graph, are allowed. - -== Neo4j embedded - -Composite databases are not available when Neo4j is used as an embedded database in Java applications. -Composite databases can be used only in a typical client/server mode, when users connect to a Neo4j DBMS from their client application or tool, via Bolt or HTTP protocol. diff --git a/modules/ROOT/pages/composite-databases/index.adoc b/modules/ROOT/pages/composite-databases/index.adoc index b1feb65c0..89aa0b163 100644 --- a/modules/ROOT/pages/composite-databases/index.adoc +++ b/modules/ROOT/pages/composite-databases/index.adoc @@ -1,11 +1,90 @@ [role=enterprise-edition] [[composite-databases]] = Composite databases -:description: This section describes administration and operation of composite databases. +:description: An introduction to Composite databases. -* xref:composite-databases/introduction.adoc[Introduction] -* xref:composite-databases/queries.adoc[Queries] -* xref:composite-databases/considerations.adoc[Further considerations] -* xref:composite-databases/sharding-with-copy.adoc[Sharding data with the `copy` command] +[[composite-databases-introduction]] +== Introduction +A Composite database is a special type of database introduced in Neo4j 5. +It supersedes the previous Fabric implementation in Neo4j 4. +Fabric is the architectural design of a unified system that provides a single access point to local or distributed graph data. +It allows you to efficiently manage your data, computing resources, storage, and network traffic. + +Composite databases are the means to access this partitioned data or graphs with a single Cypher query. + +Composite databases *do not store data* independently. +They use _database aliases_, which can be local or remote. +For more information, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/aliases/[Database alias management^]. + +Composite databases are managed using Cypher administrative commands. +Therefore, you can create them as any other database in Neo4j standalone and cluster deployments without needing to deploy a dedicated proxy server (as with Fabric in Neo4j 4). +For a detailed example of how to create a Composite database and add database aliases to it, see xref:composite-databases/administration.adoc[Managing Composite databases]. + +The following table summarizes the similarities and differences between Composite databases in Neo4j 5 and Fabric in Neo4j 4: + +.Composite database Neo4j 5 vs. Fabric Neo4j 4 +[cols="<24s,38,38",frame="topbot",options="header"] +|=== +| | Composite database (Neo4j 5) | Fabric (Neo4j 4) + +| Data access +2+| Gives access to graphs found on other databases (local or remote). + +| Data storage +2+| Does not store data independently. + +| Deployment +| Both standalone and cluster deployments. +| Both standalone and cluster deployments. However, in a cluster deployment, the _fabric_ proxy must be deployed on a dedicated machine. + +| Configuration +| Managed using Cypher commands. Composite databases are created with the `CREATE COMPOSITE DATABASE` command and database aliases are added with `CREATE ALIAS ..`. +| Managed through configuration settings. The Neo4j DBMSs that host the same _fabric_ database must have the same configuration settings. The configuration must be always kept in sync. + +| Sharding an existing database +2+| With the help of the `neo4j-admin copy` command. + +| Security credentials +| Composite databases use the same user credentials as the database aliases. +| The Neo4j DBMSs that host the same Fabric virtual database must have the same user credentials. Any change of password on a machine that is part of Fabric must be kept in sync and applied to all the Neo4j DBMSs that are part of Fabric. + +| Database management +2+| Does not support database management. Any database management commands, index and constraint management commands, or user and security management commands must be issued directly to the DBMSs and databases, not the Composite databases. + +| Transactions +2+| Only transactions with queries that read from multiple graphs, or read from multiple graphs and write to a single graph, are allowed. + +| Neo4j embedded +2+| Not available when Neo4j is used as an embedded database in Java applications. It can be used only in a typical client/server mode when users connect to a Neo4j DBMS from their client application or tool via Bolt or HTTP protocol. +|=== + +== Concepts + +The main concepts that are relevant to understand when working with Composite databases are: + +Data Federation:: +Data federation is when your data is in two *disjoint graphs* with *different labels and relationship types*. +For example, you have data about users with their location and data about the users' posts on different forums, and you want to query them together. + +Data Sharding:: +Data sharding is when you have two graphs that share the *same model* (same labels and relationship types) but contain *different data*. +For example, you can deploy shards on separate servers, splitting the load on resources and storage. +Or, you can deploy shards in different locations, to be able to manage them independently or split the load on network traffic. +An existing database can be sharded with the help of the `neo4j-admin database copy` command. +For an example, see xref:composite-databases/sharding-with-copy.adoc[Sharding data with the copy command]. + +Connecting data across graphs:: +Because relationships cannot span across graphs, to query your data, you have to federate the graphs by +using a _proxy node_ modeling pattern, where nodes with a specific label must be present in both federated domains. ++ +In one of the graphs, nodes with that specific label contain all the data related to that label, while in the other graph, the same label is associated with a proxy node that only contains the `ID` property. +The `ID` property allows you to link data across the graphs in this federation. + +image::federation-sharding.png[title="Data federation and sharding", width=450, role=middle] + +[TIP] +==== +For a step-by-step tutorial on setting up and using a Composite database with federated and sharded data, see xref:tutorial/tutorial-composite-database.adoc[Set up and use a Composite database]. +==== \ No newline at end of file diff --git a/modules/ROOT/pages/composite-databases/introduction.adoc b/modules/ROOT/pages/composite-databases/introduction.adoc deleted file mode 100644 index 9d871b48a..000000000 --- a/modules/ROOT/pages/composite-databases/introduction.adoc +++ /dev/null @@ -1,101 +0,0 @@ -[role=enterprise-edition] -[[composite-databases-introduction]] -= Introduction -:description: An introduction to composite databases. - - -[[composite-databases-overview]] -== Overview - -As of Neo4j 5, the Fabric technology has been extended by _composite databases_ and, as such, these replace what was known as Fabric in Neo4j 4.x. -Composite databases is a functionality which allows queries that access multiple graphs at once. - -Composite databases enable: - -* *Data Federation*: the ability to access data available in distributed sources in the form of *disjointed graphs*. -* *Data Sharding*: the ability to access data available in distributed sources in the form of a *common graph partitioned on multiple databases*. - -[[composite-databases-concepts]] -== Concepts - -Composite databases don't store any data on their own, but rather give access to the graphs found on other databases. -These graphs are added to the composite database by means of database aliases. - -A Neo4j DBMS can have multiple composite databases, and they can be created both in single-instance deployments, and in cluster deployments. - -Composite databases are managed using administrative commands. -They are created with the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/databases#administration-databases-create-composite-database[`CREATE COMPOSITE DATABASE`] command. - -.Creating a composite database -==== -[source, cypher] ----- -CREATE COMPOSITE DATABASE cineasts ----- -==== - -Constituent graphs are added with the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/aliases#alias-management-create-database-alias[`CREATE ALIAS`] administrative command, for example: - -.Creating an alias on a composite database -==== -[source, cypher] ----- -CREATE ALIAS cineasts.latest - FOR DATABASE movies2022 ----- -==== - -Aliases can also be created for databases on other DBMSs: - -.Creating an alias for a remote database on a composite database -==== -[source, cypher] ----- -CREATE ALIAS cineasts.upcoming - FOR DATABASE upcoming - AT 'neo4j+s://other.dbms.com' - USER $user - PASSWORD $secretpassword ----- -==== - -The link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/databases#administration-databases-show-databases[`SHOW DATABASE`] administrative command includes composite databases. - -Their `type` is reported as `"composite"`, and the `constituents` column lists the names of the aliases contained. - -.Showing a composite database -==== -[source, cypher] ----- -SHOW DATABASE cineasts YIELD name, type, constituents ----- ----- -+---------------------------------------------------------------------+ -| name | type | constituents | -+---------------------------------------------------------------------+ -| "cineasts" | "composite" | ["cineasts.latest", "cineasts.upcoming"] | -+---------------------------------------------------------------------+ - ----- -==== - - -The link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/aliases#alias-management-show-alias[`SHOW ALIASES FOR DATABASE`] administrative command can be used to inspect aliases on composite databases in further detail. - -.Showing composite database aliases -==== -[source, cypher] ----- -SHOW ALIASES FOR DATABASE ----- ----- -+----------------------------------------------------------------------------------------+ -| name | database | location | url | user | -+----------------------------------------------------------------------------------------+ -| "cineasts.latest" | "movies2022" | "local" | NULL | NULL | -| "cineasts.upcoming" | "upcoming" | "remote" | "neo4j+s://other.dbms.com" | "cineast" | -+----------------------------------------------------------------------------------------+ ----- -==== - -For a full description of the administrative commands for managing composite databases, see link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/databases[Cypher Manual -> Database management]. diff --git a/modules/ROOT/pages/composite-databases/queries.adoc b/modules/ROOT/pages/composite-databases/queries.adoc index f70ff66d9..522cb6c82 100644 --- a/modules/ROOT/pages/composite-databases/queries.adoc +++ b/modules/ROOT/pages/composite-databases/queries.adoc @@ -1,7 +1,8 @@ [role=enterprise-edition] [[composite-databases-queries]] -= Querying -:description: In this section you will find example queries that show how to perform a range of different tasks on composite databases. += Querying using Composite databases + +:description: Example queries that show how to perform a range of different tasks on Composite databases. //Make an image that sets up the example? @@ -9,21 +10,14 @@ The examples featured in this section make use of the two Cypher clauses: link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/clauses/use[`USE`] and link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/clauses/call-subquery[`CALL {}`]. -[[composite-databases-queries-connecting]] -== Connecting drivers and applications - -Drivers and client applications connect to composite databases just like standard databases. -For more information, see _Databases and execution context_ in the link:{neo4j-docs-base-uri}[Neo4j Driver manuals]. - [[composite-databases-queries-graph-selection]] == Graph selection -Queries submitted to a composite database may contain several <> clauses that direct different parts of the query to different constituent graphs. +Queries submitted to a Composite database may contain several <> clauses that direct different parts of the query to different constituent graphs. -Each constituent graph is named after the alias that introduces it into the composite database. - -The examples will assume the same setup as the one created in the xref:composite-databases/introduction.adoc[Introduction] +Each constituent graph is named after the alias that introduces it into the Composite database. +The examples assume the same setup as the one created in xref:composite-databases/administration.adoc[]. [[composite-databases-queries-single-graph]] === Query a single graph @@ -86,7 +80,7 @@ In this case, once selecting `cineasts.latest`, and once selecting `cineasts.upc [[composite-databases-queries-listing-graphs]] === Listing graphs -The built-in function link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/functions/query-functions#functions-graph-names[`graph.names()`] returns a list containing the names of all constituent graphs on the current composite database. +The built-in function link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/functions/query-functions#functions-graph-names[`graph.names()`] returns a list containing the names of all constituent graphs on the current Composite database. .The `graph.names()` function ==== @@ -171,7 +165,8 @@ RETURN movie ==== The first part of the query finds the movie with the longest running time from `cineasts.latest`, and returns its release month. -The second part queries for all movies in `cineasts.upcoming` that fulfill our condition and returns them. The sub-query imports the `monthOfLongest` variable using `WITH monthOfLongest`, to make it accessible. +The second part of the query finds all movies in `cineasts.upcoming` that fulfill our condition and returns them. +The sub-query imports the `monthOfLongest` variable using `WITH monthOfLongest`, to make it accessible. [[composite-databases-queries-updates]] === Updates @@ -210,11 +205,11 @@ Writing to more than one database per transaction is not allowed. [[composite-databases-queries-limitations]] === Limitations -Queries on composite databases have a few limitations. +Queries on Composite databases have a few limitations. ==== Graph accessing operations -Consider a composite database query: +Consider a Composite database query: [source, cypher] ---- UNWIND graph.names() AS graphName @@ -225,16 +220,23 @@ CALL { } RETURN movie ---- -Here the outer clauses, i.e. the `UNWIND`, the `CALL` itself, and the final `RETURN`, appear in the root scope of the query, without a specific chosen graph. +Here the outer clauses, i.e. the `UNWIND`, the `CALL` itself, and the final `RETURN`, appear in the root scope of the query, without a specifically chosen graph. Clauses or expressions in scopes where no graph has been specified must not be graph-accessing. -See examples of graph-accessing operations: +The following Composite database query is invalid because `[p=(movie)-->() | p] AS paths` is a graph-accessing operation in the root scope of the query: -- `MATCH (n)` -- `CREATE (:X)` -- `WITH [p=()--() | p] AS paths` +[source, cypher] +---- +UNWIND graph.names() AS graphName +CALL { + USE graph.byName(graphName) + MATCH (movie:Movie) + RETURN movie +} +RETURN [p=(movie)-->() | p] AS paths +---- -Examples of non-graph-accessing operations: +See examples of graph-accessing operations: - `RETURN 1 + 2 AS number` - `WITH node.property AS val` @@ -277,11 +279,17 @@ CALL { RETURN m ---- +== Cypher runtime + +When a query is submitted to a Composite database, different parts of the query may run using different runtimes. +Clauses or expressions in scopes where no graph has been specified run using the _slotted_ runtime. +Parts of the query directed to different constituent graphs are run using the default runtime for that graph, or respect the submitted link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/query-tuning/query-options/#cypher-runtime[Cypher query options] if specified. + [[composite-databases-queries-built-in-functions]] == Built-in graph functions Graph functions are located in the namespace `graph`. -The following table provides a description these functions: +The following table describes these functions: .Built-in graph functions [options="header", cols="m,"] @@ -289,8 +297,12 @@ The following table provides a description these functions: | Function | Explanation | graph.names() -| Provides a list of names of all constituent graphs on the current composite database. +| Provides a list of names of all constituent graphs on the current Composite database. | graph.byName(graphName) | Used with the `USE` clause to select a constituent graph by name dynamically. This function is supported only with `USE` clauses. +| graph.propertiesByName(graphName) +| Returns a map containing the properties associated with the given graph. |=== + +For more information, see _Graph functions_ in the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/functions/graph/[Cypher Manual]. diff --git a/modules/ROOT/pages/composite-databases/sharding-with-copy.adoc b/modules/ROOT/pages/composite-databases/sharding-with-copy.adoc index 5e12a197d..cbe419c8d 100644 --- a/modules/ROOT/pages/composite-databases/sharding-with-copy.adoc +++ b/modules/ROOT/pages/composite-databases/sharding-with-copy.adoc @@ -1,6 +1,7 @@ +[role=enterprise-edition] [[sharding-with-copy]] = Sharding data with the `copy` command -:description: This section provides an example of how to use `neo4j-admin database copy` to filter out data for creating shards. +:description: An example of how to use `neo4j-admin database copy` to filter out data for creating shards. The `copy` command can be used to filter out data when creating database copies. In the following example, a sample database is separated into 3 shards. diff --git a/modules/ROOT/pages/index.adoc b/modules/ROOT/pages/index.adoc index 4b04bfb0c..a9b0de7d6 100644 --- a/modules/ROOT/pages/index.adoc +++ b/modules/ROOT/pages/index.adoc @@ -32,64 +32,64 @@ For a detailed description and instructions on how to set up clustering, see xre * Composite databases. + Fabric technology is used to improve the setting and management of sharded and federated databases with dynamic compositions of databases. -A new surface to administer Fabric databases, named composite databases, is new in 5.0. -Configuration settings have been removed and composite databases are now administered via Cypher commands. +A new surface to administer Fabric databases, named Composite databases, is new in 5.0. +Configuration settings have been removed and Composite databases are now administered via Cypher commands. For more information, see the new chapter on xref:composite-databases/index.adoc[Composite databases], which replaces the _Fabric_ chapter from previous versions. -* `neo4j-admin` refresh. +* `neo4j-admin` refresh. + All admin functionalities have been consolidated into a single tool, and all commands have been grouped by scope. There is an optional neo4j-admin conf file and individual conf files for each command so that there is more control over values provided for each command. Improved features, more control, and a consistent set of arguments for the database administrator. + See xref:tools/neo4j-admin/index.adoc[Neo4j Admin and Neo4j CLI] for details. -* A major overhaul of backup and restore. +* A major overhaul of backup and restore. + The new backup subsystem provides: -** Full and differential backup to an immutable file, and aggregation to compile a chain of backups into a full backup. -** Differential backup reduces storage requirements and provides point-in-time restore on timestamps or transaction IDs. -** A new backup API for backup management and operability and target multiple URIs in a single backup command to support Autonomous Clusters. +** Full and differential backup to an immutable file, and aggregation to compile a chain of backups into a full backup. +** Differential backup reduces storage requirements and provides point-in-time restore on timestamps or transaction IDs. +** A new backup API for backup management and operability and target multiple URIs in a single backup command to support Autonomous Clusters. + The Backup subsystem from Neo4j 4.x is available as `neo4j-admin database legacy-backup` and `legacy-restore`. + See xref:backup-restore/index.adoc[Backup and restore section] for detailed descriptions and instructions. -* Incremental offline import. +* Incremental offline import. + The `neo4j-admin import` command can now add more data to existing databases. + xref:tools/neo4j-admin/neo4j-admin-import.adoc[Import chapter] has been updated. -You can find more details there. +You can find more details there. * Log4j integration completion. + The logging framework is fully integrated with Log4j, providing more functionality and better control of all the database logs. + -Configuration settings are located in the `$NEO4J_HOME/conf` folder in the _user-logs.xml_ used for _neo4j.log_ and _server-logs.xml_ used for _debug.log_, _security.log_, _http.log_, and _query.log_. +Configuration settings are located in the `$NEO4J_HOME/conf` folder in the _user-logs.xml_ used for _neo4j.log_ and _server-logs.xml_ used for _debug.log_, _security.log_, _http.log_, and _query.log_. Query log uses the same format as _neo4j.log_. + Users are able to use/modify Log4j XML files. + See xref:monitoring/logging.adoc[the section on the logging mechanisms in Neo4j] for more details. -* Updates in the *Cypher Shell* section. +* Updates in the *Cypher Shell* section. -** Cypher Shell supports impersonation. +** Cypher Shell supports impersonation. + Cypher Shell users can impersonate other users via `--impersonate` or the command `:impersonate` (requires `IMPERSONATE` privileges). + Visit xref:tools/cypher-shell.adoc[Cypher Shell page] for more details. -** Cypher Shell logging. +** Cypher Shell logging. + New option `--log` is introduced to enable Java Driver logging to the specified file. When users report problems with Java Driver/Bolt, now they can use Cypher Shell to try and replicate the issue without having to edit the client app that uses the driver. + You can find more information in the xref:tools/cypher-shell.adoc[Cypher Shell section]. -* Immutable privileges. +* Immutable privileges. + Immutable privileges are useful for restricting the actions of users who themselves are able to administer privileges. + Cloud operators can use sidecar design pattern to control RBAC-based permissions. + You can find xref:tutorial/tutorial-immutable-privileges.adoc[a tutorial] on how to administer immutable privileges. * Changes to Neo4j indexes -** The B-tree index type has been removed. +** The B-tree index type has been removed. ** New Range and Point index types are available now. ** Neo4j 5.1 introduces an improved index provider, `text-2.0`, for enhanced performance. New Text indexes will use the `text-2.0` provider by default. diff --git a/modules/ROOT/pages/manage-databases/index.adoc b/modules/ROOT/pages/manage-databases/index.adoc index 042f358a7..b01cd8056 100644 --- a/modules/ROOT/pages/manage-databases/index.adoc +++ b/modules/ROOT/pages/manage-databases/index.adoc @@ -1,6 +1,6 @@ [[manage-databases]] = Manage databases -:description: This chapter describes how to create and manage multiple active databases. +:description: This chapter describes how to create and manage multiple active databases. This chapter describes how to create and manage multiple active databases and contains the following: @@ -9,5 +9,9 @@ This chapter describes how to create and manage multiple active databases and co * xref:manage-databases/queries.adoc[Queries] * xref:manage-databases/errors.adoc[Error handling] * xref:manage-databases/remote-alias.adoc[Connecting remote databases] +* xref:composite-databases/index.adoc[] +** xref:composite-databases/administration.adoc[] +** xref:composite-databases/sharding-with-copy.adoc[] +** xref:composite-databases/queries.adoc[] diff --git a/modules/ROOT/pages/manage-databases/introduction.adoc b/modules/ROOT/pages/manage-databases/introduction.adoc index fee27497e..c2da3ffeb 100644 --- a/modules/ROOT/pages/manage-databases/introduction.adoc +++ b/modules/ROOT/pages/manage-databases/introduction.adoc @@ -44,16 +44,16 @@ A different name can be configured before starting Neo4j for the first time. [NOTE] ==== -Be aware that the automatically created _initial_ default database may have a different topology to the default configuration values. +Be aware that the automatically created _initial_ default database may have a different topology to the default configuration values. See xref:clustering/clustering-advanced/default-database.adoc[Default database in a cluster] for more information. ==== Composite database:: -A composite database is a logical grouping of multiple graphs contained in other, standard databases. +A Composite database is a logical grouping of multiple graphs contained in other, standard databases. + -A composite database defines an _execution context_ and a (limited) _transaction domain_. +A Composite database defines an _execution context_ and a (limited) _transaction domain_. + -For more information, see xref:composite-databases/introduction.adoc#composite-databases-overview[composite databases]. +For more information, see xref:composite-databases/index.adoc[Composite databases]. The following image illustrates a default installation, including the `system` database and a single database named `neo4j` for user data: diff --git a/modules/ROOT/pages/performance/index-configuration.adoc b/modules/ROOT/pages/performance/index-configuration.adoc index ca7a1760a..64647e5d9 100644 --- a/modules/ROOT/pages/performance/index-configuration.adoc +++ b/modules/ROOT/pages/performance/index-configuration.adoc @@ -1,6 +1,6 @@ [[index-configuration]] = Index configuration -:description: How to configure indexes to enhance performance in search, and to enable full-text search. +:description: How to configure indexes to enhance performance in search, and to enable full-text search. This page describes how to configure Neo4j indexes to enhance search performance and enable full-text search. The supported index types are: @@ -187,7 +187,7 @@ For a detailed information on how to create and use full-text indexes, see the l === Per-property analyzer A full-text index can be created over multiple properties. -If different analyzers for different properties are required, the standard approach in Lucene is to create a custom composite analyzer. +If different analyzers for different properties are required, the standard approach in Lucene is to create a custom Composite analyzer. The Lucene project provides `PerFieldAnalyzerWrapper` that can associate analyzers with specific fields. For more information, see the link:https://javadoc.io/doc/org.apache.lucene/lucene-analysis-common/latest/org/apache/lucene/analysis/miscellaneous/PerFieldAnalyzerWrapper.html[Lucene official documentation]. diff --git a/modules/ROOT/pages/routing-decisions.adoc b/modules/ROOT/pages/routing-decisions.adoc index d34ee5e36..ade448642 100644 --- a/modules/ROOT/pages/routing-decisions.adoc +++ b/modules/ROOT/pages/routing-decisions.adoc @@ -23,7 +23,7 @@ Step 2: Reuse open transaction:: * If not, then proceed to step 3. Step 3: Determine the type of the target database (execution context type):: * If the target database is a database in this DBMS, then the context type is _Internal_. -* If the target database is the xref:composite-databases/introduction.adoc[Composite database], then the context type is _Composite_. + +* If the target database is the xref:composite-databases/index.adoc[Composite database], then the context type is _Composite_. + + [NOTE] ==== diff --git a/modules/ROOT/pages/tools/neo4j-admin/consistency-checker.adoc b/modules/ROOT/pages/tools/neo4j-admin/consistency-checker.adoc index 9a8931d86..9b4a77069 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/consistency-checker.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/consistency-checker.adoc @@ -186,6 +186,6 @@ bin/neo4j-admin database check --from-path= neo4j [NOTE] ==== -`neo4j-admin database check` cannot be applied to xref:composite-databases/introduction.adoc#composite-databases-concepts[composite databases]. - It must be run directly on the databases that are part of a composite database. +`neo4j-admin database check` cannot be applied to xref:composite-databases/index.adoc[Composite databases]. + It must be run directly on the databases that are associated with that Composite database. ==== diff --git a/modules/ROOT/pages/tutorial/index.adoc b/modules/ROOT/pages/tutorial/index.adoc index cb97f0ffb..ee8f5d706 100644 --- a/modules/ROOT/pages/tutorial/index.adoc +++ b/modules/ROOT/pages/tutorial/index.adoc @@ -1,14 +1,14 @@ [appendix] [[tutorial]] = Tutorials -:description: This appendix contains tutorials that further describe usages of Neo4j. +:description: This appendix contains tutorials that further describe usages of Neo4j. The following step-by-step tutorials cover common operational tasks or otherwise exemplify working with Neo4j: //* <> -- This tutorial walks through the basics of setting up a Neo4j Causal Cluster. //* <> -- This tutorial provides a detailed example of how to back up and restore a database in a running Causal Cluster. * xref:tutorial/neo4j-admin-import.adoc[Neo4j Admin import] -- This tutorial provides detailed examples to illustrate the capabilities of importing data from CSV files with the command `neo4j-admin database import`. -* xref:tutorial/tutorial-composite-database.adoc[Set up and use a composite database] -- This tutorial walks through the basics of setting up and using composite databases. +* xref:tutorial/tutorial-composite-database.adoc[Set up and use a Composite database] -- This tutorial walks through the basics of setting up and using Composite databases. * xref:tutorial/tutorial-sso-configuration.adoc[SSO configuration] -- This tutorial presents examples and solutions to common problems when configuring SSO. * xref:tutorial/tutorial-immutable-privileges.adoc[Administering immutable privileges] -- This tutorial describes methods for administering immutable privileges. * xref:tutorial/tutorial-clustering-docker.adoc[Deploy a Neo4j cluster in a Docker container] -- This tutorial walks through setting up a Neo4j cluster on your local computer for testing purposes. diff --git a/modules/ROOT/pages/tutorial/neo4j-admin-import.adoc b/modules/ROOT/pages/tutorial/neo4j-admin-import.adoc index 5a303c2c4..41c4c2398 100644 --- a/modules/ROOT/pages/tutorial/neo4j-admin-import.adoc +++ b/modules/ROOT/pages/tutorial/neo4j-admin-import.adoc @@ -1,8 +1,8 @@ [[tutorial-neo4j-admin-import]] = Neo4j-admin import -:description: This tutorial provides detailed examples to illustrate the capabilities of importing data from CSV files with the command `neo4j-admin database import`. +:description: This tutorial provides detailed examples to illustrate the capabilities of importing data from CSV files with the command `neo4j-admin database import`. -This tutorial provides detailed examples to illustrate the capabilities of importing data from CSV files with the command xref:tools/neo4j-admin/neo4j-admin-import.adoc[`neo4j-admin database import`]. +This tutorial provides detailed examples to illustrate the capabilities of importing data from CSV files with the command xref:tools/neo4j-admin/neo4j-admin-import.adoc[`neo4j-admin database import`]. The import command is used for loading large amounts of data from CSV files and supports full and incremental import into a running or stopped Neo4j DBMS. [IMPORTANT] diff --git a/modules/ROOT/pages/tutorial/tutorial-composite-database.adoc b/modules/ROOT/pages/tutorial/tutorial-composite-database.adoc index 7fdb02263..39ea741a0 100644 --- a/modules/ROOT/pages/tutorial/tutorial-composite-database.adoc +++ b/modules/ROOT/pages/tutorial/tutorial-composite-database.adoc @@ -1,7 +1,7 @@ [role=enterprise-edition] [[tutorial-composite-database]] -= Set up and use a composite database -:description: This tutorial walks through the basics of setting up and using a composite database. += Set up and use a Composite database +:description: This tutorial walks through the basics of setting up and using a Composite database. Composite databases allow queries that access multiple graphs at once. This is a function that enables: @@ -11,17 +11,17 @@ This is a function that enables: In this tutorial, you will learn how to: -* <> +* <> * <> * <> -* <> +* <> * <> [[tutorial-composite-database-model-data]] -== Model your data for composite database use +== Model your data for Composite database use -The example data in this tutorial is based on the Northwind dataset, created by Microsoft. +The example data in this tutorial is based on the Northwind dataset, created by Microsoft. It contains the sales data of a fictitious small company called “Northwind Traders”. The data includes customers, products, customer orders, warehouse stock, shipping, suppliers, employees, and sales territories. @@ -408,11 +408,11 @@ LIMIT 5; ---- [[tutorial-composite-database-config]] -== Configure a composite database -Set up a composite database with the `CREATE COMPOSITE DATABASE` Cypher command and add local database aliases as constituents to the composite database. -In this example, the composite database is called `compositenw`. +== Configure a Composite database +Set up a Composite database with the `CREATE COMPOSITE DATABASE` Cypher command and add local database aliases as constituents to the Composite database. +In this example, the Composite database is called `compositenw`. -. Run the command `CREATE COMPOSITE DATABASE ` to create the composite database: +. Run the command `CREATE COMPOSITE DATABASE ` to create the Composite database: + [source, cypher, role=noplay] ---- @@ -461,7 +461,7 @@ The constituent database aliases in this tutorial are local database aliases (po but they can just as well be remote database aliases (pointing to databases in another Neo4j DBMS). ==== + -. Run the command `SHOW DATABASES` to verify that the composite database has been configured and is `online`: +. Run the command `SHOW DATABASES` to verify that the Composite database has been configured and is `online`: + [source, cypher, role=noplay] ---- @@ -508,7 +508,7 @@ SHOW ALIASES FOR DATABASES; [[tutorial-composite-database-query-product]] === Query a single database -When connected to a composite database you can retrieve data from a single database by using the Cypher clause `USE` and the name of an alias: +When connected to a Composite database you can retrieve data from a single database by using the Cypher clause `USE` and the name of an alias: [source, cypher, role=noplay] ---- @@ -542,7 +542,7 @@ LIMIT 5; [[tutorial-composite-database-query-shards]] === Query across multiple shards -Use the composite database to query both shards and get customers whose name starts with A: +Use the Composite database to query both shards and get customers whose name starts with A: [source, cypher, role=noplay] ---- @@ -577,7 +577,7 @@ LIMIT 5; 4 rows available after 25 ms, consumed after another 56 ms ---- -Or, using a more common composite database idiom: +Or, using a more common Composite database idiom: [source, cypher, role=noplay] ---- @@ -615,7 +615,7 @@ LIMIT 5; [[tutorial-composite-database-query-all-dbs]] === Query across federation and shards -Here is a more complex query that uses all 3 databases to find all customers who have bought discontinued products in the Meat/Poultry category: +Here is a more complex query that uses all 3 databases to find all customers who have bought discontinued products in the Meat/Poultry category: [source, cypher, role=noplay] ---- :use compositenw @@ -676,6 +676,6 @@ LIMIT 20; The way this query works is by `compositenw` calling database `db0` to retrieve all discontinued products in the Meat/Poultry category. Then, using the returned product IDs, it queries both `db1` and `db2` *in parallel* and gets the customers who have purchased these products and their country. -You have just learned how to store and retrieve data from multiple databases using a single Cypher query. +You have just learned how to store and retrieve data from multiple databases using a single Cypher query. + -For more details on composite databases, see <>. \ No newline at end of file +For more details on Composite databases, see <>. \ No newline at end of file From 9744a2f4d60820837281ff0f967c82da27d19558 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Wed, 19 Apr 2023 11:57:29 +0200 Subject: [PATCH 234/876] Add page monitoring cluster endpoints to the index (#667) (#705) It wasn't listed in the table of contents there though the page is in the left-side menu Cherry-picked from https://github.com/neo4j/docs-operations/pull/667 --- modules/ROOT/pages/clustering/index.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/ROOT/pages/clustering/index.adoc b/modules/ROOT/pages/clustering/index.adoc index 70aa08ea7..18f5340fa 100644 --- a/modules/ROOT/pages/clustering/index.adoc +++ b/modules/ROOT/pages/clustering/index.adoc @@ -16,6 +16,7 @@ This chapter describes the following: * Monitoring -- Monitoring of a cluster. ** xref:clustering/monitoring/show-servers-monitoring.adoc[Monitoring servers] -- The tools available for monitoring the servers in a cluster. ** xref:clustering/monitoring/show-databases-monitoring.adoc[Monitoring databases] -- The tools available for monitoring the databases in a cluster. +** xref:clustering/monitoring/endpoints.adoc[Monitor cluster endpoints for status information] -- The endpoints and semantics of endpoints used to monitor the health of the cluster. * xref:clustering/disaster-recovery.adoc[Disaster recovery] -- How to recover a cluster in the event of a disaster. * xref:clustering/settings.adoc[Settings reference] -- A summary of the most important cluster settings. * xref:clustering/clustering-advanced/index.adoc[Advanced clustering] -- Some more advanced features of Neo4j clusters. From 5d3d3a17b5b881ac0fc7e010702b9f16b801d331 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 19 Apr 2023 12:01:15 +0100 Subject: [PATCH 235/876] Update neo4j-admin database dump syntax and options to reflect the code (#704) --- .../pages/backup-restore/offline-backup.adoc | 76 +++++++++++++------ 1 file changed, 53 insertions(+), 23 deletions(-) diff --git a/modules/ROOT/pages/backup-restore/offline-backup.adoc b/modules/ROOT/pages/backup-restore/offline-backup.adoc index 4506f7698..0290754aa 100644 --- a/modules/ROOT/pages/backup-restore/offline-backup.adoc +++ b/modules/ROOT/pages/backup-restore/offline-backup.adoc @@ -32,45 +32,73 @@ It does not support SSL/TLS. [source,role=noheader] ---- -neo4j-admin database dump [--verbose] - [--expand-commands] - [--overwrite-destination[=true|false]] - [--to-path= | --to-stdout] - +neo4j-admin database dump [-h] [--expand-commands] + [--verbose] [--overwrite-destination[=true|false]] + [--additional-config=] + [--to-path= | --to-stdout] + ---- - -- Name of the database to dump. -Can contain `*` and `?` for globbing. +=== Description + +Dump a database into a single-file archive. +The archive can be used by the load command. +`` should be a directory (in which case a file called _.dump_ will be created), or `--to-stdout` can be supplied to use standard output. +If neither `--to-path` or `--to-stdout` is supplied `server.directories.dumps.root` setting will be used as a destination. +It is not possible to dump a database that is mounted in a running Neo4j server. + +=== Parameters + +.`neo4j-admin database dump` parameters +[options="header", cols="1m,3a"] +|=== +| Parameter +| Description + +| +|Name of the database to dump. Can contain `\*` and `?` for globbing. + Note that `*` and `?` have special meaning in some shells and might need to be escaped or used with quotes. +|=== [[offline-backup-command-options]] === Options -[options="header",cols="m,m,a"] +The `neo4j-admin database dump` command has the following options: + +.`neo4j-admin database dump` options +[options="header", cols="5m,6a,4m"] |=== | Option -| Default | Description +| Default + +|--additional-config= +|Configuration file with additional configuration. +| -| --verbose +|--expand-commands +|Allow command expansion in config value evaluation. | -| Enable verbose output. -| --expand-commands +| -h, --help +|Show this help message and exit. | -| Allow command expansion in config value evaluation. -| --overwrite-destination -| false -| Overwrite any existing dump file in the destination folder. +| --overwrite-destination[=true\|false] +|Overwrite any existing dump file in the destination folder. +|false -| --to-path +|--to-path= +|Destination folder of a database dump. | -| Destination for the database dump. -It must point to an existing directory. -| --to-stdout +|--to-stdout +|Use standard output as the destination for the database dump. +| + +|--verbose +|Enable verbose output. | -| Use standard output as the destination for the database dump. |=== @@ -80,11 +108,13 @@ It must point to an existing directory. The following is an example of how to create a dump of the default database `neo4j` using the `neo4j-admin database dump` command. The target directory _/dumps/neo4j_ must exist before running the command and the database must be offline. -[source,shell] +[source, shell, role="nocopy"] ---- -bin/neo4j-admin database dump neo4j --to-path=/dumps/neo4j +bin/neo4j-admin database dump --to-path=/full/path/to/dumps/ ---- +The command creates a file called _.dump_ where `` is the database specified in the command. + [NOTE] ==== `neo4j-admin database dump` cannot be applied to xref:composite-databases/index.adoc[Composite databases]. From c4baf7a283cb8ac49f1e2e23df77b9e48594317f Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 19 Apr 2023 12:37:08 +0100 Subject: [PATCH 236/876] Update neo4j-admin database aggregate-backup syntax and options to reflect the code (#706) --- .../ROOT/pages/backup-restore/aggregate.adoc | 96 +++++++++---------- 1 file changed, 48 insertions(+), 48 deletions(-) diff --git a/modules/ROOT/pages/backup-restore/aggregate.adoc b/modules/ROOT/pages/backup-restore/aggregate.adoc index d9af262f0..6d2f01223 100644 --- a/modules/ROOT/pages/backup-restore/aggregate.adoc +++ b/modules/ROOT/pages/backup-restore/aggregate.adoc @@ -1,12 +1,12 @@ [role=enterprise-edition] [[aggregate-backup]] = Aggregate a database backup chain -:description: This section describes how to aggregate a backup chain into a single backup. +:description: This section describes how to aggregate a backup chain into a single backup. [[aggregate-backup-command]] == Command -The aggregate command turns a xref:backup-restore/online-backup.adoc#backup-chain[backup chain] into a single xref:backup-restore/online-backup.adoc#backup-artifact[full backup artifact]. +The aggregate command turns a xref:backup-restore/online-backup.adoc#backup-chain[a chain of backup artifacts] into a single xref:backup-restore/online-backup.adoc#backup-artifact[full backup artifact]. image:backup-chain-aggregation.svg[title="Backup chain aggregation",role="middle"] @@ -24,71 +24,71 @@ This operation is called _recovery_ and can be costly. [source,role=noheader] ---- -neo4j-admin database aggregate-backup --from-path= - [--keep-old-backup[=true|false]] - [--parallel-recovery[=true|false]] - [--verbose] - [--expand-commands] - [--additional-config=] - +neo4j-admin database aggregate-backup [-h] [--expand-commands] + [--verbose] [--keep-old-backup[=true|false]] + [--parallel-recovery[=true|false]] + [--additional-config=] + --from-path= [] ---- + +[[aggregate-backup-command-parameters]] +=== Parameters + +.`neo4j-admin database aggregate-backup` parameters +[options="header", cols="1m,3a"] +|=== +| Parameter +| Description + +| +|Name of the database for which to aggregate the artifacts. Can contain `*` and `?` for globbing. +|=== + + [[aggregate-backup-command-options]] === Options -[options="header",cols="m,m,a"] +.`neo4j-admin database aggregate-backup` options +[options="header", cols="5m,6a,4m"] |=== | Option -| Default | Description +| Default -| --from-path +|--additional-config= +|Configuration file with additional configuration or override the existing configuration settings in the _neo4j.conf_ file. | -| Directory where the backup artifacts are located. -Directory where the backup artifacts are located, or optionally the path to a specific _.backup file_ forcing `aggregate` to find the backup chain for that specific backup (and guarding against the risk of identifying the wrong backup chain, if more than one exists in a given directory). -When a file is supplied, the __ parameter should be omitted. -The option to supply a file is only available in Neo4j 5.2 and later. - -| --keep-old-backup -| false -| If set to true, the old backup chain is not removed. - -| --parallel-recovery -| false -| Allow multiple threads to apply pulled transactions to a backup in parallel. -For some databases and workloads this may reduce aggregate times significantly. -[NOTE] -==== -`parallel-recovery` is an experimental option. -Consult Neo4j support before use. -==== -| --verbose -| -| Enable verbose output. | --expand-commands -| | Allow command expansion in config value evaluation. +| + +|--from-path= +|Accepts either a path to a single artifact file or a folder containing backup artifacts. -| --additional-config +When a file is supplied, the __ parameter should be omitted. +The option to supply a file is only available in Neo4j 5.2 and later. | -| Configuration file to provide additional or override the existing configuration settings in the _neo4j.conf_ file. -|=== -[[aggregate-backup-command-parameters]] -=== Parameters +|-h, --help +|Show this help message and exit. +| -[options="header",cols="m,m,a"] -|=== -| Parameter -| Default -| Description +|--keep-old-backup[=true\|false] +|If set to true, the old backup chain is not removed. +|false -| -| neo4j -| Name of the database for which to aggregate the artifacts. -Can contain `*` and `?` for globbing. +|--parallel-recovery[=true\|false] +|Allow multiple threads to apply pulled transactions to a backup in parallel. +For some databases and workloads, this may reduce aggregate times significantly. +Note: this is an EXPERIMENTAL option. +Consult Neo4j support before use. +|false +|--verbose +|Enable verbose output. +| |=== [[aggregate-backup-example]] From df79cb1dc6face58feee3662069fd8eb35c0a7a8 Mon Sep 17 00:00:00 2001 From: Jack Waudby <33488812+jackwaudby@users.noreply.github.com> Date: Wed, 19 Apr 2023 14:31:48 +0100 Subject: [PATCH 237/876] Update disaster recovery guide to reflect error message change (#709) Recently in 5.7 we updated the error message when attempting to deallocate a server hosting a database with only 1 primary. This PR updates the disaster recovery guide to reflect this. --------- Co-authored-by: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> --- modules/ROOT/pages/clustering/disaster-recovery.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/clustering/disaster-recovery.adoc b/modules/ROOT/pages/clustering/disaster-recovery.adoc index 8ed8ca7b3..588a3b28a 100644 --- a/modules/ROOT/pages/clustering/disaster-recovery.adoc +++ b/modules/ROOT/pages/clustering/disaster-recovery.adoc @@ -117,7 +117,7 @@ If *all* servers show health `AVAILABLE` and status `ENABLED` continue to xref:c . On each `UNAVAILABLE` server, run `CALL dbms.cluster.cordonServer("unavailable-server-id")`. . On each `CORDONED` server, run `DEALLOCATE DATABASES FROM SERVER cordoned-server-id`. . On each server that failed to deallocate with one of the following messages: -.. `Could not deallocate server [server]. Can't move databases in single mode [database]` +.. `Could not deallocate server [server]. Can't move databases with only one primary [database].` + or + From fb3265cb2df3d55c6f1e107f034c5f05e34dee2b Mon Sep 17 00:00:00 2001 From: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> Date: Wed, 19 Apr 2023 15:35:32 +0200 Subject: [PATCH 238/876] clarify on server rename (#710) Regarding: https://trello.com/c/kroMaO0f/4500-5x-docs-on-server-rename --- modules/ROOT/pages/clustering/servers.adoc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/ROOT/pages/clustering/servers.adoc b/modules/ROOT/pages/clustering/servers.adoc index c885e4453..32201f683 100644 --- a/modules/ROOT/pages/clustering/servers.adoc +++ b/modules/ROOT/pages/clustering/servers.adoc @@ -209,10 +209,10 @@ neo4j@neo4j> DRYRUN DEALLOCATE DATABASES FROM SERVER '135ad202-5405-4d3c-9822-df [NOTE] ==== -Deallocation is currently prevented in the following situations. +Deallocation is currently prevented in the following situations. -* If a database the server is hosting is offline. -* If the server is hosting a database with an allocation of 1 primary. +* If a database the server is hosting is offline. +* If the server is hosting a database with an allocation of 1 primary. * If a quorum of servers hosting the database in primary mode are cordoned. ==== @@ -277,8 +277,8 @@ For instance if `SET OPTIONS {modeConstraint:'SECONDARY'}` is executed followed === Renaming a server -When first discovered and enabled, a server's name defaults to the value of its generated server ID. -However, this can be changed later using the following command: +When first discovered, a server's name defaults to the value of its generated server ID. +However, as long as the server is enabled, this can be changed later using the following command: [source,cypher] ---- From cefb06a32b3aa0f439be6d5c4aea2d35e47d93d5 Mon Sep 17 00:00:00 2001 From: Rory Steele Date: Thu, 20 Apr 2023 09:05:05 +0100 Subject: [PATCH 239/876] Rename server.memory.off_heap.max_size to server.memory.off_heap.transaction_max_size (#567) The off-heap memory block contains a lot more than transaction state (netty, lucene etc.) so the config setting 'server.memory.off_heap.max_size' has been renamed to 'server.memory.off_heap.transaction_max_size' to make it clearer that it only applies to transaction state. --- .../ROOT/pages/reference/configuration-settings.adoc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/ROOT/pages/reference/configuration-settings.adoc b/modules/ROOT/pages/reference/configuration-settings.adoc index f65e36acf..7bfcc9af7 100644 --- a/modules/ROOT/pages/reference/configuration-settings.adoc +++ b/modules/ROOT/pages/reference/configuration-settings.adoc @@ -288,7 +288,7 @@ This setting is deprecated in favor of <>|Maximum heap size. |<>|Defines the size of the off-heap memory blocks cache. |<>|Defines the maximum size of an off-heap memory block that can be cached to speed up allocations. -|<>|The maximum amount of off-heap memory that can be used to store transaction state data; it's a total amount of memory shared across all active transactions. +|<>|The maximum amount of off-heap memory that can be used to store transaction state data; it's a total amount of memory shared across all active transactions. |<>|Use direct I/O for page cache. |<>|Page cache can be configured to use a temporal buffer for flushing purposes. |<>|Page cache can be configured to use a temporal buffer for flushing purposes. @@ -595,7 +595,7 @@ This setting is deprecated in favor of <>: Maximum heap size. * <>: Defines the size of the off-heap memory blocks cache. * <>: Defines the maximum size of an off-heap memory block that can be cached to speed up allocations. -* <>: The maximum amount of off-heap memory that can be used to store transaction state data; it's a total amount of memory shared across all active transactions. +* <>: The maximum amount of off-heap memory that can be used to store transaction state data; it's a total amount of memory shared across all active transactions. * <>: Use direct I/O for page cache. * <>: Page cache can be configured to use a temporal buffer for flushing purposes. * <>: Page cache can be configured to use a temporal buffer for flushing purposes. @@ -3793,14 +3793,14 @@ a|server.memory.off_heap.max_cacheable_block_size, a byte size (valid multiplier m|+++512.00KiB+++ |=== -[[config_server.memory.off_heap.max_size]] -.server.memory.off_heap.max_size +[[config_server.memory.off_heap.transaction_max_size]] +.server.memory.off_heap.transaction_max_size [cols="<1s,<4"] |=== |Description a|The maximum amount of off-heap memory that can be used to store transaction state data; it's a total amount of memory shared across all active transactions. Zero means 'unlimited'. Used when <> is set to 'OFF_HEAP'. |Valid values -a|server.memory.off_heap.max_size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `0B` +a|server.memory.off_heap.transaction_max_size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `0B` |Default value m|+++2.00GiB+++ |=== From 8ca89c3b62ff8ec118779f36081d3911a2692c2e Mon Sep 17 00:00:00 2001 From: Jenny Owen Date: Thu, 20 Apr 2023 10:34:49 +0200 Subject: [PATCH 240/876] updated debian install instructions for if openjdk 19 gets installed (#700) Also added RHEL 8.8 to compatible OSs. --------- Co-authored-by: Reneta Popova --- .../ROOT/pages/installation/linux/debian.adoc | 69 +++++++++++++++---- .../ROOT/pages/installation/requirements.adoc | 2 +- 2 files changed, 55 insertions(+), 16 deletions(-) diff --git a/modules/ROOT/pages/installation/linux/debian.adoc b/modules/ROOT/pages/installation/linux/debian.adoc index 469484fb2..dc9a4b595 100644 --- a/modules/ROOT/pages/installation/linux/debian.adoc +++ b/modules/ROOT/pages/installation/linux/debian.adoc @@ -11,6 +11,7 @@ Neo4j {neo4j-version} requires the Java 17 runtime. Java 17 is not included in Ubuntu 16.04 LTS and will have to be set up manually prior to installing or upgrading to Neo4j {neo4j-version}, as described below. Debian 11 and Ubuntu 18.04 onwards already have the OpenJDK Java 17 package available through `apt`. +[[debian-prerequisites-notopenjdk]] === Oracle JDK, Zulu JDK, or Corretto JDK If you wish to use a non-default JDK, it must be installed prior to starting the Neo4j installation. @@ -44,7 +45,7 @@ See xref:installation/linux/debian.adoc#multiple-java-versions[Dealing with mult It is important that you configure your default Java version to point to Java 17, or Neo4j {neo4j-version-exact} will be unable to start. Do so with the `update-java-alternatives` command. -* First list all your installed versions of Java with `update-java-alternatives --list` +. List all your installed versions of Java with `update-java-alternatives --list`. + Your results may vary, but this is an example of the output: + @@ -54,21 +55,58 @@ java-1.17.0-openjdk-amd64 1711 /usr/lib/jvm/java-1.17.0-openjdk-amd64 java-1.11.0-openjdk-amd64 1071 /usr/lib/jvm/java-1.11.0-openjdk-amd64 ---- -* Identify your Java 17 version, in this case, it is `java-1.17.0-openjdk-amd64`. -Then set it as the default with (replacing `` with the appropriate name from above): +. Identify your Java 17 version: + [source, shell] ---- -sudo update-java-alternatives --jre --set +java -version ---- ++ +In this case, it is `java-1.17.0-openjdk-amd64`. -* Finally, confirm which version of Java is the default: +. Set it as the default by replacing `` with its name: + [source, shell] ---- -java -version +sudo update-java-alternatives --jre --set +---- + +. Confirm which version of Java is the default using `java -version` again. + +[[debian-install-newer-java]] +=== If `apt` installed OpenJDK 19 + +On newer Debian or Ubuntu operating systems, Java 19 is available by default, and `apt` may have installed OpenJDK 19, *even if Java 17 was already installed*. + +If this happens, you will see this warning on Neo4j start: +[output] +---- +WARNING! You are using an unsupported Java runtime. +* Please use Oracle(R) Java(TM) 17, OpenJDK(TM) 17 to run Neo4j. +* Please see https://neo4j.com/docs/ for Neo4j installation instructions. ---- +To fix this, you can install Java 17 manually, uninstall OpenJDK 19, or set Java 17 as the default. + +* Install OpenJDK 17 manually: ++ +[source, shell, subs="attributes"] +---- +sudo apt install openjdk-17-jre +---- ++ +For other distributions of Java 17, see +xref:installation/linux/debian.adoc#debian-prerequisites-notopenjdk[instructions for setting up java pre-requisites]. + +* Uninstall OpenJDK 19: ++ +[source, shell, subs="attributes"] +---- +sudo apt remove openjdk-19-jre-headless +---- + +* Alternatively, if you want to keep OpenJDK 19 installed, follow the instructions in the section for +xref:installation/linux/debian.adoc#multiple-java-versions[Dealing with multiple installed Java versions] to set Java 17 as the default java version. [[debian-installation]] == Installation @@ -79,7 +117,7 @@ java -version The Debian package is available from https://debian.neo4j.com. -* To use the repository for generally available versions of Neo4j, run: +. To use the repository for generally available versions of Neo4j, run: + [source, shell] ---- @@ -100,7 +138,7 @@ echo 'deb https://debian.neo4j.com stable {neo4j-version}' | sudo tee -a /etc/ap sudo apt-get update ---- -* Once the repository has been added into `apt`, you can verify which Neo4j versions are available by running: +. Once the repository has been added to `apt`, you can verify which Neo4j versions are available by running: + [source, shell] ---- @@ -109,7 +147,7 @@ apt list -a neo4j + [NOTE] ==== -In Ubuntu server installations you will also need to make sure that the `universe` repository is enabled. +In Ubuntu server installations, you also need to make sure that the `universe` repository is enabled. If the `universe` repository is not present, the Neo4j installation will fail with the error `Depends: daemon but it is not installable`. This can be fixed by running the command: @@ -123,21 +161,23 @@ sudo add-apt-repository universe [[debian-install]] === Install Neo4j -To install Neo4j Community Edition: +To install Neo4j, run one of the following commands depending on which version you want to install: +* Neo4j Community Edition: ++ [source, shell, subs="attributes"] ---- sudo apt-get install neo4j=1:{neo4j-version-exact} ---- -To install Neo4j Enterprise Edition: - +* Neo4j Enterprise Edition: ++ [source, shell, subs="attributes"] ---- sudo apt-get install neo4j-enterprise=1:{neo4j-version-exact} ---- -Note that the version includes an epoch version component (`1:`), in accordance with the https://www.debian.org/doc/debian-policy/#s-f-version[Debian policy on versioning]. +Note that the version includes an epoch version component (`1:`), following the https://www.debian.org/doc/debian-policy/#s-f-version[Debian policy on versioning]. When installing Neo4j Enterprise Edition, you will be prompted to accept the license agreement. Once the license agreement is accepted installation begins. @@ -150,7 +190,6 @@ To forget the stored answer, and trigger the license agreement prompt on subsequ echo purge | sudo debconf-communicate neo4j-enterprise ---- - [role=enterprise-edition] ==== Non-interactive installation of Neo4j Enterprise Edition @@ -247,7 +286,7 @@ On Debian-based distributions, Neo4j is enabled to start automatically on system Before starting up the database for the first time, it is recommended to use the `set-initial-password` command of `neo4j-admin` to define the password for the native user `neo4j`. If the password is not set explicitly using this method, it will be set to the default password `neo4j`. -In that case, you will be prompted to change the default password at first login. +In that case, you will be prompted to change the default password at first login. For more information, see xref:configuration/set-initial-password.adoc[]. ==== diff --git a/modules/ROOT/pages/installation/requirements.adoc b/modules/ROOT/pages/installation/requirements.adoc index 6bdb5da4a..f7e4437af 100644 --- a/modules/ROOT/pages/installation/requirements.adoc +++ b/modules/ROOT/pages/installation/requirements.adoc @@ -101,7 +101,7 @@ For cloud environments, and server-based, on-premise environments: | *Amazon Linux 2022 AMI* | Amazon Corretto 17, and OracleJDK 17 | *CentOS Stream 8, 9* | OpenJDK 17, OracleJDK 17, and ZuluJDK 17 | *Debian 11* | OpenJDK 17, OracleJDK 17, and ZuluJDK 17 -| *Red Hat Enterprise Linux Server 8.4, 8.6, 9.0* | Red Hat OpenJDK 17, Oracle JDK 17, and ZuluJDK 17 +| *Red Hat Enterprise Linux Server 8.6, 8.8, 9.0* | Red Hat OpenJDK 17, Oracle JDK 17, and ZuluJDK 17 | *Ubuntu Server 16.04, 18.04, 20.04, 22.04* | OpenJDK 17, OracleJDK 17, and ZuluJDK 17 | *Windows Server 2016, 2019, 2022* | OracleJDK 17, ZuluJDK 17 |=== From f261542fdfcb6f9183d32130b1624894bd1c3552 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 20 Apr 2023 12:24:10 +0300 Subject: [PATCH 241/876] Configure LDAP password through secret (#658) Hey @harshitsinghvi22, the other lines (not related to this PR) were added to the yaml file when I pasted the new version from the helm chart repo. They seemed to be missing in the doc's version. --- .../ROOT/pages/kubernetes/configuration.adoc | 153 +++++++++++------- 1 file changed, 92 insertions(+), 61 deletions(-) diff --git a/modules/ROOT/pages/kubernetes/configuration.adoc b/modules/ROOT/pages/kubernetes/configuration.adoc index 56a2e975b..777e3dd35 100644 --- a/modules/ROOT/pages/kubernetes/configuration.adoc +++ b/modules/ROOT/pages/kubernetes/configuration.adoc @@ -27,20 +27,26 @@ helm show values neo4j/neo4j ---- # Default values for Neo4j. # This is a YAML-formatted file. - +## @param nameOverride String to partially override common.names.fullname +nameOverride: "" +## @param fullnameOverride String to fully override common.names.fullname +fullnameOverride: "" +# disableLookups will disable all the lookups done in the helm charts +# You can enable this when executing helm commands with --dry-run command +disableLookups: false neo4j: # Name of your cluster name: "" - # If password is not set or empty a random password will be generated during installation + # If password is not set or empty a random password will be generated during installation. + # Ignored if `neo4j.passwordFromSecret` is provided password: "" - + # Existing secret to use for initial database password + passwordFromSecret: "" # Neo4j Edition to use (community|enterprise) edition: "community" - # Minimum number of machines initially required to form a clustered database. The StatefulSet will not reach the ready state # until at least this many members have discovered each other. The default is 1 (standalone) #minimumClusterSize: 1 - # set edition: "enterprise" to use Neo4j Enterprise Edition # # To use Neo4j Enterprise Edition you must have a Neo4j license agreement. @@ -59,18 +65,17 @@ neo4j: resources: cpu: "1000m" memory: "2Gi" - #add labels if required labels: - # Volumes for Neo4j volumes: data: + #Set it to true when you do not want to use the subPathExpr + disableSubPathExpr: false # REQUIRED: specify a volume mode to use for data # Valid values are share|selector|defaultStorageClass|volume|volumeClaimTemplate|dynamic # To get up-and-running quickly, for development or testing, use "defaultStorageClass" for a dynamically provisioned volume of the default storage class. mode: "" - # Only used if mode is set to "selector" # Will attach to existing volumes that match the selector selector: @@ -84,7 +89,6 @@ volumes: matchLabels: app: "{{ .Values.neo4j.name }}" helm.neo4j.com/volume-role: "data" - # Only used if mode is set to "defaultStorageClass" # Dynamic provisioning using the default storageClass defaultStorageClass: @@ -92,7 +96,6 @@ volumes: - ReadWriteOnce requests: storage: 10Gi - # Only used if mode is set to "dynamic" # Dynamic provisioning using the provided storageClass dynamic: @@ -101,7 +104,6 @@ volumes: - ReadWriteOnce requests: storage: 100Gi - # Only used if mode is set to "volume" # Provide an explicit volume to use volume: @@ -109,55 +111,52 @@ volumes: # `chown -R :` AND `chmod -R g+rwx` # on the volume. This is useful for some filesystems (e.g. NFS) where Kubernetes fsUser or fsGroup settings are not respected setOwnerAndGroupWritableFilePermissions: false - # Example (using a specific Persistent Volume Claim) # persistentVolumeClaim: # claimName: my-neo4j-pvc - # Only used if mode is set to "volumeClaimTemplate" # Provide an explicit volumeClaimTemplate to use volumeClaimTemplate: {} - # provide a volume to use for backups # n.b. backups will be written to /backups on the volume # any of the volume modes shown above for data can be used for backups backups: + disableSubPathExpr: false mode: "share" # share an existing volume (e.g. the data volume) share: name: "data" - # provide a volume to use for logs # n.b. logs will be written to /logs/$(POD_NAME) on the volume # any of the volume modes shown above for data can be used for logs logs: + disableSubPathExpr: false mode: "share" # share an existing volume (e.g. the data volume) share: name: "data" - # provide a volume to use for csv metrics (csv metrics are only available in Neo4j Enterprise Edition) # n.b. metrics will be written to /metrics/$(POD_NAME) on the volume # any of the volume modes shown above for data can be used for metrics metrics: + disableSubPathExpr: false mode: "share" # share an existing volume (e.g. the data volume) share: name: "data" - # provide a volume to use for import storage # n.b. import will be mounted to /import on the underlying volume # any of the volume modes shown above for data can be used for import import: + disableSubPathExpr: false mode: "share" # share an existing volume (e.g. the data volume) share: name: "data" - # provide a volume to use for licenses # n.b. licenses will be mounted to /licenses on the underlying volume # any of the volume modes shown above for data can be used for licenses licenses: + disableSubPathExpr: false mode: "share" # share an existing volume (e.g. the data volume) share: name: "data" - #add additional volumes and their respective mounts additionalVolumes: [] # - name: neo4j1-conf @@ -166,6 +165,13 @@ additionalVolumeMounts: [] # - mountPath: "/config/neo4j1.conf" # name: neo4j1-conf +# ldapPasswordFromSecret defines the secret which holds the password for ldap system account +# Secret key name must be LDAP_PASS +# This secret is accessible by Neo4j at the path defined in ldapPasswordMountPath +ldapPasswordFromSecret: "" + +# The above secret gets mounted to the path mentioned here +ldapPasswordMountPath: "" #nodeSelector labels #please ensure the respective labels are present on one of the cluster nodes or else helm charts will throw an error @@ -184,21 +190,16 @@ services: default: # Annotations for the K8s Service object annotations: { } - # A LoadBalancer Service for external Neo4j driver applications and Neo4j Browser neo4j: enabled: true - # Annotations for the K8s Service object - annotations: { } - + annotations: {} spec: # Type of service. type: LoadBalancer - # in most cloud environments LoadBalancer type will receive an ephemeral public IP address automatically. If you need to specify a static ip here use: # loadBalancerIP: ... - # ports to include in neo4j service ports: http: @@ -217,7 +218,6 @@ services: enabled: false #Set this to true to expose backup port externally (n.b. this could have security implications. Backup is not authenticated by default) # Uncomment to explicitly specify the port to publish Neo4j Backup (6362 is the default) # port: 6362 - selector: "helm.neo4j.com/neo4j.loadbalancer": "include" # By default the load balancer will match all Neo4j instance types. @@ -226,10 +226,22 @@ services: # To only include Neo4j Core instances uncomment the setting below. # To only route to Neo4j Read Replicas uncomment the setting and change the value to "READ_REPLICA" # "helm.neo4j.com/clustering": "false" - #this flag allows you to open internal neo4j ports necessary in multi zone /region neo4j cluster scenario multiCluster: false - + # The neo4j LoadBalancer service is shared between all servers in the cluster. Because of this, the `helm.sh/resource-policy: keep` + # annotation is used to avoid helm ownership conflicts when another release attempts to update the service. + # To prevent the service being orphaned when uninstalling a release, a pre-delete helm hook is provided by the template `delete-loadbalancer-hook.yaml` + # This is enabled by default, and will create a Job, Service Account, Role and Role Binding that will run a kubectl image and delete the service + # If enabled: is set to false, the LoadBalancer will be orphaned and will have to manually deleted post uninstall and the hook job will not be created + cleanup: + enabled: true + image: + registry: docker.io + repository: bitnami/kubectl + # Will default to use the Kubernetes server version where the chart is deployed, eg 1.22 + tag: "" + digest: "" + imagePullPolicy: IfNotPresent # A service for admin/ops tasks including taking backups # This service is available even if the deployment is not "ready" admin: @@ -239,7 +251,6 @@ services: spec: type: ClusterIP # n.b. there is no ports object for this service. Ports are autogenerated based on the neo4j configuration - # A "headless" service for admin/ops and Neo4j cluster-internal communications # This service is available even if the deployment is not "ready" internals: @@ -247,8 +258,6 @@ services: # Annotations for the internals service annotations: { } # n.b. there is no ports object for this service. Ports are autogenerated based on the neo4j configuration - - # Neo4j Configuration (yaml format) config: server.config.strict_validation.enabled: "false" @@ -257,28 +266,28 @@ config: # The default page cache memory assumes the machine is dedicated to running # Neo4j, and is heuristically set to 50% of RAM minus the Java heap size. #dbms.memory.pagecache.size: "74m" - #The number of Cypher query execution plans that are cached. #dbms.query_cache_size: "10" - # Java Heap Size: by default the Java heap size is dynamically calculated based # on available system resources. Uncomment these lines to set specific initial # and maximum heap size. #dbms.memory.heap.initial_size: "317m" #dbms.memory.heap.max_size: "317m" - #apoc_config: # apoc.trigger.enabled: "true" # apoc.jdbc.apoctest.url: "jdbc:foo:bar" - -# securityContext defines privilege and access control settings for a Pod or Container. Making sure that we dont run Neo4j as root user. +# securityContext defines privilege and access control settings for a Pod. Making sure that we dont run Neo4j as root user. securityContext: runAsNonRoot: true runAsUser: 7474 runAsGroup: 7474 fsGroup: 7474 fsGroupChangePolicy: "Always" - +# securityContext defines privilege and access control settings for a Container. Making sure that we dont run Neo4j as root user. +containerSecurityContext: + runAsNonRoot: true + runAsUser: 7474 + runAsGroup: 7474 # Readiness probes are set to know when a container is ready to be used. # Because Neo4j uses Java these values are large to distinguish between long Garbage Collection pauses (which don't require a restart) and an actual failure. # These values should mark Neo4j as not ready after at most 5 minutes of problems (20 attempts * max 15 seconds between probes) @@ -286,7 +295,6 @@ readinessProbe: failureThreshold: 20 timeoutSeconds: 10 periodSeconds: 5 - # Liveness probes are set to know when to restart a container. # Because Neo4j uses Java these values are large to distinguish between long Garbage Collection pauses (which don't require a restart) and an actual failure. # These values should trigger a restart after at most 10 minutes of problems (40 attempts * max 15 seconds between probes) @@ -294,7 +302,6 @@ livenessProbe: failureThreshold: 40 timeoutSeconds: 10 periodSeconds: 5 - # Startup probes are used to know when a container application has started. # If such a probe is configured, it disables liveness and readiness checks until it succeeds # When restoring Neo4j from a backup it's important that startup probe gives time for Neo4j to recover and/or upgrade store files @@ -302,7 +309,6 @@ livenessProbe: startupProbe: failureThreshold: 1000 periodSeconds: 5 - # top level setting called ssl to match the "ssl" from "dbms.ssl.policy" ssl: # setting per "connector" matching neo4j config @@ -328,6 +334,17 @@ ssl: sources: [ ] revokedCerts: sources: [ ] + cluster: + privateKey: + secretName: + subPath: + publicCertificate: + secretName: + subPath: + trustedCerts: + sources: [ ] + revokedCerts: + sources: [ ] # Kubernetes cluster domain suffix clusterDomain: "cluster.local" @@ -337,39 +354,35 @@ image: imagePullPolicy: IfNotPresent # set a customImage if you want to use your own docker image # customImage: eu.gcr.io/neo4j-helm/neo4j:v5 - #imagePullSecrets list - # imagePullSecrets: - # - "demo" - +# imagePullSecrets: +# - "demo" #imageCredentials list for which secret of type docker-registry will be created automatically using the details provided - # registry , username , password , email are compulsory field for an imageCredential , without any , helm chart will throw an error + # password, name are compulsory fields for an imageCredential , without these fields helm chart will throw an error + # registry ,username and email are optional fields # imageCredential name should be part of the imagePullSecrets list or else the respective imageCredential will be ignored and no secret creation will be done + # In case of a secret already pre-existing you don't need to mention the imageCredential , just add the pre-existing secretName to the imagePullSecret list + # and that will be used as an imagePullSecret # imageCredentials: # - registry: "" # username: "" # password: "" # email: "" # name: "" - statefulset: metadata: #Annotations for Neo4j StatefulSet annotations: # imageregistry: "https://hub.docker.com/" # demo: alpha - # additional environment variables for the Neo4j Container env: {} - # Other K8s configuration to apply to the Neo4j pod podSpec: - #Annotations for Neo4j pod annotations: {} # imageregistry: "https://hub.docker.com/" # demo: alpha - nodeAffinity: {} # requiredDuringSchedulingIgnoredDuringExecution: # nodeSelectorTerms: @@ -387,13 +400,11 @@ podSpec: # operator: In # values: # - another-node-label-value - # Anti Affinity # If set to true then an anti-affinity rule is applied to prevent database pods with the same `neo4j.name` running on a single Kubernetes node. # If set to false then no anti-affinity rules are applied # If set to an object then that object is used for the Neo4j podAntiAffinity podAntiAffinity: true - #Add tolerations to the Neo4j pod tolerations: [] # - key: "key1" @@ -404,31 +415,23 @@ podSpec: # operator: "Equal" # value: "value2" # effect: "NoSchedule" - #Priority indicates the importance of a Pod relative to other Pods. # More Information : https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ priorityClassName: "" - #This indicates that the neo4j instance be included to the loadbalancer. Can be set to exclude to not add the stateful set to loadbalancer loadbalancer: "include" - # Name of service account to use for the Neo4j Pod (optional) # this is useful if you want to use Workload Identity to grant permissions to access cloud resources e.g. cloud object storage (AWS S3 etc.) serviceAccountName: "" - # How long the Neo4j pod is permitted to keep running after it has been signalled by Kubernetes to stop. Once this timeout elapses the Neo4j process is forcibly terminated. # A large value is used because Neo4j takes time to flush in-memory data to disk on shutdown. terminationGracePeriodSeconds: 3600 - # initContainers for the Neo4j pod initContainers: [ ] - # additional runtime containers for the Neo4j pod containers: [ ] - # print the neo4j user password set during install to the `helm install` log logInitialPassword: true - # Jvm configuration for Neo4j jvm: # If true any additional arguments are added after the Neo4j default jvm arguments. @@ -440,7 +443,6 @@ jvm: # - "-XX:HeapDumpPath=/logs/neo4j.hprof" # - "-XX:MaxMetaspaceSize=180m" # - "-XX:ReservedCodeCacheSize=40m" - logging: serverLogsXml: |- # @@ -1162,6 +1164,35 @@ Thus, changing the username claim from `sub` is not recommended. For details, see https://learn.microsoft.com/en-us/azure/active-directory/develop/id-tokens#using-claims-to-reliably-identify-a-user-subject-and-object-id[Microsoft documentation] as well as the https://openid.net/specs/openid-connect-core-1_0.html#ClaimStability[OpenId spec]. ==== + +[[configure-ldap-password-through-secret]] +== Configure LDAP password through secret +label:enterprise-edition[] + +To configure the Neo4j Helm deployment to use the LDAP system password through secret, you need to create a Kubernetes secret with the LDAP password and then add the secret name and the mount path to the _values.yaml_ file. + +. Create a secret with the LDAP password by running the following command. +The secret must have a key called `LDAP_PASS`. ++ +[source, shell] +---- +kubectl create secret generic --from-literal=LDAP_PASS= +---- +. Add the secret name to the _values.yaml_ file. ++ +[source, yaml] +---- +# ldapPasswordFromSecret defines the secret which holds the password for ldap system account +# Secret key name must be LDAP_PASS +# This secret is accessible by Neo4j at the path defined in ldapPasswordMountPath +ldapPasswordFromSecret: "" #<1> + +# The above secret gets mounted to the path mentioned here +ldapPasswordMountPath: "" #<2> +---- +<1> -- The secret name as it appears in the Kubernetes cluster. +<2> -- The path where the secret will be mounted as a volume in the Neo4j container. + [[configure-resources]] == Configure resource allocation From 845dc80f3fe92478aee3a711c23d7bb2f2b6791e Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 20 Apr 2023 12:50:45 +0300 Subject: [PATCH 242/876] Update the version to 5.8 (#716) --- antora.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/antora.yml b/antora.yml index 144241230..eabbfa657 100644 --- a/antora.yml +++ b/antora.yml @@ -7,7 +7,7 @@ nav: asciidoc: attributes: neo4j-version: '5' - neo4j-version-minor: '5.7' - neo4j-version-exact: '5.7.0' - neo4j-buildnumber: '5.7' - neo4j-debian-package-version: '1:5.7.0@' + neo4j-version-minor: '5.8' + neo4j-version-exact: '5.8.0' + neo4j-buildnumber: '5.8' + neo4j-debian-package-version: '1:5.8.0@' From b8b8b2d2db415bfec56038429f5ff41876a2f4b3 Mon Sep 17 00:00:00 2001 From: Neil Dewhurst Date: Thu, 20 Apr 2023 10:51:59 +0100 Subject: [PATCH 243/876] Add edit url to preview playbook (#650) --- preview.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/preview.yml b/preview.yml index 6b00ad921..d35f360da 100644 --- a/preview.yml +++ b/preview.yml @@ -7,6 +7,7 @@ content: sources: - url: ./ branches: HEAD + edit_url: https://github.com/neo4j/docs-operations/tree/{refname}/{path} exclude: - '!**/_includes/*' - '!**/readme.adoc' @@ -44,7 +45,7 @@ asciidoc: page-canonical-root: /docs page-pagination: true page-no-canonical: true - page-origin-private: true + page-origin-private: false page-hide-toc: false page-mixpanel: 4bfb2414ab973c741b6f067bf06d5575 includePDF: false From 4c1e0af10a852730578cecd211c35cd1a1669843 Mon Sep 17 00:00:00 2001 From: Jenny Owen Date: Thu, 20 Apr 2023 13:38:04 +0200 Subject: [PATCH 244/876] updated section about if java 19 is accidentally installed (#718) I moved the section to AFTER installation instead of the java pre-requisites because it's something that will only happen *after* neo4j is installed. --- .../ROOT/pages/installation/linux/debian.adoc | 73 ++++++++++--------- 1 file changed, 38 insertions(+), 35 deletions(-) diff --git a/modules/ROOT/pages/installation/linux/debian.adoc b/modules/ROOT/pages/installation/linux/debian.adoc index dc9a4b595..d734e0937 100644 --- a/modules/ROOT/pages/installation/linux/debian.adoc +++ b/modules/ROOT/pages/installation/linux/debian.adoc @@ -73,41 +73,6 @@ sudo update-java-alternatives --jre --set . Confirm which version of Java is the default using `java -version` again. -[[debian-install-newer-java]] -=== If `apt` installed OpenJDK 19 - -On newer Debian or Ubuntu operating systems, Java 19 is available by default, and `apt` may have installed OpenJDK 19, *even if Java 17 was already installed*. - -If this happens, you will see this warning on Neo4j start: -[output] ----- -WARNING! You are using an unsupported Java runtime. -* Please use Oracle(R) Java(TM) 17, OpenJDK(TM) 17 to run Neo4j. -* Please see https://neo4j.com/docs/ for Neo4j installation instructions. ----- - -To fix this, you can install Java 17 manually, uninstall OpenJDK 19, or set Java 17 as the default. - -* Install OpenJDK 17 manually: -+ -[source, shell, subs="attributes"] ----- -sudo apt install openjdk-17-jre ----- -+ -For other distributions of Java 17, see -xref:installation/linux/debian.adoc#debian-prerequisites-notopenjdk[instructions for setting up java pre-requisites]. - -* Uninstall OpenJDK 19: -+ -[source, shell, subs="attributes"] ----- -sudo apt remove openjdk-19-jre-headless ----- - -* Alternatively, if you want to keep OpenJDK 19 installed, follow the instructions in the section for -xref:installation/linux/debian.adoc#multiple-java-versions[Dealing with multiple installed Java versions] to set Java 17 as the default java version. - [[debian-installation]] == Installation @@ -209,6 +174,44 @@ echo "neo4j-enterprise neo4j/question select I ACCEPT" | sudo debconf-set-select echo "neo4j-enterprise neo4j/license note" | sudo debconf-set-selections ---- +[[debian-install-newer-java]] +=== Verify Correct Java is Installed + +On newer Debian or Ubuntu operating systems, Java 19 is available by default, and `apt` may have installed OpenJDK 19, *even if Java 17 was already installed*. + +If this happens, you will see this warning on Neo4j start: +[output] +---- +WARNING! You are using an unsupported Java runtime. +* Please use Oracle(R) Java(TM) 17, OpenJDK(TM) 17 to run Neo4j. +* Please see https://neo4j.com/docs/ for Neo4j installation instructions. +---- + +To fix this, you can install Java 17 manually, then either uninstall OpenJDK 19, or set Java 17 as the default. + +To install OpenJDK 17 manually: ++ +[source, shell, subs="attributes"] +---- +sudo apt install openjdk-17-jre +---- ++ +For other distributions of Java 17, see +xref:installation/linux/debian.adoc#debian-prerequisites-notopenjdk[instructions for setting up java pre-requisites]. + +* Uninstall OpenJDK 19: ++ +[source, shell, subs="attributes"] +---- +sudo apt remove openjdk-19-jre-headless +---- + +* Set Java 17 as default: ++ +If you want to keep OpenJDK 19 installed, follow the instructions in the section for +xref:installation/linux/debian.adoc#multiple-java-versions[Dealing with multiple installed Java versions] to set Java 17 as the default java version. + + [[debian-offline-installation]] == Offline installation From 39df099423c828711dbafd5e6bf96f4b42aabbab Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Sat, 22 Apr 2023 10:43:16 +0300 Subject: [PATCH 245/876] Add query cache (#724) --- .../reference/configuration-settings.adoc | 687 ++++++++++-------- 1 file changed, 370 insertions(+), 317 deletions(-) diff --git a/modules/ROOT/pages/reference/configuration-settings.adoc b/modules/ROOT/pages/reference/configuration-settings.adoc index 7bfcc9af7..2709b5af4 100644 --- a/modules/ROOT/pages/reference/configuration-settings.adoc +++ b/modules/ROOT/pages/reference/configuration-settings.adoc @@ -1,13 +1,12 @@ [[configuration-settings]] = Configuration settings -:description: This page provides a complete reference to the Neo4j configuration settings. +:description: This page provides a complete reference to the Neo4j configuration settings. This page provides a complete reference to the Neo4j configuration settings, which can be set in xref::/configuration/file-locations.adoc#file-locations[_neo4j.conf_]. Refer to xref::/configuration/neo4j-conf.adoc#neo4j-conf[The neo4j.conf file] for details on how to use configuration settings. [[settings-reference-all-settings]] .All settings -ifndef::nonhtmloutput[] [options="header"] |=== |Name|Description @@ -282,18 +281,21 @@ If this is set to `false` (default), the search for group membership will be per |<>|Number of GC logs to keep. |<>|Size of each GC log that is kept. |<>|Path to the logging configuration of user logs. -|<>|label:enterprise-edition[Enterprise only] label:deprecated[Deprecated in 5.6] The maximum number of databases. +|<>|label:enterprise-edition[Enterprise only] label:deprecated[Deprecated in 5.6] The maximum number of databases. This setting is deprecated in favor of <> in 5.6. |<>|Initial heap size. |<>|Maximum heap size. |<>|Defines the size of the off-heap memory blocks cache. |<>|Defines the maximum size of an off-heap memory block that can be cached to speed up allocations. |<>|The maximum amount of off-heap memory that can be used to store transaction state data; it's a total amount of memory shared across all active transactions. -|<>|Use direct I/O for page cache. +|<>|Use direct I/O for page cache. |<>|Page cache can be configured to use a temporal buffer for flushing purposes. |<>|Page cache can be configured to use a temporal buffer for flushing purposes. |<>|The maximum number of worker threads to use for pre-fetching data when doing sequential scans. |<>|The amount of memory to use for mapping the store files. +|<>|label:enterprise-edition[Enterprise only] label:version-number[Neo4j 5.7] Whether to share query cache between databases. +|<>|label:enterprise-edition[Enterprise only] label:version-number[Neo4j 5.7] The number of cached queries for all databases. +|<>|label:version-number[Neo4j 5.7] The number of cached queries per database. |<>|label:enterprise-edition[Enterprise only]Set to `true` to enable exporting metrics to CSV files. |<>|label:enterprise-edition[Enterprise only]The reporting interval for the CSV files. |<>|label:enterprise-edition[Enterprise only]Decides what compression to use for the csv history files. @@ -311,318 +313,320 @@ This setting is deprecated in favor of <>|label:enterprise-edition[Enterprise only]If there is a Database Management System Panic (an irrecoverable error) should the neo4j process shut down or continue running. |<>|label:enterprise-edition[Enterprise only]The advertised address for the intra-cluster routing connector. |<>|The address the routing connector should bind to. -|<>|label:enterprise-edition[Enterprise only]A list of tag names for the server used during database allocation and when configuring load balancing and replication policies. +|<>|label:enterprise-edition[Enterprise only]A list of tag names for the server used during database allocation and when configuring load balancing and replication policies. |<>|Number of Neo4j worker threads. |<>|Comma-separated list of = for unmanaged extensions. |<>|Name of the Windows Service managing Neo4j when installed using `neo4j install-service`. |=== -endif::nonhtmloutput[] - -ifdef::nonhtmloutput[] -* <>: label:enterprise-edition[Enterprise only]Configure the policy for outgoing Neo4j Browser connections. -* <>: label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to time out logged in users after this idle period. -* <>: Commands to be run when Neo4j Browser successfully connects to this server. -* <>: Whitelist of hosts for the Neo4j Browser to be allowed to fetch content from. -* <>: label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to store or not store user credentials. -* <>: label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to store or not store user editor history. -* <>: Configure client applications such as Browser and Bloom to send Product Analytics data. -* <>: Configures the general policy for when check-points should occur. -* <>: Configures the time interval between check-points. -* <>: Configures the transaction interval between check-points. -* <>: Configures the volume of transaction logs between check-points. -* <>: Limit the number of IOs the background checkpoint process will consume per second. -* <>: label:enterprise-edition[Enterprise only]Interval of pulling updates from cores. -* <>: label:enterprise-edition[Enterprise only]The maximum number of bytes in the apply buffer. -* <>: label:enterprise-edition[Enterprise only]The maximum number of entries in the raft log entry prefetch buffer. -* <>: label:enterprise-edition[Enterprise only]Largest batch processed by RAFT in bytes. -* <>: label:enterprise-edition[Enterprise only]Maximum number of bytes in the RAFT in-queue. -* <>: label:enterprise-edition[Enterprise only]The name of a server_group whose members should be prioritized as leaders. -* <>: label:enterprise-edition[Enterprise only]RAFT log pruning strategy that determines which logs are to be pruned. -* <>: label:enterprise-edition[Enterprise only]The maximum number of bytes in the in-flight cache. -* <>: label:enterprise-edition[Enterprise only]The maximum number of entries in the in-flight cache. -* <>: Allows the enabling or disabling of the file watcher service. -* <>: Database format. -* <>: The size of the internal buffer in bytes used by `LOAD CSV`. -* <>: Selects whether to conform to the standard https://tools.ietf.org/html/rfc4180 for interpreting escaped quotation characters in CSV files loaded using `LOAD CSV`. -* <>: The name of the analyzer that the fulltext indexes should use by default. -* <>: Whether or not fulltext indexes should be eventually consistent by default or not. -* <>: The eventually_consistent mode of the fulltext indexes works by queueing up index updates to be applied later in a background thread. -* <>: Enable or disable background index sampling. -* <>: Index sampling chunk size limit. -* <>: Percentage of index updates of total index size required before sampling of a given index is triggered. -* <>: The maximum time interval within which lock should be acquired. -* <>: Log query text and parameters without obfuscating passwords. -* <>: Log executed queries. -* <>: Sets a maximum character length use for each parameter in the log. -* <>: Obfuscates all literals of the query before writing to the log. -* <>: Log parameters for the executed queries being logged. -* <>: Log query plan description table, useful for debugging purposes. -* <>: If the execution of query takes more time than this threshold, the query is logged once completed - provided query logging is set to INFO. -* <>: Log the start and end of a transaction. -* <>: If the transaction is open for more time than this threshold, the transaction is logged once completed - provided transaction logging (db.logs.query.transaction.enabled) is set to `INFO`. -* <>: Page cache can be configured to perform usage sampling of loaded pages that can be used to construct active load profile. -* <>: Page cache warmup can be configured to prefetch files, preferably when cache size is bigger than store size. -* <>: Page cache warmup prefetch file allowlist regex. -* <>: The profiling frequency for the page cache. -* <>: Limit the amount of memory that a single transaction can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). -* <>: Limit the amount of memory that all transactions in one database can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). -* <>: If `true`, Neo4j will abort recovery if transaction log files are missing. -* <>: Relationship count threshold for considering a node to be dense. -* <>: The maximum amount of time to wait for running transactions to complete before allowing initiated database shutdown to continue. -* <>: Specify if Neo4j should try to preallocate store files as they grow. -* <>: Database timezone for temporal functions. -* <>: Enables or disables tracking of how much time a query spends actively executing on the CPU. -* <>: The maximum amount of time to wait for the database state represented by the bookmark. -* <>: The maximum number of concurrently running transactions. -* <>: Configures the time interval between transaction monitor checks. -* <>: Transaction sampling percentage. -* <>: The maximum time interval of a transaction within which it should be completed. -* <>: Transaction creation tracing level. -* <>: On serialization of transaction logs, they will be temporary stored in the byte buffer that will be flushed at the end of the transaction or at any moment when buffer will be full. -* <>: Specify if Neo4j should try to preallocate logical log file in advance. -It optimizes the filesystem by ensuring there is room to accommodate newly generated files and avoid file-level fragmentation. -* <>: Tell Neo4j how long logical transaction logs should be kept to backup the database.For example, "10 days" will prune logical logs that only contain transactions older than 10 days.Alternatively, "100k txs" will keep the 100k latest transactions from each database and prune any older transactions. -* <>: Specifies at which file size the logical log will auto-rotate. -* <>: Defines whether memory for transaction state should be allocated on- or off-heap. -* <>: label:enterprise-edition[Enterprise only]The catch up protocol times out if the given duration elapses with no network activity. -* <>: label:enterprise-edition[Enterprise only]A comma-separated list of endpoints which a server should contact in order to discover other cluster members. -* <>: label:enterprise-edition[Enterprise only]The level of middleware logging. -* <>: label:enterprise-edition[Enterprise only]Configure the discovery resolver type used for cluster member resolution. -* <>: label:enterprise-edition[Enterprise only]Minimum number of machines initially required to formed a clustered DBMS. -* <>: label:enterprise-edition[Enterprise only]Time out for protocol negotiation handshake. -* <>: label:enterprise-edition[Enterprise only]Maximum chunk size allowable across network by clustering machinery. -* <>: label:enterprise-edition[Enterprise only]Network compression algorithms that this instance will allow in negotiation as a comma-separated list. -* <>: label:enterprise-edition[Enterprise only]The time allowed for a database on a Neo4j server to either join a cluster or form a new cluster with the other Neo4j Servers provided by `dbms.cluster.discovery.endpoints`. -* <>: label:enterprise-edition[Enterprise only]The maximum number of TCP channels between two nodes to operate the raft protocol. -* <>: label:enterprise-edition[Enterprise only]The rate at which leader elections happen. -* <>: label:enterprise-edition[Enterprise only]The time window within which the loss of the leader is detected and the first re-election attempt is held. -* <>: label:enterprise-edition[Enterprise only]Which strategy to use when transferring database leaderships around a cluster. -* <>: label:enterprise-edition[Enterprise only]RAFT log pruning frequency. -* <>: label:enterprise-edition[Enterprise only]RAFT log reader pool size. -* <>: label:enterprise-edition[Enterprise only]RAFT log rotation size. -* <>: label:enterprise-edition[Enterprise only]Maximum amount of lag accepted for a new follower to join the Raft group. -* <>: label:enterprise-edition[Enterprise only]Time out for a new member to catch up. -* <>: label:enterprise-edition[Enterprise only]Maximum retry time per request during store copy. -* <>: This setting is associated with performance optimization. -* <>: This setting is associated with performance optimization. -* <>: Set this to specify the behavior when Cypher planner or runtime hints cannot be fulfilled. -* <>: Set this to change the behavior for Cypher create relationship when the start or end node is missing. -* <>: The minimum time between possible cypher query replanning events. -* <>: Set this to specify the default planner for the default language version. -* <>: If set to `true` a textual representation of the plan description will be rendered on the server for all queries running with `EXPLAIN` or `PROFILE`. -* <>: The threshold for statistics above which a plan is considered stale. -+ -If any of the underlying statistics used to create the plan have changed more than this value, the plan will be considered stale and will be replanned. -* <>: label:enterprise-edition[Enterprise only]Databases may be created from an existing 'seed' (a database backup or dump) stored at some source URI. -* <>: Database timezone. -* <>: label:enterprise-edition[Enterprise only]Address for Kubernetes API. -* <>: label:enterprise-edition[Enterprise only]File location of CA certificate for Kubernetes API. -* <>: label:enterprise-edition[Enterprise only]Kubernetes cluster domain. -* <>: label:enterprise-edition[Enterprise only]LabelSelector for Kubernetes API. -* <>: label:enterprise-edition[Enterprise only]File location of namespace for Kubernetes API. -* <>: label:enterprise-edition[Enterprise only]Service port name for discovery for Kubernetes API. -* <>: label:enterprise-edition[Enterprise only]File location of token for Kubernetes API. -* <>: Enable HTTP request logging. -* <>: label:enterprise-edition[Enterprise only]The maximum number of databases. -* <>: Enable off heap and on heap memory tracking. -* <>: Limit the amount of memory that all of the running transactions can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). -* <>: Netty SSL provider. -* <>: Always use client side routing (regardless of the default router) for neo4j:// protocol connections to these domains. -* <>: Routing strategy for neo4j:// protocol connections. -Default is `CLIENT`, using client-side routing, with server-side routing as a fallback (if enabled). -When set to `SERVER`, client-side routing is short-circuited, and requests will rely on server-side routing (which must be enabled for proper operation, i.e. -* <>: Socket connection timeout. -A timeout of zero is treated as an infinite timeout and will be bound by the timeout configured on the -operating system level. -* <>: Pooled connections older than this threshold will be closed and removed from the pool. -Setting this option to a low value will cause a high connection churn and might result in a performance hit. -It is recommended to set maximum lifetime to a slightly smaller value than the one configured in network -equipment (load balancer, proxy, firewall, etc. -* <>: Maximum amount of time spent attempting to acquire a connection from the connection pool. -This timeout only kicks in when all existing connections are being used and no new connections can be created because maximum connection pool size has been reached. -Error is raised when connection can't be acquired within configured time. -Negative values are allowed and result in unlimited acquisition timeout. -* <>: Pooled connections that have been idle in the pool for longer than this timeout will be tested before they are used again, to ensure they are still alive. -If this option is set too low, an additional network call will be incurred when acquiring a connection, which causes a performance hit. -If this is set high, no longer live connections might be used which might lead to errors. -Hence, this parameter tunes a balance between the likelihood of experiencing connection problems and performance -Normally, this parameter should not need tuning. -Value 0 means connections will always be tested for validity. -* <>: Maximum total number of connections to be managed by a connection pool. -The limit is enforced for a combination of a host and user. -* <>: Sets level for driver internal logging. -* <>: Enable server-side routing in clusters using an additional bolt connector. -When configured, this allows requests to be forwarded from one cluster member to another, if the requests can't be satisfied by the first member (e.g. -* <>: label:enterprise-edition[Enterprise only]The load balancing plugin to use. -* <>: label:enterprise-edition[Enterprise only]Enables shuffling of the returned load balancing result. -* <>: label:enterprise-edition[Enterprise only]Configure if the `dbms.routing.getRoutingTable()` procedure should include non-writer primaries as read endpoints or return only secondaries. -* <>: label:enterprise-edition[Enterprise only]Configure if the `dbms.routing.getRoutingTable()` procedure should include the writer as read endpoint or return only non-writers (non writer primaries and secondaries) Note: writer is returned as read endpoint if no other member is present all. -* <>: How long callers should cache the response of the routing procedure `dbms.routing.getRoutingTable()`. -* <>: Determines if Cypher will allow using file URLs when loading data using `LOAD CSV`. -* <>: label:enterprise-edition[Enterprise only]The maximum capacity for authentication and authorization caches (respectively). -* <>: label:enterprise-edition[Enterprise only]The time to live (TTL) for cached authentication and authorization info when using external auth providers (LDAP or plugin). -* <>: label:enterprise-edition[Enterprise only]Enable time-based eviction of the authentication and authorization info cache for external auth providers (LDAP or plugin). -* <>: Enable auth requirement to access Neo4j. -* <>: The amount of time user account should be locked after a configured number of unsuccessful authentication attempts. -* <>: The maximum number of unsuccessful authentication attempts before imposing a user lock for the configured amount of time, as defined by `dbms.security.auth_lock_time`.The locked out user will not be able to log in until the lock period expires, even if correct credentials are provided. -* <>: label:enterprise-edition[Enterprise only]A list of security authentication providers containing the users and roles. -* <>: label:enterprise-edition[Enterprise only]A list of security authorization providers containing the users and roles. -* <>: label:enterprise-edition[Enterprise only]Require authorization for access to the Causal Clustering status endpoints. -* <>: Value of the Access-Control-Allow-Origin header sent over any HTTP or HTTPS connector. -* <>: Defines an allowlist of http paths where Neo4j authentication is not required. -* <>: Value of the HTTP Strict-Transport-Security (HSTS) response header. -* <>: label:enterprise-edition[Enterprise only]Name of the 256 length AES encryption key, which is used for the symmetric encryption. -* <>: label:enterprise-edition[Enterprise only]Password for accessing the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption. -* <>: label:enterprise-edition[Enterprise only]Location of the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption of secrets held in system database. -* <>: label:enterprise-edition[Enterprise only]The attribute to use when looking up users. -Using this setting requires `dbms.security.ldap.authentication.search_for_attribute` to be true and thus `dbms.security.ldap.authorization.system_username` and `dbms.security.ldap.authorization.system_password` to be configured. -* <>: label:enterprise-edition[Enterprise only]Determines if the result of authentication via the LDAP server should be cached or not. -* <>: label:enterprise-edition[Enterprise only]LDAP authentication mechanism. -* <>: label:enterprise-edition[Enterprise only]Perform authentication by searching for an unique attribute of a user. -Using this setting requires `dbms.security.ldap.authorization.system_username` and `dbms.security.ldap.authorization.system_password` to be configured. -* <>: label:enterprise-edition[Enterprise only]LDAP user DN template. -* <>: label:enterprise-edition[Enterprise only]The LDAP group to which a user must belong to get any access to the system.Set this to restrict access to a subset of LDAP users belonging to a particular group. -* <>: label:enterprise-edition[Enterprise only]A list of attribute names on a user object that contains groups to be used for mapping to roles when LDAP authorization is enabled. -* <>: label:enterprise-edition[Enterprise only]An authorization mapping from LDAP group names to Neo4j role names. -* <>: label:enterprise-edition[Enterprise only]This setting determines whether multiple LDAP search results will be processed (as is required for the lookup of nested groups). -* <>: label:enterprise-edition[Enterprise only]The search template which will be used to find the nested groups which the user is a member of. -* <>: label:enterprise-edition[Enterprise only]An LDAP system account password to use for authorization searches when `dbms.security.ldap.authorization.use_system_account` is `true`. -* <>: label:enterprise-edition[Enterprise only]An LDAP system account username to use for authorization searches when `dbms.security.ldap.authorization.use_system_account` is `true`. -* <>: label:enterprise-edition[Enterprise only]Perform LDAP search for authorization info using a system account instead of the user's own account. -If this is set to `false` (default), the search for group membership will be performed directly after authentication using the LDAP context bound with the user's own account. -* <>: label:enterprise-edition[Enterprise only]The name of the base object or named context to search for user objects when LDAP authorization is enabled. -* <>: label:enterprise-edition[Enterprise only]The LDAP search filter to search for a user principal when LDAP authorization is enabled. -* <>: label:enterprise-edition[Enterprise only]The timeout for establishing an LDAP connection. -* <>: label:enterprise-edition[Enterprise only]URL of LDAP server to use for authentication and authorization. -* <>: label:enterprise-edition[Enterprise only]The timeout for an LDAP read request (i.e. -* <>: label:enterprise-edition[Enterprise only]The LDAP referral behavior when creating a connection. -* <>: label:enterprise-edition[Enterprise only]Use secure communication with the LDAP server using opportunistic TLS. -* <>: label:enterprise-edition[Enterprise only]Set to log successful authentication events to the security log. -* <.audience>>: label:enterprise-edition[Enterprise only]Expected values of the Audience (aud) claim in the id token. -* <.auth_endpoint>>: label:enterprise-edition[Enterprise only]The OIDC authorization endpoint. -* <.auth_flow>>: label:enterprise-edition[Enterprise only]The OIDC flow to use. -* <.auth_params>>: label:enterprise-edition[Enterprise only]Optional additional parameters that the auth endpoint requires. -* <.authorization.group_to_role_mapping>>: label:enterprise-edition[Enterprise only]An authorization mapping from IdP group names to Neo4j role names. -* <.claims.groups>>: label:enterprise-edition[Enterprise only]The claim to use as the list of groups in Neo4j. -* <.claims.username>>: label:enterprise-edition[Enterprise only]The claim to use as the username in Neo4j. -* <.client_id>>: label:enterprise-edition[Enterprise only]Client id needed if token contains multiple Audience (aud) claims. -* <.config>>: label:enterprise-edition[Enterprise only] -* <.display_name>>: label:enterprise-edition[Enterprise only]The user-facing name of the provider as provided by the discovery endpoint to clients (Bloom, Browser etc.). -* <.get_groups_from_user_info>>: label:enterprise-edition[Enterprise only]When turned on, Neo4j gets the groups from the provider user info endpoint. -* <.get_username_from_user_info>>: label:enterprise-edition[Enterprise only]When turned on, Neo4j gets the username from the provider user info endpoint. -* <.issuer>>: label:enterprise-edition[Enterprise only]The expected value of the iss claim in the id token. -* <.jwks_uri>>: label:enterprise-edition[Enterprise only]The location of the JWK public key set for the identity provider. -* <.params>>: label:enterprise-edition[Enterprise only]The map is a semicolon separated list of key-value pairs. -* <.token_endpoint>>: label:enterprise-edition[Enterprise only]The OIDC token endpoint. -* <.token_params>>: label:enterprise-edition[Enterprise only]Optional query parameters that the token endpoint requires. -* <.user_info_uri>>: label:enterprise-edition[Enterprise only]The identity providers user info uri. -* <.well_known_discovery_uri>>: label:enterprise-edition[Enterprise only]The 'well known' OpenID Connect Discovery endpoint used to fetch identity provider settings. -* <>: A list of procedures (comma separated) that are to be loaded. -* <>: A list of procedures and user defined functions (comma separated) that are allowed full access to the database. -* <>: label:enterprise-edition[Enterprise only]Name of the initial database allocator. -* <>: Name of the default database (aliases are not supported). -* <>: label:enterprise-edition[Enterprise only]Initial default number of primary instances of user databases. -* <>: label:enterprise-edition[Enterprise only]Initial default number of secondary instances of user databases. -* <>: label:enterprise-edition[Enterprise only]The names of databases that are allowed on this server - all others are denied. -* <>: label:enterprise-edition[Enterprise only]The names of databases that are not allowed on this server. -* <>: label:enterprise-edition[Enterprise only]An instance can restrict itself to allow databases to be hosted only as primaries or secondaries. -* <>: label:enterprise-edition[Enterprise only]Enable support for running online backups. -* <>: label:enterprise-edition[Enterprise only]Network interface and port for the backup server to listen on. -* <>: label:enterprise-edition[Enterprise only]Maximum retry time per request during store copy. -* <>: Advertised address for this connector. -* <>: The maximum time to wait before sending a NOOP on connections waiting for responses from active ongoing queries.The minimum value is 1 millisecond. -* <>: The type of messages to enable keep-alive messages for (ALL, STREAMING or OFF). -* <>: The total amount of probes to be missed before a connection is considered stale.The minimum for this value is 1. -* <>: The interval between every scheduled keep-alive check on all connections with active queries. -* <>: Enable the bolt connector. -* <>: Address the connector should bind to. -* <>: Enable server OCSP stapling for bolt and http connectors. -* <>: The maximum time an idle thread in the thread pool bound to this connector will wait for new tasks. -* <>: The maximum number of threads allowed in the thread pool bound to this connector. -* <>: The number of threads to keep in the thread pool bound to this connector, even if they are idle. -* <>: Encryption level to require this connector to use. -* <>: label:enterprise-edition[Enterprise only]Advertised hostname/IP address and port for the transaction shipping server. -* <>: label:enterprise-edition[Enterprise only]Comma separated list of groups to be used by the connect-randomly-to-server-group selection strategy. -* <>: label:enterprise-edition[Enterprise only]An ordered list in descending preference of the strategy which secondaries use to choose the upstream server from which to pull transactional updates. -* <>: label:enterprise-edition[Enterprise only]Configuration of a user-defined upstream selection strategy. -* <>: label:enterprise-edition[Enterprise only]Network interface and port for the transaction shipping server to listen on. -* <>: label:enterprise-edition[Enterprise only]Use native transport if available. -* <>: label:enterprise-edition[Enterprise only]Advertised hostname/IP address and port for the RAFT server. -* <>: label:enterprise-edition[Enterprise only]Network interface and port for the RAFT server to listen on. -* <>: label:enterprise-edition[Enterprise only]Users must manually specify the mode for the system database on each instance. -* <>: A strict configuration validation will prevent the database from starting up if unknown configuration options are specified in the neo4j settings namespace (such as dbms., cypher., etc) or if settings are declared multiple times. -* <>: Whether or not any database on this instance are read_only by default. -* <>: List of databases for which to prevent write queries. -* <>: List of databases for which to allow write queries. -* <>: The number of cached Cypher query execution plans per database. -* <>: Default hostname or IP address the server uses to advertise itself. -* <>: Default network interface to listen for incoming connections. -* <>: label:enterprise-edition[Enterprise only]Directory to hold cluster state including Raft log. -* <>: Path of the data directory. -* <>: Root location where Neo4j will store database dumps optionally produced when dropping said databases. -* <>: Sets the root directory for file URLs used with the Cypher `LOAD CSV` clause. -* <>: Path of the lib directory. -* <>: Path of the licenses directory. -* <>: Path of the logs directory. -* <>: label:enterprise-edition[Enterprise only]The target location of the CSV files: a path to a directory wherein a CSV file per reported field will be written. -* <>: Root relative to which directory settings are resolved. -* <>: Location of the database plugin directory. -* <>: Path of the run directory. -* <>: Root location where Neo4j will store scripts for configured databases. -* <>: Root location where Neo4j will store transaction logs for configured databases. -* <>: label:enterprise-edition[Enterprise only]Advertised cluster member discovery management communication. -* <>: label:enterprise-edition[Enterprise only]Host and port to bind the cluster member discovery management communication. -* <>: label:enterprise-edition[Enterprise only]A list of setting name patterns (comma separated) that are allowed to be dynamically changed. -* <>: label:enterprise-edition[Enterprise only]A list of tag names for the server used when configuring load balancing and replication policies. This setting is deprecated in favour of <>. -* <>: Advertised address for this connector. -* <>: Enable the http connector. -* <>: Address the connector should bind to. -* <>: Defines the set of modules loaded into the Neo4j web server. -* <>: Advertised address for this connector. -* <>: Enable the https connector. -* <>: Address the connector should bind to. -* <>: Additional JVM arguments. -* <>: Path to the logging configuration for debug, query, http and security logs. -* <>: Enable the debug log. -* <>: Enable GC Logging. -* <>: GC Logging Options. -* <>: Number of GC logs to keep. -* <>: Size of each GC log that is kept. -* <>: Path to the logging configuration of user logs. -* <>: label:enterprise-edition[Enterprise only] label:deprecated[Deprecated in 5.6] The maximum number of databases. -This setting is deprecated in favor of <> in 5.6. -* <>: Initial heap size. -* <>: Maximum heap size. -* <>: Defines the size of the off-heap memory blocks cache. -* <>: Defines the maximum size of an off-heap memory block that can be cached to speed up allocations. -* <>: The maximum amount of off-heap memory that can be used to store transaction state data; it's a total amount of memory shared across all active transactions. -* <>: Use direct I/O for page cache. -* <>: Page cache can be configured to use a temporal buffer for flushing purposes. -* <>: Page cache can be configured to use a temporal buffer for flushing purposes. -* <>: The maximum number of worker threads to use for pre-fetching data when doing sequential scans. -* <>: The amount of memory to use for mapping the store files. -* <>: label:enterprise-edition[Enterprise only]Set to `true` to enable exporting metrics to CSV files. -* <>: label:enterprise-edition[Enterprise only]The reporting interval for the CSV files. -* <>: label:enterprise-edition[Enterprise only]Decides what compression to use for the csv history files. -* <>: label:enterprise-edition[Enterprise only]Maximum number of history files for the csv files. -* <>: label:enterprise-edition[Enterprise only]The file size in bytes at which the csv files will auto-rotate. -* <>: label:enterprise-edition[Enterprise only]Enable metrics. -* <>: label:enterprise-edition[Enterprise only]Specifies which metrics should be enabled by using a comma separated list of globbing patterns. -* <>: label:enterprise-edition[Enterprise only]Set to `true` to enable exporting metrics to Graphite. -* <>: label:enterprise-edition[Enterprise only]The reporting interval for Graphite. -* <>: label:enterprise-edition[Enterprise only]The hostname or IP address of the Graphite server. -* <>: label:enterprise-edition[Enterprise only]Set to `true` to enable the JMX metrics endpoint. -* <>: label:enterprise-edition[Enterprise only]A common prefix for the reported metrics field names. -* <>: label:enterprise-edition[Enterprise only]Set to `true` to enable the Prometheus endpoint. -* <>: label:enterprise-edition[Enterprise only]The hostname and port to use as Prometheus endpoint. -* <>: label:enterprise-edition[Enterprise only]If there is a Database Management System Panic (an irrecoverable error) should the neo4j process shut down or continue running. -* <>: label:enterprise-edition[Enterprise only]The advertised address for the intra-cluster routing connector. -* <>: The address the routing connector should bind to. -* <>: label:enterprise-edition[Enterprise only]A list of tag names for the server used during database allocation and when configuring load balancing and replication policies. -* <>: Number of Neo4j worker threads. -* <>: Comma-separated list of = for unmanaged extensions. -* <>: Name of the Windows Service managing Neo4j when installed using `neo4j install-service`. -endif::nonhtmloutput[] + +// ifdef::nonhtmloutput[] +// * <>: label:enterprise-edition[Enterprise only]Configure the policy for outgoing Neo4j Browser connections. +// * <>: label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to time out logged in users after this idle period. +// * <>: Commands to be run when Neo4j Browser successfully connects to this server. +// * <>: Whitelist of hosts for the Neo4j Browser to be allowed to fetch content from. +// * <>: label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to store or not store user credentials. +// * <>: label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to store or not store user editor history. +// * <>: Configure client applications such as Browser and Bloom to send Product Analytics data. +// * <>: Configures the general policy for when check-points should occur. +// * <>: Configures the time interval between check-points. +// * <>: Configures the transaction interval between check-points. +// * <>: Configures the volume of transaction logs between check-points. +// * <>: Limit the number of IOs the background checkpoint process will consume per second. +// * <>: label:enterprise-edition[Enterprise only]Interval of pulling updates from cores. +// * <>: label:enterprise-edition[Enterprise only]The maximum number of bytes in the apply buffer. +// * <>: label:enterprise-edition[Enterprise only]The maximum number of entries in the raft log entry prefetch buffer. +// * <>: label:enterprise-edition[Enterprise only]Largest batch processed by RAFT in bytes. +// * <>: label:enterprise-edition[Enterprise only]Maximum number of bytes in the RAFT in-queue. +// * <>: label:enterprise-edition[Enterprise only]The name of a server_group whose members should be prioritized as leaders. +// * <>: label:enterprise-edition[Enterprise only]RAFT log pruning strategy that determines which logs are to be pruned. +// * <>: label:enterprise-edition[Enterprise only]The maximum number of bytes in the in-flight cache. +// * <>: label:enterprise-edition[Enterprise only]The maximum number of entries in the in-flight cache. +// * <>: Allows the enabling or disabling of the file watcher service. +// * <>: Database format. +// * <>: The size of the internal buffer in bytes used by `LOAD CSV`. +// * <>: Selects whether to conform to the standard https://tools.ietf.org/html/rfc4180 for interpreting escaped quotation characters in CSV files loaded using `LOAD CSV`. +// * <>: The name of the analyzer that the fulltext indexes should use by default. +// * <>: Whether or not fulltext indexes should be eventually consistent by default or not. +// * <>: The eventually_consistent mode of the fulltext indexes works by queueing up index updates to be applied later in a background thread. +// * <>: Enable or disable background index sampling. +// * <>: Index sampling chunk size limit. +// * <>: Percentage of index updates of total index size required before sampling of a given index is triggered. +// * <>: The maximum time interval within which lock should be acquired. +// * <>: Log query text and parameters without obfuscating passwords. +// * <>: Log executed queries. +// * <>: Sets a maximum character length use for each parameter in the log. +// * <>: Obfuscates all literals of the query before writing to the log. +// * <>: Log parameters for the executed queries being logged. +// * <>: Log query plan description table, useful for debugging purposes. +// * <>: If the execution of query takes more time than this threshold, the query is logged once completed - provided query logging is set to INFO. +// * <>: Log the start and end of a transaction. +// * <>: If the transaction is open for more time than this threshold, the transaction is logged once completed - provided transaction logging (db.logs.query.transaction.enabled) is set to `INFO`. +// * <>: Page cache can be configured to perform usage sampling of loaded pages that can be used to construct active load profile. +// * <>: Page cache warmup can be configured to prefetch files, preferably when cache size is bigger than store size. +// * <>: Page cache warmup prefetch file allowlist regex. +// * <>: The profiling frequency for the page cache. +// * <>: Limit the amount of memory that a single transaction can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). +// * <>: Limit the amount of memory that all transactions in one database can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). +// * <>: If `true`, Neo4j will abort recovery if transaction log files are missing. +// * <>: Relationship count threshold for considering a node to be dense. +// * <>: The maximum amount of time to wait for running transactions to complete before allowing initiated database shutdown to continue. +// * <>: Specify if Neo4j should try to preallocate store files as they grow. +// * <>: Database timezone for temporal functions. +// * <>: Enables or disables tracking of how much time a query spends actively executing on the CPU. +// * <>: The maximum amount of time to wait for the database state represented by the bookmark. +// * <>: The maximum number of concurrently running transactions. +// * <>: Configures the time interval between transaction monitor checks. +// * <>: Transaction sampling percentage. +// * <>: The maximum time interval of a transaction within which it should be completed. +// * <>: Transaction creation tracing level. +// * <>: On serialization of transaction logs, they will be temporary stored in the byte buffer that will be flushed at the end of the transaction or at any moment when buffer will be full. +// * <>: Specify if Neo4j should try to preallocate logical log file in advance. +// It optimizes the filesystem by ensuring there is room to accommodate newly generated files and avoid file-level fragmentation. +// * <>: Tell Neo4j how long logical transaction logs should be kept to backup the database.For example, "10 days" will prune logical logs that only contain transactions older than 10 days.Alternatively, "100k txs" will keep the 100k latest transactions from each database and prune any older transactions. +// * <>: Specifies at which file size the logical log will auto-rotate. +// * <>: Defines whether memory for transaction state should be allocated on- or off-heap. +// * <>: label:enterprise-edition[Enterprise only]The catch up protocol times out if the given duration elapses with no network activity. +// * <>: label:enterprise-edition[Enterprise only]A comma-separated list of endpoints which a server should contact in order to discover other cluster members. +// * <>: label:enterprise-edition[Enterprise only]The level of middleware logging. +// * <>: label:enterprise-edition[Enterprise only]Configure the discovery resolver type used for cluster member resolution. +// * <>: label:enterprise-edition[Enterprise only]Minimum number of machines initially required to formed a clustered DBMS. +// * <>: label:enterprise-edition[Enterprise only]Time out for protocol negotiation handshake. +// * <>: label:enterprise-edition[Enterprise only]Maximum chunk size allowable across network by clustering machinery. +// * <>: label:enterprise-edition[Enterprise only]Network compression algorithms that this instance will allow in negotiation as a comma-separated list. +// * <>: label:enterprise-edition[Enterprise only]The time allowed for a database on a Neo4j server to either join a cluster or form a new cluster with the other Neo4j Servers provided by `dbms.cluster.discovery.endpoints`. +// * <>: label:enterprise-edition[Enterprise only]The maximum number of TCP channels between two nodes to operate the raft protocol. +// * <>: label:enterprise-edition[Enterprise only]The rate at which leader elections happen. +// * <>: label:enterprise-edition[Enterprise only]The time window within which the loss of the leader is detected and the first re-election attempt is held. +// * <>: label:enterprise-edition[Enterprise only]Which strategy to use when transferring database leaderships around a cluster. +// * <>: label:enterprise-edition[Enterprise only]RAFT log pruning frequency. +// * <>: label:enterprise-edition[Enterprise only]RAFT log reader pool size. +// * <>: label:enterprise-edition[Enterprise only]RAFT log rotation size. +// * <>: label:enterprise-edition[Enterprise only]Maximum amount of lag accepted for a new follower to join the Raft group. +// * <>: label:enterprise-edition[Enterprise only]Time out for a new member to catch up. +// * <>: label:enterprise-edition[Enterprise only]Maximum retry time per request during store copy. +// * <>: This setting is associated with performance optimization. +// * <>: This setting is associated with performance optimization. +// * <>: Set this to specify the behavior when Cypher planner or runtime hints cannot be fulfilled. +// * <>: Set this to change the behavior for Cypher create relationship when the start or end node is missing. +// * <>: The minimum time between possible cypher query replanning events. +// * <>: Set this to specify the default planner for the default language version. +// * <>: If set to `true` a textual representation of the plan description will be rendered on the server for all queries running with `EXPLAIN` or `PROFILE`. +// * <>: The threshold for statistics above which a plan is considered stale. +// + +// If any of the underlying statistics used to create the plan have changed more than this value, the plan will be considered stale and will be replanned. +// * <>: label:enterprise-edition[Enterprise only]Databases may be created from an existing 'seed' (a database backup or dump) stored at some source URI. +// * <>: Database timezone. +// * <>: label:enterprise-edition[Enterprise only]Address for Kubernetes API. +// * <>: label:enterprise-edition[Enterprise only]File location of CA certificate for Kubernetes API. +// * <>: label:enterprise-edition[Enterprise only]Kubernetes cluster domain. +// * <>: label:enterprise-edition[Enterprise only]LabelSelector for Kubernetes API. +// * <>: label:enterprise-edition[Enterprise only]File location of namespace for Kubernetes API. +// * <>: label:enterprise-edition[Enterprise only]Service port name for discovery for Kubernetes API. +// * <>: label:enterprise-edition[Enterprise only]File location of token for Kubernetes API. +// * <>: Enable HTTP request logging. +// * <>: label:enterprise-edition[Enterprise only]The maximum number of databases. +// * <>: Enable off heap and on heap memory tracking. +// * <>: Limit the amount of memory that all of the running transactions can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). +// * <>: Netty SSL provider. +// * <>: Always use client side routing (regardless of the default router) for neo4j:// protocol connections to these domains. +// * <>: Routing strategy for neo4j:// protocol connections. +// Default is `CLIENT`, using client-side routing, with server-side routing as a fallback (if enabled). +// When set to `SERVER`, client-side routing is short-circuited, and requests will rely on server-side routing (which must be enabled for proper operation, i.e. +// * <>: Socket connection timeout. +// A timeout of zero is treated as an infinite timeout and will be bound by the timeout configured on the +// operating system level. +// * <>: Pooled connections older than this threshold will be closed and removed from the pool. +// Setting this option to a low value will cause a high connection churn and might result in a performance hit. +// It is recommended to set maximum lifetime to a slightly smaller value than the one configured in network +// equipment (load balancer, proxy, firewall, etc. +// * <>: Maximum amount of time spent attempting to acquire a connection from the connection pool. +// This timeout only kicks in when all existing connections are being used and no new connections can be created because maximum connection pool size has been reached. +// Error is raised when connection can't be acquired within configured time. +// Negative values are allowed and result in unlimited acquisition timeout. +// * <>: Pooled connections that have been idle in the pool for longer than this timeout will be tested before they are used again, to ensure they are still alive. +// If this option is set too low, an additional network call will be incurred when acquiring a connection, which causes a performance hit. +// If this is set high, no longer live connections might be used which might lead to errors. +// Hence, this parameter tunes a balance between the likelihood of experiencing connection problems and performance +// Normally, this parameter should not need tuning. +// Value 0 means connections will always be tested for validity. +// * <>: Maximum total number of connections to be managed by a connection pool. +// The limit is enforced for a combination of a host and user. +// * <>: Sets level for driver internal logging. +// * <>: Enable server-side routing in clusters using an additional bolt connector. +// When configured, this allows requests to be forwarded from one cluster member to another, if the requests can't be satisfied by the first member (e.g. +// * <>: label:enterprise-edition[Enterprise only]The load balancing plugin to use. +// * <>: label:enterprise-edition[Enterprise only]Enables shuffling of the returned load balancing result. +// * <>: label:enterprise-edition[Enterprise only]Configure if the `dbms.routing.getRoutingTable()` procedure should include non-writer primaries as read endpoints or return only secondaries. +// * <>: label:enterprise-edition[Enterprise only]Configure if the `dbms.routing.getRoutingTable()` procedure should include the writer as read endpoint or return only non-writers (non writer primaries and secondaries) Note: writer is returned as read endpoint if no other member is present all. +// * <>: How long callers should cache the response of the routing procedure `dbms.routing.getRoutingTable()`. +// * <>: Determines if Cypher will allow using file URLs when loading data using `LOAD CSV`. +// * <>: label:enterprise-edition[Enterprise only]The maximum capacity for authentication and authorization caches (respectively). +// * <>: label:enterprise-edition[Enterprise only]The time to live (TTL) for cached authentication and authorization info when using external auth providers (LDAP or plugin). +// * <>: label:enterprise-edition[Enterprise only]Enable time-based eviction of the authentication and authorization info cache for external auth providers (LDAP or plugin). +// * <>: Enable auth requirement to access Neo4j. +// * <>: The amount of time user account should be locked after a configured number of unsuccessful authentication attempts. +// * <>: The maximum number of unsuccessful authentication attempts before imposing a user lock for the configured amount of time, as defined by `dbms.security.auth_lock_time`.The locked out user will not be able to log in until the lock period expires, even if correct credentials are provided. +// * <>: label:enterprise-edition[Enterprise only]A list of security authentication providers containing the users and roles. +// * <>: label:enterprise-edition[Enterprise only]A list of security authorization providers containing the users and roles. +// * <>: label:enterprise-edition[Enterprise only]Require authorization for access to the Causal Clustering status endpoints. +// * <>: Value of the Access-Control-Allow-Origin header sent over any HTTP or HTTPS connector. +// * <>: Defines an allowlist of http paths where Neo4j authentication is not required. +// * <>: Value of the HTTP Strict-Transport-Security (HSTS) response header. +// * <>: label:enterprise-edition[Enterprise only]Name of the 256 length AES encryption key, which is used for the symmetric encryption. +// * <>: label:enterprise-edition[Enterprise only]Password for accessing the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption. +// * <>: label:enterprise-edition[Enterprise only]Location of the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption of secrets held in system database. +// * <>: label:enterprise-edition[Enterprise only]The attribute to use when looking up users. +// Using this setting requires `dbms.security.ldap.authentication.search_for_attribute` to be true and thus `dbms.security.ldap.authorization.system_username` and `dbms.security.ldap.authorization.system_password` to be configured. +// * <>: label:enterprise-edition[Enterprise only]Determines if the result of authentication via the LDAP server should be cached or not. +// * <>: label:enterprise-edition[Enterprise only]LDAP authentication mechanism. +// * <>: label:enterprise-edition[Enterprise only]Perform authentication by searching for an unique attribute of a user. +// Using this setting requires `dbms.security.ldap.authorization.system_username` and `dbms.security.ldap.authorization.system_password` to be configured. +// * <>: label:enterprise-edition[Enterprise only]LDAP user DN template. +// * <>: label:enterprise-edition[Enterprise only]The LDAP group to which a user must belong to get any access to the system.Set this to restrict access to a subset of LDAP users belonging to a particular group. +// * <>: label:enterprise-edition[Enterprise only]A list of attribute names on a user object that contains groups to be used for mapping to roles when LDAP authorization is enabled. +// * <>: label:enterprise-edition[Enterprise only]An authorization mapping from LDAP group names to Neo4j role names. +// * <>: label:enterprise-edition[Enterprise only]This setting determines whether multiple LDAP search results will be processed (as is required for the lookup of nested groups). +// * <>: label:enterprise-edition[Enterprise only]The search template which will be used to find the nested groups which the user is a member of. +// * <>: label:enterprise-edition[Enterprise only]An LDAP system account password to use for authorization searches when `dbms.security.ldap.authorization.use_system_account` is `true`. +// * <>: label:enterprise-edition[Enterprise only]An LDAP system account username to use for authorization searches when `dbms.security.ldap.authorization.use_system_account` is `true`. +// * <>: label:enterprise-edition[Enterprise only]Perform LDAP search for authorization info using a system account instead of the user's own account. +// If this is set to `false` (default), the search for group membership will be performed directly after authentication using the LDAP context bound with the user's own account. +// * <>: label:enterprise-edition[Enterprise only]The name of the base object or named context to search for user objects when LDAP authorization is enabled. +// * <>: label:enterprise-edition[Enterprise only]The LDAP search filter to search for a user principal when LDAP authorization is enabled. +// * <>: label:enterprise-edition[Enterprise only]The timeout for establishing an LDAP connection. +// * <>: label:enterprise-edition[Enterprise only]URL of LDAP server to use for authentication and authorization. +// * <>: label:enterprise-edition[Enterprise only]The timeout for an LDAP read request (i.e. +// * <>: label:enterprise-edition[Enterprise only]The LDAP referral behavior when creating a connection. +// * <>: label:enterprise-edition[Enterprise only]Use secure communication with the LDAP server using opportunistic TLS. +// * <>: label:enterprise-edition[Enterprise only]Set to log successful authentication events to the security log. +// * <.audience>>: label:enterprise-edition[Enterprise only]Expected values of the Audience (aud) claim in the id token. +// * <.auth_endpoint>>: label:enterprise-edition[Enterprise only]The OIDC authorization endpoint. +// * <.auth_flow>>: label:enterprise-edition[Enterprise only]The OIDC flow to use. +// * <.auth_params>>: label:enterprise-edition[Enterprise only]Optional additional parameters that the auth endpoint requires. +// * <.authorization.group_to_role_mapping>>: label:enterprise-edition[Enterprise only]An authorization mapping from IdP group names to Neo4j role names. +// * <.claims.groups>>: label:enterprise-edition[Enterprise only]The claim to use as the list of groups in Neo4j. +// * <.claims.username>>: label:enterprise-edition[Enterprise only]The claim to use as the username in Neo4j. +// * <.client_id>>: label:enterprise-edition[Enterprise only]Client id needed if token contains multiple Audience (aud) claims. +// * <.config>>: label:enterprise-edition[Enterprise only] +// * <.display_name>>: label:enterprise-edition[Enterprise only]The user-facing name of the provider as provided by the discovery endpoint to clients (Bloom, Browser etc.). +// * <.get_groups_from_user_info>>: label:enterprise-edition[Enterprise only]When turned on, Neo4j gets the groups from the provider user info endpoint. +// * <.get_username_from_user_info>>: label:enterprise-edition[Enterprise only]When turned on, Neo4j gets the username from the provider user info endpoint. +// * <.issuer>>: label:enterprise-edition[Enterprise only]The expected value of the iss claim in the id token. +// * <.jwks_uri>>: label:enterprise-edition[Enterprise only]The location of the JWK public key set for the identity provider. +// * <.params>>: label:enterprise-edition[Enterprise only]The map is a semicolon separated list of key-value pairs. +// * <.token_endpoint>>: label:enterprise-edition[Enterprise only]The OIDC token endpoint. +// * <.token_params>>: label:enterprise-edition[Enterprise only]Optional query parameters that the token endpoint requires. +// * <.user_info_uri>>: label:enterprise-edition[Enterprise only]The identity providers user info uri. +// * <.well_known_discovery_uri>>: label:enterprise-edition[Enterprise only]The 'well known' OpenID Connect Discovery endpoint used to fetch identity provider settings. +// * <>: A list of procedures (comma separated) that are to be loaded. +// * <>: A list of procedures and user defined functions (comma separated) that are allowed full access to the database. +// * <>: label:enterprise-edition[Enterprise only]Name of the initial database allocator. +// * <>: Name of the default database (aliases are not supported). +// * <>: label:enterprise-edition[Enterprise only]Initial default number of primary instances of user databases. +// * <>: label:enterprise-edition[Enterprise only]Initial default number of secondary instances of user databases. +// * <>: label:enterprise-edition[Enterprise only]The names of databases that are allowed on this server - all others are denied. +// * <>: label:enterprise-edition[Enterprise only]The names of databases that are not allowed on this server. +// * <>: label:enterprise-edition[Enterprise only]An instance can restrict itself to allow databases to be hosted only as primaries or secondaries. +// * <>: label:enterprise-edition[Enterprise only]Enable support for running online backups. +// * <>: label:enterprise-edition[Enterprise only]Network interface and port for the backup server to listen on. +// * <>: label:enterprise-edition[Enterprise only]Maximum retry time per request during store copy. +// * <>: Advertised address for this connector. +// * <>: The maximum time to wait before sending a NOOP on connections waiting for responses from active ongoing queries.The minimum value is 1 millisecond. +// * <>: The type of messages to enable keep-alive messages for (ALL, STREAMING or OFF). +// * <>: The total amount of probes to be missed before a connection is considered stale.The minimum for this value is 1. +// * <>: The interval between every scheduled keep-alive check on all connections with active queries. +// * <>: Enable the bolt connector. +// * <>: Address the connector should bind to. +// * <>: Enable server OCSP stapling for bolt and http connectors. +// * <>: The maximum time an idle thread in the thread pool bound to this connector will wait for new tasks. +// * <>: The maximum number of threads allowed in the thread pool bound to this connector. +// * <>: The number of threads to keep in the thread pool bound to this connector, even if they are idle. +// * <>: Encryption level to require this connector to use. +// * <>: label:enterprise-edition[Enterprise only]Advertised hostname/IP address and port for the transaction shipping server. +// * <>: label:enterprise-edition[Enterprise only]Comma separated list of groups to be used by the connect-randomly-to-server-group selection strategy. +// * <>: label:enterprise-edition[Enterprise only]An ordered list in descending preference of the strategy which secondaries use to choose the upstream server from which to pull transactional updates. +// * <>: label:enterprise-edition[Enterprise only]Configuration of a user-defined upstream selection strategy. +// * <>: label:enterprise-edition[Enterprise only]Network interface and port for the transaction shipping server to listen on. +// * <>: label:enterprise-edition[Enterprise only]Use native transport if available. +// * <>: label:enterprise-edition[Enterprise only]Advertised hostname/IP address and port for the RAFT server. +// * <>: label:enterprise-edition[Enterprise only]Network interface and port for the RAFT server to listen on. +// * <>: label:enterprise-edition[Enterprise only]Users must manually specify the mode for the system database on each instance. +// * <>: A strict configuration validation will prevent the database from starting up if unknown configuration options are specified in the neo4j settings namespace (such as dbms., cypher., etc) or if settings are declared multiple times. +// * <>: Whether or not any database on this instance are read_only by default. +// * <>: List of databases for which to prevent write queries. +// * <>: List of databases for which to allow write queries. +// * <>: The number of cached Cypher query execution plans per database. +// * <>: Default hostname or IP address the server uses to advertise itself. +// * <>: Default network interface to listen for incoming connections. +// * <>: label:enterprise-edition[Enterprise only]Directory to hold cluster state including Raft log. +// * <>: Path of the data directory. +// * <>: Root location where Neo4j will store database dumps optionally produced when dropping said databases. +// * <>: Sets the root directory for file URLs used with the Cypher `LOAD CSV` clause. +// * <>: Path of the lib directory. +// * <>: Path of the licenses directory. +// * <>: Path of the logs directory. +// * <>: label:enterprise-edition[Enterprise only]The target location of the CSV files: a path to a directory wherein a CSV file per reported field will be written. +// * <>: Root relative to which directory settings are resolved. +// * <>: Location of the database plugin directory. +// * <>: Path of the run directory. +// * <>: Root location where Neo4j will store scripts for configured databases. +// * <>: Root location where Neo4j will store transaction logs for configured databases. +// * <>: label:enterprise-edition[Enterprise only]Advertised cluster member discovery management communication. +// * <>: label:enterprise-edition[Enterprise only]Host and port to bind the cluster member discovery management communication. +// * <>: label:enterprise-edition[Enterprise only]A list of setting name patterns (comma separated) that are allowed to be dynamically changed. +// * <>: label:enterprise-edition[Enterprise only]A list of tag names for the server used when configuring load balancing and replication policies. This setting is deprecated in favour of <>. +// * <>: Advertised address for this connector. +// * <>: Enable the http connector. +// * <>: Address the connector should bind to. +// * <>: Defines the set of modules loaded into the Neo4j web server. +// * <>: Advertised address for this connector. +// * <>: Enable the https connector. +// * <>: Address the connector should bind to. +// * <>: Additional JVM arguments. +// * <>: Path to the logging configuration for debug, query, http and security logs. +// * <>: Enable the debug log. +// * <>: Enable GC Logging. +// * <>: GC Logging Options. +// * <>: Number of GC logs to keep. +// * <>: Size of each GC log that is kept. +// * <>: Path to the logging configuration of user logs. +// * <>: label:enterprise-edition[Enterprise only] label:deprecated[Deprecated in 5.6] The maximum number of databases. +// This setting is deprecated in favor of <> in 5.6. +// * <>: Initial heap size. +// * <>: Maximum heap size. +// * <>: Defines the size of the off-heap memory blocks cache. +// * <>: Defines the maximum size of an off-heap memory block that can be cached to speed up allocations. +// * <>: The maximum amount of off-heap memory that can be used to store transaction state data; it's a total amount of memory shared across all active transactions. +// * <>: Use direct I/O for page cache. +// * <>: Page cache can be configured to use a temporal buffer for flushing purposes. +// * <>: Page cache can be configured to use a temporal buffer for flushing purposes. +// * <>: The maximum number of worker threads to use for pre-fetching data when doing sequential scans. +// * <>: label:enterprise-edition[Enterprise only]Whether to share query cache between databases. +// * <>: label:enterprise-edition[Enterprise only]The number of cached queries for all databases. +// * <>: The number of cached queries per database. +// * <>: The amount of memory to use for mapping the store files. +// * <>: label:enterprise-edition[Enterprise only]Set to `true` to enable exporting metrics to CSV files. +// * <>: label:enterprise-edition[Enterprise only]The reporting interval for the CSV files. +// * <>: label:enterprise-edition[Enterprise only]Decides what compression to use for the csv history files. +// * <>: label:enterprise-edition[Enterprise only]Maximum number of history files for the csv files. +// * <>: label:enterprise-edition[Enterprise only]The file size in bytes at which the csv files will auto-rotate. +// * <>: label:enterprise-edition[Enterprise only]Enable metrics. +// * <>: label:enterprise-edition[Enterprise only]Specifies which metrics should be enabled by using a comma separated list of globbing patterns. +// * <>: label:enterprise-edition[Enterprise only]Set to `true` to enable exporting metrics to Graphite. +// * <>: label:enterprise-edition[Enterprise only]The reporting interval for Graphite. +// * <>: label:enterprise-edition[Enterprise only]The hostname or IP address of the Graphite server. +// * <>: label:enterprise-edition[Enterprise only]Set to `true` to enable the JMX metrics endpoint. +// * <>: label:enterprise-edition[Enterprise only]A common prefix for the reported metrics field names. +// * <>: label:enterprise-edition[Enterprise only]Set to `true` to enable the Prometheus endpoint. +// * <>: label:enterprise-edition[Enterprise only]The hostname and port to use as Prometheus endpoint. +// * <>: label:enterprise-edition[Enterprise only]If there is a Database Management System Panic (an irrecoverable error) should the neo4j process shut down or continue running. +// * <>: label:enterprise-edition[Enterprise only]The advertised address for the intra-cluster routing connector. +// * <>: The address the routing connector should bind to. +// * <>: label:enterprise-edition[Enterprise only]A list of tag names for the server used during database allocation and when configuring load balancing and replication policies. +// * <>: Number of Neo4j worker threads. +// * <>: Comma-separated list of = for unmanaged extensions. +// * <>: Name of the Windows Service managing Neo4j when installed using `neo4j install-service`. +//endif::nonhtmloutput[] // end::settings-reference-all-settings[] @@ -2416,7 +2420,7 @@ m|+++memberOf+++ |=== |Description a|label:enterprise-edition[Enterprise only]An authorization mapping from LDAP group names to Neo4j role names. The map should be formatted as a semicolon separated list of key-value pairs, where the key is the LDAP group name and the value is a comma separated list of corresponding role names. For example: group1=role1;group2=role2;group3=role3,role4,role5 -You could also use whitespaces and quotes around group names to make this mapping more readable, for example: +You could also use whitespaces and quotes around group names to make this mapping more readable, for example: ---- `dbms.security.ldap.authorization.group_to_role_mapping`=\ "cn=Neo4j Read Only,cn=users,dc=example,dc=com" = reader; \ @@ -2649,7 +2653,7 @@ a|The `dbms.security.oidc..auth_params` configuration setting has been |=== |Description a|label:enterprise-edition[Enterprise only]An authorization mapping from IdP group names to Neo4j role names. The map should be formatted as a semicolon separated list of key-value pairs, where the key is the IdP group name and the value is a comma separated list of corresponding role names. For example: group1=role1;group2=role2;group3=role3,role4,role5 -You could also use whitespaces and quotes around group names to make this mapping more readable, for example: +You could also use whitespaces and quotes around group names to make this mapping more readable, for example: ---- dbms.security.oidc..authorization.group_to_role_mapping=\ "Neo4j Read Only" = reader; \ @@ -2899,10 +2903,10 @@ m|+++EQUAL_NUMBERS+++ a|Name of the default database (aliases are not supported). + [NOTE] ==== -This setting is not the same as `dbms.default_database`, which was used to set the default database in Neo4j 4.x and earlier versions. +This setting is not the same as `dbms.default_database`, which was used to set the default database in Neo4j 4.x and earlier versions. -The `initial.dbms.default_database` setting is meant to set the default database *before* the creation of the DBMS. -Once it is created, the setting is not valid anymore. +The `initial.dbms.default_database` setting is meant to set the default database *before* the creation of the DBMS. +Once it is created, the setting is not valid anymore. To set the default database, use the xref:/clustering/databases.adoc#cluster-default-database[`dbms.setDefaultDatabase()`] procedure instead. ==== @@ -3867,6 +3871,55 @@ a|server.memory.pagecache.size, a byte size (valid multipliers are `B`, `KiB`, ` m|By default the size of page cache will be 50% och available RAM minus the max heap size.The size of the page cache will also not be larger than 70x the max heap size (due to some overhead of the page cache in the heap. |=== +[[config_server.memory.query_cache.sharing_enabled]] +.server.memory.query_cache.sharing_enabled +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]Enable sharing cache space between different databases. +With this option turned on, databases will share cache space, but not cache entries. +This means that a database may store and retrieve entries from the shared cache, but it may not retrieve entries produced by another database. +The database may, however, evict entries from other databases as necessary, according to the constrained cache size and cache eviction policy. +In essence, databases may compete for cache space, but may not observe each other's entries. + +When this option is turned on, the cache space available to all databases is configured with `server.memory.query_cache.shared_cache_num_entries`. +With this option turned off, the cache space available to each individual database is configured with `server.memory.query_cache.per_db_cache_num_entries`. +|Valid values +a|server.memory.query_cache.sharing_enabled, a boolean +|Default value +m|+++false+++ +|=== + +[[config_server.memory.query_cache.shared_cache_num_entried]] +.server.memory.query_cache.shared_cache_num_entries +[cols="<1s,<4"] +|=== +|Description +a|label:enterprise-edition[Enterprise only]The number of cached queries for all databases. +The maximum number of queries that can be kept in a cache is exactly `server.memory.query_cache.shared_cache_num_entries`. +This setting is only deciding cache size when `server.memory.query_cache.sharing_enabled` is set to `true`. +|Valid values +a|server.memory.query_cache.shared_cache_num_entries, a integer +|Default value +m|+++1000+++ +|=== + + +[[config_server.memory.query_cache.per_db_cache_num_entries]] +.server.memory.query_cache.per_db_cache_num_entries +[cols="<1s,<4"] +|=== +|Description +a|The number of cached queries per database. +The maximum number of queries that can be kept in a cache is `number of databases` * `server.memory.query_cache.per_db_cache_num_entries`. +With 10 databases and `server.memory.query_cache.per_db_cache_num_entries`=1000, the cache can keep 10000 plans in total. +This setting is only deciding cache size when `server.memory.query_cache.sharing_enabled` is set to `false`. +|Valid values +a|server.memory.query_cache.per_db_cache_num_entries, a integer +|Default value +m|+++1000+++ +|=== + [[config_server.metrics.csv.enabled]] .server.metrics.csv.enabled [cols="<1s,<4"] From 47198b25f65997756c7037102c41fab0e2541145 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Mon, 24 Apr 2023 11:55:48 +0300 Subject: [PATCH 246/876] server.db.query_cache_size has been deprecated in 5.7 (#726) --- modules/ROOT/pages/reference/configuration-settings.adoc | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/reference/configuration-settings.adoc b/modules/ROOT/pages/reference/configuration-settings.adoc index 2709b5af4..713bf3d93 100644 --- a/modules/ROOT/pages/reference/configuration-settings.adoc +++ b/modules/ROOT/pages/reference/configuration-settings.adoc @@ -246,7 +246,8 @@ If this is set to `false` (default), the search for group membership will be per |<>|Whether or not any database on this instance are read_only by default. |<>|List of databases for which to prevent write queries. |<>|List of databases for which to allow write queries. -|<>|The number of cached Cypher query execution plans per database. +|<>|label:deprecated[Deprecated in 5.7]The number of cached Cypher query execution plans per database. +Replaced by <>. |<>|Default hostname or IP address the server uses to advertise itself. |<>|Default network interface to listen for incoming connections. |<>|label:enterprise-edition[Enterprise only]Directory to hold cluster state including Raft log. @@ -3328,6 +3329,8 @@ a|The number of cached Cypher query execution plans per database. The max number a|server.db.query_cache_size, an integer which is minimum `0` |Default value m|+++1000+++ +|Deprecated +a|The `server.db.query_cache_size` configuration setting has been deprecated in favour of <>. |=== [[config_server.default_advertised_address]] @@ -3890,7 +3893,7 @@ a|server.memory.query_cache.sharing_enabled, a boolean m|+++false+++ |=== -[[config_server.memory.query_cache.shared_cache_num_entried]] +[[config_server.memory.query_cache.shared_cache_num_entries]] .server.memory.query_cache.shared_cache_num_entries [cols="<1s,<4"] |=== From c8abf7cf063c869443a6619b5d7c8d1b7199bb54 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Mon, 24 Apr 2023 12:05:21 +0300 Subject: [PATCH 247/876] Update neo4j-admin database copy syntax and options to reflect the code (#723) --- .../pages/backup-restore/copy-database.adoc | 255 +++++++++--------- 1 file changed, 134 insertions(+), 121 deletions(-) diff --git a/modules/ROOT/pages/backup-restore/copy-database.adoc b/modules/ROOT/pages/backup-restore/copy-database.adoc index cdd3013f4..75f0c9e20 100644 --- a/modules/ROOT/pages/backup-restore/copy-database.adoc +++ b/modules/ROOT/pages/backup-restore/copy-database.adoc @@ -29,163 +29,176 @@ For more information, see < --from-path-txn=] - [--to-path-data= --to-path-txn=] - [--to-path-schema=] - [--force] - [--compact-node-store[=true|false]] - [--to-format=] - [--ignore-nodes-with-labels=

:`. @@ -59,7 +59,7 @@ See below for an example of usage. | `tls_level` | `DISABLED` -| `xref:reference/configuration-settings.adoc#config_server.bolt.tls_level[server.bolt.tls_level]` +| `xref:configuration/configuration-settings.adoc#config_server.bolt.tls_level[server.bolt.tls_level]` | This setting is only applicable to the Bolt connector. It allows the connector to accept encrypted and/or unencrypted connections. The default value is `DISABLED`, where only unencrypted client connections are to be accepted by this connector, and all encrypted connections will be rejected. @@ -99,7 +99,7 @@ It is possible to specify defaults for the configuration options with `listen_ad Setting a default value will apply to all the connectors, unless specifically configured for a certain connector. -`xref:reference/configuration-settings.adoc#config_server.default_listen_address[server.default_listen_address]`:: +`xref:configuration/configuration-settings.adoc#config_server.default_listen_address[server.default_listen_address]`:: This configuration option defines a default IP address of the settings with the `listen_address` suffix for all connectors. If the IP address part of the `listen_address` is not specified, it is inherited from the shared setting `server.default_listen_address`. + @@ -119,7 +119,7 @@ server.bolt.listen_address=:7000 ---- ==== -`xref:reference/configuration-settings.adoc#config_server.default_advertised_address[server.default_advertised_address]`:: +`xref:configuration/configuration-settings.adoc#config_server.default_advertised_address[server.default_advertised_address]`:: This configuration option defines a default address of the settings with the `advertised_address` suffix for all connectors. If the address part of the `advertised_address` is not specified, it is inherited from the shared setting `server.default_advertised_address`. + diff --git a/modules/ROOT/pages/configuration/dynamic-settings.adoc b/modules/ROOT/pages/configuration/dynamic-settings.adoc index 11cafa87e..15dee8842 100644 --- a/modules/ROOT/pages/configuration/dynamic-settings.adoc +++ b/modules/ROOT/pages/configuration/dynamic-settings.adoc @@ -18,7 +18,7 @@ If you want to change the configuration settings on all cluster members, you hav [[dynamic-settings-discover]] == Discover dynamic settings -Use `SHOW SETTINGS` to discover which configuration values can be dynamically updated, or consult the xref:reference/dynamic-settings-reference.adoc[Dynamic configuration settings reference]. +Use `SHOW SETTINGS` to discover which configuration values can be dynamically updated, or consult the xref:configuration/configuration-settings.adoc[Configuration settings reference]. .Discover dynamic settings ==== diff --git a/modules/ROOT/pages/configuration/index.adoc b/modules/ROOT/pages/configuration/index.adoc index 739e7dd7e..897f778a9 100644 --- a/modules/ROOT/pages/configuration/index.adoc +++ b/modules/ROOT/pages/configuration/index.adoc @@ -1,6 +1,6 @@ [[configuration]] = Configuration -:description: This chapter describes the configuration of Neo4j components. +:description: This chapter describes the configuration of Neo4j components. The topics described are: @@ -13,8 +13,9 @@ The topics described are: * xref:configuration/password-and-user-recovery.adoc[Password and user recovery] -- How to recover after a lost admin password. * xref:configuration/dynamic-settings.adoc[Update dynamic settings] -- How to configure certain Neo4j parameters while Neo4j is running. * xref:configuration/transaction-logs.adoc[Transaction logs] -- The transaction logs record all write operations in the database. +* xref:configuration/configuration-settings.adoc[Configuration settings] -- A complete reference of all configuration settings. -For a complete reference of Neo4j configuration settings, see xref:reference/configuration-settings.adoc[All configuration settings]. +For a complete reference of Neo4j configuration settings, see xref:configuration/configuration-settings.adoc[All configuration settings]. //include::network-architecture.adoc[leveloffset=+1] diff --git a/modules/ROOT/pages/configuration/neo4j-conf.adoc b/modules/ROOT/pages/configuration/neo4j-conf.adoc index 491c9ca85..3dadf5aab 100644 --- a/modules/ROOT/pages/configuration/neo4j-conf.adoc +++ b/modules/ROOT/pages/configuration/neo4j-conf.adoc @@ -24,7 +24,7 @@ If you want to amend the default values with custom ones, you must explicitly li * The configuration settings are not ordered. * The configuration settings have strict validation enabled by default. It prevents Neo4j from starting if the _neo4j.conf_ file contains _typos_, _incorrect information_, or _duplicates_ (except for `server.jvm.additional`). -If you set more than one value for xref:reference/configuration-settings.adoc#config_server.jvm.additional[`server.jvm.additional`], each setting value adds another custom JVM argument to the `java` launcher. +If you set more than one value for xref:configuration/configuration-settings.adoc#config_server.jvm.additional[`server.jvm.additional`], each setting value adds another custom JVM argument to the `java` launcher. + To disable the strict validation, set `server.config.strict_validation.enabled=false`. * By default, the character encoding is assumed to be ISO 8859-1. @@ -74,7 +74,7 @@ Words are separated by an underscore. [TIP] ==== -For a complete reference of Neo4j configuration settings, see xref:reference/configuration-settings.adoc[Configuration settings]. +For a complete reference of Neo4j configuration settings, see xref:configuration/configuration-settings.adoc[Configuration settings]. ==== [[neo4j-conf-JVM]] @@ -91,15 +91,15 @@ Depending on the JVM implementation, the JVM heap size often determines how and | Setting | Description -| `xref:reference/configuration-settings.adoc#config_server.memory.heap.initial_size[server.memory.heap.initial_size]` +| `xref:configuration/configuration-settings.adoc#config_server.memory.heap.initial_size[server.memory.heap.initial_size]` | Sets the initial heap size for the JVM. By default, the JVM heap size is calculated based on the available system resources. -| `xref:reference/configuration-settings.adoc#config_server.memory.heap.max_size[server.memory.heap.max_size]` +| `xref:configuration/configuration-settings.adoc#config_server.memory.heap.max_size[server.memory.heap.max_size]` | Sets the maximum size of the heap for the JVM. By default, the maximum JVM heap size is calculated based on the available system resources. -| `xref:reference/configuration-settings.adoc#config_server.jvm.additional[server.jvm.additional]` +| `xref:configuration/configuration-settings.adoc#config_server.jvm.additional[server.jvm.additional]` | Sets additional options for the JVM. The options are set as a string and can vary depending on JVM implementation. |=== @@ -140,9 +140,7 @@ LIMIT 3; [TIP] ==== -For information about dynamic settings, see xref:configuration/dynamic-settings.adoc[Update dynamic settings] and xref:reference/dynamic-settings-reference.adoc[Dynamic configuration settings reference]. - -For a complete reference of Neo4j configuration settings, see xref:reference/configuration-settings.adoc[Configuration settings]. +For information about dynamic settings, see xref:configuration/dynamic-settings.adoc[Update dynamic settings] and xref:configuration/configuration-settings.adoc[Configuration settings reference]. ==== [[neo4j-conf-expand-commands]] diff --git a/modules/ROOT/pages/configuration/ports.adoc b/modules/ROOT/pages/configuration/ports.adoc index 108d500f7..8bda84c1e 100644 --- a/modules/ROOT/pages/configuration/ports.adoc +++ b/modules/ROOT/pages/configuration/ports.adoc @@ -1,6 +1,6 @@ [[ports]] = Ports -:description: Ports relevant to a Neo4j installation. +:description: Ports relevant to a Neo4j installation. An overview of the Neo4j-specific ports. Note that these ports are in addition to those necessary for ordinary network operation. @@ -22,22 +22,22 @@ The table below shows an overview of available Neo4j-specific ports and related [options="header"] |=== | Name | Default port | Related configuration setting -| Backup | `6362` | `xref:reference/configuration-settings.adoc#config_server.backup.listen_address[server.backup.listen_address]` -| HTTP | `7474` | `xref:reference/configuration-settings.adoc#config_server.http.listen_address[server.http.listen_address]` -| HTTPS | `7473` | `xref:reference/configuration-settings.adoc#config_server.https.listen_address[server.https.listen_address]` -| Bolt | `7687` | `xref:reference/configuration-settings.adoc#config_server.bolt.listen_address[server.bolt.listen_address]` -| Cluster discovery management | `5000` | `xref:reference/configuration-settings.adoc#config_server.discovery.listen_address[server.discovery.listen_address]` -| Cluster transaction | `6000` | `xref:reference/configuration-settings.adoc#config_server.cluster.listen_address[server.cluster.listen_address]` -| Cluster RAFT | `7000` | `xref:reference/configuration-settings.adoc#config_server.cluster.raft.listen_address[server.cluster.raft.listen_address]` -| Cluster routing connector | `7688` | `xref:reference/configuration-settings.adoc#config_server.routing.listen_address[server.routing.listen_address]` -| Graphite monitoring | `2003` | `xref:reference/configuration-settings.adoc#config_server.metrics.graphite.server[server.metrics.graphite.server]` -| Prometheus monitoring | `2004` | `xref:reference/configuration-settings.adoc#config_server.metrics.prometheus.endpoint[server.metrics.prometheus.endpoint]` -| JMX monitoring | `3637` | `xref:reference/configuration-settings.adoc#config_server.jvm.additional[+++server.jvm.additional=-Dcom.sun.management.jmxremote.port=3637+++]` -| Remote debugging | `5005` | `xref:reference/configuration-settings.adoc#config_server.jvm.additional[+++server.jvm.additional=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005+++]` +| Backup | `6362` | `xref:configuration/configuration-settings.adoc#config_server.backup.listen_address[server.backup.listen_address]` +| HTTP | `7474` | `xref:configuration/configuration-settings.adoc#config_server.http.listen_address[server.http.listen_address]` +| HTTPS | `7473` | `xref:configuration/configuration-settings.adoc#config_server.https.listen_address[server.https.listen_address]` +| Bolt | `7687` | `xref:configuration/configuration-settings.adoc#config_server.bolt.listen_address[server.bolt.listen_address]` +| Cluster discovery management | `5000` | `xref:configuration/configuration-settings.adoc#config_server.discovery.listen_address[server.discovery.listen_address]` +| Cluster transaction | `6000` | `xref:configuration/configuration-settings.adoc#config_server.cluster.listen_address[server.cluster.listen_address]` +| Cluster RAFT | `7000` | `xref:configuration/configuration-settings.adoc#config_server.cluster.raft.listen_address[server.cluster.raft.listen_address]` +| Cluster routing connector | `7688` | `xref:configuration/configuration-settings.adoc#config_server.routing.listen_address[server.routing.listen_address]` +| Graphite monitoring | `2003` | `xref:configuration/configuration-settings.adoc#config_server.metrics.graphite.server[server.metrics.graphite.server]` +| Prometheus monitoring | `2004` | `xref:configuration/configuration-settings.adoc#config_server.metrics.prometheus.endpoint[server.metrics.prometheus.endpoint]` +| JMX monitoring | `3637` | `xref:configuration/configuration-settings.adoc#config_server.jvm.additional[+++server.jvm.additional=-Dcom.sun.management.jmxremote.port=3637+++]` +| Remote debugging | `5005` | `xref:configuration/configuration-settings.adoc#config_server.jvm.additional[+++server.jvm.additional=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005+++]` |=== [NOTE] -The configuration setting `xref:reference/configuration-settings.adoc#config_server.default_listen_address[server.default_listen_address]` configures the default network interface to listen for incoming connections. +The configuration setting `xref:configuration/configuration-settings.adoc#config_server.default_listen_address[server.default_listen_address]` configures the default network interface to listen for incoming connections. == Advertised address configuration settings @@ -52,18 +52,18 @@ The table below shows an overview of available Neo4j-specific ports and related [options="header"] |=== | Name | Default port | Related configuration setting -| HTTP | `7474` | `xref:reference/configuration-settings.adoc#config_server.http.advertised_address[server.http.advertised_address]` -| HTTPS | `7473` | `xref:reference/configuration-settings.adoc#config_server.https.advertised_address[server.https.advertised_address]` -| Bolt | `7687` | `xref:reference/configuration-settings.adoc#config_server.bolt.advertised_address[server.bolt.advertised_address]` -| Cluster discovery management | `5000` | `xref:reference/configuration-settings.adoc#config_server.discovery.advertised_address[server.discovery.advertised_address]` -| Cluster transaction | `6000` | `xref:reference/configuration-settings.adoc#config_server.cluster.advertised_address[server.cluster.advertised_address]` -| Cluster RAFT | `7000` | `xref:reference/configuration-settings.adoc#config_server.cluster.raft.advertised_address[server.cluster.raft.advertised_address]` -| Cluster routing connector | `7688` | `xref:reference/configuration-settings.adoc#config_server.routing.advertised_address[server.routing.advertised_address]` +| HTTP | `7474` | `xref:configuration/configuration-settings.adoc#config_server.http.advertised_address[server.http.advertised_address]` +| HTTPS | `7473` | `xref:configuration/configuration-settings.adoc#config_server.https.advertised_address[server.https.advertised_address]` +| Bolt | `7687` | `xref:configuration/configuration-settings.adoc#config_server.bolt.advertised_address[server.bolt.advertised_address]` +| Cluster discovery management | `5000` | `xref:configuration/configuration-settings.adoc#config_server.discovery.advertised_address[server.discovery.advertised_address]` +| Cluster transaction | `6000` | `xref:configuration/configuration-settings.adoc#config_server.cluster.advertised_address[server.cluster.advertised_address]` +| Cluster RAFT | `7000` | `xref:configuration/configuration-settings.adoc#config_server.cluster.raft.advertised_address[server.cluster.raft.advertised_address]` +| Cluster routing connector | `7688` | `xref:configuration/configuration-settings.adoc#config_server.routing.advertised_address[server.routing.advertised_address]` |=== [NOTE] ==== -The configuration setting `xref:reference/configuration-settings.adoc#config_server.default_advertised_address[server.default_advertised_address]` configures the default hostname/IP-address for advertised address. +The configuration setting `xref:configuration/configuration-settings.adoc#config_server.default_advertised_address[server.default_advertised_address]` configures the default hostname/IP-address for advertised address. ==== == Ports used by Neo4j @@ -77,8 +77,8 @@ Default port: `6362` [options="header"] |=== | Related configuration setting | Default value | Description -| `xref:reference/configuration-settings.adoc#config_server.backup.listen_address[server.backup.listen_address]` | `127.0.0.1:6362` | Network interface and port for the backup server to listen on. -| `xref:reference/configuration-settings.adoc#config_server.backup.enabled[server.backup.enabled]` | `true` | Enable support for running online backups. +| `xref:configuration/configuration-settings.adoc#config_server.backup.listen_address[server.backup.listen_address]` | `127.0.0.1:6362` | Network interface and port for the backup server to listen on. +| `xref:configuration/configuration-settings.adoc#config_server.backup.enabled[server.backup.enabled]` | `true` | Enable support for running online backups. |=== In production environments, external access to the backup port should be blocked by a firewall. @@ -97,15 +97,15 @@ Default port: `7474` | Default value | Description -| `xref:reference/configuration-settings.adoc#config_server.http.listen_address[server.http.listen_address]` +| `xref:configuration/configuration-settings.adoc#config_server.http.listen_address[server.http.listen_address]` | `:7474` | Network interface and port for the HTTP connector to listen on. -| `xref:reference/configuration-settings.adoc#config_server.http.advertised_address[server.http.advertised_address]` +| `xref:configuration/configuration-settings.adoc#config_server.http.advertised_address[server.http.advertised_address]` | `:7474` | Advertised hostname/IP-address and port for the HTTP connector. -| `xref:reference/configuration-settings.adoc#config_server.http.enabled[server.http.enabled]` +| `xref:configuration/configuration-settings.adoc#config_server.http.enabled[server.http.enabled]` | `true` | Enable the HTTP connector. |=== @@ -130,15 +130,15 @@ Default port: `7473` | Default value | Description -| `xref:reference/configuration-settings.adoc#config_server.https.listen_address[server.https.listen_address]` +| `xref:configuration/configuration-settings.adoc#config_server.https.listen_address[server.https.listen_address]` | `:7473` | Network interface and port for the HTTPS connector to listen on. -| `xref:reference/configuration-settings.adoc#config_server.https.advertised_address[server.https.advertised_address]` +| `xref:configuration/configuration-settings.adoc#config_server.https.advertised_address[server.https.advertised_address]` | `:7473` | Advertised hostname/IP-address and port for the HTTPS connector. -| `xref:reference/configuration-settings.adoc#config_server.https.enabled[server.https.enabled]` +| `xref:configuration/configuration-settings.adoc#config_server.https.enabled[server.https.enabled]` | `false` | Enable the HTTPS connector. |=== @@ -161,19 +161,19 @@ Default port: `7687` | Default value | Description -| `xref:reference/configuration-settings.adoc#config_server.bolt.listen_address[server.bolt.listen_address]` +| `xref:configuration/configuration-settings.adoc#config_server.bolt.listen_address[server.bolt.listen_address]` | `:7687` | Network interface and port for the Bolt connector to listen on. -| `xref:reference/configuration-settings.adoc#config_server.bolt.advertised_address[server.bolt.advertised_address]` +| `xref:configuration/configuration-settings.adoc#config_server.bolt.advertised_address[server.bolt.advertised_address]` | `:7687` | Advertised hostname/IP-address and port for the Bolt connector. -| `xref:reference/configuration-settings.adoc#config_server.bolt.enabled[server.bolt.enabled]` +| `xref:configuration/configuration-settings.adoc#config_server.bolt.enabled[server.bolt.enabled]` | `true` | Enable the Bolt connector. -| `xref:reference/configuration-settings.adoc#config_server.bolt.tls_level[server.bolt.tls_level]` +| `xref:configuration/configuration-settings.adoc#config_server.bolt.tls_level[server.bolt.tls_level]` | `DISABLED` | Encryption level for the Bolt connector. |=== @@ -194,9 +194,9 @@ By default, the operating mode of a Neo4j instance (`<>` |=== @@ -205,10 +205,10 @@ By default, the operating mode of a Neo4j instance (`< JMX metrics] and https://docs.oracle.com/javase/1.5.0/docs/guide/management/agent.html[the official documentation on Monitoring and Management Using JMX]. @@ -274,7 +274,7 @@ Default port: `5005` [options="header"] |=== | Related configuration setting | Default value | Description -| `xref:reference/configuration-settings.adoc#config_server.jvm.additional[+++server.jvm.additional=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005+++]` | `:5005` | Additional setting for exposing remote debugging. +| `xref:configuration/configuration-settings.adoc#config_server.jvm.additional[+++server.jvm.additional=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005+++]` | `:5005` | Additional setting for exposing remote debugging. |=== For more information, see the link:{neo4j-docs-base-uri}/java-reference/{page-version}/extending-neo4j/server-debugging#server-debugging[Java Reference -> Setup for remote debugging]. diff --git a/modules/ROOT/pages/configuration/transaction-logs.adoc b/modules/ROOT/pages/configuration/transaction-logs.adoc index 74797b56d..fd5e42a36 100644 --- a/modules/ROOT/pages/configuration/transaction-logs.adoc +++ b/modules/ROOT/pages/configuration/transaction-logs.adoc @@ -8,7 +8,7 @@ The transaction logs can be used to provide differential backups, as well as for For any given configuration, at least the latest non-empty transaction log is kept. Each database keeps its own directory with _transaction logs_. -The root directory where the transaction log folders are located is configured by xref:reference/configuration-settings.adoc#config_server.directories.transaction.logs.root[`server.directories.transaction.logs.root`]. +The root directory where the transaction log folders are located is configured by xref:configuration/configuration-settings.adoc#config_server.directories.transaction.logs.root[`server.directories.transaction.logs.root`]. [NOTE] ==== @@ -35,21 +35,21 @@ An overview of configuration settings for transaction logging: | Default value | Description -| xref:reference/configuration-settings.adoc#config_server.directories.transaction.logs.root[`server.directories.transaction.logs.root`] +| xref:configuration/configuration-settings.adoc#config_server.directories.transaction.logs.root[`server.directories.transaction.logs.root`] | `transactions` | Root location where Neo4j will store transaction logs for configured databases. -| xref:reference/configuration-settings.adoc#config_db.tx_log.preallocate[`db.tx_log.preallocate`] +| xref:configuration/configuration-settings.adoc#config_db.tx_log.preallocate[`db.tx_log.preallocate`] | `true` | Specify if Neo4j should try to preallocate logical log file in advance. -| xref:reference/configuration-settings.adoc#config_db.tx_log.rotation.retention_policy[`db.tx_log.rotation.retention_policy`] +| xref:configuration/configuration-settings.adoc#config_db.tx_log.rotation.retention_policy[`db.tx_log.rotation.retention_policy`] | `2 days` a| Make Neo4j keep the logical transaction logs for being able to back up the database. Can be used for specifying the threshold to prune logical logs after. -| xref:reference/configuration-settings.adoc#config_db.tx_log.rotation.size[`db.tx_log.rotation.size`] +| xref:configuration/configuration-settings.adoc#config_db.tx_log.rotation.size[`db.tx_log.rotation.size`] | `250M` a| Specifies at which file size the logical log will auto-rotate. @@ -67,14 +67,14 @@ The retention and rotation policies for the Neo4j transaction logs, and how to c By default, transaction logs for a database are located at _/data/transactions/_. Each database keeps its own directory with transaction logs. -The root directory where those folders are located is configured by xref:reference/configuration-settings.adoc#config_server.directories.transaction.logs.root[`server.directories.transaction.logs.root`]. +The root directory where those folders are located is configured by xref:configuration/configuration-settings.adoc#config_server.directories.transaction.logs.root[`server.directories.transaction.logs.root`]. For maximum performance, it is recommended to configure transaction logs to be stored on a dedicated device. [[transaction-logging-log-rotation]] == Log rotation -Log rotation is configured using the parameter xref:reference/configuration-settings.adoc#config_db.tx_log.rotation.size[`db.tx_log.rotation.size`]. +Log rotation is configured using the parameter xref:configuration/configuration-settings.adoc#config_db.tx_log.rotation.size[`db.tx_log.rotation.size`]. By default, log switches happen when log sizes surpass 250 MB. @@ -86,7 +86,7 @@ By default, log switches happen when log sizes surpass 250 MB. Manually deleting transaction log files is not supported. ==== -You can control the number of transaction logs that Neo4j keeps using the parameter xref:reference/configuration-settings.adoc#config_db.tx_log.rotation.retention_policy[`db.tx_log.rotation.retention_policy`]. +You can control the number of transaction logs that Neo4j keeps using the parameter xref:configuration/configuration-settings.adoc#config_db.tx_log.rotation.retention_policy[`db.tx_log.rotation.retention_policy`]. It is set to `2 days` by default, which means Neo4j keeps logical logs that contain any transaction committed within 2 days. The configuration is dynamic, so if you need to update it, you do not have to restart Neo4j for the change to take effect. @@ -213,18 +213,18 @@ The interval between checkpoints can be configured using: | Default value | Description -| xref:reference/configuration-settings.adoc#config_db.checkpoint.interval.time[`db.checkpoint.interval.time`] +| xref:configuration/configuration-settings.adoc#config_db.checkpoint.interval.time[`db.checkpoint.interval.time`] | `15m` | Configures the time interval between checkpoints. -| xref:reference/configuration-settings.adoc#config_db.checkpoint.interval.tx[`db.checkpoint.interval.tx`] +| xref:configuration/configuration-settings.adoc#config_db.checkpoint.interval.tx[`db.checkpoint.interval.tx`] | `100000` | Configures the transaction interval between checkpoints. |=== If your goal is to have the least amount of transaction log data, it can also help to speed up the checkpoint process itself. -The configuration parameter xref:reference/configuration-settings.adoc#config_db.checkpoint.iops.limit[`db.checkpoint.iops.limit`] controls the number of IOs per second the checkpoint process is allowed to use. +The configuration parameter xref:configuration/configuration-settings.adoc#config_db.checkpoint.iops.limit[`db.checkpoint.iops.limit`] controls the number of IOs per second the checkpoint process is allowed to use. Setting the value of this parameter to `-1` allows unlimited IOPS, which can speed up checkpointing. [NOTE] diff --git a/modules/ROOT/pages/docker/configuration.adoc b/modules/ROOT/pages/docker/configuration.adoc index 1dede2dff..656cf8a44 100644 --- a/modules/ROOT/pages/docker/configuration.adoc +++ b/modules/ROOT/pages/docker/configuration.adoc @@ -31,7 +31,7 @@ docker run \ neo4j:{neo4j-version-exact} ---- -Any configuration value (see xref:reference/configuration-settings.adoc[Configuration settings]) can be passed using the following naming scheme: +Any configuration value (see xref:configuration/configuration-settings.adoc[Configuration settings]) can be passed using the following naming scheme: * Prefix with `NEO4J_`. * Underscores must be written twice: `+_+` is written as `+__+`. diff --git a/modules/ROOT/pages/docker/maintenance.adoc b/modules/ROOT/pages/docker/maintenance.adoc index 3a97081bd..0553c37a5 100644 --- a/modules/ROOT/pages/docker/maintenance.adoc +++ b/modules/ROOT/pages/docker/maintenance.adoc @@ -121,11 +121,11 @@ docker run \ --env NEO4J_server_backup_listen__address=0.0.0.0:6362 \ #<5> neo4j:{neo4j-version-exact}-enterprise ---- -<1> The xref:reference/configuration-settings.adoc#config_server.backup.listen_address[server.backup.listen_address] port defined in 5. +<1> The xref:configuration/configuration-settings.adoc#config_server.backup.listen_address[server.backup.listen_address] port defined in 5. <2> The volume that contains the database that you want to back up. <3> The environment variable that accepts the Neo4j Enterprise Edition license agreement. <4> The environment variable that enables online backups. -<5> The environment variable that sets the xref:reference/configuration-settings.adoc#config_server.backup.listen_address[server.backup.listen_address]. +<5> The environment variable that sets the xref:configuration/configuration-settings.adoc#config_server.backup.listen_address[server.backup.listen_address]. ==== Once you have a backup enabled cluster node, the `neo4j/neo4j-admin:{neo4j-version-exact}-enterprise` docker image can be used to backup the database. @@ -144,7 +144,7 @@ docker run --interactive --tty --rm \ ---- <1> The volume that will be used for the backup database files. <2> The environment variable that accepts the Neo4j Enterprise Edition license agreement. -<3> The IP address of the backup cluster node and the xref:reference/configuration-settings.adoc#config_server.backup.listen_address[server.backup.listen_address] port. +<3> The IP address of the backup cluster node and the xref:configuration/configuration-settings.adoc#config_server.backup.listen_address[server.backup.listen_address] port. ==== diff --git a/modules/ROOT/pages/docker/ref-settings.adoc b/modules/ROOT/pages/docker/ref-settings.adoc index 7b4eec5fc..71b7fdd8f 100644 --- a/modules/ROOT/pages/docker/ref-settings.adoc +++ b/modules/ROOT/pages/docker/ref-settings.adoc @@ -12,7 +12,7 @@ For example, `browser.post_connect_cmd` converts to `+NEO4J_browser_post__connec The following table is a complete reference of the Neo4j configuration settings converted to the Docker-supported format. -For more information on the configuration descriptions, valid values, and default values, see xref:reference/configuration-settings.adoc[Configuration settings]. +For more information on the configuration descriptions, valid values, and default values, see xref:configuration/configuration-settings.adoc[Configuration settings]. [options="header", cols=","] |=== diff --git a/modules/ROOT/pages/manage-databases/configuration.adoc b/modules/ROOT/pages/manage-databases/configuration.adoc index 668850e03..919d5dc59 100644 --- a/modules/ROOT/pages/manage-databases/configuration.adoc +++ b/modules/ROOT/pages/manage-databases/configuration.adoc @@ -94,7 +94,7 @@ The following configuration parameters are applicable for managing databases: | Parameter name | Description -| xref:reference/configuration-settings.adoc#config_initial.dbms.default_database[`initial.dbms.default_database`] +| xref:configuration/configuration-settings.adoc#config_initial.dbms.default_database[`initial.dbms.default_database`] a| Name of the default database for the Neo4j instance. The database is created if it does not exist when the instance starts. @@ -109,11 +109,11 @@ To change the default database at a later point, see xref:clustering/databases#c [NOTE] ==== -Be aware that the automatically created _initial_ default database may have a different topology to the default configuration values. +Be aware that the automatically created _initial_ default database may have a different topology to the default configuration values. See xref:clustering/clustering-advanced/default-database.adoc[Default database in a cluster] for more information. ==== -| xref:reference/configuration-settings.adoc#config_dbms.max_databases[`dbms.max_databases`] +| xref:configuration/configuration-settings.adoc#config_dbms.max_databases[`dbms.max_databases`] a| Maximum number of databases that can be used in a Neo4j single instance or cluster. The number includes all the online and offline databases. @@ -128,14 +128,14 @@ Once the limit has been reached, it is not possible to create any additional dat Similarly, if the limit is changed to a number lower than the total number of existing databases, no additional databases can be created. ==== -| xref:reference/configuration-settings.adoc#config_server.databases.default_to_read_only[`server.databases.default_to_read_only`] +| xref:configuration/configuration-settings.adoc#config_server.databases.default_to_read_only[`server.databases.default_to_read_only`] a| Default mode of all databases. If this setting is set to `true` all existing and new databases will be in read only mode, and so will prevent write queries. *Default value:* `false` -| xref:reference/configuration-settings.adoc#config_server.databases.read_only[`server.databases.read_only`] +| xref:configuration/configuration-settings.adoc#config_server.databases.read_only[`server.databases.read_only`] a| List of database names for which to prevent write queries. This set can contain also not yet existing databases, but not the `system` database. diff --git a/modules/ROOT/pages/manage-databases/queries.adoc b/modules/ROOT/pages/manage-databases/queries.adoc index 6fa261ca7..c6ea8359d 100644 --- a/modules/ROOT/pages/manage-databases/queries.adoc +++ b/modules/ROOT/pages/manage-databases/queries.adoc @@ -94,14 +94,14 @@ Or in a cluster: Switching between `online` and `offline` states is achieved using the xref:manage-databases/queries.adoc#manage-databases-queries-start-database[`START DATABASE`] and xref:manage-databases/queries.adoc#manage-databases-queries-stop-database[`STOP DATABASE`] commands. -Note that databases hosted on offline servers are also returned by the `SHOW DATABASES` command. +Note that databases hosted on offline servers are also returned by the `SHOW DATABASES` command. For such databases the `address` column displays `NULL`, the `currentStatus` column displays `unknown`, and the `statusMessage` displays `Server is unavailable`. [[manage-databases-queries-show-default-databases]] == Show the status of the default database -The config setting xref:reference/configuration-settings.adoc#config_initial.dbms.default_database[`initial.dbms.default_database`] defines which database is created and started by default when Neo4j starts. +The config setting xref:configuration/configuration-settings.adoc#config_initial.dbms.default_database[`initial.dbms.default_database`] defines which database is created and started by default when Neo4j starts. The default value of this setting is `neo4j`. .`SHOW DEFAULT DATABASE` @@ -140,7 +140,7 @@ Or in a cluster: [NOTE] ==== -Be aware that the automatically created _initial_ default database may have a different topology to the default configuration values. +Be aware that the automatically created _initial_ default database may have a different topology to the default configuration values. See xref:clustering/clustering-advanced/default-database.adoc[Default database in a cluster] for more information. ==== diff --git a/modules/ROOT/pages/monitoring/logging.adoc b/modules/ROOT/pages/monitoring/logging.adoc index 6a4238705..17f79feec 100644 --- a/modules/ROOT/pages/monitoring/logging.adoc +++ b/modules/ROOT/pages/monitoring/logging.adoc @@ -17,7 +17,7 @@ For more advanced usages, see the https://logging.apache.org/log4j/2.x/manual/co The following is a description of how a default Neo4j installation behaves and some typical examples of configuring it to use Log4j. == Log files -By default, the directory where the general log files are located is configured by xref:reference/configuration-settings.adoc#config_server.directories.logs[`server.directories.logs`]. +By default, the directory where the general log files are located is configured by xref:configuration/configuration-settings.adoc#config_server.directories.logs[`server.directories.logs`]. The following table describes the Neo4j general log files and the information they contain. @@ -77,24 +77,24 @@ Where the files are located and which logs are enabled or disabled is managed vi | Default value | Description -| xref:reference/configuration-settings.adoc#config_server.logs.config[`server.logs.config`] +| xref:configuration/configuration-settings.adoc#config_server.logs.config[`server.logs.config`] | `conf/server-logs.xml` | Path to the XML configuration file for _debug.log_, _http.log_, _query.log_, and _security.log_. -| xref:reference/configuration-settings.adoc#config_server.logs.user.config[`server.logs.user.config`] +| xref:configuration/configuration-settings.adoc#config_server.logs.user.config[`server.logs.user.config`] | `conf/user-logs.xml` | Path to the XML configuration file for _neo4j.log_ file. -| xref:reference/configuration-settings.adoc#config_server.logs.debug.enabled[`server.logs.debug.enabled`] +| xref:configuration/configuration-settings.adoc#config_server.logs.debug.enabled[`server.logs.debug.enabled`] | `true` | Enable/disable the _debug.log_. It is highly recommended to keep it enabled. -| xref:reference/configuration-settings.adoc#config_dbms.logs.http.enabled[`dbms.logs.http.enabled`] +| xref:configuration/configuration-settings.adoc#config_dbms.logs.http.enabled[`dbms.logs.http.enabled`] | `false` | Enable/disable the _http.log_. -| xref:reference/configuration-settings.adoc#config_db.logs.query.enabled[`db.logs.query.enabled`] +| xref:configuration/configuration-settings.adoc#config_db.logs.query.enabled[`db.logs.query.enabled`] | `VERBOSE` | Must be one of `OFF`, `INFO`, or `VERBOSE`. `INFO` produces less output than `VERBOSE`, while `OFF` completely disables the _query.log_. @@ -449,20 +449,20 @@ To simplify this process, Neo4j exposes the following settings in _neo4j.conf_: | Default value | Description -| xref:reference/configuration-settings.adoc#config_server.logs.gc.enabled[`server.logs.gc.enabled`] +| xref:configuration/configuration-settings.adoc#config_server.logs.gc.enabled[`server.logs.gc.enabled`] | `false` | Enable garbage collection logging. -| xref:reference/configuration-settings.adoc#config_server.logs.gc.options[`server.logs.gc.options`] +| xref:configuration/configuration-settings.adoc#config_server.logs.gc.options[`server.logs.gc.options`] a| `-Xlog:gc*,safepoint,age*=trace` | Garbage collection logging options. For available options, consult the documentation of the JVM distribution used. -| xref:reference/configuration-settings.adoc#config_server.logs.gc.rotation.keep_number[`server.logs.gc.rotation.keep_number`] +| xref:configuration/configuration-settings.adoc#config_server.logs.gc.rotation.keep_number[`server.logs.gc.rotation.keep_number`] | `5` | The maximum number of history files for the garbage collection log. -| xref:reference/configuration-settings.adoc#config_server.logs.gc.rotation.size[`server.logs.gc.rotation.size`] +| xref:configuration/configuration-settings.adoc#config_server.logs.gc.rotation.size[`server.logs.gc.rotation.size`] | `20MB` | The threshold size for rotation of the garbage collection log. @@ -473,7 +473,7 @@ For available options, consult the documentation of the JVM distribution used. === Security log Neo4j provides security event logging that records all security events. -The security log is enabled automatically when the configuration xref:reference/configuration-settings.adoc#config_dbms.security.auth_enabled[`dbms.security.auth_enabled`] is set to `true`. +The security log is enabled automatically when the configuration xref:configuration/configuration-settings.adoc#config_dbms.security.auth_enabled[`dbms.security.auth_enabled`] is set to `true`. For native user management, the following actions are recorded: @@ -483,7 +483,7 @@ For native user management, the following actions are recorded: If using LDAP as the authentication method, some cases of LDAP misconfiguration will also be logged, as well as the LDAP server communication events and failures. -If many programmatic interactions are expected, it is advised to disable the logging of successful logins by setting the xref:reference/configuration-settings.adoc#config_dbms.security.log_successful_authentication[`dbms.security.log_successful_authentication`] parameter in the _neo4j.conf_ file: +If many programmatic interactions are expected, it is advised to disable the logging of successful logins by setting the xref:configuration/configuration-settings.adoc#config_dbms.security.log_successful_authentication[`dbms.security.log_successful_authentication`] parameter in the _neo4j.conf_ file: [source, properties, role="noheader"] ---- @@ -550,7 +550,7 @@ An example of the security log in a plain format: [[query-logging]] === Query log -Query logging is enabled by default and is controlled by the setting xref:reference/configuration-settings.adoc#config_db.logs.query.enabled[`db.logs.query.enabled`]. +Query logging is enabled by default and is controlled by the setting xref:configuration/configuration-settings.adoc#config_db.logs.query.enabled[`db.logs.query.enabled`]. It helps you analyze long-running queries and does not impact system performance. The default is to log all queries, but it is recommended to log for queries exceeding a certain threshold. @@ -568,12 +568,12 @@ The following configuration settings are available for the _query log_: | `INFO` a| Log at the end of queries that have either succeeded or failed. -The xref:reference/configuration-settings.adoc#config_db.logs.query.threshold[`db.logs.query.threshold`] parameter is used to determine the threshold for logging a query. +The xref:configuration/configuration-settings.adoc#config_db.logs.query.threshold[`db.logs.query.threshold`] parameter is used to determine the threshold for logging a query. If the execution of a query takes longer than this threshold, the query is logged. Setting the threshold to `0s` results in all queries being logged. | `VERBOSE` -a| label:default[]Log all queries at both start and finish, regardless of xref:reference/configuration-settings.adoc#config_db.logs.query.threshold[`db.logs.query.threshold`]. +a| label:default[]Log all queries at both start and finish, regardless of xref:configuration/configuration-settings.adoc#config_db.logs.query.threshold[`db.logs.query.threshold`]. |=== The following configuration settings are available for the query log file: @@ -585,18 +585,18 @@ The following configuration settings are available for the query log file: | Default value | Description -| xref:reference/configuration-settings.adoc#config_db.logs.query.early_raw_logging_enabled[`db.logs.query.early_raw_logging_enabled`] +| xref:configuration/configuration-settings.adoc#config_db.logs.query.early_raw_logging_enabled[`db.logs.query.early_raw_logging_enabled`] | `false` a| Log query text and parameters without obfuscating passwords. This allows queries to be logged earlier before parsing starts. -| xref:reference/configuration-settings.adoc#config_db.logs.query.enabled[`db.logs.query.enabled`] +| xref:configuration/configuration-settings.adoc#config_db.logs.query.enabled[`db.logs.query.enabled`] | `VERBOSE` | Log executed queries. //New in 4.3 -| xref:reference/configuration-settings.adoc#config_db.logs.query.max_parameter_length[`db.logs.query.max_parameter_length`] +| xref:configuration/configuration-settings.adoc#config_db.logs.query.max_parameter_length[`db.logs.query.max_parameter_length`] | `2147483647` a| This configuration option allows you to set a maximum parameter length to include in the log. @@ -604,7 +604,7 @@ Parameters exceeding this length will be truncated and appended with `+...+`. This applies to each parameter in the query. //New in 4.3 -| xref:reference/configuration-settings.adoc#config_db.logs.query.obfuscate_literals[`db.logs.query.obfuscate_literals`] +| xref:configuration/configuration-settings.adoc#config_db.logs.query.obfuscate_literals[`db.logs.query.obfuscate_literals`] | `false` a| If `true`, obfuscates all query literals before writing to the log. @@ -618,16 +618,16 @@ Therefore, if you want the switch to have an immediate effect, you must also cle [WARNING] ==== This does not obfuscate literals in parameters. -If parameter values are not required in the log, set xref:reference/configuration-settings.adoc#config_db.logs.query.parameter_logging_enabled[`db.logs.query.parameter_logging_enabled=false`]. +If parameter values are not required in the log, set xref:configuration/configuration-settings.adoc#config_db.logs.query.parameter_logging_enabled[`db.logs.query.parameter_logging_enabled=false`]. ==== -| xref:reference/configuration-settings.adoc#config_db.logs.query.parameter_logging_enabled[`db.logs.query.parameter_logging_enabled`] +| xref:configuration/configuration-settings.adoc#config_db.logs.query.parameter_logging_enabled[`db.logs.query.parameter_logging_enabled`] | `true` | Log parameters for the executed queries being logged. You can disable this configuration setting if you do not want to display sensitive information. //New in 4.3 -| xref:reference/configuration-settings.adoc#config_db.logs.query.plan_description_enabled[`db.logs.query.plan_description_enabled`] +| xref:configuration/configuration-settings.adoc#config_db.logs.query.plan_description_enabled[`db.logs.query.plan_description_enabled`] | `false` a| This configuration option allows you to log the query plan for each query. @@ -641,14 +641,14 @@ Enabling this option has a performance impact on the database due to the cost of It is not recommended for everyday use. ==== -| xref:reference/configuration-settings.adoc#config_db.logs.query.threshold[`db.logs.query.threshold`] +| xref:configuration/configuration-settings.adoc#config_db.logs.query.threshold[`db.logs.query.threshold`] | `0s` a| If the query execution takes longer than this threshold, the query is logged once completed (provided query logging is set to `INFO`). A threshold of `0` seconds logs all queries. //New in 4.3 -| xref:reference/configuration-settings.adoc#config_db.logs.query.transaction.enabled[`db.logs.query.transaction.enabled`] +| xref:configuration/configuration-settings.adoc#config_db.logs.query.transaction.enabled[`db.logs.query.transaction.enabled`] | `OFF` a| Track the start and end of a transaction within the query log. @@ -658,7 +658,7 @@ You can also choose a level of logging (`OFF`, `INFO`, or `VERBOSE`). If `INFO` is selected, you must exceed the time before the log is written (`db.logs.query.transaction.threshold`). //New in 4.3 -| xref:reference/configuration-settings.adoc#config_db.logs.query.transaction.threshold[`db.logs.query.transaction.threshold`] +| xref:configuration/configuration-settings.adoc#config_db.logs.query.transaction.threshold[`db.logs.query.transaction.threshold`] | `0s` a| If the transaction is open for longer than this threshold (duration of time), the transaction is logged once completed, provided transaction logging is set to `INFO`. @@ -974,7 +974,7 @@ If the type of the log entry is `query`, these additional fields are available: | id | The query ID. -Included when xref:reference/configuration-settings.adoc#config_db.logs.query.enabled[`db.logs.query.enabled`] is `VERBOSE`. +Included when xref:configuration/configuration-settings.adoc#config_db.logs.query.enabled[`db.logs.query.enabled`] is `VERBOSE`. | elapsedTimeMs | The elapsed time in milliseconds. @@ -1015,7 +1015,7 @@ Either same as `authenticatedUser` or an impersonated user. | queryParameters | The query parameters. -Included when xref:reference/configuration-settings.adoc#config_db.logs.query.parameter_logging_enabled[`db.logs.query.parameter_logging_enabled`] is `true`. +Included when xref:configuration/configuration-settings.adoc#config_db.logs.query.parameter_logging_enabled[`db.logs.query.parameter_logging_enabled`] is `true`. | runtime | The runtime used to run the query. @@ -1032,7 +1032,7 @@ Included when applicable. | queryPlan | The query plan. -Included when xref:reference/configuration-settings.adoc#config_db.logs.query.plan_description_enabled[`db.logs.query.plan_description_enabled`] is `true`. +Included when xref:configuration/configuration-settings.adoc#config_db.logs.query.plan_description_enabled[`db.logs.query.plan_description_enabled`] is `true`. |=== diff --git a/modules/ROOT/pages/monitoring/metrics/enable.adoc b/modules/ROOT/pages/monitoring/metrics/enable.adoc index 9fcb62763..b53a53888 100644 --- a/modules/ROOT/pages/monitoring/metrics/enable.adoc +++ b/modules/ROOT/pages/monitoring/metrics/enable.adoc @@ -6,11 +6,11 @@ [NOTE] ==== A subset of all available metrics is enabled by default. -See xref:reference/configuration-settings.adoc#config_server.metrics.filter[`server.metrics.filter`]. +See xref:configuration/configuration-settings.adoc#config_server.metrics.filter[`server.metrics.filter`]. The list was last updated in version 4.2. ==== -You can enable/disable metrics using the configuration setting xref:reference/configuration-settings.adoc#config_server.metrics.enabled[`server.metrics.enabled`]. +You can enable/disable metrics using the configuration setting xref:configuration/configuration-settings.adoc#config_server.metrics.enabled[`server.metrics.enabled`]. You can also use the setting `server.metrics.filter` to enable only the metrics you want. The metrics must be specified as a comma-separated list of globbing patterns. The following example enables all checkpoint metrics and the pagecache eviction metric: @@ -24,4 +24,4 @@ server.metrics.enabled=true server.metrics.filter=*check_point*,neo4j.page_cache.evictions ---- -For more information on the available metrics configuration settings, see xref:reference/configuration-settings.adoc[Configuration settings]. +For more information on the available metrics configuration settings, see xref:configuration/configuration-settings.adoc[Configuration settings]. diff --git a/modules/ROOT/pages/monitoring/metrics/essential.adoc b/modules/ROOT/pages/monitoring/metrics/essential.adoc index b8e90a285..370c277a7 100644 --- a/modules/ROOT/pages/monitoring/metrics/essential.adoc +++ b/modules/ROOT/pages/monitoring/metrics/essential.adoc @@ -79,9 +79,9 @@ Consider increasing the size of your database if this appears to be the case. | You should monitor the checkpoint duration to ensure it does not start to approach the interval between checkpoints. If this happens, consider the following steps to improve checkpointing performance: -* Raise the xref:reference/configuration-settings.adoc#config_db.checkpoint.iops.limit[`db.checkpoint.iops.limit`] to make checkpoints faster, but only if there is enough IOPS budget available to avoid slowing the commit process. -* xref:reference/configuration-settings.adoc#config_server.memory.pagecache.flush.buffer.enabled[`server.memory.pagecache.flush.buffer.enabled`] / xref:reference/configuration-settings.adoc#config_server.memory.pagecache.flush.buffer.size_in_pages[`server.memory.pagecache.flush.buffer.size_in_pages`] make checkpoints faster by writing batches of data in a way that plays well with the underlying disk (with a nice multiple to the block size). -* Change the checkpointing policy (xref:reference/configuration-settings.adoc#config_db.checkpoint[`db.checkpoint.*`], xref:reference/configuration-settings.adoc#config_db.checkpoint.interval.time[`db.checkpoint.interval.time`]) to more frequent/smaller checkpoints, continuous checkpointing, or checkpoint by volume or `tx` count. +* Raise the xref:configuration/configuration-settings.adoc#config_db.checkpoint.iops.limit[`db.checkpoint.iops.limit`] to make checkpoints faster, but only if there is enough IOPS budget available to avoid slowing the commit process. +* xref:configuration/configuration-settings.adoc#config_server.memory.pagecache.flush.buffer.enabled[`server.memory.pagecache.flush.buffer.enabled`] / xref:configuration/configuration-settings.adoc#config_server.memory.pagecache.flush.buffer.size_in_pages[`server.memory.pagecache.flush.buffer.size_in_pages`] make checkpoints faster by writing batches of data in a way that plays well with the underlying disk (with a nice multiple to the block size). +* Change the checkpointing policy (xref:configuration/configuration-settings.adoc#config_db.checkpoint[`db.checkpoint.*`], xref:configuration/configuration-settings.adoc#config_db.checkpoint.interval.time[`db.checkpoint.interval.time`]) to more frequent/smaller checkpoints, continuous checkpointing, or checkpoint by volume or `tx` count. For more information, see xref:performance/disks-ram-and-other-tips.adoc#performance-checkpoint-iops-limit[Checkpoint IOPS limit] and xref:configuration/transaction-logs.adoc#transaction-logging-log-pruning[Log pruning]. |=== diff --git a/modules/ROOT/pages/monitoring/metrics/expose.adoc b/modules/ROOT/pages/monitoring/metrics/expose.adoc index 893442b99..fcdfc48f1 100644 --- a/modules/ROOT/pages/monitoring/metrics/expose.adoc +++ b/modules/ROOT/pages/monitoring/metrics/expose.adoc @@ -40,7 +40,7 @@ server.metrics.csv.rotation.size=10.00MiB server.metrics.csv.rotation.compression=ZIP ---- -xref:reference/configuration-settings.adoc#config_server.metrics.csv.rotation.compression[`server.metrics.csv.rotation.compression`] selects the compression scheme to use on the files after rotation. +xref:configuration/configuration-settings.adoc#config_server.metrics.csv.rotation.compression[`server.metrics.csv.rotation.compression`] selects the compression scheme to use on the files after rotation. Since CSV files are highly compressible, it is recommended to enable compression of the files to save disk space. == JMX MBeans @@ -108,11 +108,11 @@ When Neo4j is fully started, a Prometheus endpoint will be available at the conf [WARNING] ==== -You should never expose the Prometheus endpoint directly to the Internet. -If security is of paramount importance, you should set `server.metrics.prometheus.endpoint=localhost:2004` and configure a reverse HTTP proxy on the same machine that handles the authentication, SSL, caching, etc. +You should never expose the Prometheus endpoint directly to the Internet. +If security is of paramount importance, you should set `server.metrics.prometheus.endpoint=localhost:2004` and configure a reverse HTTP proxy on the same machine that handles the authentication, SSL, caching, etc. ==== If you can afford to send unencrypted metrics within the internal network, such as `server.metrics.prometheus.endpoint=10.0.0.123:2004`, all servers within the same netmask will be able to access it. -If you specify anything more permissive, such as `server.metrics.prometheus.endpoint=0.0.0.0:2004`, you should have a firewall rule to prevent any unauthorized access. +If you specify anything more permissive, such as `server.metrics.prometheus.endpoint=0.0.0.0:2004`, you should have a firewall rule to prevent any unauthorized access. Data in transit will still not be encrypted, so it should never go over any insecure networks. diff --git a/modules/ROOT/pages/monitoring/metrics/reference.adoc b/modules/ROOT/pages/monitoring/metrics/reference.adoc index 8f4cd5d60..6fe1f663d 100644 --- a/modules/ROOT/pages/monitoring/metrics/reference.adoc +++ b/modules/ROOT/pages/monitoring/metrics/reference.adoc @@ -30,7 +30,7 @@ Global metrics cover the whole database management system and represent the syst Global metrics have the following name format: -* `.dbms.`, where the can be configured with the `xref:reference/configuration-settings.adoc#config_server.metrics.prefix[server.metrics.prefix]` configuration setting. +* `.dbms.`, where the can be configured with the `xref:configuration/configuration-settings.adoc#config_server.metrics.prefix[server.metrics.prefix]` configuration setting. Metrics of this type are reported as soon as the database management system is available. For example, all JVM-related metrics are global. @@ -55,7 +55,7 @@ When a database becomes unavailable, all of its metrics become unavailable also. Database metrics have the following name format: -* `.database..`, where the can be configured with the `xref:reference/configuration-settings.adoc#config_server.metrics.prefix[server.metrics.prefix]` configuration setting. +* `.database..`, where the can be configured with the `xref:configuration/configuration-settings.adoc#config_server.metrics.prefix[server.metrics.prefix]` configuration setting. For example, any transaction metric is a database metric. In particular, the `neo4j.database.mydb.transaction.started` metric has a default user-configured-prefix `neo4j` and is a metric for the `mydb` database. @@ -96,7 +96,7 @@ By default, database metrics include: |Name |Description |.check_point.events|The total number of checkpoint events executed so far. (counter) |.check_point.total_time|The total time, in milliseconds, spent in checkpointing so far. (counter) -|.check_point.duration|The duration, in milliseconds, of the last checkpoint event. Checkpoints should generally take several seconds to several minutes. Long checkpoints can be an issue, as these are invoked when the database stops, when a hot backup is taken, and periodically as well. Values over `30` minutes or so should be cause for some investigation. (gauge) +|.check_point.duration|The duration, in milliseconds, of the last checkpoint event. Checkpoints should generally take several seconds to several minutes. Long checkpoints can be an issue, as these are invoked when the database stops, when a hot backup is taken, and periodically as well. Values over `30` minutes or so should be cause for some investigation. (gauge) |.check_point.pages_flushed|The number of pages that were flushed during the last checkpoint event. (gauge) |.check_point.io_performed|The number of IOs from Neo4j perspective performed during the last check point event. (gauge) |.check_point.io_limit|The IO limit used during the last checkpoint event. (gauge) @@ -301,7 +301,7 @@ By default, database metrics include: |.cluster.raft.applied_index|The applied index of the Raft log. Represents the application of the committed Raft log entries to the database and internal state. The applied index should always be bigger than or equal to the commit index. The difference between this and the commit index can be used to monitor how up-to-date the follower database is. (gauge) |.cluster.raft.term|The Raft Term of this server. It increases monotonically if you do not unbind the cluster state. (gauge) |.cluster.raft.tx_retries|Transaction retries. (counter) -|.cluster.raft.is_leader|Is this server the leader? Track this for each database primary in the cluster. It reports `0` if it is not the leader and `1` if it is the leader. The sum of all of these should always be `1`. However, there are transient periods in which the sum can be more than `1` because more than one member thinks it is the leader. Action may be needed if the metric shows `0` for more than 30 seconds. (gauge) +|.cluster.raft.is_leader|Is this server the leader? Track this for each database primary in the cluster. It reports `0` if it is not the leader and `1` if it is the leader. The sum of all of these should always be `1`. However, there are transient periods in which the sum can be more than `1` because more than one member thinks it is the leader. Action may be needed if the metric shows `0` for more than 30 seconds. (gauge) |.cluster.raft.in_flight_cache.total_bytes|In-flight cache total bytes. (gauge) |.cluster.raft.in_flight_cache.max_bytes|In-flight cache max bytes. (gauge) |.cluster.raft.in_flight_cache.element_count|In-flight cache element count. (gauge) diff --git a/modules/ROOT/pages/monitoring/transaction-management.adoc b/modules/ROOT/pages/monitoring/transaction-management.adoc index feb21a057..f83cb7607 100644 --- a/modules/ROOT/pages/monitoring/transaction-management.adoc +++ b/modules/ROOT/pages/monitoring/transaction-management.adoc @@ -7,7 +7,7 @@ It is recommended to configure Neo4j to terminate transactions whose execution time has exceeded the configured timeout. -* Set `xref:reference/configuration-settings.adoc#config_db.transaction.timeout[db.transaction.timeout]` to some positive time interval value (e.g.,`10s`) denoting the default transaction timeout. +* Set `xref:configuration/configuration-settings.adoc#config_db.transaction.timeout[db.transaction.timeout]` to some positive time interval value (e.g.,`10s`) denoting the default transaction timeout. Setting `db.transaction.timeout` to `0` -- which is the default value -- disables the feature. * You can also set this dynamically on each instance (Read Replicas only if required) using the procedure `dbms.setConfigValue('db.transaction.timeout','10s')`. @@ -31,7 +31,7 @@ The _transaction timeout_ feature is also known as the _transaction guard_. == Configure lock acquisition timeout An executing transaction may get stuck while waiting for some lock to be released by another transaction. -To kill that transaction and remove the lock, set set `xref:reference/configuration-settings.adoc#config_db.lock.acquisition.timeout[db.lock.acquisition.timeout]` to some positive time interval value (e.g., `10s`) denoting the maximum time interval within which any particular lock should be acquired, before failing the transaction. +To kill that transaction and remove the lock, set set `xref:configuration/configuration-settings.adoc#config_db.lock.acquisition.timeout[db.lock.acquisition.timeout]` to some positive time interval value (e.g., `10s`) denoting the maximum time interval within which any particular lock should be acquired, before failing the transaction. Setting `db.lock.acquisition.timeout` to `0` -- which is the default value -- disables the lock acquisition timeout. This feature cannot be set dynamically. diff --git a/modules/ROOT/pages/performance/bolt-thread-pool-configuration.adoc b/modules/ROOT/pages/performance/bolt-thread-pool-configuration.adoc index 1c3093eb3..112d74c9e 100644 --- a/modules/ROOT/pages/performance/bolt-thread-pool-configuration.adoc +++ b/modules/ROOT/pages/performance/bolt-thread-pool-configuration.adoc @@ -1,6 +1,6 @@ [[bolt-thread-pool-configuration]] = Bolt thread pool configuration -:description: This page discusses the thread pool infrastructure built into Bolt connectors and how it can be configured. +:description: This page discusses the thread pool infrastructure built into Bolt connectors and how it can be configured. The Bolt connector is backed by a thread pool on the server side, whereas the thread pool is constructed as part of the server startup process. This page discusses the thread pool infrastructure and how it can be configured. @@ -38,9 +38,9 @@ The following configuration options are available for configuring the Bolt conne [options="header"] |=== | Option name | Default | Description -| `xref:reference/configuration-settings.adoc#config_server.bolt.thread_pool_min_size[server.bolt.thread_pool_min_size]` | `5` | The minimum number of threads that will always be up even if they are idle. -| `xref:reference/configuration-settings.adoc#config_server.bolt.thread_pool_max_size[server.bolt.thread_pool_max_size]` | `400` | The maximum number of threads that will be created by the thread pool. -| `xref:reference/configuration-settings.adoc#config_server.bolt.thread_pool_keep_alive[server.bolt.thread_pool_keep_alive]` | `5m` | The duration that the thread pool will wait before killing an idle thread from the pool. +| `xref:configuration/configuration-settings.adoc#config_server.bolt.thread_pool_min_size[server.bolt.thread_pool_min_size]` | `5` | The minimum number of threads that will always be up even if they are idle. +| `xref:configuration/configuration-settings.adoc#config_server.bolt.thread_pool_max_size[server.bolt.thread_pool_max_size]` | `400` | The maximum number of threads that will be created by the thread pool. +| `xref:configuration/configuration-settings.adoc#config_server.bolt.thread_pool_keep_alive[server.bolt.thread_pool_keep_alive]` | `5m` | The duration that the thread pool will wait before killing an idle thread from the pool. However, the number of threads will never go below `server.bolt.thread_pool_min_size`. |=== diff --git a/modules/ROOT/pages/performance/disks-ram-and-other-tips.adoc b/modules/ROOT/pages/performance/disks-ram-and-other-tips.adoc index e3e0e58bd..1615f4793 100644 --- a/modules/ROOT/pages/performance/disks-ram-and-other-tips.adoc +++ b/modules/ROOT/pages/performance/disks-ram-and-other-tips.adoc @@ -1,6 +1,6 @@ [[disks-ram-and-other-tips]] = Disks, RAM and other tips -:description: This page provides an overview of performance considerations for disk and RAM when running Neo4j. +:description: This page provides an overview of performance considerations for disk and RAM when running Neo4j. As with any persistence solution, performance depends a lot on the persistence media used. In general, the faster storage you have, and the more of your data you can fit in RAM, the better performance you will get. @@ -41,7 +41,7 @@ The page fault spike is then followed by a gradual decline of page fault activit [[performance-page-cache-warmup]] == Active page cache warmup -Neo4j Enterprise Edition has a feature called _active page cache warmup_, which is enabled by default via the xref:reference/configuration-settings.adoc#config_db.memory.pagecache.warmup.enable[`db.memory.pagecache.warmup.enable`] configuration setting. +Neo4j Enterprise Edition has a feature called _active page cache warmup_, which is enabled by default via the xref:configuration/configuration-settings.adoc#config_db.memory.pagecache.warmup.enable[`db.memory.pagecache.warmup.enable`] configuration setting. *How it works* @@ -58,13 +58,13 @@ However, when the workload changes after the database restarts, the setting can Load the entire database into memory:: -It is also possible to configure xref:reference/configuration-settings.adoc#config_db.memory.pagecache.warmup.preload[`db.memory.pagecache.warmup.preload`] to load the entire database data into memory. +It is also possible to configure xref:configuration/configuration-settings.adoc#config_db.memory.pagecache.warmup.preload[`db.memory.pagecache.warmup.preload`] to load the entire database data into memory. This is useful when the size of the database store is smaller than the available memory for the page cache. When enabled, it disables warmup by profile and prefetches data into the page cache as part of the startup. Load specified files into memory:: -The files that you want to prefetched can be filtered using the xref:reference/configuration-settings.adoc#config_db.memory.pagecache.warmup.preload.allowlist[`db.memory.pagecache.warmup.preload.allowlist`] setting. +The files that you want to prefetched can be filtered using the xref:configuration/configuration-settings.adoc#config_db.memory.pagecache.warmup.preload.allowlist[`db.memory.pagecache.warmup.preload.allowlist`] setting. It takes a regular expression as a value to match the files. @@ -102,7 +102,7 @@ Configure the profile frequency for the page cache:: The profile frequency is the rate at which the profiles are re-generated. More frequent means more accurate. A profile contains information about those parts of the files that are currently loaded into memory. -By default, it is set to xref:reference/configuration-settings.adoc#config_db.memory.pagecache.warmup.profile.interval[`db.memory.pagecache.warmup.profile.interval=1m`]. +By default, it is set to xref:configuration/configuration-settings.adoc#config_db.memory.pagecache.warmup.profile.interval[`db.memory.pagecache.warmup.profile.interval=1m`]. It takes some time to generate these profiles, and therefore `1m` is a good interval. If the workload is very stable, then the profile will not change much. Accordingly, if the workload changes often, the profile will thus often become outdated. @@ -116,7 +116,7 @@ This will show up as a period of elevated write IO activity. If the database is serving a write-heavy workload, the checkpoint can slow the database down by reducing the IO bandwidth that is available to query processing. Running the database on a fast SSD, which can service a lot of random IOs, significantly reduces this problem. If a fast SSD is not available in your environment, or if it is insufficient, then an artificial IOPS limit can be placed on the checkpoint process. -The xref:reference/configuration-settings.adoc#config_db.checkpoint.iops.limit[`db.checkpoint.iops.limit`] restricts the IO bandwidth that the checkpoint process is allowed to use. +The xref:configuration/configuration-settings.adoc#config_db.checkpoint.iops.limit[`db.checkpoint.iops.limit`] restricts the IO bandwidth that the checkpoint process is allowed to use. Each IO is, in the case of the checkpoint process, an 8 KiB write. An IOPS limit of 600, for instance, would thus only allow the checkpoint process to write at a rate of roughly 5 MiB per second. This will, on the other hand, make checkpoints take longer to complete. diff --git a/modules/ROOT/pages/performance/index-configuration.adoc b/modules/ROOT/pages/performance/index-configuration.adoc index 64647e5d9..b80fa8ebc 100644 --- a/modules/ROOT/pages/performance/index-configuration.adoc +++ b/modules/ROOT/pages/performance/index-configuration.adoc @@ -171,7 +171,7 @@ The default maximum queue length is 10.000 index updates. [[index-configuration-fulltext-analyzer-selection]] === Selecting an analyzer -By default, the full-text index uses the `standard-no-stop-words` analyzer, specified in xref:reference/configuration-settings.adoc#config_db.index.fulltext.default_analyzer[`db.index.fulltext.default_analyzer`] configuration setting. +By default, the full-text index uses the `standard-no-stop-words` analyzer, specified in xref:configuration/configuration-settings.adoc#config_db.index.fulltext.default_analyzer[`db.index.fulltext.default_analyzer`] configuration setting. This analyzer is the same as the Lucene's `StandardAnalyzer` , except no stop-words are filtered out. To specify another analyzer, use the `OPTIONS` clause of the full-text index creation command. diff --git a/modules/ROOT/pages/performance/memory-configuration.adoc b/modules/ROOT/pages/performance/memory-configuration.adoc index 00b78c9d8..d76816153 100644 --- a/modules/ROOT/pages/performance/memory-configuration.adoc +++ b/modules/ROOT/pages/performance/memory-configuration.adoc @@ -1,6 +1,6 @@ [[memory-configuration]] = Memory configuration -:description: This section describes the different aspects of Neo4j memory configuration and use. +:description: This section describes the different aspects of Neo4j memory configuration and use. This page describes the different aspects of Neo4j memory configuration and use. The RAM of the Neo4j server has a number of usage areas, with some sub-areas: @@ -22,7 +22,7 @@ The memory for the Java objects are managed automatically by a garbage collector Particularly important is that a garbage collector automatically handles the deletion of unused objects. For more information on how the garbage collector works and how to tune it, see xref:performance/gc-tuning.adoc[Tuning of the garbage collector]. + -The heap memory size is determined by the parameters `xref:reference/configuration-settings.adoc#config_server.memory.heap.initial_size[server.memory.heap.initial_size]` and `xref:reference/configuration-settings.adoc#config_server.memory.heap.max_size[server.memory.heap.max_size]`. +The heap memory size is determined by the parameters `xref:configuration/configuration-settings.adoc#config_server.memory.heap.initial_size[server.memory.heap.initial_size]` and `xref:configuration/configuration-settings.adoc#config_server.memory.heap.max_size[server.memory.heap.max_size]`. It is recommended to set these two parameters to the same value to avoid unwanted full garbage collection pauses. + Generally, to aid performance, you should configure a large enough heap to sustain concurrent operations. @@ -45,13 +45,13 @@ The size needed for this is very dependent on the nature of the usage of Neo4j. For example, long-running queries, or very complicated queries, are likely to require more memory. Some parts of the transactions can optionally be placed off-heap, but for the best performance, it is recommended to keep the default with everything on-heap. + -This memory group can be limited with the setting `xref:reference/configuration-settings.adoc#config_dbms.memory.transaction.total.max[dbms.memory.transaction.total.max]`. +This memory group can be limited with the setting `xref:configuration/configuration-settings.adoc#config_dbms.memory.transaction.total.max[dbms.memory.transaction.total.max]`. *Page cache*:: The page cache is used to cache the Neo4j data stored on disk. The caching of graph data and indexes into memory helps avoid costly disk access and result in optimal performance. + -The parameter for specifying how much memory Neo4j is allowed to use for the page cache is: `xref:reference/configuration-settings.adoc#config_server.memory.pagecache.size[server.memory.pagecache.size]`. +The parameter for specifying how much memory Neo4j is allowed to use for the page cache is: `xref:configuration/configuration-settings.adoc#config_server.memory.pagecache.size[server.memory.pagecache.size]`. *Network buffers*:: Direct buffers are used by Neo4j to send and receive data. @@ -230,8 +230,8 @@ If you are experiencing `OutOfMemory` messages during high transaction load, try Neo4j also offers the following settings to provide fairness, which can help improve stability in multi-tenant deployments. -* The setting xref:reference/configuration-settings.adoc#config_db.memory.transaction.total.max[`db.memory.transaction.total.max`] limits the transaction memory usage per database. -* The setting xref:reference/configuration-settings.adoc#config_db.memory.transaction.max[`db.memory.transaction.max`] constrains each transaction. +* The setting xref:configuration/configuration-settings.adoc#config_db.memory.transaction.total.max[`db.memory.transaction.total.max`] limits the transaction memory usage per database. +* The setting xref:configuration/configuration-settings.adoc#config_db.memory.transaction.max[`db.memory.transaction.max`] constrains each transaction. When any of the limits are reached, the transaction is terminated without affecting the overall health of the database. diff --git a/modules/ROOT/pages/performance/statistics-execution-plans.adoc b/modules/ROOT/pages/performance/statistics-execution-plans.adoc index e3cacaab1..07dcfff0c 100644 --- a/modules/ROOT/pages/performance/statistics-execution-plans.adoc +++ b/modules/ROOT/pages/performance/statistics-execution-plans.adoc @@ -1,6 +1,6 @@ [[statistics-execution-plans]] = Statistics and execution plans -:description: This page describes how to configure the Neo4j statistics collection and the query replanning in the Cypher query engine. +:description: This page describes how to configure the Neo4j statistics collection and the query replanning in the Cypher query engine. When a Cypher query is issued, it gets compiled to an execution plan that can run and answer the query. The Cypher query engine uses the available information about the database, such as schema information about which indexes and constraints exist in the database. @@ -43,11 +43,11 @@ You can control whether and how often statistics are collected automatically by | Default value | Description -| `xref:reference/configuration-settings.adoc#config_db.index_sampling.background_enabled[db.index_sampling.background_enabled]` +| `xref:configuration/configuration-settings.adoc#config_db.index_sampling.background_enabled[db.index_sampling.background_enabled]` | `true` | Enable the automatic (background) index sampling. -| `xref:reference/configuration-settings.adoc#config_db.index_sampling.update_percentage[db.index_sampling.update_percentage]` +| `xref:configuration/configuration-settings.adoc#config_db.index_sampling.update_percentage[db.index_sampling.update_percentage]` | `5` | Percentage of index updates of total index size required before sampling of a given index is triggered. |=== @@ -88,7 +88,7 @@ You can control how sensitive the replanning should be to database updates by co | Default value | Description -| `xref:reference/configuration-settings.adoc#config_dbms.cypher.statistics_divergence_threshold[dbms.cypher.statistics_divergence_threshold]` +| `xref:configuration/configuration-settings.adoc#config_dbms.cypher.statistics_divergence_threshold[dbms.cypher.statistics_divergence_threshold]` | `0.75` | The threshold for statistics above which a plan is considered stale. + When the changes to the underlying statistics of an execution plan meet the specified threshold, the plan is considered stale and is replanned. @@ -96,7 +96,7 @@ Change is calculated as `abs(a-b)/max(a,b)`. + This means that a value of `0.75` requires the database to approximately quadruple in size before replanning occurs. A value of `0` means that the query is replanned as soon as there is a change in the statistics and the replan interval elapses. -|`xref:reference/configuration-settings.adoc#config_dbms.cypher.min_replan_interval[dbms.cypher.min_replan_interval]` +|`xref:configuration/configuration-settings.adoc#config_dbms.cypher.min_replan_interval[dbms.cypher.min_replan_interval]` | `10s` | The minimum amount of time between two query replanning executions. After this time, the graph statistics are evaluated, and if they have changed more than the value set in `dbms.cypher.statistics_divergence_threshold`, the query is replanned. diff --git a/modules/ROOT/pages/reference/configuration-settings.adoc b/modules/ROOT/pages/reference/configuration-settings.adoc deleted file mode 100644 index 713bf3d93..000000000 --- a/modules/ROOT/pages/reference/configuration-settings.adoc +++ /dev/null @@ -1,4177 +0,0 @@ -[[configuration-settings]] -= Configuration settings -:description: This page provides a complete reference to the Neo4j configuration settings. - -This page provides a complete reference to the Neo4j configuration settings, which can be set in xref::/configuration/file-locations.adoc#file-locations[_neo4j.conf_]. -Refer to xref::/configuration/neo4j-conf.adoc#neo4j-conf[The neo4j.conf file] for details on how to use configuration settings. - -[[settings-reference-all-settings]] -.All settings -[options="header"] -|=== -|Name|Description -|<>|label:enterprise-edition[Enterprise only]Configure the policy for outgoing Neo4j Browser connections. -|<>|label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to time out logged in users after this idle period. -|<>|Commands to be run when Neo4j Browser successfully connects to this server. -|<>|Whitelist of hosts for the Neo4j Browser to be allowed to fetch content from. -|<>|label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to store or not store user credentials. -|<>|label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to store or not store user editor history. -|<>|Configure client applications such as Browser and Bloom to send Product Analytics data. -|<>|Configures the general policy for when check-points should occur. -|<>|Configures the time interval between check-points. -|<>|Configures the transaction interval between check-points. -|<>|Configures the volume of transaction logs between check-points. -|<>|Limit the number of IOs the background checkpoint process will consume per second. -|<>|label:enterprise-edition[Enterprise only]Interval of pulling updates from cores. -|<>|label:enterprise-edition[Enterprise only]The maximum number of bytes in the apply buffer. -|<>|label:enterprise-edition[Enterprise only]The maximum number of entries in the raft log entry prefetch buffer. -|<>|label:enterprise-edition[Enterprise only]Largest batch processed by RAFT in bytes. -|<>|label:enterprise-edition[Enterprise only]Maximum number of bytes in the RAFT in-queue. -|<>|label:enterprise-edition[Enterprise only]The name of a server_group whose members should be prioritized as leaders. -|<>|label:enterprise-edition[Enterprise only]RAFT log pruning strategy that determines which logs are to be pruned. -|<>|label:enterprise-edition[Enterprise only]The maximum number of bytes in the in-flight cache. -|<>|label:enterprise-edition[Enterprise only]The maximum number of entries in the in-flight cache. -|<>|Allows the enabling or disabling of the file watcher service. -|<>|Database format. -|<>|The size of the internal buffer in bytes used by `LOAD CSV`. -|<>|Selects whether to conform to the standard https://tools.ietf.org/html/rfc4180 for interpreting escaped quotation characters in CSV files loaded using `LOAD CSV`. -|<>|The name of the analyzer that the fulltext indexes should use by default. -|<>|Whether or not fulltext indexes should be eventually consistent by default or not. -|<>|The eventually_consistent mode of the fulltext indexes works by queueing up index updates to be applied later in a background thread. -|<>|Enable or disable background index sampling. -|<>|Index sampling chunk size limit. -|<>|Percentage of index updates of total index size required before sampling of a given index is triggered. -|<>|The maximum time interval within which lock should be acquired. -|<>|Log query text and parameters without obfuscating passwords. -|<>|Log executed queries. -|<>|Sets a maximum character length use for each parameter in the log. -|<>|Obfuscates all literals of the query before writing to the log. -|<>|Log parameters for the executed queries being logged. -|<>|Log query plan description table, useful for debugging purposes. -|<>|If the execution of query takes more time than this threshold, the query is logged once completed - provided query logging is set to INFO. -|<>|Log the start and end of a transaction. -|<>|If the transaction is open for more time than this threshold, the transaction is logged once completed - provided transaction logging (db.logs.query.transaction.enabled) is set to `INFO`. -|<>|Page cache can be configured to perform usage sampling of loaded pages that can be used to construct active load profile. -|<>|Page cache warmup can be configured to prefetch files, preferably when cache size is bigger than store size. -|<>|Page cache warmup prefetch file allowlist regex. -|<>|The profiling frequency for the page cache. -|<>|Limit the amount of memory that a single transaction can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). -|<>|Limit the amount of memory that all transactions in one database can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). -|<>|If `true`, Neo4j will abort recovery if transaction log files are missing. -|<>|Relationship count threshold for considering a node to be dense. -|<>|The maximum amount of time to wait for running transactions to complete before allowing initiated database shutdown to continue. -|<>|Specify if Neo4j should try to preallocate store files as they grow. -|<>|Database timezone for temporal functions. -|<>|Enables or disables tracking of how much time a query spends actively executing on the CPU. -|<>|The maximum amount of time to wait for the database state represented by the bookmark. -|<>|The maximum number of concurrently running transactions. -|<>|Configures the time interval between transaction monitor checks. -|<>|Transaction sampling percentage. -|<>|The maximum time interval of a transaction within which it should be completed. -|<>|Transaction creation tracing level. -|<>|On serialization of transaction logs, they will be temporary stored in the byte buffer that will be flushed at the end of the transaction or at any moment when buffer will be full. -|<>|Specify if Neo4j should try to preallocate the logical log file in advance. -It optimizes the filesystem by ensuring there is room to accommodate newly generated files and avoid file-level fragmentation. -|<>|Tell Neo4j how long logical transaction logs should be kept to backup the database.For example, "10 days" will prune logical logs that only contain transactions older than 10 days.Alternatively, "100k txs" will keep the 100k latest transactions from each database and prune any older transactions. -|<>|Specifies at which file size the logical log will auto-rotate. -|<>|Defines whether memory for transaction state should be allocated on- or off-heap. -|<>|label:enterprise-edition[Enterprise only]The catch up protocol times out if the given duration elapses with no network activity. -|<>|label:enterprise-edition[Enterprise only]A comma-separated list of endpoints which a server should contact in order to discover other cluster members. -|<>|label:enterprise-edition[Enterprise only]The level of middleware logging. -|<>|label:enterprise-edition[Enterprise only]Configure the discovery resolver type used for cluster members resolution. -|<>|label:enterprise-edition[Enterprise only]Minimum number of machines initially required to formed a clustered DBMS. -|<>|label:enterprise-edition[Enterprise only]Time out for protocol negotiation handshake. -|<>|label:enterprise-edition[Enterprise only]Maximum chunk size allowable across network by clustering machinery. -|<>|label:enterprise-edition[Enterprise only]Network compression algorithms that this instance will allow in negotiation as a comma-separated list. -|<>|label:enterprise-edition[Enterprise only]The time allowed for a database on a Neo4j server to either join a cluster or form a new cluster with the other Neo4j Servers provided by `dbms.cluster.discovery.endpoints`. -|<>|label:enterprise-edition[Enterprise only]The maximum number of TCP channels between two nodes to operate the raft protocol. -|<>|label:enterprise-edition[Enterprise only]The rate at which leader elections happen. -|<>|label:enterprise-edition[Enterprise only]The time window within which the loss of the leader is detected and the first re-election attempt is held. -|<>|label:enterprise-edition[Enterprise only]Which strategy to use when transferring database leaderships around a cluster. -|<>|label:enterprise-edition[Enterprise only]RAFT log pruning frequency. -|<>|label:enterprise-edition[Enterprise only]RAFT log reader pool size. -|<>|label:enterprise-edition[Enterprise only]RAFT log rotation size. -|<>|label:enterprise-edition[Enterprise only]Maximum amount of lag accepted for a new follower to join the Raft group. -|<>|label:enterprise-edition[Enterprise only]Time out for a new member to catch up. -|<>|label:enterprise-edition[Enterprise only]Maximum retry time per request during store copy. -|<>|This setting is associated with performance optimization. -|<>|This setting is associated with performance optimization. -|<>|Set this to specify the behavior when Cypher planner or runtime hints cannot be fulfilled. -|<>|Set this to change the behavior for Cypher create relationship when the start or end node is missing. -|<>|The minimum time between possible cypher query replanning events. -|<>|Set this to specify the default planner for the default language version. -|<>|If set to `true` a textual representation of the plan description will be rendered on the server for all queries running with `EXPLAIN` or `PROFILE`. -|<>|The threshold for statistics above which a plan is considered stale. -+ -If any of the underlying statistics used to create the plan have changed more than this value, the plan will be considered stale and will be replanned. -|<>|label:enterprise-edition[Enterprise only]Databases may be created from an existing 'seed' (a database backup or dump) stored at some source URI. -|<>|Database timezone. -|<>|label:enterprise-edition[Enterprise only]Address for Kubernetes API. -|<>|label:enterprise-edition[Enterprise only]File location of CA certificate for Kubernetes API. -|<>|label:enterprise-edition[Enterprise only]Kubernetes cluster domain. -|<>|label:enterprise-edition[Enterprise only]LabelSelector for Kubernetes API. -|<>|label:enterprise-edition[Enterprise only]File location of namespace for Kubernetes API. -|<>|label:enterprise-edition[Enterprise only]Service port name for discovery for Kubernetes API. -|<>|label:enterprise-edition[Enterprise only]File location of token for Kubernetes API. -|<>|Enable HTTP request logging. -|<>|label:enterprise-edition[Enterprise only]The maximum number of databases. -|<>|Enable off heap and on heap memory tracking. -|<>|Limit the amount of memory that all of the running transactions can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). -|<>|Netty SSL provider. -|<>|Always use client side routing (regardless of the default router) for neo4j:// protocol connections to these domains. -|<>|Routing strategy for neo4j:// protocol connections. -Default is `CLIENT`, using client-side routing, with server-side routing as a fallback (if enabled). -When set to `SERVER`, client-side routing is short-circuited, and requests will rely on server-side routing (which must be enabled for proper operation, i.e. -|<>|Socket connection timeout. -A timeout of zero is treated as an infinite timeout and will be bound by the timeout configured on the -operating system level. -|<>|Pooled connections older than this threshold will be closed and removed from the pool. -Setting this option to a low value will cause a high connection churn and might result in a performance hit. -It is recommended to set maximum lifetime to a slightly smaller value than the one configured in network -equipment (load balancer, proxy, firewall, etc. -|<>|Maximum amount of time spent attempting to acquire a connection from the connection pool. -This timeout only kicks in when all existing connections are being used and no new connections can be created because maximum connection pool size has been reached. -Error is raised when connection can't be acquired within configured time. -Negative values are allowed and result in unlimited acquisition timeout. -|<>|Pooled connections that have been idle in the pool for longer than this timeout will be tested before they are used again, to ensure they are still alive. -If this option is set too low, an additional network call will be incurred when acquiring a connection, which causes a performance hit. -If this is set high, no longer live connections might be used which might lead to errors. -Hence, this parameter tunes a balance between the likelihood of experiencing connection problems and performance -Normally, this parameter should not need tuning. -Value 0 means connections will always be tested for validity. -|<>|Maximum total number of connections to be managed by a connection pool. -The limit is enforced for a combination of a host and user. -|<>|Sets level for driver internal logging. -|<>|Enable server-side routing in clusters using an additional bolt connector. -When configured, this allows requests to be forwarded from one cluster member to another, if the requests can't be satisfied by the first member (e.g. -|<>|label:enterprise-edition[Enterprise only]The load balancing plugin to use. -|<>|label:enterprise-edition[Enterprise only]Enables shuffling of the returned load balancing result. -|<>|label:enterprise-edition[Enterprise only]Configure if the `dbms.routing.getRoutingTable()` procedure should include non-writer primaries as read endpoints or return only secondaries. -|<>|label:enterprise-edition[Enterprise only]Configure if the `dbms.routing.getRoutingTable()` procedure should include the writer as read endpoint or return only non-writers (non writer primaries and secondaries) Note: writer is returned as read endpoint if no other member is present all. -|<>|How long callers should cache the response of the routing procedure `dbms.routing.getRoutingTable()`. -|<>|Determines if Cypher will allow using file URLs when loading data using `LOAD CSV`. -|<>|label:enterprise-edition[Enterprise only]The maximum capacity for authentication and authorization caches (respectively). -|<>|label:enterprise-edition[Enterprise only]The time to live (TTL) for cached authentication and authorization info when using external auth providers (LDAP or plugin). -|<>|label:enterprise-edition[Enterprise only]Enable time-based eviction of the authentication and authorization info cache for external auth providers (LDAP or plugin). -|<>|Enable auth requirement to access Neo4j. -|<>|label:version-number[Neo4j 5.3]The minimum number of characters required in a password. -|<>|The amount of time user account should be locked after a configured number of unsuccessful authentication attempts. -|<>|The maximum number of unsuccessful authentication attempts before imposing a user lock for the configured amount of time, as defined by `dbms.security.auth_lock_time`.The locked out user will not be able to log in until the lock period expires, even if correct credentials are provided. -|<>|label:enterprise-edition[Enterprise only]A list of security authentication providers containing the users and roles. -|<>|label:enterprise-edition[Enterprise only]A list of security authorization providers containing the users and roles. -|<>|label:enterprise-edition[Enterprise only]Require authorization for access to the Causal Clustering status endpoints. -|<>|Value of the Access-Control-Allow-Origin header sent over any HTTP or HTTPS connector. -|<>|Defines an allowlist of http paths where Neo4j authentication is not required. -|<>|Value of the HTTP Strict-Transport-Security (HSTS) response header. -|<>|label:enterprise-edition[Enterprise only]Name of the 256 length AES encryption key, which is used for the symmetric encryption. -|<>|label:enterprise-edition[Enterprise only]Password for accessing the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption. -|<>|label:enterprise-edition[Enterprise only]Location of the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption of secrets held in system database. -|<>|label:enterprise-edition[Enterprise only]The attribute to use when looking up users. -Using this setting requires `dbms.security.ldap.authentication.search_for_attribute` to be true and thus `dbms.security.ldap.authorization.system_username` and `dbms.security.ldap.authorization.system_password` to be configured. -|<>|label:enterprise-edition[Enterprise only]Determines if the result of authentication via the LDAP server should be cached or not. -|<>|label:enterprise-edition[Enterprise only]LDAP authentication mechanism. -|<>|label:enterprise-edition[Enterprise only]Perform authentication by searching for an unique attribute of a user. -Using this setting requires `dbms.security.ldap.authorization.system_username` and `dbms.security.ldap.authorization.system_password` to be configured. -|<>|label:enterprise-edition[Enterprise only]LDAP user DN template. -|<>|label:enterprise-edition[Enterprise only]The LDAP group to which a user must belong to get any access to the system.Set this to restrict access to a subset of LDAP users belonging to a particular group. -|<>|label:enterprise-edition[Enterprise only]A list of attribute names on a user object that contains groups to be used for mapping to roles when LDAP authorization is enabled. -|<>|label:enterprise-edition[Enterprise only]An authorization mapping from LDAP group names to Neo4j role names. -|<>|label:enterprise-edition[Enterprise only]This setting determines whether multiple LDAP search results will be processed (as is required for the lookup of nested groups). -|<>|label:enterprise-edition[Enterprise only]The search template which will be used to find the nested groups which the user is a member of. -|<>|label:enterprise-edition[Enterprise only]An LDAP system account password to use for authorization searches when `dbms.security.ldap.authorization.use_system_account` is `true`. -|<>|label:enterprise-edition[Enterprise only]An LDAP system account username to use for authorization searches when `dbms.security.ldap.authorization.use_system_account` is `true`. -|<>|label:enterprise-edition[Enterprise only]Perform LDAP search for authorization info using a system account instead of the user's own account. -If this is set to `false` (default), the search for group membership will be performed directly after authentication using the LDAP context bound with the user's own account. -|<>|label:enterprise-edition[Enterprise only]The name of the base object or named context to search for user objects when LDAP authorization is enabled. -|<>|label:enterprise-edition[Enterprise only]The LDAP search filter to search for a user principal when LDAP authorization is enabled. -|<>|label:enterprise-edition[Enterprise only]The timeout for establishing an LDAP connection. -|<>|label:enterprise-edition[Enterprise only]URL of LDAP server to use for authentication and authorization. -|<>|label:enterprise-edition[Enterprise only]The timeout for an LDAP read request (i.e. -|<>|label:enterprise-edition[Enterprise only]The LDAP referral behavior when creating a connection. -|<>|label:enterprise-edition[Enterprise only]Use secure communication with the LDAP server using opportunistic TLS. -|<>|label:enterprise-edition[Enterprise only]Set to log successful authentication events to the security log. -|<.audience>>|label:enterprise-edition[Enterprise only]Expected values of the Audience (aud) claim in the id token. -|<.auth_endpoint>>|label:enterprise-edition[Enterprise only]The OIDC authorization endpoint. -|<.auth_flow>>|label:enterprise-edition[Enterprise only]The OIDC flow to use. -|<.auth_params>>|label:enterprise-edition[Enterprise only]Optional additional parameters that the auth endpoint requires. -|<.authorization.group_to_role_mapping>>|label:enterprise-edition[Enterprise only]An authorization mapping from IdP group names to Neo4j role names. -|<.claims.groups>>|label:enterprise-edition[Enterprise only]The claim to use as the list of groups in Neo4j. -|<.claims.username>>|label:enterprise-edition[Enterprise only]The claim to use as the username in Neo4j. -|<.client_id>>|label:enterprise-edition[Enterprise only]Client id needed if token contains multiple Audience (aud) claims. -|<.config>>|label:enterprise-edition[Enterprise only] -|<.display_name>>|label:enterprise-edition[Enterprise only]The user-facing name of the provider as provided by the discovery endpoint to clients (Bloom, Browser etc.). -|<.get_groups_from_user_info>>|label:enterprise-edition[Enterprise only]When turned on, Neo4j gets the groups from the provider user info endpoint. -|<.get_username_from_user_info>>|label:enterprise-edition[Enterprise only]When turned on, Neo4j gets the username from the provider user info endpoint. -|<.issuer>>|label:enterprise-edition[Enterprise only]The expected value of the iss claim in the id token. -|<.jwks_uri>>|label:enterprise-edition[Enterprise only]The location of the JWK public key set for the identity provider. -|<.params>>|label:enterprise-edition[Enterprise only]The map is a semicolon separated list of key-value pairs. -|<.token_endpoint>>|label:enterprise-edition[Enterprise only]The OIDC token endpoint. -|<.token_params>>|label:enterprise-edition[Enterprise only]Optional query parameters that the token endpoint requires. -|<.user_info_uri>>|label:enterprise-edition[Enterprise only]The identity providers user info uri. -|<.well_known_discovery_uri>>|label:enterprise-edition[Enterprise only]The 'well known' OpenID Connect Discovery endpoint used to fetch identity provider settings. -|<>|A list of procedures (comma separated) that are to be loaded. -|<>|A list of procedures and user defined functions (comma separated) that are allowed full access to the database. -|<>|label:enterprise-edition[Enterprise only]Name of the initial database allocator. -|<>|Name of the default database (aliases are not supported). -|<>|label:enterprise-edition[Enterprise only]Initial default number of primary instances of user databases. -|<>|label:enterprise-edition[Enterprise only]Initial default number of secondary instances of user databases. -|<>|label:enterprise-edition[Enterprise only]The names of databases that are allowed on this server - all others are denied. -|<>|label:enterprise-edition[Enterprise only]The names of databases that are not allowed on this server. -|<>|label:enterprise-edition[Enterprise only]An instance can restrict itself to allow databases to be hosted only as primaries or secondaries. -|<>|label:enterprise-edition[Enterprise only]Enable support for running online backups. -|<>|label:enterprise-edition[Enterprise only]Network interface and port for the backup server to listen on. -|<>|label:enterprise-edition[Enterprise only]Maximum retry time per request during store copy. -|<>|Advertised address for this connector. -|<>|The maximum time to wait before sending a NOOP on connections waiting for responses from active ongoing queries.The minimum value is 1 millisecond. -|<>|The type of messages to enable keep-alive messages for (ALL, STREAMING or OFF). -|<>|The total amount of probes to be missed before a connection is considered stale.The minimum for this value is 1. -|<>|The interval between every scheduled keep-alive check on all connections with active queries. -|<>|Enable the bolt connector. -|<>|Address the connector should bind to. -|<>|Enable server OCSP stapling for bolt and http connectors. -|<>|The maximum time an idle thread in the thread pool bound to this connector will wait for new tasks. -|<>|The maximum number of threads allowed in the thread pool bound to this connector. -|<>|The number of threads to keep in the thread pool bound to this connector, even if they are idle. -|<>|Encryption level to require this connector to use. -|<>|label:enterprise-edition[Enterprise only]Advertised hostname/IP address and port for the transaction shipping server. -|<>|label:enterprise-edition[Enterprise only]Comma separated list of groups to be used by the connect-randomly-to-server-group selection strategy. -|<>|label:enterprise-edition[Enterprise only]An ordered list in descending preference of the strategy which secondaries use to choose the upstream server from which to pull transactional updates. -|<>|label:enterprise-edition[Enterprise only]Configuration of a user-defined upstream selection strategy. -|<>|label:enterprise-edition[Enterprise only]Network interface and port for the transaction shipping server to listen on. -|<>|label:enterprise-edition[Enterprise only]Use native transport if available. -|<>|label:enterprise-edition[Enterprise only]Advertised hostname/IP address and port for the RAFT server. -|<>|label:enterprise-edition[Enterprise only]Network interface and port for the RAFT server to listen on. -|<>|label:enterprise-edition[Enterprise only]Users must manually specify the mode for the system database on each instance. -|<>|A strict configuration validation will prevent the database from starting up if unknown configuration options are specified in the neo4j settings namespace (such as dbms., cypher., etc) or if settings are declared multiple times. -|<>|Whether or not any database on this instance are read_only by default. -|<>|List of databases for which to prevent write queries. -|<>|List of databases for which to allow write queries. -|<>|label:deprecated[Deprecated in 5.7]The number of cached Cypher query execution plans per database. -Replaced by <>. -|<>|Default hostname or IP address the server uses to advertise itself. -|<>|Default network interface to listen for incoming connections. -|<>|label:enterprise-edition[Enterprise only]Directory to hold cluster state including Raft log. -|<>|Path of the data directory. -|<>|Root location where Neo4j will store database dumps optionally produced when dropping said databases. -|<>|Sets the root directory for file URLs used with the Cypher `LOAD CSV` clause. -|<>|Path of the lib directory. -|<>|Path of the licenses directory. -|<>|Path of the logs directory. -|<>|label:enterprise-edition[Enterprise only]The target location of the CSV files: a path to a directory wherein a CSV file per reported field will be written. -|<>|Root relative to which directory settings are resolved. -|<>|Location of the database plugin directory. -|<>|Path of the run directory. -|<>|Root location where Neo4j will store scripts for configured databases. -|<>|Root location where Neo4j will store transaction logs for configured databases. -|<>|label:enterprise-edition[Enterprise only]Advertised cluster member discovery management communication. -|<>|label:enterprise-edition[Enterprise only]Host and port to bind the cluster member discovery management communication. -|<>|label:enterprise-edition[Enterprise only]A list of setting name patterns (comma separated) that are allowed to be dynamically changed. -|<>|label:enterprise-edition[Enterprise only]A list of tag names for the server used when configuring load balancing and replication policies. This setting is deprecated in favour of <>. -|<>|Advertised address for this connector. -|<>|Enable the http connector. -|<>|Address the connector should bind to. -|<>|Defines the set of modules loaded into the Neo4j web server. -|<>|Advertised address for this connector. -|<>|Enable the https connector. -|<>|Address the connector should bind to. -|<>|Additional JVM arguments. -|<>|Path to the logging configuration for debug, query, http and security logs. -|<>|Enable the debug log. -|<>|Enable GC Logging. -|<>|GC Logging Options. -|<>|Number of GC logs to keep. -|<>|Size of each GC log that is kept. -|<>|Path to the logging configuration of user logs. -|<>|label:enterprise-edition[Enterprise only] label:deprecated[Deprecated in 5.6] The maximum number of databases. -This setting is deprecated in favor of <> in 5.6. -|<>|Initial heap size. -|<>|Maximum heap size. -|<>|Defines the size of the off-heap memory blocks cache. -|<>|Defines the maximum size of an off-heap memory block that can be cached to speed up allocations. -|<>|The maximum amount of off-heap memory that can be used to store transaction state data; it's a total amount of memory shared across all active transactions. -|<>|Use direct I/O for page cache. -|<>|Page cache can be configured to use a temporal buffer for flushing purposes. -|<>|Page cache can be configured to use a temporal buffer for flushing purposes. -|<>|The maximum number of worker threads to use for pre-fetching data when doing sequential scans. -|<>|The amount of memory to use for mapping the store files. -|<>|label:enterprise-edition[Enterprise only] label:version-number[Neo4j 5.7] Whether to share query cache between databases. -|<>|label:enterprise-edition[Enterprise only] label:version-number[Neo4j 5.7] The number of cached queries for all databases. -|<>|label:version-number[Neo4j 5.7] The number of cached queries per database. -|<>|label:enterprise-edition[Enterprise only]Set to `true` to enable exporting metrics to CSV files. -|<>|label:enterprise-edition[Enterprise only]The reporting interval for the CSV files. -|<>|label:enterprise-edition[Enterprise only]Decides what compression to use for the csv history files. -|<>|label:enterprise-edition[Enterprise only]Maximum number of history files for the csv files. -|<>|label:enterprise-edition[Enterprise only]The file size in bytes at which the csv files will auto-rotate. -|<>|label:enterprise-edition[Enterprise only]Enable metrics. -|<>|label:enterprise-edition[Enterprise only]Specifies which metrics should be enabled by using a comma separated list of globbing patterns. -|<>|label:enterprise-edition[Enterprise only]Set to `true` to enable exporting metrics to Graphite. -|<>|label:enterprise-edition[Enterprise only]The reporting interval for Graphite. -|<>|label:enterprise-edition[Enterprise only]The hostname or IP address of the Graphite server. -|<>|label:enterprise-edition[Enterprise only]Set to `true` to enable the JMX metrics endpoint. -|<>|label:enterprise-edition[Enterprise only]A common prefix for the reported metrics field names. -|<>|label:enterprise-edition[Enterprise only]Set to `true` to enable the Prometheus endpoint. -|<>|label:enterprise-edition[Enterprise only]The hostname and port to use as Prometheus endpoint. -|<>|label:enterprise-edition[Enterprise only]If there is a Database Management System Panic (an irrecoverable error) should the neo4j process shut down or continue running. -|<>|label:enterprise-edition[Enterprise only]The advertised address for the intra-cluster routing connector. -|<>|The address the routing connector should bind to. -|<>|label:enterprise-edition[Enterprise only]A list of tag names for the server used during database allocation and when configuring load balancing and replication policies. -|<>|Number of Neo4j worker threads. -|<>|Comma-separated list of = for unmanaged extensions. -|<>|Name of the Windows Service managing Neo4j when installed using `neo4j install-service`. -|=== - -// ifdef::nonhtmloutput[] -// * <>: label:enterprise-edition[Enterprise only]Configure the policy for outgoing Neo4j Browser connections. -// * <>: label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to time out logged in users after this idle period. -// * <>: Commands to be run when Neo4j Browser successfully connects to this server. -// * <>: Whitelist of hosts for the Neo4j Browser to be allowed to fetch content from. -// * <>: label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to store or not store user credentials. -// * <>: label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to store or not store user editor history. -// * <>: Configure client applications such as Browser and Bloom to send Product Analytics data. -// * <>: Configures the general policy for when check-points should occur. -// * <>: Configures the time interval between check-points. -// * <>: Configures the transaction interval between check-points. -// * <>: Configures the volume of transaction logs between check-points. -// * <>: Limit the number of IOs the background checkpoint process will consume per second. -// * <>: label:enterprise-edition[Enterprise only]Interval of pulling updates from cores. -// * <>: label:enterprise-edition[Enterprise only]The maximum number of bytes in the apply buffer. -// * <>: label:enterprise-edition[Enterprise only]The maximum number of entries in the raft log entry prefetch buffer. -// * <>: label:enterprise-edition[Enterprise only]Largest batch processed by RAFT in bytes. -// * <>: label:enterprise-edition[Enterprise only]Maximum number of bytes in the RAFT in-queue. -// * <>: label:enterprise-edition[Enterprise only]The name of a server_group whose members should be prioritized as leaders. -// * <>: label:enterprise-edition[Enterprise only]RAFT log pruning strategy that determines which logs are to be pruned. -// * <>: label:enterprise-edition[Enterprise only]The maximum number of bytes in the in-flight cache. -// * <>: label:enterprise-edition[Enterprise only]The maximum number of entries in the in-flight cache. -// * <>: Allows the enabling or disabling of the file watcher service. -// * <>: Database format. -// * <>: The size of the internal buffer in bytes used by `LOAD CSV`. -// * <>: Selects whether to conform to the standard https://tools.ietf.org/html/rfc4180 for interpreting escaped quotation characters in CSV files loaded using `LOAD CSV`. -// * <>: The name of the analyzer that the fulltext indexes should use by default. -// * <>: Whether or not fulltext indexes should be eventually consistent by default or not. -// * <>: The eventually_consistent mode of the fulltext indexes works by queueing up index updates to be applied later in a background thread. -// * <>: Enable or disable background index sampling. -// * <>: Index sampling chunk size limit. -// * <>: Percentage of index updates of total index size required before sampling of a given index is triggered. -// * <>: The maximum time interval within which lock should be acquired. -// * <>: Log query text and parameters without obfuscating passwords. -// * <>: Log executed queries. -// * <>: Sets a maximum character length use for each parameter in the log. -// * <>: Obfuscates all literals of the query before writing to the log. -// * <>: Log parameters for the executed queries being logged. -// * <>: Log query plan description table, useful for debugging purposes. -// * <>: If the execution of query takes more time than this threshold, the query is logged once completed - provided query logging is set to INFO. -// * <>: Log the start and end of a transaction. -// * <>: If the transaction is open for more time than this threshold, the transaction is logged once completed - provided transaction logging (db.logs.query.transaction.enabled) is set to `INFO`. -// * <>: Page cache can be configured to perform usage sampling of loaded pages that can be used to construct active load profile. -// * <>: Page cache warmup can be configured to prefetch files, preferably when cache size is bigger than store size. -// * <>: Page cache warmup prefetch file allowlist regex. -// * <>: The profiling frequency for the page cache. -// * <>: Limit the amount of memory that a single transaction can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). -// * <>: Limit the amount of memory that all transactions in one database can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). -// * <>: If `true`, Neo4j will abort recovery if transaction log files are missing. -// * <>: Relationship count threshold for considering a node to be dense. -// * <>: The maximum amount of time to wait for running transactions to complete before allowing initiated database shutdown to continue. -// * <>: Specify if Neo4j should try to preallocate store files as they grow. -// * <>: Database timezone for temporal functions. -// * <>: Enables or disables tracking of how much time a query spends actively executing on the CPU. -// * <>: The maximum amount of time to wait for the database state represented by the bookmark. -// * <>: The maximum number of concurrently running transactions. -// * <>: Configures the time interval between transaction monitor checks. -// * <>: Transaction sampling percentage. -// * <>: The maximum time interval of a transaction within which it should be completed. -// * <>: Transaction creation tracing level. -// * <>: On serialization of transaction logs, they will be temporary stored in the byte buffer that will be flushed at the end of the transaction or at any moment when buffer will be full. -// * <>: Specify if Neo4j should try to preallocate logical log file in advance. -// It optimizes the filesystem by ensuring there is room to accommodate newly generated files and avoid file-level fragmentation. -// * <>: Tell Neo4j how long logical transaction logs should be kept to backup the database.For example, "10 days" will prune logical logs that only contain transactions older than 10 days.Alternatively, "100k txs" will keep the 100k latest transactions from each database and prune any older transactions. -// * <>: Specifies at which file size the logical log will auto-rotate. -// * <>: Defines whether memory for transaction state should be allocated on- or off-heap. -// * <>: label:enterprise-edition[Enterprise only]The catch up protocol times out if the given duration elapses with no network activity. -// * <>: label:enterprise-edition[Enterprise only]A comma-separated list of endpoints which a server should contact in order to discover other cluster members. -// * <>: label:enterprise-edition[Enterprise only]The level of middleware logging. -// * <>: label:enterprise-edition[Enterprise only]Configure the discovery resolver type used for cluster member resolution. -// * <>: label:enterprise-edition[Enterprise only]Minimum number of machines initially required to formed a clustered DBMS. -// * <>: label:enterprise-edition[Enterprise only]Time out for protocol negotiation handshake. -// * <>: label:enterprise-edition[Enterprise only]Maximum chunk size allowable across network by clustering machinery. -// * <>: label:enterprise-edition[Enterprise only]Network compression algorithms that this instance will allow in negotiation as a comma-separated list. -// * <>: label:enterprise-edition[Enterprise only]The time allowed for a database on a Neo4j server to either join a cluster or form a new cluster with the other Neo4j Servers provided by `dbms.cluster.discovery.endpoints`. -// * <>: label:enterprise-edition[Enterprise only]The maximum number of TCP channels between two nodes to operate the raft protocol. -// * <>: label:enterprise-edition[Enterprise only]The rate at which leader elections happen. -// * <>: label:enterprise-edition[Enterprise only]The time window within which the loss of the leader is detected and the first re-election attempt is held. -// * <>: label:enterprise-edition[Enterprise only]Which strategy to use when transferring database leaderships around a cluster. -// * <>: label:enterprise-edition[Enterprise only]RAFT log pruning frequency. -// * <>: label:enterprise-edition[Enterprise only]RAFT log reader pool size. -// * <>: label:enterprise-edition[Enterprise only]RAFT log rotation size. -// * <>: label:enterprise-edition[Enterprise only]Maximum amount of lag accepted for a new follower to join the Raft group. -// * <>: label:enterprise-edition[Enterprise only]Time out for a new member to catch up. -// * <>: label:enterprise-edition[Enterprise only]Maximum retry time per request during store copy. -// * <>: This setting is associated with performance optimization. -// * <>: This setting is associated with performance optimization. -// * <>: Set this to specify the behavior when Cypher planner or runtime hints cannot be fulfilled. -// * <>: Set this to change the behavior for Cypher create relationship when the start or end node is missing. -// * <>: The minimum time between possible cypher query replanning events. -// * <>: Set this to specify the default planner for the default language version. -// * <>: If set to `true` a textual representation of the plan description will be rendered on the server for all queries running with `EXPLAIN` or `PROFILE`. -// * <>: The threshold for statistics above which a plan is considered stale. -// + -// If any of the underlying statistics used to create the plan have changed more than this value, the plan will be considered stale and will be replanned. -// * <>: label:enterprise-edition[Enterprise only]Databases may be created from an existing 'seed' (a database backup or dump) stored at some source URI. -// * <>: Database timezone. -// * <>: label:enterprise-edition[Enterprise only]Address for Kubernetes API. -// * <>: label:enterprise-edition[Enterprise only]File location of CA certificate for Kubernetes API. -// * <>: label:enterprise-edition[Enterprise only]Kubernetes cluster domain. -// * <>: label:enterprise-edition[Enterprise only]LabelSelector for Kubernetes API. -// * <>: label:enterprise-edition[Enterprise only]File location of namespace for Kubernetes API. -// * <>: label:enterprise-edition[Enterprise only]Service port name for discovery for Kubernetes API. -// * <>: label:enterprise-edition[Enterprise only]File location of token for Kubernetes API. -// * <>: Enable HTTP request logging. -// * <>: label:enterprise-edition[Enterprise only]The maximum number of databases. -// * <>: Enable off heap and on heap memory tracking. -// * <>: Limit the amount of memory that all of the running transactions can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). -// * <>: Netty SSL provider. -// * <>: Always use client side routing (regardless of the default router) for neo4j:// protocol connections to these domains. -// * <>: Routing strategy for neo4j:// protocol connections. -// Default is `CLIENT`, using client-side routing, with server-side routing as a fallback (if enabled). -// When set to `SERVER`, client-side routing is short-circuited, and requests will rely on server-side routing (which must be enabled for proper operation, i.e. -// * <>: Socket connection timeout. -// A timeout of zero is treated as an infinite timeout and will be bound by the timeout configured on the -// operating system level. -// * <>: Pooled connections older than this threshold will be closed and removed from the pool. -// Setting this option to a low value will cause a high connection churn and might result in a performance hit. -// It is recommended to set maximum lifetime to a slightly smaller value than the one configured in network -// equipment (load balancer, proxy, firewall, etc. -// * <>: Maximum amount of time spent attempting to acquire a connection from the connection pool. -// This timeout only kicks in when all existing connections are being used and no new connections can be created because maximum connection pool size has been reached. -// Error is raised when connection can't be acquired within configured time. -// Negative values are allowed and result in unlimited acquisition timeout. -// * <>: Pooled connections that have been idle in the pool for longer than this timeout will be tested before they are used again, to ensure they are still alive. -// If this option is set too low, an additional network call will be incurred when acquiring a connection, which causes a performance hit. -// If this is set high, no longer live connections might be used which might lead to errors. -// Hence, this parameter tunes a balance between the likelihood of experiencing connection problems and performance -// Normally, this parameter should not need tuning. -// Value 0 means connections will always be tested for validity. -// * <>: Maximum total number of connections to be managed by a connection pool. -// The limit is enforced for a combination of a host and user. -// * <>: Sets level for driver internal logging. -// * <>: Enable server-side routing in clusters using an additional bolt connector. -// When configured, this allows requests to be forwarded from one cluster member to another, if the requests can't be satisfied by the first member (e.g. -// * <>: label:enterprise-edition[Enterprise only]The load balancing plugin to use. -// * <>: label:enterprise-edition[Enterprise only]Enables shuffling of the returned load balancing result. -// * <>: label:enterprise-edition[Enterprise only]Configure if the `dbms.routing.getRoutingTable()` procedure should include non-writer primaries as read endpoints or return only secondaries. -// * <>: label:enterprise-edition[Enterprise only]Configure if the `dbms.routing.getRoutingTable()` procedure should include the writer as read endpoint or return only non-writers (non writer primaries and secondaries) Note: writer is returned as read endpoint if no other member is present all. -// * <>: How long callers should cache the response of the routing procedure `dbms.routing.getRoutingTable()`. -// * <>: Determines if Cypher will allow using file URLs when loading data using `LOAD CSV`. -// * <>: label:enterprise-edition[Enterprise only]The maximum capacity for authentication and authorization caches (respectively). -// * <>: label:enterprise-edition[Enterprise only]The time to live (TTL) for cached authentication and authorization info when using external auth providers (LDAP or plugin). -// * <>: label:enterprise-edition[Enterprise only]Enable time-based eviction of the authentication and authorization info cache for external auth providers (LDAP or plugin). -// * <>: Enable auth requirement to access Neo4j. -// * <>: The amount of time user account should be locked after a configured number of unsuccessful authentication attempts. -// * <>: The maximum number of unsuccessful authentication attempts before imposing a user lock for the configured amount of time, as defined by `dbms.security.auth_lock_time`.The locked out user will not be able to log in until the lock period expires, even if correct credentials are provided. -// * <>: label:enterprise-edition[Enterprise only]A list of security authentication providers containing the users and roles. -// * <>: label:enterprise-edition[Enterprise only]A list of security authorization providers containing the users and roles. -// * <>: label:enterprise-edition[Enterprise only]Require authorization for access to the Causal Clustering status endpoints. -// * <>: Value of the Access-Control-Allow-Origin header sent over any HTTP or HTTPS connector. -// * <>: Defines an allowlist of http paths where Neo4j authentication is not required. -// * <>: Value of the HTTP Strict-Transport-Security (HSTS) response header. -// * <>: label:enterprise-edition[Enterprise only]Name of the 256 length AES encryption key, which is used for the symmetric encryption. -// * <>: label:enterprise-edition[Enterprise only]Password for accessing the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption. -// * <>: label:enterprise-edition[Enterprise only]Location of the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption of secrets held in system database. -// * <>: label:enterprise-edition[Enterprise only]The attribute to use when looking up users. -// Using this setting requires `dbms.security.ldap.authentication.search_for_attribute` to be true and thus `dbms.security.ldap.authorization.system_username` and `dbms.security.ldap.authorization.system_password` to be configured. -// * <>: label:enterprise-edition[Enterprise only]Determines if the result of authentication via the LDAP server should be cached or not. -// * <>: label:enterprise-edition[Enterprise only]LDAP authentication mechanism. -// * <>: label:enterprise-edition[Enterprise only]Perform authentication by searching for an unique attribute of a user. -// Using this setting requires `dbms.security.ldap.authorization.system_username` and `dbms.security.ldap.authorization.system_password` to be configured. -// * <>: label:enterprise-edition[Enterprise only]LDAP user DN template. -// * <>: label:enterprise-edition[Enterprise only]The LDAP group to which a user must belong to get any access to the system.Set this to restrict access to a subset of LDAP users belonging to a particular group. -// * <>: label:enterprise-edition[Enterprise only]A list of attribute names on a user object that contains groups to be used for mapping to roles when LDAP authorization is enabled. -// * <>: label:enterprise-edition[Enterprise only]An authorization mapping from LDAP group names to Neo4j role names. -// * <>: label:enterprise-edition[Enterprise only]This setting determines whether multiple LDAP search results will be processed (as is required for the lookup of nested groups). -// * <>: label:enterprise-edition[Enterprise only]The search template which will be used to find the nested groups which the user is a member of. -// * <>: label:enterprise-edition[Enterprise only]An LDAP system account password to use for authorization searches when `dbms.security.ldap.authorization.use_system_account` is `true`. -// * <>: label:enterprise-edition[Enterprise only]An LDAP system account username to use for authorization searches when `dbms.security.ldap.authorization.use_system_account` is `true`. -// * <>: label:enterprise-edition[Enterprise only]Perform LDAP search for authorization info using a system account instead of the user's own account. -// If this is set to `false` (default), the search for group membership will be performed directly after authentication using the LDAP context bound with the user's own account. -// * <>: label:enterprise-edition[Enterprise only]The name of the base object or named context to search for user objects when LDAP authorization is enabled. -// * <>: label:enterprise-edition[Enterprise only]The LDAP search filter to search for a user principal when LDAP authorization is enabled. -// * <>: label:enterprise-edition[Enterprise only]The timeout for establishing an LDAP connection. -// * <>: label:enterprise-edition[Enterprise only]URL of LDAP server to use for authentication and authorization. -// * <>: label:enterprise-edition[Enterprise only]The timeout for an LDAP read request (i.e. -// * <>: label:enterprise-edition[Enterprise only]The LDAP referral behavior when creating a connection. -// * <>: label:enterprise-edition[Enterprise only]Use secure communication with the LDAP server using opportunistic TLS. -// * <>: label:enterprise-edition[Enterprise only]Set to log successful authentication events to the security log. -// * <.audience>>: label:enterprise-edition[Enterprise only]Expected values of the Audience (aud) claim in the id token. -// * <.auth_endpoint>>: label:enterprise-edition[Enterprise only]The OIDC authorization endpoint. -// * <.auth_flow>>: label:enterprise-edition[Enterprise only]The OIDC flow to use. -// * <.auth_params>>: label:enterprise-edition[Enterprise only]Optional additional parameters that the auth endpoint requires. -// * <.authorization.group_to_role_mapping>>: label:enterprise-edition[Enterprise only]An authorization mapping from IdP group names to Neo4j role names. -// * <.claims.groups>>: label:enterprise-edition[Enterprise only]The claim to use as the list of groups in Neo4j. -// * <.claims.username>>: label:enterprise-edition[Enterprise only]The claim to use as the username in Neo4j. -// * <.client_id>>: label:enterprise-edition[Enterprise only]Client id needed if token contains multiple Audience (aud) claims. -// * <.config>>: label:enterprise-edition[Enterprise only] -// * <.display_name>>: label:enterprise-edition[Enterprise only]The user-facing name of the provider as provided by the discovery endpoint to clients (Bloom, Browser etc.). -// * <.get_groups_from_user_info>>: label:enterprise-edition[Enterprise only]When turned on, Neo4j gets the groups from the provider user info endpoint. -// * <.get_username_from_user_info>>: label:enterprise-edition[Enterprise only]When turned on, Neo4j gets the username from the provider user info endpoint. -// * <.issuer>>: label:enterprise-edition[Enterprise only]The expected value of the iss claim in the id token. -// * <.jwks_uri>>: label:enterprise-edition[Enterprise only]The location of the JWK public key set for the identity provider. -// * <.params>>: label:enterprise-edition[Enterprise only]The map is a semicolon separated list of key-value pairs. -// * <.token_endpoint>>: label:enterprise-edition[Enterprise only]The OIDC token endpoint. -// * <.token_params>>: label:enterprise-edition[Enterprise only]Optional query parameters that the token endpoint requires. -// * <.user_info_uri>>: label:enterprise-edition[Enterprise only]The identity providers user info uri. -// * <.well_known_discovery_uri>>: label:enterprise-edition[Enterprise only]The 'well known' OpenID Connect Discovery endpoint used to fetch identity provider settings. -// * <>: A list of procedures (comma separated) that are to be loaded. -// * <>: A list of procedures and user defined functions (comma separated) that are allowed full access to the database. -// * <>: label:enterprise-edition[Enterprise only]Name of the initial database allocator. -// * <>: Name of the default database (aliases are not supported). -// * <>: label:enterprise-edition[Enterprise only]Initial default number of primary instances of user databases. -// * <>: label:enterprise-edition[Enterprise only]Initial default number of secondary instances of user databases. -// * <>: label:enterprise-edition[Enterprise only]The names of databases that are allowed on this server - all others are denied. -// * <>: label:enterprise-edition[Enterprise only]The names of databases that are not allowed on this server. -// * <>: label:enterprise-edition[Enterprise only]An instance can restrict itself to allow databases to be hosted only as primaries or secondaries. -// * <>: label:enterprise-edition[Enterprise only]Enable support for running online backups. -// * <>: label:enterprise-edition[Enterprise only]Network interface and port for the backup server to listen on. -// * <>: label:enterprise-edition[Enterprise only]Maximum retry time per request during store copy. -// * <>: Advertised address for this connector. -// * <>: The maximum time to wait before sending a NOOP on connections waiting for responses from active ongoing queries.The minimum value is 1 millisecond. -// * <>: The type of messages to enable keep-alive messages for (ALL, STREAMING or OFF). -// * <>: The total amount of probes to be missed before a connection is considered stale.The minimum for this value is 1. -// * <>: The interval between every scheduled keep-alive check on all connections with active queries. -// * <>: Enable the bolt connector. -// * <>: Address the connector should bind to. -// * <>: Enable server OCSP stapling for bolt and http connectors. -// * <>: The maximum time an idle thread in the thread pool bound to this connector will wait for new tasks. -// * <>: The maximum number of threads allowed in the thread pool bound to this connector. -// * <>: The number of threads to keep in the thread pool bound to this connector, even if they are idle. -// * <>: Encryption level to require this connector to use. -// * <>: label:enterprise-edition[Enterprise only]Advertised hostname/IP address and port for the transaction shipping server. -// * <>: label:enterprise-edition[Enterprise only]Comma separated list of groups to be used by the connect-randomly-to-server-group selection strategy. -// * <>: label:enterprise-edition[Enterprise only]An ordered list in descending preference of the strategy which secondaries use to choose the upstream server from which to pull transactional updates. -// * <>: label:enterprise-edition[Enterprise only]Configuration of a user-defined upstream selection strategy. -// * <>: label:enterprise-edition[Enterprise only]Network interface and port for the transaction shipping server to listen on. -// * <>: label:enterprise-edition[Enterprise only]Use native transport if available. -// * <>: label:enterprise-edition[Enterprise only]Advertised hostname/IP address and port for the RAFT server. -// * <>: label:enterprise-edition[Enterprise only]Network interface and port for the RAFT server to listen on. -// * <>: label:enterprise-edition[Enterprise only]Users must manually specify the mode for the system database on each instance. -// * <>: A strict configuration validation will prevent the database from starting up if unknown configuration options are specified in the neo4j settings namespace (such as dbms., cypher., etc) or if settings are declared multiple times. -// * <>: Whether or not any database on this instance are read_only by default. -// * <>: List of databases for which to prevent write queries. -// * <>: List of databases for which to allow write queries. -// * <>: The number of cached Cypher query execution plans per database. -// * <>: Default hostname or IP address the server uses to advertise itself. -// * <>: Default network interface to listen for incoming connections. -// * <>: label:enterprise-edition[Enterprise only]Directory to hold cluster state including Raft log. -// * <>: Path of the data directory. -// * <>: Root location where Neo4j will store database dumps optionally produced when dropping said databases. -// * <>: Sets the root directory for file URLs used with the Cypher `LOAD CSV` clause. -// * <>: Path of the lib directory. -// * <>: Path of the licenses directory. -// * <>: Path of the logs directory. -// * <>: label:enterprise-edition[Enterprise only]The target location of the CSV files: a path to a directory wherein a CSV file per reported field will be written. -// * <>: Root relative to which directory settings are resolved. -// * <>: Location of the database plugin directory. -// * <>: Path of the run directory. -// * <>: Root location where Neo4j will store scripts for configured databases. -// * <>: Root location where Neo4j will store transaction logs for configured databases. -// * <>: label:enterprise-edition[Enterprise only]Advertised cluster member discovery management communication. -// * <>: label:enterprise-edition[Enterprise only]Host and port to bind the cluster member discovery management communication. -// * <>: label:enterprise-edition[Enterprise only]A list of setting name patterns (comma separated) that are allowed to be dynamically changed. -// * <>: label:enterprise-edition[Enterprise only]A list of tag names for the server used when configuring load balancing and replication policies. This setting is deprecated in favour of <>. -// * <>: Advertised address for this connector. -// * <>: Enable the http connector. -// * <>: Address the connector should bind to. -// * <>: Defines the set of modules loaded into the Neo4j web server. -// * <>: Advertised address for this connector. -// * <>: Enable the https connector. -// * <>: Address the connector should bind to. -// * <>: Additional JVM arguments. -// * <>: Path to the logging configuration for debug, query, http and security logs. -// * <>: Enable the debug log. -// * <>: Enable GC Logging. -// * <>: GC Logging Options. -// * <>: Number of GC logs to keep. -// * <>: Size of each GC log that is kept. -// * <>: Path to the logging configuration of user logs. -// * <>: label:enterprise-edition[Enterprise only] label:deprecated[Deprecated in 5.6] The maximum number of databases. -// This setting is deprecated in favor of <> in 5.6. -// * <>: Initial heap size. -// * <>: Maximum heap size. -// * <>: Defines the size of the off-heap memory blocks cache. -// * <>: Defines the maximum size of an off-heap memory block that can be cached to speed up allocations. -// * <>: The maximum amount of off-heap memory that can be used to store transaction state data; it's a total amount of memory shared across all active transactions. -// * <>: Use direct I/O for page cache. -// * <>: Page cache can be configured to use a temporal buffer for flushing purposes. -// * <>: Page cache can be configured to use a temporal buffer for flushing purposes. -// * <>: The maximum number of worker threads to use for pre-fetching data when doing sequential scans. -// * <>: label:enterprise-edition[Enterprise only]Whether to share query cache between databases. -// * <>: label:enterprise-edition[Enterprise only]The number of cached queries for all databases. -// * <>: The number of cached queries per database. -// * <>: The amount of memory to use for mapping the store files. -// * <>: label:enterprise-edition[Enterprise only]Set to `true` to enable exporting metrics to CSV files. -// * <>: label:enterprise-edition[Enterprise only]The reporting interval for the CSV files. -// * <>: label:enterprise-edition[Enterprise only]Decides what compression to use for the csv history files. -// * <>: label:enterprise-edition[Enterprise only]Maximum number of history files for the csv files. -// * <>: label:enterprise-edition[Enterprise only]The file size in bytes at which the csv files will auto-rotate. -// * <>: label:enterprise-edition[Enterprise only]Enable metrics. -// * <>: label:enterprise-edition[Enterprise only]Specifies which metrics should be enabled by using a comma separated list of globbing patterns. -// * <>: label:enterprise-edition[Enterprise only]Set to `true` to enable exporting metrics to Graphite. -// * <>: label:enterprise-edition[Enterprise only]The reporting interval for Graphite. -// * <>: label:enterprise-edition[Enterprise only]The hostname or IP address of the Graphite server. -// * <>: label:enterprise-edition[Enterprise only]Set to `true` to enable the JMX metrics endpoint. -// * <>: label:enterprise-edition[Enterprise only]A common prefix for the reported metrics field names. -// * <>: label:enterprise-edition[Enterprise only]Set to `true` to enable the Prometheus endpoint. -// * <>: label:enterprise-edition[Enterprise only]The hostname and port to use as Prometheus endpoint. -// * <>: label:enterprise-edition[Enterprise only]If there is a Database Management System Panic (an irrecoverable error) should the neo4j process shut down or continue running. -// * <>: label:enterprise-edition[Enterprise only]The advertised address for the intra-cluster routing connector. -// * <>: The address the routing connector should bind to. -// * <>: label:enterprise-edition[Enterprise only]A list of tag names for the server used during database allocation and when configuring load balancing and replication policies. -// * <>: Number of Neo4j worker threads. -// * <>: Comma-separated list of = for unmanaged extensions. -// * <>: Name of the Windows Service managing Neo4j when installed using `neo4j install-service`. -//endif::nonhtmloutput[] - - -// end::settings-reference-all-settings[] - -[[config_browser.allow_outgoing_connections]] -.browser.allow_outgoing_connections -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Configure the policy for outgoing Neo4j Browser connections. -|Valid values -a|browser.allow_outgoing_connections, a boolean -|Default value -m|+++true+++ -|=== - -[[config_browser.credential_timeout]] -.browser.credential_timeout -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to time out logged in users after this idle period. Setting this to 0 indicates no limit. -|Valid values -a|browser.credential_timeout, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++0s+++ -|=== - -[[config_browser.post_connect_cmd]] -.browser.post_connect_cmd -[cols="<1s,<4"] -|=== -|Description -a|Commands to be run when Neo4j Browser successfully connects to this server. Separate multiple commands with semi-colon. -|Valid values -a|browser.post_connect_cmd, a string -|Default value -m|++++++ -|=== - -[[config_browser.remote_content_hostname_whitelist]] -.browser.remote_content_hostname_whitelist -[cols="<1s,<4"] -|=== -|Description -a|Whitelist of hosts for the Neo4j Browser to be allowed to fetch content from. -|Valid values -a|browser.remote_content_hostname_whitelist, a string -|Default value -m|+++guides.neo4j.com,localhost+++ -|=== - -[[config_browser.retain_connection_credentials]] -.browser.retain_connection_credentials -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to store or not store user credentials. -|Valid values -a|browser.retain_connection_credentials, a boolean -|Default value -m|+++true+++ -|=== - -[[config_browser.retain_editor_history]] -.browser.retain_editor_history -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Configure the Neo4j Browser to store or not store user editor history. -|Valid values -a|browser.retain_editor_history, a boolean -|Default value -m|+++true+++ -|=== - -[[config_client.allow_telemetry]] -.client.allow_telemetry -[cols="<1s,<4"] -|=== -|Description -a|Configure client applications such as Browser and Bloom to send Product Analytics data. -|Valid values -a|client.allow_telemetry, a boolean -|Default value -m|+++true+++ -|=== - -[[config_db.checkpoint]] -.db.checkpoint -[cols="<1s,<4"] -|=== -|Description -a|Configures the general policy for when check-points should occur. The default policy is the 'periodic' check-point policy, as specified by the '<>' and '<>' settings. The Neo4j Enterprise Edition provides two alternative policies: The first is the 'continuous' check-point policy, which will ignore those settings and run the check-point process all the time. The second is the 'volumetric' check-point policy, which makes a best-effort at check-pointing often enough so that the database doesn't get too far behind on deleting old transaction logs in accordance with the '<>' setting. -|Valid values -a|db.checkpoint, one of [PERIODIC, CONTINUOUS, VOLUME, VOLUMETRIC] -|Default value -m|+++PERIODIC+++ -|=== - -[[config_db.checkpoint.interval.time]] -.db.checkpoint.interval.time -[cols="<1s,<4"] -|=== -|Description -a|Configures the time interval between check-points. The database will not check-point more often than this (unless check pointing is triggered by a different event), but might check-point less often than this interval, if performing a check-point takes longer time than the configured interval. A check-point is a point in the transaction logs, which recovery would start from. Longer check-point intervals typically mean that recovery will take longer to complete in case of a crash. On the other hand, a longer check-point interval can also reduce the I/O load that the database places on the system, as each check-point implies a flushing and forcing of all the store files. -|Valid values -a|db.checkpoint.interval.time, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++15m+++ -|=== - -[[config_db.checkpoint.interval.tx]] -.db.checkpoint.interval.tx -[cols="<1s,<4"] -|=== -|Description -a|Configures the transaction interval between check-points. The database will not check-point more often than this (unless check pointing is triggered by a different event), but might check-point less often than this interval, if performing a check-point takes longer time than the configured interval. A check-point is a point in the transaction logs, which recovery would start from. Longer check-point intervals typically mean that recovery will take longer to complete in case of a crash. On the other hand, a longer check-point interval can also reduce the I/O load that the database places on the system, as each check-point implies a flushing and forcing of all the store files. The default is '100000' for a check-point every 100000 transactions. -|Valid values -a|db.checkpoint.interval.tx, an integer which is minimum `1` -|Default value -m|+++100000+++ -|=== - -[[config_db.checkpoint.interval.volume]] -.db.checkpoint.interval.volume -[cols="<1s,<4"] -|=== -|Description -a|Configures the volume of transaction logs between check-points. The database will not check-point more often than this (unless check pointing is triggered by a different event), but might check-point less often than this interval, if performing a check-point takes longer time than the configured interval. A check-point is a point in the transaction logs, which recovery would start from. Longer check-point intervals typically mean that recovery will take longer to complete in case of a crash. On the other hand, a longer check-point interval can also reduce the I/O load that the database places on the system, as each check-point implies a flushing and forcing of all the store files. -|Valid values -a|db.checkpoint.interval.volume, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `1.00KiB` -|Default value -m|+++250.00MiB+++ -|=== - -[[config_db.checkpoint.iops.limit]] -.db.checkpoint.iops.limit -[cols="<1s,<4"] -|=== -|Description -a|Limit the number of IOs the background checkpoint process will consume per second. This setting is advisory, is ignored in Neo4j Community Edition, and is followed to best effort in Enterprise Edition. An IO is in this case a 8 KiB (mostly sequential) write. Limiting the write IO in this way will leave more bandwidth in the IO subsystem to service random-read IOs, which is important for the response time of queries when the database cannot fit entirely in memory. The only drawback of this setting is that longer checkpoint times may lead to slightly longer recovery times in case of a database or system crash. A lower number means lower IO pressure, and consequently longer checkpoint times. Set this to -1 to disable the IOPS limit and remove the limitation entirely; this will let the checkpointer flush data as fast as the hardware will go. Removing the setting, or commenting it out, will set the default value of 600. -|Valid values -a|db.checkpoint.iops.limit, an integer -|Dynamic a|true -|Default value -m|+++600+++ -|=== - -[[config_db.cluster.catchup.pull_interval]] -.db.cluster.catchup.pull_interval -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Interval of pulling updates from cores. -|Valid values -a|db.cluster.catchup.pull_interval, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++1s+++ -|=== - -[[config_db.cluster.raft.apply.buffer.max_bytes]] -.db.cluster.raft.apply.buffer.max_bytes -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The maximum number of bytes in the apply buffer. This parameter limits the amount of memory that can be consumed by the apply buffer. If the bytes limit is reached, buffer size will be limited even if max_entries is not exceeded. -|Valid values -a|db.cluster.raft.apply.buffer.max_bytes, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) -|Default value -m|+++1.00GiB+++ -|=== - -[[config_db.cluster.raft.apply.buffer.max_entries]] -.db.cluster.raft.apply.buffer.max_entries -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The maximum number of entries in the raft log entry prefetch buffer. -|Valid values -a|db.cluster.raft.apply.buffer.max_entries, an integer -|Default value -m|+++1024+++ -|=== - -[[config_db.cluster.raft.in_queue.batch.max_bytes]] -.db.cluster.raft.in_queue.batch.max_bytes -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Largest batch processed by RAFT in bytes. -|Valid values -a|db.cluster.raft.in_queue.batch.max_bytes, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) -|Default value -m|+++8.00MiB+++ -|=== - -[[config_db.cluster.raft.in_queue.max_bytes]] -.db.cluster.raft.in_queue.max_bytes -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Maximum number of bytes in the RAFT in-queue. -|Valid values -a|db.cluster.raft.in_queue.max_bytes, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) -|Default value -m|+++2.00GiB+++ -|=== - -[[config_db.cluster.raft.leader_transfer.priority_group]] -.db.cluster.raft.leader_transfer.priority_group -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The name of a server_group whose members should be prioritized as leaders. This does not guarantee that members of this group will be leader at all times, but the cluster will attempt to transfer leadership to such a member when possible. If a database is specified using `db.cluster.raft.leader_transfer.priority_group`. the specified priority group will apply to that database only. If no database is specified that group will be the default and apply to all databases which have no priority group explicitly set. Using this setting will disable leadership balancing. -|Valid values -a|db.cluster.raft.leader_transfer.priority_group, a string identifying a Server Tag -|Default value -m|++++++ -|=== - -[[config_db.cluster.raft.log.prune_strategy]] -.db.cluster.raft.log.prune_strategy -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]RAFT log pruning strategy that determines which logs are to be pruned. Neo4j only prunes log entries up to the last applied index, which guarantees that logs are only marked for pruning once the transactions within are safely copied over to the local transaction logs and safely committed by a majority of cluster members. Possible values are a byte size or a number of transactions (e.g., 200K txs). -|Valid values -a|db.cluster.raft.log.prune_strategy, a string -|Default value -m|+++1g size+++ -|=== - -[[config_db.cluster.raft.log_shipping.buffer.max_bytes]] -.db.cluster.raft.log_shipping.buffer.max_bytes -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The maximum number of bytes in the in-flight cache. This parameter limits the amount of memory that can be consumed by cache. If the bytes limit is reached, cache size will be limited even if max_entries is not exceeded. -|Valid values -a|db.cluster.raft.log_shipping.buffer.max_bytes, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) -|Default value -m|+++1.00GiB+++ -|=== - -[[config_db.cluster.raft.log_shipping.buffer.max_entries]] -.db.cluster.raft.log_shipping.buffer.max_entries -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The maximum number of entries in the in-flight cache. Increasing size will require more memory but might improve performance in high load situations. -|Valid values -a|db.cluster.raft.log_shipping.buffer.max_entries, an integer -|Default value -m|+++1024+++ -|=== - -[[config_db.filewatcher.enabled]] -.db.filewatcher.enabled -[cols="<1s,<4"] -|=== -|Description -a|Allows the enabling or disabling of the file watcher service. This is an auxiliary service but should be left enabled in almost all cases. -|Valid values -a|db.filewatcher.enabled, a boolean -|Default value -m|+++true+++ -|=== - -[[config_db.format]] -.db.format -[cols="<1s,<4"] -|=== -|Description -a|Database format. This is the format that will be used for new databases. Valid values are `standard`, `aligned`, or `high_limit`.The `aligned` format is essentially the `standard` format with some minimal padding at the end of pages such that a single record will never cross a page boundary. The `high_limit` format is available for Enterprise Edition only. It is required if you have a graph that is larger than 34 billion nodes, 34 billion relationships, or 68 billion properties. -|Valid values -a|db.format, a string -|Dynamic a|true -|Default value -m|+++aligned+++ -|=== - -[[config_db.import.csv.buffer_size]] -.db.import.csv.buffer_size -[cols="<1s,<4"] -|=== -|Description -a|The size of the internal buffer in bytes used by `LOAD CSV`. If the csv file contains huge fields this value may have to be increased. -|Valid values -a|db.import.csv.buffer_size, a long which is minimum `1` -|Default value -m|+++2097152+++ -|=== - -[[config_db.import.csv.legacy_quote_escaping]] -.db.import.csv.legacy_quote_escaping -[cols="<1s,<4"] -|=== -|Description -a|Selects whether to conform to the standard https://tools.ietf.org/html/rfc4180 for interpreting escaped quotation characters in CSV files loaded using `LOAD CSV`. Setting this to `false` will use the standard, interpreting repeated quotes '""' as a single in-lined quote, while `true` will use the legacy convention originally supported in Neo4j 3.0 and 3.1, allowing a backslash to include quotes in-lined in fields. -|Valid values -a|db.import.csv.legacy_quote_escaping, a boolean -|Default value -m|+++true+++ -|=== - -[[config_db.index.fulltext.default_analyzer]] -.db.index.fulltext.default_analyzer -[cols="<1s,<4"] -|=== -|Description -a|The name of the analyzer that the fulltext indexes should use by default. -|Valid values -a|db.index.fulltext.default_analyzer, a string -|Default value -m|+++standard-no-stop-words+++ -|=== - -[[config_db.index.fulltext.eventually_consistent]] -.db.index.fulltext.eventually_consistent -[cols="<1s,<4"] -|=== -|Description -a|Whether or not fulltext indexes should be eventually consistent by default or not. -|Valid values -a|db.index.fulltext.eventually_consistent, a boolean -|Default value -m|+++false+++ -|=== - -[[config_db.index.fulltext.eventually_consistent_index_update_queue_max_length]] -.db.index.fulltext.eventually_consistent_index_update_queue_max_length -[cols="<1s,<4"] -|=== -|Description -a|The eventually_consistent mode of the fulltext indexes works by queueing up index updates to be applied later in a background thread. This newBuilder sets an upper bound on how many index updates are allowed to be in this queue at any one point in time. When it is reached, the commit process will slow down and wait for the index update applier thread to make some more room in the queue. -|Valid values -a|db.index.fulltext.eventually_consistent_index_update_queue_max_length, an integer which is in the range `1` to `50000000` -|Default value -m|+++10000+++ -|=== - -[[config_db.index_sampling.background_enabled]] -.db.index_sampling.background_enabled -[cols="<1s,<4"] -|=== -|Description -a|Enable or disable background index sampling. -|Valid values -a|db.index_sampling.background_enabled, a boolean -|Default value -m|+++true+++ -|=== - -[[config_db.index_sampling.sample_size_limit]] -.db.index_sampling.sample_size_limit -[cols="<1s,<4"] -|=== -|Description -a|Index sampling chunk size limit. -|Valid values -a|db.index_sampling.sample_size_limit, an integer which is in the range `1048576` to `2147483647` -|Default value -m|+++8388608+++ -|=== - -[[config_db.index_sampling.update_percentage]] -.db.index_sampling.update_percentage -[cols="<1s,<4"] -|=== -|Description -a|Percentage of index updates of total index size required before sampling of a given index is triggered. -|Valid values -a|db.index_sampling.update_percentage, an integer which is minimum `0` -|Default value -m|+++5+++ -|=== - -[[config_db.lock.acquisition.timeout]] -.db.lock.acquisition.timeout -[cols="<1s,<4"] -|=== -|Description -a|The maximum time interval within which lock should be acquired. Zero (default) means timeout is disabled. -|Valid values -a|db.lock.acquisition.timeout, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Dynamic a|true -|Default value -m|+++0s+++ -|=== - -[[config_db.logs.query.early_raw_logging_enabled]] -.db.logs.query.early_raw_logging_enabled -[cols="<1s,<4"] -|=== -|Description -a|Log query text and parameters without obfuscating passwords. This allows queries to be logged earlier before parsing starts. -|Valid values -a|db.logs.query.early_raw_logging_enabled, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_db.logs.query.enabled]] -.db.logs.query.enabled -[cols="<1s,<4"] -|=== -|Description -a|Log executed queries. Valid values are `OFF`, `INFO`, or `VERBOSE`. - -`OFF`:: no logging. -`INFO`:: log queries at the end of execution, that take longer than the configured threshold, `<>`. -`VERBOSE`:: log queries at the start and end of execution, regardless of `<>`. - -Log entries are written to the query log. - -This feature is available in the Neo4j Enterprise Edition. -|Valid values -a|db.logs.query.enabled, one of [OFF, INFO, VERBOSE] -|Dynamic a|true -|Default value -m|+++VERBOSE+++ -|=== - -[[config_db.logs.query.max_parameter_length]] -.db.logs.query.max_parameter_length -[cols="<1s,<4"] -|=== -|Description -a|Sets a maximum character length use for each parameter in the log. This only takes effect if `<> = true`. -|Valid values -a|db.logs.query.max_parameter_length, an integer -|Dynamic a|true -|Default value -m|+++2147483647+++ -|=== - -[[config_db.logs.query.obfuscate_literals]] -.db.logs.query.obfuscate_literals -[cols="<1s,<4"] -|=== -|Description -a|Obfuscates all literals of the query before writing to the log. Note that node labels, relationship types and map property keys are still shown. Changing the setting will not affect queries that are cached. So, if you want the switch to have immediate effect, you must also call `CALL db.clearQueryCaches()`. -|Valid values -a|db.logs.query.obfuscate_literals, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_db.logs.query.parameter_logging_enabled]] -.db.logs.query.parameter_logging_enabled -[cols="<1s,<4"] -|=== -|Description -a|Log parameters for the executed queries being logged. -|Valid values -a|db.logs.query.parameter_logging_enabled, a boolean -|Dynamic a|true -|Default value -m|+++true+++ -|=== - -[[config_db.logs.query.plan_description_enabled]] -.db.logs.query.plan_description_enabled -[cols="<1s,<4"] -|=== -|Description -a|Log query plan description table, useful for debugging purposes. -|Valid values -a|db.logs.query.plan_description_enabled, a boolean -|Dynamic a|true -|Default value -m|false -|=== - -[[config_db.logs.query.threshold]] -.db.logs.query.threshold -[cols="<1s,<4"] -|=== -|Description -a|If the execution of query takes more time than this threshold, the query is logged once completed - provided query logging is set to INFO. Defaults to 0 seconds, that is all queries are logged. -|Valid values -a|db.logs.query.threshold, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Dynamic a|true -|Default value -m|+++0s+++ -|=== - -[[config_db.logs.query.transaction.enabled]] -.db.logs.query.transaction.enabled -[cols="<1s,<4"] -|=== -|Description -a|Log the start and end of a transaction. Valid values are 'OFF', 'INFO', or 'VERBOSE'. -OFF: no logging. -INFO: log start and end of transactions that take longer than the configured threshold, <>. -VERBOSE: log start and end of all transactions. -Log entries are written to the query log. -This feature is available in the Neo4j Enterprise Edition. -|Valid values -a|db.logs.query.transaction.enabled, one of [OFF, INFO, VERBOSE] -|Dynamic a|true -|Default value -m|+++OFF+++ -|=== - -[[config_db.logs.query.transaction.threshold]] -.db.logs.query.transaction.threshold -[cols="<1s,<4"] -|=== -|Description -a|If the transaction is open for more time than this threshold, the transaction is logged once completed - provided transaction logging (<>) is set to `INFO`. Defaults to 0 seconds (all transactions are logged). -|Valid values -a|db.logs.query.transaction.threshold, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Dynamic a|true -|Default value -m|+++0s+++ -|=== - -[[config_db.memory.pagecache.warmup.enable]] -.db.memory.pagecache.warmup.enable -[cols="<1s,<4"] -|=== -|Description -a|Page cache can be configured to perform usage sampling of loaded pages that can be used to construct active load profile. According to that profile pages can be reloaded on the restart, replication, etc. This setting allows disabling that behavior. -This feature is available in Neo4j Enterprise Edition. -|Valid values -a|db.memory.pagecache.warmup.enable, a boolean -|Default value -m|+++true+++ -|=== - -[[config_db.memory.pagecache.warmup.preload]] -.db.memory.pagecache.warmup.preload -[cols="<1s,<4"] -|=== -|Description -a|Page cache warmup can be configured to prefetch files, preferably when cache size is bigger than store size. Files to be prefetched can be filtered by 'dbms.memory.pagecache.warmup.preload.allowlist'. Enabling this disables warmup by profile. -|Valid values -a|db.memory.pagecache.warmup.preload, a boolean -|Default value -m|+++false+++ -|=== - -[[config_db.memory.pagecache.warmup.preload.allowlist]] -.db.memory.pagecache.warmup.preload.allowlist -[cols="<1s,<4"] -|=== -|Description -a|Page cache warmup prefetch file allowlist regex. By default matches all files. -|Valid values -a|db.memory.pagecache.warmup.preload.allowlist, a string -|Default value -m|+++.*+++ -|=== - -[[config_db.memory.pagecache.warmup.profile.interval]] -.db.memory.pagecache.warmup.profile.interval -[cols="<1s,<4"] -|=== -|Description -a|The profiling frequency for the page cache. Accurate profiles allow the page cache to do active warmup after a restart, reducing the mean time to performance. -This feature is available in Neo4j Enterprise Edition. -|Valid values -a|db.memory.pagecache.warmup.profile.interval, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++1m+++ -|=== - -[[config_db.memory.transaction.max]] -.db.memory.transaction.max -[cols="<1s,<4"] -|=== -|Description -a|Limit the amount of memory that a single transaction can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). Zero means 'largest possible value'. -|Valid values -a|db.memory.transaction.max, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `1.00MiB` or is `0B` -|Dynamic a|true -|Default value -m|+++0B+++ -|=== - -[[config_db.memory.transaction.total.max]] -.db.memory.transaction.total.max -[cols="<1s,<4"] -|=== -|Description -a|Limit the amount of memory that all transactions in one database can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). Zero means 'unlimited'. -|Valid values -a|db.memory.transaction.total.max, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `10.00MiB` or is `0B` -|Dynamic a|true -|Default value -m|+++0B+++ -|=== - -[[config_db.recovery.fail_on_missing_files]] -.db.recovery.fail_on_missing_files -[cols="<1s,<4"] -|=== -|Description -a|If `true`, Neo4j will abort recovery if transaction log files are missing. Setting this to `false` will allow Neo4j to create new empty missing files for the already existing database, but the integrity of the database might be compromised. -|Valid values -a|db.recovery.fail_on_missing_files, a boolean -|Default value -m|+++true+++ -|=== - -[[config_db.relationship_grouping_threshold]] -.db.relationship_grouping_threshold -[cols="<1s,<4"] -|=== -|Description -a|Relationship count threshold for considering a node to be dense. -|Valid values -a|db.relationship_grouping_threshold, an integer which is minimum `1` -|Default value -m|+++50+++ -|=== - -[[config_db.shutdown_transaction_end_timeout]] -.db.shutdown_transaction_end_timeout -[cols="<1s,<4"] -|=== -|Description -a|The maximum amount of time to wait for running transactions to complete before allowing initiated database shutdown to continue. -|Valid values -a|db.shutdown_transaction_end_timeout, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++10s+++ -|=== - -[[config_db.store.files.preallocate]] -.db.store.files.preallocate -[cols="<1s,<4"] -|=== -|Description -a|Specify if Neo4j should try to preallocate store files as they grow. -|Valid values -a|db.store.files.preallocate, a boolean -|Default value -m|+++true+++ -|=== - -[[config_db.temporal.timezone]] -.db.temporal.timezone -[cols="<1s,<4"] -|=== -|Description -a|Database timezone for temporal functions. All Time and DateTime values that are created without an explicit timezone will use this configured default timezone. -|Valid values -a|db.temporal.timezone, a string describing a timezone, either described by offset (e.g. `+02:00`) or by name (e.g. `Europe/Stockholm`) -|Default value -m|+++Z+++ -|=== - -[[config_db.track_query_cpu_time]] -.db.track_query_cpu_time -[cols="<1s,<4"] -|=== -|Description -a|Enables or disables tracking of how much time a query spends actively executing on the CPU. Calling `SHOW TRANSACTIONS` will display the time, but not in the _query.log_. + -If you want the CPU time to be logged in the _query.log_, set `db.track_query_cpu_time=true` and `db.logs.query.time_logging_enabled=true` label:Enterprise[]. -|Valid values -a|db.track_query_cpu_time, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_db.transaction.bookmark_ready_timeout]] -.db.transaction.bookmark_ready_timeout -[cols="<1s,<4"] -|=== -|Description -a|The maximum amount of time to wait for the database state represented by the bookmark. -|Valid values -a|db.transaction.bookmark_ready_timeout, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) which is minimum `1s` -|Dynamic a|true -|Default value -m|+++30s+++ -|=== - -[[config_db.transaction.concurrent.maximum]] -.db.transaction.concurrent.maximum -[cols="<1s,<4"] -|=== -|Description -a|The maximum number of concurrently running transactions. If set to 0, limit is disabled. -|Valid values -a|db.transaction.concurrent.maximum, an integer -|Dynamic a|true -|Default value -m|+++1000+++ -|=== - -[[config_db.transaction.monitor.check.interval]] -.db.transaction.monitor.check.interval -[cols="<1s,<4"] -|=== -|Description -a|Configures the time interval between transaction monitor checks. Determines how often monitor thread will check transaction for timeout. -|Valid values -a|db.transaction.monitor.check.interval, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++2s+++ -|=== - -[[config_db.transaction.sampling.percentage]] -.db.transaction.sampling.percentage -[cols="<1s,<4"] -|=== -|Description -a|Transaction sampling percentage. -|Valid values -a|db.transaction.sampling.percentage, an integer which is in the range `1` to `100` -|Dynamic a|true -|Default value -m|+++5+++ -|=== - -[[config_db.transaction.timeout]] -.db.transaction.timeout -[cols="<1s,<4"] -|=== -|Description -a|The maximum time interval of a transaction within which it should be completed. -|Valid values -a|db.transaction.timeout, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Dynamic a|true -|Default value -m|+++0s+++ -|=== - -[[config_db.transaction.tracing.level]] -.db.transaction.tracing.level -[cols="<1s,<4"] -|=== -|Description -a|Transaction creation tracing level. -|Valid values -a|db.transaction.tracing.level, one of [DISABLED, SAMPLE, ALL] -|Dynamic a|true -|Default value -m|+++DISABLED+++ -|=== - -[[config_db.tx_log.buffer.size]] -.db.tx_log.buffer.size -[cols="<1s,<4"] -|=== -|Description -a|On serialization of transaction logs, they will be temporary stored in the byte buffer that will be flushed at the end of the transaction or at any moment when buffer will be full. -|Valid values -a|db.tx_log.buffer.size, a long which is minimum `131072` -|Default value -m|By default the size of byte buffer is based on number of available cpu's with minimal buffer size of 512KB. Every another 4 cpu's will add another 512KB into the buffer size. Maximal buffer size in this default scheme is 4MB taking into account that we can have one transaction log writer per database in multi-database env.For example, runtime with 4 cpus will have buffer size of 1MB; runtime with 8 cpus will have buffer size of 1MB 512KB; runtime with 12 cpus will have buffer size of 2MB. -|=== - -[[config_db.tx_log.preallocate]] -.db.tx_log.preallocate -[cols="<1s,<4"] -|=== -|Description -a|Specify if Neo4j should try to preallocate the logical log file in advance. -It optimizes filesystem by ensuring there is room to accommodate newly generated files and avoid file-level fragmentation. -|Valid values -a|db.tx_log.preallocate, a boolean -|Dynamic a|true -|Default value -m|+++true+++ -|=== - -[[config_db.tx_log.rotation.retention_policy]] -.db.tx_log.rotation.retention_policy -[cols="<1s,<4"] -|=== -|Description -a|Tell Neo4j how long logical transaction logs should be kept to backup the database.For example, "10 days" will prune logical logs that only contain transactions older than 10 days.Alternatively, "100k txs" will keep the 100k latest transactions from each database and prune any older transactions. -|Valid values -a|db.tx_log.rotation.retention_policy, a string which matches the pattern `^(true{vbar}keep_all{vbar}false{vbar}keep_none{vbar}(\d+[KkMmGg]?( (files{vbar}size{vbar}txs{vbar}entries{vbar}hours{vbar}days))))$` (Must be `true` or `keep_all`, `false` or `keep_none`, or of format ` `. Valid units are `K`, `M` and `G`. Valid types are `files`, `size`, `txs`, `entries`, `hours` and `days`. For example, `100M size` will limit logical log space on disk to 100MB per database,and `200K txs` will limit the number of transactions kept to 200 000 per database.) -|Dynamic a|true -|Default value -m|+++2 days+++ -|=== - -[[config_db.tx_log.rotation.size]] -.db.tx_log.rotation.size -[cols="<1s,<4"] -|=== -|Description -a|Specifies at which file size the logical log will auto-rotate. Minimum accepted value is 128 KiB. -|Valid values -a|db.tx_log.rotation.size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `128.00KiB` -|Dynamic a|true -|Default value -m|+++256.00MiB+++ -|=== - -[[config_db.tx_state.memory_allocation]] -.db.tx_state.memory_allocation -[cols="<1s,<4"] -|=== -|Description -a|Defines whether memory for transaction state should be allocated on- or off-heap. Note that for small transactions you can gain up to 25% write speed by setting it to `ON_HEAP`. -|Valid values -a|db.tx_state.memory_allocation, one of [ON_HEAP, OFF_HEAP] -|Default value -m|+++ON_HEAP+++ -|=== - -[[config_dbms.cluster.catchup.client_inactivity_timeout]] -.dbms.cluster.catchup.client_inactivity_timeout -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The catch up protocol times out if the given duration elapses with no network activity. Every message received by the client from the server extends the time out duration. -|Valid values -a|dbms.cluster.catchup.client_inactivity_timeout, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++10m+++ -|=== - -[[config_dbms.cluster.discovery.endpoints]] -.dbms.cluster.discovery.endpoints -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]A comma-separated list of endpoints which a server should contact in order to discover other cluster members. -|Valid values -a|dbms.cluster.discovery.endpoints, a ',' separated list with elements of type 'a socket address in the format 'hostname:port', 'hostname' or ':port''. -|=== - -[[config_dbms.cluster.discovery.log_level]] -.dbms.cluster.discovery.log_level -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The level of middleware logging. -|Valid values -a|dbms.cluster.discovery.log_level, one of [DEBUG, INFO, WARN, ERROR, NONE] -|Default value -m|+++WARN+++ -|=== - -[[config_dbms.cluster.discovery.resolver_type]] -.dbms.cluster.discovery.resolver_type -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Configure the discovery resolver type used for cluster member resolution. -|Valid values -a|dbms.cluster.discovery.resolver_type, one of [DNS, LIST, SRV, K8S] which may require different settings depending on the discovery type: `DNS requires [dbms.cluster.discovery.endpoints], LIST requires [], SRV requires [dbms.cluster.discovery.endpoints], K8S requires [dbms.kubernetes.label_selector, dbms.kubernetes.service_port_name]` -|Default value -m|+++LIST+++ -|=== - -[[config_dbms.cluster.minimum_initial_system_primaries_count]] -.dbms.cluster.minimum_initial_system_primaries_count -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Minimum number of machines initially required to form a clustered DBMS. The cluster is considered formed when at least this many members have discovered each other, bound together and bootstrapped a highly available system database. As a result, at least this many of the cluster's initial machines must have '<>' set to 'PRIMARY'.NOTE: If '<>' is set to 'LIST' and '<>' is empty then the user is assumed to be deploying a standalone DBMS, and the value of this setting is ignored. -|Valid values -a|dbms.cluster.minimum_initial_system_primaries_count, an integer which is minimum `1` -|Default value -m|+++3+++ -|=== - -[[config_dbms.cluster.network.handshake_timeout]] -.dbms.cluster.network.handshake_timeout -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Time out for protocol negotiation handshake. -|Valid values -a|dbms.cluster.network.handshake_timeout, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++20s+++ -|=== - -[[config_dbms.cluster.network.max_chunk_size]] -.dbms.cluster.network.max_chunk_size -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Maximum chunk size allowable across network by clustering machinery. -|Valid values -a|dbms.cluster.network.max_chunk_size, an integer which is in the range `4096` to `10485760` -|Default value -m|+++32768+++ -|=== - -[[config_dbms.cluster.network.supported_compression_algos]] -.dbms.cluster.network.supported_compression_algos -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Network compression algorithms that this instance will allow in negotiation as a comma-separated list. Listed in descending order of preference for incoming connections. An empty list implies no compression. For outgoing connections this merely specifies the allowed set of algorithms and the preference of the remote peer will be used for making the decision. Allowable values: [Gzip, Snappy, Snappy_validating, LZ4, LZ4_high_compression, LZ_validating, LZ4_high_compression_validating] -|Valid values -a|dbms.cluster.network.supported_compression_algos, a ',' separated list with elements of type 'a string'. -|Default value -m|++++++ -|=== - -[[config_dbms.cluster.raft.binding_timeout]] -.dbms.cluster.raft.binding_timeout -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The time allowed for a database on a Neo4j server to either join a cluster or form a new cluster with the other Neo4j Servers provided by `<>`. -|Valid values -a|dbms.cluster.raft.binding_timeout, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++10m+++ -|=== - -[[config_dbms.cluster.raft.client.max_channels]] -.dbms.cluster.raft.client.max_channels -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The maximum number of TCP channels between two nodes to operate the raft protocol. Each database gets allocated one channel, but a single channel can be used by more than one database. -|Valid values -a|dbms.cluster.raft.client.max_channels, an integer -|Default value -m|+++8+++ -|=== - -[[config_dbms.cluster.raft.election_failure_detection_window]] -.dbms.cluster.raft.election_failure_detection_window -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The rate at which leader elections happen. Note that due to election conflicts it might take several attempts to find a leader. The window should be significantly larger than typical communication delays to make conflicts unlikely. -|Valid values -a|dbms.cluster.raft.election_failure_detection_window, a duration-range (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++3s-6s+++ -|=== - -[[config_dbms.cluster.raft.leader_failure_detection_window]] -.dbms.cluster.raft.leader_failure_detection_window -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The time window within which the loss of the leader is detected and the first re-election attempt is held. The window should be significantly larger than typical communication delays to make conflicts unlikely. -|Valid values -a|dbms.cluster.raft.leader_failure_detection_window, a duration-range (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++20s-23s+++ -|=== - -[[config_dbms.cluster.raft.leader_transfer.balancing_strategy]] -.dbms.cluster.raft.leader_transfer.balancing_strategy -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Which strategy to use when transferring database leaderships around a cluster. This can be one of `equal_balancing` or `no_balancing`. `equal_balancing` automatically ensures that each Core server holds the leader role for an equal number of databases.`no_balancing` prevents any automatic balancing of the leader role. Note that if a `leadership_priority_group` is specified for a given database, the value of this setting will be ignored for that database. -|Valid values -a|dbms.cluster.raft.leader_transfer.balancing_strategy, one of [NO_BALANCING, EQUAL_BALANCING] -|Default value -m|+++EQUAL_BALANCING+++ -|=== - -[[config_dbms.cluster.raft.log.pruning_frequency]] -.dbms.cluster.raft.log.pruning_frequency -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]RAFT log pruning frequency. -|Valid values -a|dbms.cluster.raft.log.pruning_frequency, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++10m+++ -|=== - -[[config_dbms.cluster.raft.log.reader_pool_size]] -.dbms.cluster.raft.log.reader_pool_size -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]RAFT log reader pool size. -|Valid values -a|dbms.cluster.raft.log.reader_pool_size, an integer -|Default value -m|+++8+++ -|=== - -[[config_dbms.cluster.raft.log.rotation_size]] -.dbms.cluster.raft.log.rotation_size -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]RAFT log rotation size. -|Valid values -a|dbms.cluster.raft.log.rotation_size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `1.00KiB` -|Default value -m|+++250.00MiB+++ -|=== - -[[config_dbms.cluster.raft.membership.join_max_lag]] -.dbms.cluster.raft.membership.join_max_lag -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Maximum amount of lag accepted for a new follower to join the Raft group. -|Valid values -a|dbms.cluster.raft.membership.join_max_lag, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++10s+++ -|=== - -[[config_dbms.cluster.raft.membership.join_timeout]] -.dbms.cluster.raft.membership.join_timeout -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Time out for a new member to catch up. -|Valid values -a|dbms.cluster.raft.membership.join_timeout, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++10m+++ -|=== - -[[config_dbms.cluster.store_copy.max_retry_time_per_request]] -.dbms.cluster.store_copy.max_retry_time_per_request -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Maximum retry time per request during store copy. Regular store files and indexes are downloaded in separate requests during store copy. This configures the maximum time failed requests are allowed to resend. -|Valid values -a|dbms.cluster.store_copy.max_retry_time_per_request, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++20m+++ -|=== - -[[config_dbms.cypher.forbid_exhaustive_shortestpath]] -.dbms.cypher.forbid_exhaustive_shortestpath -[cols="<1s,<4"] -|=== -|Description -a|This setting is associated with performance optimization. Set this to `true` in situations where it is preferable to have any queries using the 'shortestPath' function terminate as soon as possible with no answer, rather than potentially running for a long time attempting to find an answer (even if there is no path to be found). For most queries, the 'shortestPath' algorithm will return the correct answer very quickly. However there are some cases where it is possible that the fast bidirectional breadth-first search algorithm will find no results even if they exist. This can happen when the predicates in the `WHERE` clause applied to 'shortestPath' cannot be applied to each step of the traversal, and can only be applied to the entire path. When the query planner detects these special cases, it will plan to perform an exhaustive depth-first search if the fast algorithm finds no paths. However, the exhaustive search may be orders of magnitude slower than the fast algorithm. If it is critical that queries terminate as soon as possible, it is recommended that this option be set to `true`, which means that Neo4j will never consider using the exhaustive search for shortestPath queries. However, please note that if no paths are found, an error will be thrown at run time, which will need to be handled by the application. -|Valid values -a|dbms.cypher.forbid_exhaustive_shortestpath, a boolean -|Default value -m|+++false+++ -|=== - -[[config_dbms.cypher.forbid_shortestpath_common_nodes]] -.dbms.cypher.forbid_shortestpath_common_nodes -[cols="<1s,<4"] -|=== -|Description -a|This setting is associated with performance optimization. The shortest path algorithm does not work when the start and end nodes are the same. With this setting set to `false` no path will be returned when that happens. The default value of `true` will instead throw an exception. This can happen if you perform a shortestPath search after a cartesian product that might have the same start and end nodes for some of the rows passed to shortestPath. If it is preferable to not experience this exception, and acceptable for results to be missing for those rows, then set this to `false`. If you cannot accept missing results, and really want the shortestPath between two common nodes, then re-write the query using a standard Cypher variable length pattern expression followed by ordering by path length and limiting to one result. -|Valid values -a|dbms.cypher.forbid_shortestpath_common_nodes, a boolean -|Default value -m|+++true+++ -|=== - -[[config_dbms.cypher.hints_error]] -.dbms.cypher.hints_error -[cols="<1s,<4"] -|=== -|Description -a|Set this to specify the behavior when Cypher planner or runtime hints cannot be fulfilled. If true, then non-conformance will result in an error, otherwise only a warning is generated. -|Valid values -a|dbms.cypher.hints_error, a boolean -|Default value -m|+++false+++ -|=== - -[[config_dbms.cypher.lenient_create_relationship]] -.dbms.cypher.lenient_create_relationship -[cols="<1s,<4"] -|=== -|Description -a|Set this to change the behavior for Cypher create relationship when the start or end node is missing. By default this fails the query and stops execution, but by setting this flag the create operation is simply not performed and execution continues. -|Valid values -a|dbms.cypher.lenient_create_relationship, a boolean -|Default value -m|+++false+++ -|=== - -[[config_dbms.cypher.min_replan_interval]] -.dbms.cypher.min_replan_interval -[cols="<1s,<4"] -|=== -|Description -a|The minimum time between possible cypher query replanning events. After this time, the graph statistics will be evaluated, and if they have changed by more than the value set by <>, the query will be replanned. If the statistics have not changed sufficiently, the same interval will need to pass before the statistics will be evaluated again. Each time they are evaluated, the divergence threshold will be reduced slightly until it reaches 10% after 7h, so that even moderately changing databases will see query replanning after a sufficiently long time interval. -|Valid values -a|dbms.cypher.min_replan_interval, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++10s+++ -|=== - -[[config_dbms.cypher.planner]] -.dbms.cypher.planner -[cols="<1s,<4"] -|=== -|Description -a|Set this to specify the default planner for the default language version. -|Valid values -a|dbms.cypher.planner, one of [DEFAULT, COST] -|Default value -m|+++DEFAULT+++ -|=== - -[[config_dbms.cypher.render_plan_description]] -.dbms.cypher.render_plan_description -[cols="<1s,<4"] -|=== -|Description -a|If set to `true` a textual representation of the plan description will be rendered on the server for all queries running with `EXPLAIN` or `PROFILE`. This allows clients such as the neo4j browser and Cypher shell to show a more detailed plan description. -|Valid values -a|dbms.cypher.render_plan_description, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_dbms.cypher.statistics_divergence_threshold]] -.dbms.cypher.statistics_divergence_threshold -[cols="<1s,<4"] -|=== -|Description -a|The threshold for statistics above which a plan is considered stale. - -If any of the underlying statistics used to create the plan have changed more than this value, the plan will be considered stale and will be replanned. Change is calculated as `abs(a-b)/max(a,b)`. - -This means that a value of `0.75` requires the database to quadruple in size before query replanning. A value of `0` means that the query will be replanned as soon as there is any change in statistics and the replan interval has elapsed. - -This interval is defined by `<>` and defaults to 10s. After this interval, the divergence threshold will slowly start to decline, reaching 10% after about 7h. This will ensure that long running databases will still get query replanning on even modest changes, while not replanning frequently unless the changes are very large. -|Valid values -a|dbms.cypher.statistics_divergence_threshold, a double which is in the range `0.0` to `1.0` -|Default value -m|+++0.75+++ -|=== - -[[config_dbms.databases.seed_from_uri_providers]] -.dbms.databases.seed_from_uri_providers -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Databases may be created from an existing 'seed' (a database backup or dump) stored at some source URI. Different types of seed source are supported by different implementations of `com.neo4j.dbms.seeding.SeedProvider`. For example, seeds stored at `s3://` and `https://` URIs are supported by the builtin `S3SeedProvider` and `URLConnectionSeedProvider` respectively. This list specifies enabled seed providers. If a seed source (URI scheme) is supported by multiple providers in the list, the first matching provider will be used. If the list is set to empty, the seed from uri functionality is effectively disabled. -|Valid values -a|dbms.databases.seed_from_uri_providers, a `,` separated list with elements of type `a string`. -|Default value -m|+++S3SeedProvider+++ -|=== - -[[config_dbms.db.timezone]] -.dbms.db.timezone -[cols="<1s,<4"] -|=== -|Description -a|Database timezone. Among other things, this setting influences the monitoring procedures. -|Valid values -a|dbms.db.timezone, one of [UTC, SYSTEM] -|Default value -m|+++UTC+++ -|=== - -[[config_dbms.kubernetes.address]] -.dbms.kubernetes.address -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Address for Kubernetes API. -|Valid values -a|dbms.kubernetes.address, a socket address in the format `hostname:port`, `hostname` or `:port` -|Default value -m|+++kubernetes.default.svc:443+++ -|=== - -[[config_dbms.kubernetes.ca_crt]] -.dbms.kubernetes.ca_crt -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]File location of CA certificate for Kubernetes API. -|Valid values -a|dbms.kubernetes.ca_crt, a path -|Default value -m|+++/var/run/secrets/kubernetes.io/serviceaccount/ca.crt+++ -|=== - -[[config_dbms.kubernetes.cluster_domain]] -.dbms.kubernetes.cluster_domain -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Kubernetes cluster domain. -|Valid values -a|dbms.kubernetes.cluster_domain, a string -|Default value -m|+++cluster.local+++ -|=== - -[[config_dbms.kubernetes.label_selector]] -.dbms.kubernetes.label_selector -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]LabelSelector for Kubernetes API. -|Valid values -a|dbms.kubernetes.label_selector, a string -|=== - -[[config_dbms.kubernetes.namespace]] -.dbms.kubernetes.namespace -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]File location of namespace for Kubernetes API. -|Valid values -a|dbms.kubernetes.namespace, a path -|Default value -m|+++/var/run/secrets/kubernetes.io/serviceaccount/namespace+++ -|=== - -[[config_dbms.kubernetes.service_port_name]] -.dbms.kubernetes.service_port_name -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Service port name for discovery for Kubernetes API. -|Valid values -a|dbms.kubernetes.service_port_name, a string -|=== - -[[config_dbms.kubernetes.token]] -.dbms.kubernetes.token -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]File location of token for Kubernetes API. -|Valid values -a|dbms.kubernetes.token, a path -|Default value -m|+++/var/run/secrets/kubernetes.io/serviceaccount/token+++ -|=== - -[[config_dbms.logs.http.enabled]] -.dbms.logs.http.enabled -[cols="<1s,<4"] -|=== -|Description -a|Enable HTTP request logging. -|Valid values -a|dbms.logs.http.enabled, a boolean -|Default value -m|+++false+++ -|=== - -[[config_dbms.max_databases]] -.dbms.max_databases -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The maximum number of databases. -|Valid values -a|dbms.max_databases, a long which is minimum `2` -|Default value -m|+++100+++ -|=== - -[[config_dbms.memory.tracking.enable]] -.dbms.memory.tracking.enable -[cols="<1s,<4"] -|=== -|Description -a|Enable off heap and on heap memory tracking. Should not be set to `false` for clusters. -|Valid values -a|dbms.memory.tracking.enable, a boolean -|Default value -m|+++true+++ -|=== - -[[config_dbms.memory.transaction.total.max]] -.dbms.memory.transaction.total.max -[cols="<1s,<4"] -|=== -|Description -a|Limit the amount of memory that all of the running transactions can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). Zero means 'unlimited'. -|Valid values -a|dbms.memory.transaction.total.max, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `10.00MiB` or is `0B` -|Dynamic a|true -|Default value -m|+++70% of the heap size limit+++ -|=== - -[[config_dbms.netty.ssl.provider]] -.dbms.netty.ssl.provider -[cols="<1s,<4"] -|=== -|Description -a|Netty SSL provider. -|Valid values -a|dbms.netty.ssl.provider, one of [JDK, OPENSSL, OPENSSL_REFCNT] -|Default value -m|+++JDK+++ -|=== - -[[config_dbms.routing.client_side.enforce_for_domains]] -.dbms.routing.client_side.enforce_for_domains -[cols="<1s,<4"] -|=== -|Description -a|Always use client side routing (regardless of the default router) for neo4j:// protocol connections to these domains. A comma separated list of domains. Wildcards (*) are supported. -|Valid values -a|dbms.routing.client_side.enforce_for_domains, a ',' separated set with elements of type 'a string'. -|Dynamic a|true -|Default value -m|++++++ -|=== - -[[config_dbms.routing.default_router]] -.dbms.routing.default_router -[cols="<1s,<4"] -|=== -|Description -a|Routing strategy for neo4j:// protocol connections. -Default is `CLIENT`, using client-side routing, with server-side routing as a fallback (if enabled). -When set to `SERVER`, client-side routing is short-circuited, and requests will rely on server-side routing (which must be enabled for proper operation, i.e. `<>=true`). -Can be overridden by `<>`. -|Valid values -a|dbms.routing.default_router, one of [SERVER, CLIENT] -|Default value -m|+++CLIENT+++ -|=== - -[[config_dbms.routing.driver.connection.connect_timeout]] -.dbms.routing.driver.connection.connect_timeout -[cols="<1s,<4"] -|=== -|Description -a|Socket connection timeout. -A timeout of zero is treated as an infinite timeout and will be bound by the timeout configured on the -operating system level. -|Valid values -a|dbms.routing.driver.connection.connect_timeout, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++5s+++ -|=== - -[[config_dbms.routing.driver.connection.max_lifetime]] -.dbms.routing.driver.connection.max_lifetime -[cols="<1s,<4"] -|=== -|Description -a|Pooled connections older than this threshold will be closed and removed from the pool. -Setting this option to a low value will cause a high connection churn and might result in a performance hit. -It is recommended to set maximum lifetime to a slightly smaller value than the one configured in network -equipment (load balancer, proxy, firewall, etc. can also limit maximum connection lifetime). -Zero and negative values result in lifetime not being checked. -|Valid values -a|dbms.routing.driver.connection.max_lifetime, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++1h+++ -|=== - -[[config_dbms.routing.driver.connection.pool.acquisition_timeout]] -.dbms.routing.driver.connection.pool.acquisition_timeout -[cols="<1s,<4"] -|=== -|Description -a|Maximum amount of time spent attempting to acquire a connection from the connection pool. -This timeout only kicks in when all existing connections are being used and no new connections can be created because maximum connection pool size has been reached. -Error is raised when connection can't be acquired within configured time. -Negative values are allowed and result in unlimited acquisition timeout. Value of 0 is allowed and results in no timeout and immediate failure when connection is unavailable. -|Valid values -a|dbms.routing.driver.connection.pool.acquisition_timeout, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++1m+++ -|=== - -[[config_dbms.routing.driver.connection.pool.idle_test]] -.dbms.routing.driver.connection.pool.idle_test -[cols="<1s,<4"] -|=== -|Description -a|Pooled connections that have been idle in the pool for longer than this timeout will be tested before they are used again, to ensure they are still alive. -If this option is set too low, an additional network call will be incurred when acquiring a connection, which causes a performance hit. -If this is set high, no longer live connections might be used which might lead to errors. -Hence, this parameter tunes a balance between the likelihood of experiencing connection problems and performance -Normally, this parameter should not need tuning. -Value 0 means connections will always be tested for validity. -|Valid values -a|dbms.routing.driver.connection.pool.idle_test, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|No connection liveliness check is done by default. -|=== - -[[config_dbms.routing.driver.connection.pool.max_size]] -.dbms.routing.driver.connection.pool.max_size -[cols="<1s,<4"] -|=== -|Description -a|Maximum total number of connections to be managed by a connection pool. -The limit is enforced for a combination of a host and user. Negative values are allowed and result in unlimited pool. Value of 0is not allowed. -|Valid values -a|dbms.routing.driver.connection.pool.max_size, an integer -|Default value -m|Unlimited -|=== - -[[config_dbms.routing.driver.logging.level]] -.dbms.routing.driver.logging.level -[cols="<1s,<4"] -|=== -|Description -a|Sets level for driver internal logging. -|Valid values -a|dbms.routing.driver.logging.level, one of [DEBUG, INFO, WARN, ERROR, NONE] -|Default value -m|+++INFO+++ -|=== - -[[config_dbms.routing.enabled]] -.dbms.routing.enabled -[cols="<1s,<4"] -|=== -|Description -a|Enable server-side routing in clusters using an additional bolt connector. -When configured, this allows requests to be forwarded from one cluster member to another, if the requests can't be satisfied by the first member (e.g. write requests received by a non-leader). -|Valid values -a|dbms.routing.enabled, a boolean -|Default value -m|+++true+++ -|=== - -[[config_dbms.routing.load_balancing.plugin]] -.dbms.routing.load_balancing.plugin -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The load balancing plugin to use. -|Valid values -a|dbms.routing.load_balancing.plugin, a string which specified load balancer plugin exist. -|Default value -m|+++server_policies+++ -|=== - -[[config_dbms.routing.load_balancing.shuffle_enabled]] -.dbms.routing.load_balancing.shuffle_enabled -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Enables shuffling of the returned load balancing result. -|Valid values -a|dbms.routing.load_balancing.shuffle_enabled, a boolean -|Default value -m|+++true+++ -|=== - -[[config_dbms.routing.reads_on_primaries_enabled]] -.dbms.routing.reads_on_primaries_enabled -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Configure if the `dbms.routing.getRoutingTable()` procedure should include non-writer primaries as read endpoints or return only secondaries. Note: if there are no secondaries for the given database primaries are returned as read end points regardless the value of this setting. Defaults to true so that non-writer primaries are available for read-only queries in a typical heterogeneous setup. -|Valid values -a|dbms.routing.reads_on_primaries_enabled, a boolean -|Default value -m|+++true+++ -|=== - -[[config_dbms.routing.reads_on_writers_enabled]] -.dbms.routing.reads_on_writers_enabled -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Configure if the `dbms.routing.getRoutingTable()` procedure should include the writer as read endpoint or return only non-writers (non writer primaries and secondaries) Note: writer is returned as read endpoint if no other member is present all. -|Valid values -a|dbms.routing.reads_on_writers_enabled, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_dbms.routing_ttl]] -.dbms.routing_ttl -[cols="<1s,<4"] -|=== -|Description -a|How long callers should cache the response of the routing procedure `dbms.routing.getRoutingTable()` -|Valid values -a|dbms.routing_ttl, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) which is minimum `1s` -|Default value -m|+++5m+++ -|=== - -[[config_dbms.security.allow_csv_import_from_file_urls]] -.dbms.security.allow_csv_import_from_file_urls -[cols="<1s,<4"] -|=== -|Description -a|Determines if Cypher will allow using file URLs when loading data using `LOAD CSV`. Setting this value to `false` will cause Neo4j to fail `LOAD CSV` clauses that load data from the file system. -|Valid values -a|dbms.security.allow_csv_import_from_file_urls, a boolean -|Default value -m|+++true+++ -|=== - -[[config_dbms.security.auth_cache_max_capacity]] -.dbms.security.auth_cache_max_capacity -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The maximum capacity for authentication and authorization caches (respectively). -|Valid values -a|dbms.security.auth_cache_max_capacity, an integer -|Default value -m|+++10000+++ -|=== - -[[config_dbms.security.auth_cache_ttl]] -.dbms.security.auth_cache_ttl -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The time to live (TTL) for cached authentication and authorization info when using external auth providers (LDAP or plugin). Setting the TTL to 0 will disable auth caching. Disabling caching while using the LDAP auth provider requires the use of an LDAP system account for resolving authorization information. -|Valid values -a|dbms.security.auth_cache_ttl, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++10m+++ -|=== - -[[config_dbms.security.auth_cache_use_ttl]] -.dbms.security.auth_cache_use_ttl -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Enable time-based eviction of the authentication and authorization info cache for external auth providers (LDAP or plugin). Disabling this setting will make the cache live forever and only be evicted when `<>` is exceeded. -|Valid values -a|dbms.security.auth_cache_use_ttl, a boolean -|Default value -m|+++true+++ -|=== - -[[config_dbms.security.auth_enabled]] -.dbms.security.auth_enabled -[cols="<1s,<4"] -|=== -|Description -a|Enable auth requirement to access Neo4j. -|Valid values -a|dbms.security.auth_enabled, a boolean -|Default value -m|true -|=== - -[[config_config_dbms.security.auth_minimum_password_length]] -.dbms.security.auth_minimum_password_length -[cols="<1s,<4"] -|=== -|Description -a|label:version-number[Neo4j v5.3]The minimum number of characters required in a password. -|Valid values -a|dbms.security.auth_minimum_password_length, an integer -|Default value -m|+++8+++ -|=== - -[[config_dbms.security.auth_lock_time]] -.dbms.security.auth_lock_time -[cols="<1s,<4"] -|=== -|Description -a|The amount of time user account should be locked after a configured number of unsuccessful authentication attempts. The locked out user will not be able to log in until the lock period expires, even if correct credentials are provided. Setting this configuration option to a low value is not recommended because it might make it easier for an attacker to brute force the password. -|Valid values -a|dbms.security.auth_lock_time, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) which is minimum `0s` -|Default value -m|+++5s+++ -|=== - -[[config_dbms.security.auth_max_failed_attempts]] -.dbms.security.auth_max_failed_attempts -[cols="<1s,<4"] -|=== -|Description -a|The maximum number of unsuccessful authentication attempts before imposing a user lock for the configured amount of time, as defined by `<>`.The locked out user will not be able to log in until the lock period expires, even if correct credentials are provided. Setting this configuration option to values less than 3 is not recommended because it might make it easier for an attacker to brute force the password. -|Valid values -a|dbms.security.auth_max_failed_attempts, an integer which is minimum `0` -|Default value -m|+++3+++ -|=== - -[[config_dbms.security.authentication_providers]] -.dbms.security.authentication_providers -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]A list of security authentication providers containing the users and roles. This can be any of the built-in `native` or `ldap` providers, or it can be an externally provided plugin, with a custom name prefixed by `plugin-`, i.e. `plugin-`. They will be queried in the given order when login is attempted. -|Valid values -a|dbms.security.authentication_providers, a ',' separated list with elements of type 'a string'. -|Default value -m|+++native+++ -|=== - -[[config_dbms.security.authorization_providers]] -.dbms.security.authorization_providers -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]A list of security authorization providers containing the users and roles. This can be any of the built-in `native` or `ldap` providers, or it can be an externally provided plugin, with a custom name prefixed by `plugin-`, i.e. `plugin-`. They will be queried in the given order when login is attempted. -|Valid values -a|dbms.security.authorization_providers, a ',' separated list with elements of type 'a string'. -|Default value -m|+++native+++ -|=== - -[[config_dbms.security.cluster_status_auth_enabled]] -.dbms.security.cluster_status_auth_enabled -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Require authorization for access to the Causal Clustering status endpoints. -|Valid values -a|dbms.security.cluster_status_auth_enabled, a boolean -|Default value -m|+++true+++ -|=== - -[[config_dbms.security.http_access_control_allow_origin]] -.dbms.security.http_access_control_allow_origin -[cols="<1s,<4"] -|=== -|Description -a|Value of the Access-Control-Allow-Origin header sent over any HTTP or HTTPS connector. This defaults to '*', which allows broadest compatibility. Note that any URI provided here limits HTTP/HTTPS access to that URI only. -|Valid values -a|dbms.security.http_access_control_allow_origin, a string -|Default value -m|+++*+++ -|=== - -[[config_dbms.security.http_auth_allowlist]] -.dbms.security.http_auth_allowlist -[cols="<1s,<4"] -|=== -|Description -a|Defines an allowlist of http paths where Neo4j authentication is not required. -|Valid values -a|dbms.security.http_auth_allowlist, a ',' separated list with elements of type 'a string'. -|Default value -m|+++/,/browser.*+++ -|=== - -[[config_dbms.security.http_strict_transport_security]] -.dbms.security.http_strict_transport_security -[cols="<1s,<4"] -|=== -|Description -a|Value of the HTTP Strict-Transport-Security (HSTS) response header. This header tells browsers that a webpage should only be accessed using HTTPS instead of HTTP. It is attached to every HTTPS response. Setting is not set by default so 'Strict-Transport-Security' header is not sent. Value is expected to contain directives like 'max-age', 'includeSubDomains' and 'preload'. -|Valid values -a|dbms.security.http_strict_transport_security, a string -|=== - -[[config_dbms.security.key.name]] -.dbms.security.key.name -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Name of the 256 length AES encryption key, which is used for the symmetric encryption. -|Valid values -a|dbms.security.key.name, a string -|Dynamic a|true -|Default value -m|+++aesKey+++ -|=== - -[[config_dbms.security.keystore.password]] -.dbms.security.keystore.password -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Password for accessing the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption. -|Valid values -a|dbms.security.keystore.password, a secure string -|Dynamic a|true -|=== - -[[config_dbms.security.keystore.path]] -.dbms.security.keystore.path -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Location of the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption of secrets held in system database. -|Valid values -a|dbms.security.keystore.path, a path -|Dynamic a|true -|=== - -[[config_dbms.security.ldap.authentication.attribute]] -.dbms.security.ldap.authentication.attribute -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The attribute to use when looking up users. -Using this setting requires `<>` to be true and thus `<>` and `<>` to be configured. -|Valid values -a|dbms.security.ldap.authentication.attribute, a string which matches the pattern `[A-Za-z0-9-]*` (has to be a valid LDAP attribute name, only containing letters [A-Za-z], digits [0-9] and hyphens [-].) -|Dynamic a|true -|Default value -m|+++samaccountname+++ -|=== - -[[config_dbms.security.ldap.authentication.cache_enabled]] -.dbms.security.ldap.authentication.cache_enabled -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Determines if the result of authentication via the LDAP server should be cached or not. Caching is used to limit the number of LDAP requests that have to be made over the network for users that have already been authenticated successfully. A user can be authenticated against an existing cache entry (instead of via an LDAP server) as long as it is alive (see `<>`). -An important consequence of setting this to `true` is that Neo4j then needs to cache a hashed version of the credentials in order to perform credentials matching. This hashing is done using a cryptographic hash function together with a random salt. Preferably a conscious decision should be made if this method is considered acceptable by the security standards of the organization in which this Neo4j instance is deployed. -|Valid values -a|dbms.security.ldap.authentication.cache_enabled, a boolean -|Default value -m|+++true+++ -|=== - -[[config_dbms.security.ldap.authentication.mechanism]] -.dbms.security.ldap.authentication.mechanism -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]LDAP authentication mechanism. This is one of `simple` or a SASL mechanism supported by JNDI, for example `DIGEST-MD5`. `simple` is basic username and password authentication and SASL is used for more advanced mechanisms. See RFC 2251 LDAPv3 documentation for more details. -|Valid values -a|dbms.security.ldap.authentication.mechanism, a string -|Default value -m|+++simple+++ -|=== - -[[config_dbms.security.ldap.authentication.search_for_attribute]] -.dbms.security.ldap.authentication.search_for_attribute -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Perform authentication by searching for an unique attribute of a user. -Using this setting requires `<>` and `<>` to be configured. -|Valid values -a|dbms.security.ldap.authentication.search_for_attribute, a boolean -|Default value -m|+++false+++ -|=== - -[[config_dbms.security.ldap.authentication.user_dn_template]] -.dbms.security.ldap.authentication.user_dn_template -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]LDAP user DN template. An LDAP object is referenced by its distinguished name (DN), and a user DN is an LDAP fully-qualified unique user identifier. This setting is used to generate an LDAP DN that conforms with the LDAP directory's schema from the user principal that is submitted with the authentication token when logging in. The special token {0} is a placeholder where the user principal will be substituted into the DN string. -|Valid values -a|dbms.security.ldap.authentication.user_dn_template, a string which Must be a string containing '{0}' to understand where to insert the runtime authentication principal. -|Dynamic a|true -|Default value -m|+++uid={0},ou=users,dc=example,dc=com+++ -|=== - -[[config_dbms.security.ldap.authorization.access_permitted_group]] -.dbms.security.ldap.authorization.access_permitted_group -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The LDAP group to which a user must belong to get any access to the system.Set this to restrict access to a subset of LDAP users belonging to a particular group. If this is not set, any user to successfully authenticate via LDAP will have access to the PUBLIC role and any other roles assigned to them via <>. -|Valid values -a|dbms.security.ldap.authorization.access_permitted_group, a string -|Dynamic a|true -|Default value -m|++++++ -|=== - -[[config_dbms.security.ldap.authorization.group_membership_attributes]] -.dbms.security.ldap.authorization.group_membership_attributes -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]A list of attribute names on a user object that contains groups to be used for mapping to roles when LDAP authorization is enabled. This setting is ignored when `dbms.ldap_authorization_nested_groups_enabled` is `true`. -|Valid values -a|dbms.security.ldap.authorization.group_membership_attributes, a ',' separated list with elements of type 'a string'. which Can not be empty -|Dynamic a|true -|Default value -m|+++memberOf+++ -|=== - -[[config_dbms.security.ldap.authorization.group_to_role_mapping]] -.dbms.security.ldap.authorization.group_to_role_mapping -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]An authorization mapping from LDAP group names to Neo4j role names. The map should be formatted as a semicolon separated list of key-value pairs, where the key is the LDAP group name and the value is a comma separated list of corresponding role names. For example: group1=role1;group2=role2;group3=role3,role4,role5 -You could also use whitespaces and quotes around group names to make this mapping more readable, for example: ----- -`dbms.security.ldap.authorization.group_to_role_mapping`=\ - "cn=Neo4j Read Only,cn=users,dc=example,dc=com" = reader; \ - "cn=Neo4j Read-Write,cn=users,dc=example,dc=com" = publisher; \ - "cn=Neo4j Schema Manager,cn=users,dc=example,dc=com" = architect; \ - "cn=Neo4j Administrator,cn=users,dc=example,dc=com" = admin ----- -|Valid values -a|dbms.security.ldap.authorization.group_to_role_mapping, a string which must be semicolon separated list of key-value pairs or empty -|Dynamic a|true -|Default value -m|++++++ -|=== - -[[config_dbms.security.ldap.authorization.nested_groups_enabled]] -.dbms.security.ldap.authorization.nested_groups_enabled -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]This setting determines whether multiple LDAP search results will be processed (as is required for the lookup of nested groups). If set to `true` then instead of using attributes on the user object to determine group membership (as specified by `<>`), the `user` object will only be used to determine the user's Distinguished Name, which will subsequently be used with `<>` in order to perform a nested group search. The Distinguished Names of the resultant group search results will be used to determine roles. -|Valid values -a|dbms.security.ldap.authorization.nested_groups_enabled, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_dbms.security.ldap.authorization.nested_groups_search_filter]] -.dbms.security.ldap.authorization.nested_groups_search_filter -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The search template which will be used to find the nested groups which the user is a member of. The filter should contain the placeholder token `{0}` which will be substituted with the user's Distinguished Name (which is found for the specified user principle using `<>`). The default value specifies Active Directory's LDAP_MATCHING_RULE_IN_CHAIN (aka 1.2.840.113556.1.4.1941) implementation which will walk the ancestry of group membership for the specified user. -|Valid values -a|dbms.security.ldap.authorization.nested_groups_search_filter, a string -|Dynamic a|true -|Default value -m|+++(&(objectclass=group)(member:1.2.840.113556.1.4.1941:={0}))+++ -|=== - -[[config_dbms.security.ldap.authorization.system_password]] -.dbms.security.ldap.authorization.system_password -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]An LDAP system account password to use for authorization searches when `<>` is `true`. -|Valid values -a|dbms.security.ldap.authorization.system_password, a secure string -|=== - -[[config_dbms.security.ldap.authorization.system_username]] -.dbms.security.ldap.authorization.system_username -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]An LDAP system account username to use for authorization searches when `<>` is `true`. Note that the `<>` will not be applied to this username, so you may have to specify a full DN. -|Valid values -a|dbms.security.ldap.authorization.system_username, a string -|=== - -[[config_dbms.security.ldap.authorization.use_system_account]] -.dbms.security.ldap.authorization.use_system_account -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Perform LDAP search for authorization info using a system account instead of the user's own account. -If this is set to `false` (default), the search for group membership will be performed directly after authentication using the LDAP context bound with the user's own account. The mapped roles will be cached for the duration of `<>`, and then expire, requiring re-authentication. To avoid frequently having to re-authenticate sessions you may want to set a relatively long auth cache expiration time together with this option. NOTE: This option will only work if the users are permitted to search for their own group membership attributes in the directory. -If this is set to `true`, the search will be performed using a special system account user with read access to all the users in the directory. You need to specify the username and password using the settings `<>` and `<>` with this option. Note that this account only needs read access to the relevant parts of the LDAP directory and does not need to have access rights to Neo4j, or any other systems. -|Valid values -a|dbms.security.ldap.authorization.use_system_account, a boolean -|Default value -m|+++false+++ -|=== - -[[config_dbms.security.ldap.authorization.user_search_base]] -.dbms.security.ldap.authorization.user_search_base -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The name of the base object or named context to search for user objects when LDAP authorization is enabled. A common case is that this matches the last part of `<>`. -|Valid values -a|dbms.security.ldap.authorization.user_search_base, a string which Can not be empty -|Dynamic a|true -|Default value -m|+++ou=users,dc=example,dc=com+++ -|=== - -[[config_dbms.security.ldap.authorization.user_search_filter]] -.dbms.security.ldap.authorization.user_search_filter -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The LDAP search filter to search for a user principal when LDAP authorization is enabled. The filter should contain the placeholder token {0} which will be substituted for the user principal. -|Valid values -a|dbms.security.ldap.authorization.user_search_filter, a string -|Dynamic a|true -|Default value -m|+++(&(objectClass=*)(uid={0}))+++ -|=== - -[[config_dbms.security.ldap.connection_timeout]] -.dbms.security.ldap.connection_timeout -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The timeout for establishing an LDAP connection. If a connection with the LDAP server cannot be established within the given time the attempt is aborted. A value of 0 means to use the network protocol's (i.e., TCP's) timeout value. -|Valid values -a|dbms.security.ldap.connection_timeout, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++30s+++ -|=== - -[[config_dbms.security.ldap.host]] -.dbms.security.ldap.host -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]URL of LDAP server to use for authentication and authorization. The format of the setting is `://:`, where hostname is the only required field. The supported values for protocol are `ldap` (default) and `ldaps`. The default port for `ldap` is 389 and for `ldaps` 636. For example: `ldaps://ldap.example.com:10389`. -You may want to consider using STARTTLS (`<>`) instead of LDAPS for secure connections, in which case the correct protocol is `ldap`. -|Valid values -a|dbms.security.ldap.host, a string -|Default value -m|+++localhost+++ -|=== - -[[config_dbms.security.ldap.read_timeout]] -.dbms.security.ldap.read_timeout -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The timeout for an LDAP read request (i.e. search). If the LDAP server does not respond within the given time the request will be aborted. A value of 0 means wait for a response indefinitely. -|Valid values -a|dbms.security.ldap.read_timeout, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++30s+++ -|=== - -[[config_dbms.security.ldap.referral]] -.dbms.security.ldap.referral -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The LDAP referral behavior when creating a connection. This is one of `follow`, `ignore` or `throw`. -* `follow` automatically follows any referrals -* `ignore` ignores any referrals -* `throw` throws an exception, which will lead to authentication failure. -|Valid values -a|dbms.security.ldap.referral, a string -|Default value -m|+++follow+++ -|=== - -[[config_dbms.security.ldap.use_starttls]] -.dbms.security.ldap.use_starttls -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Use secure communication with the LDAP server using opportunistic TLS. First an initial insecure connection will be made with the LDAP server, and a STARTTLS command will be issued to negotiate an upgrade of the connection to TLS before initiating authentication. -|Valid values -a|dbms.security.ldap.use_starttls, a boolean -|Default value -m|+++false+++ -|=== - -[[config_dbms.security.log_successful_authentication]] -.dbms.security.log_successful_authentication -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Set to log successful authentication events to the security log. If this is set to `false` only failed authentication events will be logged, which could be useful if you find that the successful events spam the logs too much, and you do not require full auditing capability. -|Valid values -a|dbms.security.log_successful_authentication, a boolean -|Default value -m|+++true+++ -|=== - -[[config_dbms.security.oidc.-provider-.audience]] -.dbms.security.oidc..audience -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Expected values of the Audience (aud) claim in the id token. -|Valid values -a|dbms.security.oidc..audience, a ',' separated list with elements of type 'a string'. which Can not be empty -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.auth_endpoint]] -.dbms.security.oidc..auth_endpoint -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The OIDC authorization endpoint. If this is not supplied Neo4j will attempt to discover it from the well_known_discovery_uri. -|Valid values -a|dbms.security.oidc..auth_endpoint, a URI -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.auth_flow]] -.dbms.security.oidc..auth_flow -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The OIDC flow to use. This is exposed to clients via the discovery endpoint. Supported values are `pkce` and `implicit` -|Valid values -a|dbms.security.oidc..auth_flow, one of [PKCE, IMPLICIT] -|Dynamic a|true -|Default value -m|+++PKCE+++ -|=== - -[[config_dbms.security.oidc.-provider-.auth_params]] -.dbms.security.oidc..auth_params -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Optional additional parameters that the auth endpoint requires. Please use params instead. The map is a semicolon separated list of key-value pairs. For example: `k1=v1;k2=v2`. -|Valid values -a|dbms.security.oidc..auth_params, A simple key value map pattern `k1=v1;k2=v2`. -|Dynamic a|true -|Default value -m|+++{}+++ -|Deprecated -a|The `dbms.security.oidc..auth_params` configuration setting has been deprecated. -|=== - -[[config_dbms.security.oidc.-provider-.authorization.group_to_role_mapping]] -.dbms.security.oidc..authorization.group_to_role_mapping -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]An authorization mapping from IdP group names to Neo4j role names. The map should be formatted as a semicolon separated list of key-value pairs, where the key is the IdP group name and the value is a comma separated list of corresponding role names. For example: group1=role1;group2=role2;group3=role3,role4,role5 -You could also use whitespaces and quotes around group names to make this mapping more readable, for example: ----- -dbms.security.oidc..authorization.group_to_role_mapping=\ - "Neo4j Read Only" = reader; \ - "Neo4j Read-Write" = publisher; \ - "Neo4j Schema Manager" = architect; \ - "Neo4j Administrator" = admin ----- -|Valid values -a|dbms.security.oidc..authorization.group_to_role_mapping, a string which must be semicolon separated list of key-value pairs or empty -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.claims.groups]] -.dbms.security.oidc..claims.groups -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The claim to use as the list of groups in Neo4j. These could be Neo4J roles directly, or can be mapped using dbms.security.oidc..authorization.group_to_role_mapping. -|Valid values -a|dbms.security.oidc..claims.groups, a string -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.claims.username]] -.dbms.security.oidc..claims.username -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The claim to use as the username in Neo4j. This would typically be sub, but in some situations it may be be desirable to use something else such as email. -|Valid values -a|dbms.security.oidc..claims.username, a string -|Dynamic a|true -|Default value -m|+++sub+++ -|=== - -[[config_dbms.security.oidc.-provider-.client_id]] -.dbms.security.oidc..client_id -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Client id needed if token contains multiple Audience (aud) claims. -|Valid values -a|dbms.security.oidc..client_id, a string -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.config]] -.dbms.security.oidc..config -[cols="<1s,<4a"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The accepted values (all optional) are: - -* `principal`: in which JWT claim the user's email address is specified, email is the default. This is the value that will be shown in browser. -* `code_challenge_method`: default is `S256` and it's the only supported method at this moment. This setting applies only for pkce auth flow -* `token_type_principal`: the options are almost always either `access_token`, which is the default, or `id_token`. -* `token_type_authentication`: the options are almost always either `access_token`, which is the default, or `id_token`. -* `implicit_flow_requires_nonce`: true or false. Defaults to false. - -|Valid values -a|dbms.security.oidc..config, A simple key value map pattern `k1=v1;k2=v2`. Valid key options are: `[implicit_flow_requires_nonce, token_type_authentication, token_type_principal, principal, code_challenge_method]`. -|Dynamic a|true -|Default value -m|+++{}+++ -|=== - -[[config_dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled]] -.dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled -[cols="<1s,<4"] -|=== -|Description -a|When set to `true`, it logs the claims from the JWT. This will only take effect when the security log level is set to `DEBUG`. + -WARNING: It is strongly advised that this is set to `false` when running in a production environment in order to prevent logging of sensitive information. Also note that the contents of the JWT claims set can change over time because they are dependent entirely upon the ID provider. -|Valid values -a|dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled, a boolean -|Default value -m|+++false+++ -|=== - - -[[config_dbms.security.oidc.-provider-.display_name]] -.dbms.security.oidc..display_name -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The user-facing name of the provider as provided by the discovery endpoint to clients (Bloom, Browser etc.). -|Valid values -a|dbms.security.oidc..display_name, a string -|=== - -[[config_dbms.security.oidc.-provider-.get_groups_from_user_info]] -.dbms.security.oidc..get_groups_from_user_info -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]When turned on, Neo4j gets the groups from the provider user info endpoint. -|Valid values -a|dbms.security.oidc..get_groups_from_user_info, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_dbms.security.oidc.-provider-.get_username_from_user_info]] -.dbms.security.oidc..get_username_from_user_info -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]When turned on, Neo4j gets the username from the provider user info endpoint. -|Valid values -a|dbms.security.oidc..get_username_from_user_info, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_dbms.security.oidc.-provider-.issuer]] -.dbms.security.oidc..issuer -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The expected value of the iss claim in the id token. If this is not supplied Neo4j will attempt to discover it from the well_known_discovery_uri. -|Valid values -a|dbms.security.oidc..issuer, a string -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.jwks_uri]] -.dbms.security.oidc..jwks_uri -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The location of the JWK public key set for the identity provider. If this is not supplied Neo4j will attempt to discover it from the well_known_discovery_uri. -|Valid values -a|dbms.security.oidc..jwks_uri, a URI -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.params]] -.dbms.security.oidc..params -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The map is a semicolon separated list of key-value pairs. For example: `k1=v1;k2=v2`. -The user should at least provide: ----- - client_id: the SSO Idp client idenfifier. - response_type: code if auth_flow is pkce or token for implicit auth_flow. - scope: often containing a subset of 'email profile openid groups'. ----- -For example: `client_id=my-client-id;response_type=code;scope=openid profile email`. -|Valid values -a|dbms.security.oidc..params, A simple key value map pattern `k1=v1;k2=v2`. Required key options are: `[scope, client_id, response_type]`. -|Dynamic a|true -|Default value -m|+++{}+++ -|=== - -[[config_dbms.security.oidc.-provider-.token_endpoint]] -.dbms.security.oidc..token_endpoint -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The OIDC token endpoint. If this is not supplied Neo4j will attempt to discover it from the well_known_discovery_uri. -|Valid values -a|dbms.security.oidc..token_endpoint, a URI -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.token_params]] -.dbms.security.oidc..token_params -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Optional query parameters that the token endpoint requires. The map is a semicolon separated list of key-value pairs. For example: `k1=v1;k2=v2`.If the token endpoint requires a client_secret then this parameter should contain `client_secret=super-secret` -|Valid values -a|dbms.security.oidc..token_params, A simple key value map pattern `k1=v1;k2=v2`. -|Dynamic a|true -|Default value -m|+++{}+++ -|=== - -[[config_dbms.security.oidc.-provider-.user_info_uri]] -.dbms.security.oidc..user_info_uri -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The identity providers user info uri. -|Valid values -a|dbms.security.oidc..user_info_uri, a URI -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.well_known_discovery_uri]] -.dbms.security.oidc..well_known_discovery_uri -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The 'well known' OpenID Connect Discovery endpoint used to fetch identity provider settings. If not provided, `issuer`, `jwks_uri`, `auth_endpoint` should be present. If the auth_flow is pkce, `token_endpoint` should also be provided. -|Valid values -a|dbms.security.oidc..well_known_discovery_uri, a URI -|Dynamic a|true -|=== - -[[config_dbms.security.procedures.allowlist]] -.dbms.security.procedures.allowlist -[cols="<1s,<4"] -|=== -|Description -a|A list of procedures (comma separated) that are to be loaded. The list may contain both fully-qualified procedure names, and partial names with the wildcard '*'. If this setting is left empty no procedures will be loaded. -|Valid values -a|dbms.security.procedures.allowlist, a ',' separated list with elements of type 'a string'. -|Default value -m|+++*+++ -|=== - -[[config_dbms.security.procedures.unrestricted]] -.dbms.security.procedures.unrestricted -[cols="<1s,<4"] -|=== -|Description -a|A list of procedures and user defined functions (comma separated) that are allowed full access to the database. The list may contain both fully-qualified procedure names, and partial names with the wildcard '*'. Note that this enables these procedures to bypass security. Use with caution. -|Valid values -a|dbms.security.procedures.unrestricted, a ',' separated list with elements of type 'a string'. -|Default value -m|++++++ -|=== - -[[config_initial.dbms.database_allocator]] -.initial.dbms.database_allocator -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Name of the initial database allocator. After the creation of the dbms it can be set with the 'dbms.setDatabaseAllocator' procedure. -|Valid values -a|initial.dbms.database_allocator, a string -|Default value -m|+++EQUAL_NUMBERS+++ -|=== - -[[config_initial.dbms.default_database]] -.initial.dbms.default_database -[cols="<1s,<4"] -|=== -|Description -a|Name of the default database (aliases are not supported). + -[NOTE] -==== -This setting is not the same as `dbms.default_database`, which was used to set the default database in Neo4j 4.x and earlier versions. - -The `initial.dbms.default_database` setting is meant to set the default database *before* the creation of the DBMS. -Once it is created, the setting is not valid anymore. - -To set the default database, use the xref:/clustering/databases.adoc#cluster-default-database[`dbms.setDefaultDatabase()`] procedure instead. -==== -|Valid values -a|initial.dbms.default_database, A valid database name containing only alphabetic characters, numbers, dots and dashes with a length between 3 and 63 characters, starting with an alphabetic character but not with the name 'system' -|Default value -m|+++neo4j+++ -|=== - -[[config_initial.dbms.default_primaries_count]] -.initial.dbms.default_primaries_count -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Initial default number of primary instances of user databases. If the user does not specify the number of primaries in 'CREATE DATABASE', this value will be used, unless it is overwritten with the 'dbms.setDefaultAllocationNumbers' procedure. -|Valid values -a|initial.dbms.default_primaries_count, an integer which is minimum `1` and is maximum `11`. -The same value applies to runtime max number. -|Default value -m|+++1+++ -|=== - -[[config_initial.dbms.default_secondaries_count]] -.initial.dbms.default_secondaries_count -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Initial default number of secondary instances of user databases. If the user does not specify the number of secondaries in 'CREATE DATABASE', this value will be used, unless it is overwritten with the 'dbms.setDefaultAllocationNumbers' procedure. -|Valid values -a|initial.dbms.default_secondaries_count, an integer which is minimum `0` and is maximum `20`. -The same value applies to runtime max number. -|Default value -m|+++0+++ -|=== - -[[config_initial.server.allowed_databases]] -.initial.server.allowed_databases -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The names of databases that are allowed on this server - all others are denied. Empty means all are allowed. Can be overridden when enabling the server, or altered at runtime, without changing this setting. Exclusive with 'server.initial_denied_databases' -|Valid values -a|initial.server.allowed_databases, a ',' separated set with elements of type 'a string'. -|Default value -m|++++++ -|=== - -[[config_initial.server.denied_databases]] -.initial.server.denied_databases -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The names of databases that are not allowed on this server. Empty means nothing is denied. Can be overridden when enabling the server, or altered at runtime, without changing this setting. Exclusive with 'server.initial_allowed_databases' -|Valid values -a|initial.server.denied_databases, a ',' separated set with elements of type 'a string'. -|Default value -m|++++++ -|=== - -[[config_initial.server.mode_constraint]] -.initial.server.mode_constraint -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]An instance can restrict itself to allow databases to be hosted only as primaries or secondaries. This setting is the default input for the `ENABLE SERVER` command - the user can overwrite it when executing the procedure. -|Valid values -a|initial.server.mode_constraint, one of [PRIMARY, SECONDARY, NONE] -|Default value -m|+++NONE+++ -|=== - -[[config_server.backup.enabled]] -.server.backup.enabled -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Enable support for running online backups. -|Valid values -a|server.backup.enabled, a boolean -|Default value -m|+++true+++ -|=== - -[[config_server.backup.listen_address]] -.server.backup.listen_address -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Network interface and port for the backup server to listen on. -|Valid values -a|server.backup.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port' -|Default value -m|+++127.0.0.1:6362+++ -|=== - -[[config_server.backup.store_copy_max_retry_time_per_request]] -.server.backup.store_copy_max_retry_time_per_request -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Maximum retry time per request during store copy. Regular store files and indexes are downloaded in separate requests during store copy. This configures the maximum time failed requests are allowed to resend. -|Valid values -a|server.backup.store_copy_max_retry_time_per_request, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++20m+++ -|=== - -[[config_server.bolt.advertised_address]] -.server.bolt.advertised_address -[cols="<1s,<4"] -|=== -|Description -a|Advertised address for this connector. -|Valid values -a|server.bolt.advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address -|Default value -m|+++:7687+++ -|=== - -[[config_server.bolt.connection_keep_alive]] -.server.bolt.connection_keep_alive -[cols="<1s,<4"] -|=== -|Description -a|The maximum time to wait before sending a NOOP on connections waiting for responses from active ongoing queries.The minimum value is 1 millisecond. -|Valid values -a|server.bolt.connection_keep_alive, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) which is minimum `1ms` -|Default value -m|1m -|=== - -[[config_server.bolt.connection_keep_alive_for_requests]] -.server.bolt.connection_keep_alive_for_requests -[cols="<1s,<4"] -|=== -|Description -a|The type of messages to enable keep-alive messages for (ALL, STREAMING or OFF) -|Valid values -a|server.bolt.connection_keep_alive_for_requests, one of [ALL, STREAMING, OFF] -|Default value -m|STREAMING -|=== - -[[config_server.bolt.connection_keep_alive_probes]] -.server.bolt.connection_keep_alive_probes -[cols="<1s,<4"] -|=== -|Description -a|The total amount of probes to be missed before a connection is considered stale.The minimum for this value is 1. -|Valid values -a|server.bolt.connection_keep_alive_probes, an integer which is minimum `1` -|Default value -m|2 -|=== - -[[config_server.bolt.connection_keep_alive_streaming_scheduling_interval]] -.server.bolt.connection_keep_alive_streaming_scheduling_interval -[cols="<1s,<4"] -|=== -|Description -a|The interval between every scheduled keep-alive check on all connections with active queries. Zero duration turns off keep-alive service. -|Valid values -a|server.bolt.connection_keep_alive_streaming_scheduling_interval, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) which is minimum `0s` -|Default value -m|1m -|=== - -[[config_server.bolt.enabled]] -.server.bolt.enabled -[cols="<1s,<4"] -|=== -|Description -a|Enable the bolt connector. -|Valid values -a|server.bolt.enabled, a boolean -|Default value -m|true -|=== - -[[config_server.bolt.listen_address]] -.server.bolt.listen_address -[cols="<1s,<4"] -|=== -|Description -a|Address the connector should bind to. -|Valid values -a|server.bolt.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address -|Default value -m|+++:7687+++ -|=== - -[[config_server.bolt.ocsp_stapling_enabled]] -.server.bolt.ocsp_stapling_enabled -[cols="<1s,<4"] -|=== -|Description -a|Enable server OCSP stapling for bolt and http connectors. -|Valid values -a|server.bolt.ocsp_stapling_enabled, a boolean -|Default value -m|false -|=== - -[[config_server.bolt.thread_pool_keep_alive]] -.server.bolt.thread_pool_keep_alive -[cols="<1s,<4"] -|=== -|Description -a|The maximum time an idle thread in the thread pool bound to this connector will wait for new tasks. -|Valid values -a|server.bolt.thread_pool_keep_alive, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++5m+++ -|=== - -[[config_server.bolt.thread_pool_max_size]] -.server.bolt.thread_pool_max_size -[cols="<1s,<4"] -|=== -|Description -a|The maximum number of threads allowed in the thread pool bound to this connector. -|Valid values -a|server.bolt.thread_pool_max_size, an integer -|Default value -m|+++400+++ -|=== - -[[config_server.bolt.thread_pool_min_size]] -.server.bolt.thread_pool_min_size -[cols="<1s,<4"] -|=== -|Description -a|The number of threads to keep in the thread pool bound to this connector, even if they are idle. -|Valid values -a|server.bolt.thread_pool_min_size, an integer -|Default value -m|+++5+++ -|=== - -[[config_server.bolt.tls_level]] -.server.bolt.tls_level -[cols="<1s,<4"] -|=== -|Description -a|Encryption level to require this connector to use. -|Valid values -a|server.bolt.tls_level, one of [REQUIRED, OPTIONAL, DISABLED] -|Default value -m|+++DISABLED+++ -|=== - -[[config_server.cluster.advertised_address]] -.server.cluster.advertised_address -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Advertised hostname/IP address and port for the transaction shipping server. -|Valid values -a|server.cluster.advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address -|Default value -m|+++:6000+++ -|=== - -[[config_server.cluster.catchup.connect_randomly_to_server_group]] -.server.cluster.catchup.connect_randomly_to_server_group -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Comma separated list of groups to be used by the connect-randomly-to-server-group selection strategy. The connect-randomly-to-server-group strategy is used if the list of strategies (`<>`) includes the value `connect-randomly-to-server-group`. -|Valid values -a|server.cluster.catchup.connect_randomly_to_server_group, a ',' separated list with elements of type 'a string identifying a Server Tag'. -|Dynamic a|true -|Default value -m|++++++ -|=== - -[[config_server.cluster.catchup.upstream_strategy]] -.server.cluster.catchup.upstream_strategy -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]An ordered list in descending preference of the strategy which secondaries use to choose the upstream server from which to pull transactional updates. If none are valid or the list is empty, there is a default strategy of `typically-connect-to-random-secondary`. -|Valid values -a|server.cluster.catchup.upstream_strategy, a ',' separated list with elements of type 'a string'. -|Default value -m|++++++ -|=== - -[[config_server.cluster.catchup.user_defined_upstream_strategy]] -.server.cluster.catchup.user_defined_upstream_strategy -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Configuration of a user-defined upstream selection strategy. The user-defined strategy is used if the list of strategies (`<>`) includes the value `user_defined`. -|Valid values -a|server.cluster.catchup.user_defined_upstream_strategy, a string -|Default value -m|++++++ -|=== - -[[config_server.cluster.listen_address]] -.server.cluster.listen_address -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Network interface and port for the transaction shipping server to listen on. Please note that it is also possible to run the backup client against this port so always limit access to it via the firewall and configure an ssl policy. -|Valid values -a|server.cluster.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address -|Default value -m|+++:6000+++ -|=== - -[[config_server.cluster.network.native_transport_enabled]] -.server.cluster.network.native_transport_enabled -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Use native transport if available. Epoll for Linux or Kqueue for MacOS/BSD. If this setting is set to false, or if native transport is not available, Nio transport will be used. -|Valid values -a|server.cluster.network.native_transport_enabled, a boolean -|Default value -m|+++true+++ -|=== - -[[config_server.cluster.raft.advertised_address]] -.server.cluster.raft.advertised_address -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Advertised hostname/IP address and port for the RAFT server. -|Valid values -a|server.cluster.raft.advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address -|Default value -m|+++:7000+++ -|=== - -[[config_server.cluster.raft.listen_address]] -.server.cluster.raft.listen_address -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Network interface and port for the RAFT server to listen on. -|Valid values -a|server.cluster.raft.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address -|Default value -m|+++:7000+++ -|=== - -[[config_server.cluster.system_database_mode]] -.server.cluster.system_database_mode -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Users must manually specify the mode for the system database on each instance. -|Valid values -a|server.cluster.system_database_mode, one of [PRIMARY, SECONDARY] -|Default value -m|+++PRIMARY+++ -|=== - -[[config_server.config.strict_validation.enabled]] -.server.config.strict_validation.enabled -[cols="<1s,<4"] -|=== -|Description -a|A strict configuration validation will prevent the database from starting up if unknown configuration options are specified in the neo4j settings namespace (such as dbms., cypher., etc) or if settings are declared multiple times. -|Valid values -a|server.config.strict_validation.enabled, a boolean -|Default value -m|+++true+++ -|=== - -[[config_server.databases.default_to_read_only]] -.server.databases.default_to_read_only -[cols="<1s,<4"] -|=== -|Description -a|Whether or not any database on this instance are read_only by default. If false, individual databases may be marked as read_only using server.database.read_only. If true, individual databases may be marked as writable using <>. -|Valid values -a|server.databases.default_to_read_only, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_server.databases.read_only]] -.server.databases.read_only -[cols="<1s,<4"] -|=== -|Description -a|List of databases for which to prevent write queries. Databases not included in this list maybe read_only anyway depending upon the value of <>. -|Valid values -a|server.databases.read_only, a ',' separated set with elements of type 'A valid database name containing only alphabetic characters, numbers, dots and dashes with a length between 3 and 63 characters, starting with an alphabetic character but not with the name 'system''. which Value 'system' can't be included in read only databases collection! -|Dynamic a|true -|Default value -m|++++++ -|=== - -[[config_server.databases.writable]] -.server.databases.writable -[cols="<1s,<4"] -|=== -|Description -a|List of databases for which to allow write queries. Databases not included in this list will allow write queries anyway, unless <> is set to true. -|Valid values -a|server.databases.writable, a ',' separated set with elements of type 'A valid database name containing only alphabetic characters, numbers, dots and dashes with a length between 3 and 63 characters, starting with an alphabetic character but not with the name 'system''. -|Dynamic a|true -|Default value -m|++++++ -|=== - -[[config_server.db.query_cache_size]] -.server.db.query_cache_size -[cols="<1s,<4"] -|=== -|Description -a|The number of cached Cypher query execution plans per database. The max number of query plans that can be kept in cache is the `number of databases` * ``server.db.query_cache_size``. With 10 databases and ``server.db.query_cache_size``=1000, the caches can keep 10000 plans in total on the instance, assuming that each DB receives queries that fill up its cache. -|Valid values -a|server.db.query_cache_size, an integer which is minimum `0` -|Default value -m|+++1000+++ -|Deprecated -a|The `server.db.query_cache_size` configuration setting has been deprecated in favour of <>. -|=== - -[[config_server.default_advertised_address]] -.server.default_advertised_address -[cols="<1s,<4"] -|=== -|Description -a|Default hostname or IP address the server uses to advertise itself. -|Valid values -a|server.default_advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which has no specified port and accessible address -|Default value -m|+++localhost+++ -|=== - -[[config_server.default_listen_address]] -.server.default_listen_address -[cols="<1s,<4"] -|=== -|Description -a|Default network interface to listen for incoming connections. To listen for connections on all interfaces, use "0.0.0.0". -|Valid values -a|server.default_listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which has no specified port -|Default value -m|+++localhost+++ -|=== - -[[config_server.directories.cluster_state]] -.server.directories.cluster_state -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Directory to hold cluster state including Raft log. -|Valid values -a|server.directories.cluster_state, a path. If relative it is resolved from server.directories.data -|Default value -m|+++cluster-state+++ -|=== - -[[config_server.directories.data]] -.server.directories.data -[cols="<1s,<4"] -|=== -|Description -a|Path of the data directory. You must not configure more than one Neo4j installation to use the same data directory. -|Valid values -a|server.directories.data, a path. If relative it is resolved from server.directories.neo4j_home -|Default value -m|+++data+++ -|=== - -[[config_server.directories.dumps.root]] -.server.directories.dumps.root -[cols="<1s,<4"] -|=== -|Description -a|Root location where Neo4j will store database dumps optionally produced when dropping said databases. -|Valid values -a|server.directories.dumps.root, a path. If relative it is resolved from server.directories.data -|Default value -m|+++dumps+++ -|=== - -[[config_server.directories.import]] -.server.directories.import -[cols="<1s,<4"] -|=== -|Description -a|Sets the root directory for file URLs used with the Cypher `LOAD CSV` clause. This should be set to a directory relative to the Neo4j installation path, restricting access to only those files within that directory and its subdirectories. For example the value "import" will only enable access to files within the 'import' folder. Removing this setting will disable the security feature, allowing all files in the local system to be imported. Setting this to an empty field will allow access to all files within the Neo4j installation folder. -|Valid values -a|server.directories.import, a path. If relative it is resolved from server.directories.neo4j_home -|=== - -[[config_server.directories.lib]] -.server.directories.lib -[cols="<1s,<4"] -|=== -|Description -a|Path of the lib directory. -|Valid values -a|server.directories.lib, a path. If relative it is resolved from server.directories.neo4j_home -|Default value -m|+++lib+++ -|=== - -[[config_server.directories.licenses]] -.server.directories.licenses -[cols="<1s,<4"] -|=== -|Description -a|Path of the licenses directory. -|Valid values -a|server.directories.licenses, a path. If relative it is resolved from server.directories.neo4j_home -|Default value -m|+++licenses+++ -|=== - -[[config_server.directories.logs]] -.server.directories.logs -[cols="<1s,<4"] -|=== -|Description -a|Path of the logs directory. -|Valid values -a|server.directories.logs, a path. If relative it is resolved from server.directories.neo4j_home -|Default value -m|+++logs+++ -|=== - -[[config_server.directories.metrics]] -.server.directories.metrics -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The target location of the CSV files: a path to a directory wherein a CSV file per reported field will be written. -|Valid values -a|server.directories.metrics, a path. If relative it is resolved from server.directories.neo4j_home -|Default value -m|+++metrics+++ -|=== - -[[config_server.directories.neo4j_home]] -.server.directories.neo4j_home -[cols="<1s,<4"] -|=== -|Description -a|Root relative to which directory settings are resolved. Calculated and set by the server on startup. -|Valid values -a|server.directories.neo4j_home, a path which is absolute -|Default value -m|Defaults to current working directory -|=== - -[[config_server.directories.plugins]] -.server.directories.plugins -[cols="<1s,<4"] -|=== -|Description -a|Location of the database plugin directory. Compiled Java JAR files that contain database procedures will be loaded if they are placed in this directory. -|Valid values -a|server.directories.plugins, a path. If relative it is resolved from server.directories.neo4j_home -|Default value -m|+++plugins+++ -|=== - -[[config_server.directories.run]] -.server.directories.run -[cols="<1s,<4"] -|=== -|Description -a|Path of the run directory. This directory holds Neo4j's runtime state, such as a pidfile when it is running in the background. The pidfile is created when starting neo4j and removed when stopping it. It may be placed on an in-memory filesystem such as tmpfs. -|Valid values -a|server.directories.run, a path. If relative it is resolved from server.directories.neo4j_home -|Default value -m|+++run+++ -|=== - -[[config_server.directories.script.root]] -.server.directories.script.root -[cols="<1s,<4"] -|=== -|Description -a|Root location where Neo4j will store scripts for configured databases. -|Valid values -a|server.directories.script.root, a path. If relative it is resolved from server.directories.data -|Default value -m|+++scripts+++ -|=== - -[[config_server.directories.transaction.logs.root]] -.server.directories.transaction.logs.root -[cols="<1s,<4"] -|=== -|Description -a|Root location where Neo4j will store transaction logs for configured databases. -|Valid values -a|server.directories.transaction.logs.root, a path. If relative it is resolved from server.directories.data -|Default value -m|+++transactions+++ -|=== - -[[config_server.discovery.advertised_address]] -.server.discovery.advertised_address -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Advertised cluster member discovery management communication. -|Valid values -a|server.discovery.advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address -|Default value -m|+++:5000+++ -|=== - -[[config_server.discovery.listen_address]] -.server.discovery.listen_address -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Host and port to bind the cluster member discovery management communication. -|Valid values -a|server.discovery.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address -|Default value -m|+++:5000+++ -|=== - -[[config_server.dynamic.setting.allowlist]] -.server.dynamic.setting.allowlist -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]A list of setting name patterns (comma separated) that are allowed to be dynamically changed. The list may contain both full setting names, and partial names with the wildcard '*'. If this setting is left empty all dynamic settings updates will be blocked. -|Valid values -a|server.dynamic.setting.allowlist, a ',' separated list with elements of type 'a string'. -|Default value -m|+++*+++ -|=== - - -[[config_server.groups]] -.server.groups -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]A list of tag names for the server used when configuring load balancing and replication policies. -|Valid values -a|server.groups, a ',' separated list with elements of type 'a string identifying a Server Tag'. -|Dynamic a|true -|Default value -m|++++++ -|Deprecated -a|The `server.groups` configuration setting has been deprecated in favour of `initial.server.tags`. -|=== - - -[[config_server.http.advertised_address]] -.server.http.advertised_address -[cols="<1s,<4"] -|=== -|Description -a|Advertised address for this connector. -|Valid values -a|server.http.advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address -|Default value -m|+++:7474+++ -|=== - -[[config_server.http.enabled]] -.server.http.enabled -[cols="<1s,<4"] -|=== -|Description -a|Enable the http connector. -|Valid values -a|server.http.enabled, a boolean -|Default value -m|true -|=== - -[[config_server.http.listen_address]] -.server.http.listen_address -[cols="<1s,<4"] -|=== -|Description -a|Address the connector should bind to. -|Valid values -a|server.http.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address -|Default value -m|+++:7474+++ -|=== - -[[config_server.http_enabled_modules]] -.server.http_enabled_modules -[cols="<1s,<4"] -|=== -|Description -a|Defines the set of modules loaded into the Neo4j web server. Options include TRANSACTIONAL_ENDPOINTS, BROWSER, UNMANAGED_EXTENSIONS and ENTERPRISE_MANAGEMENT_ENDPOINTS (if applicable). -|Valid values -a|server.http_enabled_modules, a ',' separated set with elements of type 'one of [TRANSACTIONAL_ENDPOINTS, UNMANAGED_EXTENSIONS, BROWSER, ENTERPRISE_MANAGEMENT_ENDPOINTS]'. -|Default value -m|+++TRANSACTIONAL_ENDPOINTS,UNMANAGED_EXTENSIONS,BROWSER,ENTERPRISE_MANAGEMENT_ENDPOINTS+++ -|=== - -[[config_server.https.advertised_address]] -.server.https.advertised_address -[cols="<1s,<4"] -|=== -|Description -a|Advertised address for this connector. -|Valid values -a|server.https.advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address -|Default value -m|+++:7473+++ -|=== - -[[config_server.https.enabled]] -.server.https.enabled -[cols="<1s,<4"] -|=== -|Description -a|Enable the https connector. -|Valid values -a|server.https.enabled, a boolean -|Default value -m|+++false+++ -|=== - -[[config_server.https.listen_address]] -.server.https.listen_address -[cols="<1s,<4"] -|=== -|Description -a|Address the connector should bind to. -|Valid values -a|server.https.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address -|Default value -m|+++:7473+++ -|=== - -[[config_server.jvm.additional]] -.server.jvm.additional -[cols="<1s,<4"] -|=== -|Description -a|Additional JVM arguments. Argument order can be significant. To use a Java commercial feature, the argument to unlock commercial features must precede the argument to enable the specific feature in the config value string. -|Valid values -a|server.jvm.additional, one or more jvm arguments -|=== - -[[config_server.logs.config]] -.server.logs.config -[cols="<1s,<4"] -|=== -|Description -a|Path to the logging configuration for debug, query, http and security logs. -|Valid values -a|server.logs.config, a path. If relative it is resolved from server.directories.neo4j_home -|Default value -m|+++conf/server-logs.xml+++ -|=== - -[[config_server.logs.debug.enabled]] -.server.logs.debug.enabled -[cols="<1s,<4"] -|=== -|Description -a|Enable the debug log. -|Valid values -a|server.logs.debug.enabled, a boolean -|Default value -m|+++true+++ -|=== - -[[config_server.logs.gc.enabled]] -.server.logs.gc.enabled -[cols="<1s,<4"] -|=== -|Description -a|Enable GC Logging. -|Valid values -a|server.logs.gc.enabled, a boolean -|Default value -m|+++false+++ -|=== - -[[config_server.logs.gc.options]] -.server.logs.gc.options -[cols="<1s,<4"] -|=== -|Description -a|GC Logging Options. -|Valid values -a|server.logs.gc.options, a string -|Default value -m|+++-Xlog:gc*,safepoint,age*=trace+++ -|=== - -[[config_server.logs.gc.rotation.keep_number]] -.server.logs.gc.rotation.keep_number -[cols="<1s,<4"] -|=== -|Description -a|Number of GC logs to keep. -|Valid values -a|server.logs.gc.rotation.keep_number, an integer -|Default value -m|+++5+++ -|=== - -[[config_server.logs.gc.rotation.size]] -.server.logs.gc.rotation.size -[cols="<1s,<4"] -|=== -|Description -a|Size of each GC log that is kept. -|Valid values -a|server.logs.gc.rotation.size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) -|Default value -m|+++20.00MiB+++ -|=== - -[[config_server.logs.user.config]] -.server.logs.user.config -[cols="<1s,<4"] -|=== -|Description -a|Path to the logging configuration of user logs. -|Valid values -a|server.logs.user.config, a path. If relative it is resolved from server.directories.neo4j_home -|Default value -m|+++conf/user-logs.xml+++ -|=== - -[[config_server.max_databases]] -.server.max_databases -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The maximum number of databases. -|Valid values -a|server.max_databases, a long which is minimum `2` -|Default value -m|+++100+++ -|Deprecated -a|The `server.max_databases` configuration setting deprecated in favor of <> in 5.6. -|=== - -[[config_server.memory.heap.initial_size]] -.server.memory.heap.initial_size -[cols="<1s,<4"] -|=== -|Description -a|Initial heap size. By default it is calculated based on available system resources. -|Valid values -a|server.memory.heap.initial_size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) -|=== - -[[config_server.memory.heap.max_size]] -.server.memory.heap.max_size -[cols="<1s,<4"] -|=== -|Description -a|Maximum heap size. By default it is calculated based on available system resources. -|Valid values -a|server.memory.heap.max_size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) -|=== - -[[config_server.memory.off_heap.block_cache_size]] -.server.memory.off_heap.block_cache_size -[cols="<1s,<4"] -|=== -|Description -a|Defines the size of the off-heap memory blocks cache. The cache will contain this number of blocks for each block size that is power of two. Thus, maximum amount of memory used by blocks cache can be calculated as 2 * <> * `server.memory.off_heap.block_cache_size` -|Valid values -a|server.memory.off_heap.block_cache_size, an integer which is minimum `16` -|Default value -m|+++128+++ -|=== - -[[config_server.memory.off_heap.max_cacheable_block_size]] -.server.memory.off_heap.max_cacheable_block_size -[cols="<1s,<4"] -|=== -|Description -a|Defines the maximum size of an off-heap memory block that can be cached to speed up allocations. The value must be a power of 2. -|Valid values -a|server.memory.off_heap.max_cacheable_block_size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `4.00KiB` and is power of 2 -|Default value -m|+++512.00KiB+++ -|=== - -[[config_server.memory.off_heap.transaction_max_size]] -.server.memory.off_heap.transaction_max_size -[cols="<1s,<4"] -|=== -|Description -a|The maximum amount of off-heap memory that can be used to store transaction state data; it's a total amount of memory shared across all active transactions. Zero means 'unlimited'. Used when <> is set to 'OFF_HEAP'. -|Valid values -a|server.memory.off_heap.transaction_max_size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `0B` -|Default value -m|+++2.00GiB+++ -|=== - -[[config_server.memory.pagecache.directio]] -.server.memory.pagecache.directio -[cols="<1s,<4"] -|=== -|Description -a|Use direct I/O for page cache. Setting is supported only on Linux and only for a subset of record formats that use platform aligned page size. -|Valid values -a|server.memory.pagecache.directio, a boolean -|Default value -m|+++false+++ -|=== - -[[config_server.memory.pagecache.flush.buffer.enabled]] -.server.memory.pagecache.flush.buffer.enabled -[cols="<1s,<4"] -|=== -|Description -a|Page cache can be configured to use a temporal buffer for flushing purposes. It is used to combine, if possible, sequence of several cache pages into one bigger buffer to minimize the number of individual IOPS performed and better utilization of available I/O resources, especially when those are restricted. -|Valid values -a|server.memory.pagecache.flush.buffer.enabled, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_server.memory.pagecache.flush.buffer.size_in_pages]] -.server.memory.pagecache.flush.buffer.size_in_pages -[cols="<1s,<4"] -|=== -|Description -a|Page cache can be configured to use a temporal buffer for flushing purposes. It is used to combine, if possible, sequence of several cache pages into one bigger buffer to minimize the number of individual IOPS performed and better utilization of available I/O resources, especially when those are restricted. Use this setting to configure individual file flush buffer size in pages (8KiB). To be able to utilize this buffer during page cache flushing, buffered flush should be enabled. -|Valid values -a|server.memory.pagecache.flush.buffer.size_in_pages, an integer which is in the range `1` to `512` -|Dynamic a|true -|Default value -m|+++128+++ -|=== - -[[config_server.memory.pagecache.scan.prefetchers]] -.server.memory.pagecache.scan.prefetchers -[cols="<1s,<4"] -|=== -|Description -a|The maximum number of worker threads to use for pre-fetching data when doing sequential scans. Set to '0' to disable pre-fetching for scans. -|Valid values -a|server.memory.pagecache.scan.prefetchers, an integer which is in the range `0` to `255` -|Default value -m|+++4+++ -|=== - -[[config_server.memory.pagecache.size]] -.server.memory.pagecache.size -[cols="<1s,<4"] -|=== -|Description -a|The amount of memory to use for mapping the store files. If Neo4j is running on a dedicated server, then it is generally recommended to leave about 2-4 gigabytes for the operating system, give the JVM enough heap to hold all your transaction state and query context, and then leave the rest for the page cache. If no page cache memory is configured, then a heuristic setting is computed based on available system resources. -|Valid values -a|server.memory.pagecache.size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) -|Default value -m|By default the size of page cache will be 50% och available RAM minus the max heap size.The size of the page cache will also not be larger than 70x the max heap size (due to some overhead of the page cache in the heap. -|=== - -[[config_server.memory.query_cache.sharing_enabled]] -.server.memory.query_cache.sharing_enabled -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Enable sharing cache space between different databases. -With this option turned on, databases will share cache space, but not cache entries. -This means that a database may store and retrieve entries from the shared cache, but it may not retrieve entries produced by another database. -The database may, however, evict entries from other databases as necessary, according to the constrained cache size and cache eviction policy. -In essence, databases may compete for cache space, but may not observe each other's entries. - -When this option is turned on, the cache space available to all databases is configured with `server.memory.query_cache.shared_cache_num_entries`. -With this option turned off, the cache space available to each individual database is configured with `server.memory.query_cache.per_db_cache_num_entries`. -|Valid values -a|server.memory.query_cache.sharing_enabled, a boolean -|Default value -m|+++false+++ -|=== - -[[config_server.memory.query_cache.shared_cache_num_entries]] -.server.memory.query_cache.shared_cache_num_entries -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The number of cached queries for all databases. -The maximum number of queries that can be kept in a cache is exactly `server.memory.query_cache.shared_cache_num_entries`. -This setting is only deciding cache size when `server.memory.query_cache.sharing_enabled` is set to `true`. -|Valid values -a|server.memory.query_cache.shared_cache_num_entries, a integer -|Default value -m|+++1000+++ -|=== - - -[[config_server.memory.query_cache.per_db_cache_num_entries]] -.server.memory.query_cache.per_db_cache_num_entries -[cols="<1s,<4"] -|=== -|Description -a|The number of cached queries per database. -The maximum number of queries that can be kept in a cache is `number of databases` * `server.memory.query_cache.per_db_cache_num_entries`. -With 10 databases and `server.memory.query_cache.per_db_cache_num_entries`=1000, the cache can keep 10000 plans in total. -This setting is only deciding cache size when `server.memory.query_cache.sharing_enabled` is set to `false`. -|Valid values -a|server.memory.query_cache.per_db_cache_num_entries, a integer -|Default value -m|+++1000+++ -|=== - -[[config_server.metrics.csv.enabled]] -.server.metrics.csv.enabled -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Set to `true` to enable exporting metrics to CSV files. -|Valid values -a|server.metrics.csv.enabled, a boolean -|Default value -m|+++true+++ -|=== - -[[config_server.metrics.csv.interval]] -.server.metrics.csv.interval -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The reporting interval for the CSV files. That is, how often new rows with numbers are appended to the CSV files. -|Valid values -a|server.metrics.csv.interval, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) which is minimum `1ms` -|Default value -m|+++30s+++ -|=== - -[[config_server.metrics.csv.rotation.compression]] -.server.metrics.csv.rotation.compression -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Decides what compression to use for the csv history files. -|Valid values -a|server.metrics.csv.rotation.compression, one of [NONE, ZIP, GZ] -|Default value -m|+++NONE+++ -|=== - -[[config_server.metrics.csv.rotation.keep_number]] -.server.metrics.csv.rotation.keep_number -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Maximum number of history files for the csv files. -|Valid values -a|server.metrics.csv.rotation.keep_number, an integer which is minimum `1` -|Default value -m|+++7+++ -|=== - -[[config_server.metrics.csv.rotation.size]] -.server.metrics.csv.rotation.size -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The file size in bytes at which the csv files will auto-rotate. If set to zero then no rotation will occur. Accepts a binary suffix `k`, `m` or `g`. -|Valid values -a|server.metrics.csv.rotation.size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is in the range `0B` to `8388608.00TiB` -|Default value -m|+++10.00MiB+++ -|=== - -[[config_server.metrics.enabled]] -.server.metrics.enabled -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Enable metrics. Setting this to `false` will to turn off all metrics. -|Valid values -a|server.metrics.enabled, a boolean -|Default value -m|+++true+++ -|=== - -[[config_server.metrics.filter]] -.server.metrics.filter -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Specifies which metrics should be enabled by using a comma separated list of globbing patterns. Only the metrics matching the filter will be enabled. For example `\*check_point*,neo4j.page_cache.evictions` will enable any checkpoint metrics and the pagecache eviction metric. -|Valid values -a|server.metrics.filter, a ',' separated list with elements of type 'A simple globbing pattern that can use `*` and `?`.'. -|Default value -m|+++*bolt.connections*,*bolt.messages_received*,*bolt.messages_started*,*dbms.pool.bolt.free,*dbms.pool.bolt.total_size,*dbms.pool.bolt.total_used,*dbms.pool.bolt.used_heap,*cluster.core.is_leader,*cluster.core.last_leader_message,*cluster.core.replication_attempt,*cluster.core.replication_fail,*cluster.core.last_applied,*cluster.core.last_appended,*check_point.duration,*check_point.total_time,*cypher.replan_events,*ids_in_use*,*pool.transaction.*.total_used,*pool.transaction.*.used_heap,*pool.transaction.*.used_native,*store.size*,*transaction.active_read,*transaction.active_write,*transaction.committed*,*transaction.last_committed_tx_id,*transaction.peak_concurrent,*transaction.rollbacks*,*page_cache.hit*,*page_cache.page_faults,*page_cache.usage_ratio,*vm.file.descriptors.count,*vm.gc.time.*,*vm.heap.used,*vm.memory.buffer.direct.used,*vm.memory.pool.g1_eden_space,*vm.memory.pool.g1_old_gen,*vm.pause_time,*vm.thread*,*db.query.execution*+++ -|=== - -[[config_server.metrics.graphite.enabled]] -.server.metrics.graphite.enabled -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Set to `true` to enable exporting metrics to Graphite. -|Valid values -a|server.metrics.graphite.enabled, a boolean -|Default value -m|+++false+++ -|=== - -[[config_server.metrics.graphite.interval]] -.server.metrics.graphite.interval -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The reporting interval for Graphite. That is, how often to send updated metrics to Graphite. -|Valid values -a|server.metrics.graphite.interval, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Default value -m|+++30s+++ -|=== - -[[config_server.metrics.graphite.server]] -.server.metrics.graphite.server -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The hostname or IP address of the Graphite server. -|Valid values -a|server.metrics.graphite.server, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address -|Default value -m|+++:2003+++ -|=== - -[[config_server.metrics.jmx.enabled]] -.server.metrics.jmx.enabled -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Set to `true` to enable the JMX metrics endpoint. -|Valid values -a|server.metrics.jmx.enabled, a boolean -|Default value -m|+++true+++ -|=== - -[[config_server.metrics.prefix]] -.server.metrics.prefix -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]A common prefix for the reported metrics field names. -|Valid values -a|server.metrics.prefix, a string -|Default value -m|+++neo4j+++ -|=== - -[[config_server.metrics.prometheus.enabled]] -.server.metrics.prometheus.enabled -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Set to `true` to enable the Prometheus endpoint. -|Valid values -a|server.metrics.prometheus.enabled, a boolean -|Default value -m|+++false+++ -|=== - -[[config_server.metrics.prometheus.endpoint]] -.server.metrics.prometheus.endpoint -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The hostname and port to use as Prometheus endpoint. -|Valid values -a|server.metrics.prometheus.endpoint, a socket address in the format `hostname:port`, `hostname`, or `:port`. If missing, port and hostname are acquired from `server.default_listen_address`. -|Default value -m|+++localhost:2004+++ -|=== - -[[config_server.panic.shutdown_on_panic]] -.server.panic.shutdown_on_panic -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]If there is a Database Management System Panic (an irrecoverable error) should the neo4j process shut down or continue running. Following a DbMS panic it is likely that a significant amount of functionality will be lost. Recovering full functionality will require a Neo4j restart. This feature is available in Neo4j Enterprise Edition. -|Valid values -a|server.panic.shutdown_on_panic, a boolean -|Default value -m|`false` except for Neo4j Enterprise Edition deployments running on Kubernetes where it is `true`. -|=== - -[[config_server.routing.advertised_address]] -.server.routing.advertised_address -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The advertised address for the intra-cluster routing connector. -|Valid values -a|server.routing.advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address -|Default value -m|+++:7688+++ -|=== - -[[config_server.routing.listen_address]] -.server.routing.listen_address -[cols="<1s,<4"] -|=== -|Description -a|The address the routing connector should bind to. -|Valid values -a|server.routing.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address -|Default value -m|+++:7688+++ -|=== - -[[config_server.tags]] -.initial.server.tags -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]A list of tag names for the server used by database allocation and when configuring load balancing and replication policies. -|Valid values -a|initial.server.tags, a ',' separated list with elements of type 'a string identifying a Server Tag'. -|Dynamic a|false -|Default value -m|++++++ -|=== - -[[config_server.threads.worker_count]] -.server.threads.worker_count -[cols="<1s,<4"] -|=== -|Description -a|Number of Neo4j worker threads. This setting is only valid for REST, and does not influence bolt-server. It sets the amount of worker threads for the Jetty server used by neo4j-server. This option can be tuned when you plan to execute multiple, concurrent REST requests, with the aim of getting more throughput from the database. Your OS might enforce a lower limit than the maximum value specified here. -|Valid values -a|server.threads.worker_count, an integer which is in the range `1` to `44738` -|Default value -m|Number of available processors, or 500 for machines which have more than 500 processors. -|=== - -[[config_server.unmanaged_extension_classes]] -.server.unmanaged_extension_classes -[cols="<1s,<4"] -|=== -|Description -a|Comma-separated list of = for unmanaged extensions. -|Valid values -a|server.unmanaged_extension_classes, a ',' separated list with elements of type '= string'. -|Default value -m|++++++ -|=== - -[[config_server.windows_service_name]] -.server.windows_service_name -[cols="<1s,<4"] -|=== -|Description -a|Name of the Windows Service managing Neo4j when installed using `neo4j install-service`. Only applicable on Windows OS. Note: This must be unique for each individual installation. -|Valid values -a|server.windows_service_name, a string -|Default value -m|+++neo4j+++ -|=== diff --git a/modules/ROOT/pages/reference/dynamic-settings-reference.adoc b/modules/ROOT/pages/reference/dynamic-settings-reference.adoc deleted file mode 100644 index 153d3d83f..000000000 --- a/modules/ROOT/pages/reference/dynamic-settings-reference.adoc +++ /dev/null @@ -1,952 +0,0 @@ -[role=enterprise-edition] -[[dynamic-settings-reference]] -= Dynamic configuration settings -:description: This page provides a complete reference to the Neo4j dynamic configuration settings. - - -This page provides a complete reference to the Neo4j dynamic configuration settings, which can be changed at runtime, without restarting the service. -This complete reference is a sub-list of all the Neo4j configuration settings. - -[NOTE] -==== -Changes to the configuration at runtime are not persisted. -To avoid losing changes when restarting Neo4j, make sure you update xref:configuration/file-locations.adoc[_neo4j.conf_] as well. - -In a clustered environment, `CALL dbms.setConfigValue` affects only the server it is run against, and it is not propagated to other members. -If you want to change the configuration settings on all cluster members, you have to run the procedure against each of them and update their _neo4j.conf_ file. - -For more information on how to update dynamic configuration settings, see xref:configuration/dynamic-settings.adoc[Update dynamic settings]. -==== - -.Dynamic settings reference -[options="header"] -|=== -|Name|Description -|<>|Limit the number of IOs the background checkpoint process will consume per second. -|<>|Database format. -|<>|The maximum time interval within which lock should be acquired. -|<>|Log query text and parameters without obfuscating passwords. -|<>|Log executed queries. -|<>|Sets a maximum character length use for each parameter in the log. -|<>|Obfuscates all literals of the query before writing to the log. -|<>|Log parameters for the executed queries being logged. -|<>|Log query plan description table, useful for debugging purposes. -|<>|If the execution of query takes more time than this threshold, the query is logged once completed - provided query logging is set to INFO. -|<>|Log the start and end of a transaction. -|<>|If the transaction is open for more time than this threshold, the transaction is logged once completed - provided transaction logging (db.logs.query.transaction.enabled) is set to `INFO`. -|<>|Limit the amount of memory that a single transaction can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). -|<>|Limit the amount of memory that all transactions in one database can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). -|<>|Enables or disables tracking of how much time a query spends actively executing on the CPU. -|<>|The maximum amount of time to wait for the database state represented by the bookmark. -|<>|The maximum number of concurrently running transactions. -|<>|Transaction sampling percentage. -|<>|The maximum time interval of a transaction within which it should be completed. -|<>|Transaction creation tracing level. -|<>|Specify if Neo4j should try to preallocate logical log file in advance. -|<>|Tell Neo4j how long logical transaction logs should be kept to backup the database.For example, "10 days" will prune logical logs that only contain transactions older than 10 days.Alternatively, "100k txs" will keep the 100k latest transactions from each database and prune any older transactions. -|<>|Specifies at which file size the logical log will auto-rotate. -|<>|If set to `true` a textual representation of the plan description will be rendered on the server for all queries running with `EXPLAIN` or `PROFILE`. -|<>|Limit the amount of memory that all of the running transactions can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). -|<>|Always use client side routing (regardless of the default router) for neo4j:// protocol connections to these domains. -|<>|label:enterprise-edition[Enterprise only]Configure if the `dbms.routing.getRoutingTable()` procedure should include the writer as read endpoint or return only non-writers (non writer primaries and secondaries) Note: writer is returned as read endpoint if no other member is present all. -|<>|label:enterprise-edition[Enterprise only]Name of the 256 length AES encryption key, which is used for the symmetric encryption. -|<>|label:enterprise-edition[Enterprise only]Password for accessing the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption. -|<>|label:enterprise-edition[Enterprise only]Location of the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption of secrets held in system database. -|<>|label:enterprise-edition[Enterprise only]The attribute to use when looking up users. -Using this setting requires `dbms.security.ldap.authentication.search_for_attribute` to be true and thus `dbms.security.ldap.authorization.system_username` and `dbms.security.ldap.authorization.system_password` to be configured. -|<>|label:enterprise-edition[Enterprise only]LDAP user DN template. -|<>|label:enterprise-edition[Enterprise only]The LDAP group to which a user must belong to get any access to the system.Set this to restrict access to a subset of LDAP users belonging to a particular group. -|<>|label:enterprise-edition[Enterprise only]A list of attribute names on a user object that contains groups to be used for mapping to roles when LDAP authorization is enabled. -|<>|label:enterprise-edition[Enterprise only]An authorization mapping from LDAP group names to Neo4j role names. -|<>|label:enterprise-edition[Enterprise only]This setting determines whether multiple LDAP search results will be processed (as is required for the lookup of nested groups). -|<>|label:enterprise-edition[Enterprise only]The search template which will be used to find the nested groups which the user is a member of. -|<>|label:enterprise-edition[Enterprise only]The name of the base object or named context to search for user objects when LDAP authorization is enabled. -|<>|label:enterprise-edition[Enterprise only]The LDAP search filter to search for a user principal when LDAP authorization is enabled. -|<.audience>>|label:enterprise-edition[Enterprise only]Expected values of the Audience (aud) claim in the id token. -|<.auth_endpoint>>|label:enterprise-edition[Enterprise only]The OIDC authorization endpoint. -|<.auth_flow>>|label:enterprise-edition[Enterprise only]The OIDC flow to use. -|<.auth_params>>|label:enterprise-edition[Enterprise only]Optional additional parameters that the auth endpoint requires. -|<.authorization.group_to_role_mapping>>|label:enterprise-edition[Enterprise only]An authorization mapping from IdP group names to Neo4j role names. -|<.claims.groups>>|label:enterprise-edition[Enterprise only]The claim to use as the list of groups in Neo4j. -|<.claims.username>>|label:enterprise-edition[Enterprise only]The claim to use as the username in Neo4j. -|<.client_id>>|label:enterprise-edition[Enterprise only]Client id needed if token contains multiple Audience (aud) claims. -|<.config>>|label:enterprise-edition[Enterprise only]The accepted values (all optional) are: ----- - principal: in which JWT claim the user's email address is specified, - email is the default. -|<.get_groups_from_user_info>>|label:enterprise-edition[Enterprise only]When turned on, Neo4j gets the groups from the provider user info endpoint. -|<.get_username_from_user_info>>|label:enterprise-edition[Enterprise only]When turned on, Neo4j gets the username from the provider user info endpoint. -|<.issuer>>|label:enterprise-edition[Enterprise only]The expected value of the iss claim in the id token. -|<.jwks_uri>>|label:enterprise-edition[Enterprise only]The location of the JWK public key set for the identity provider. -|<.params>>|label:enterprise-edition[Enterprise only]The map is a semicolon separated list of key-value pairs. -|<.token_endpoint>>|label:enterprise-edition[Enterprise only]The OIDC token endpoint. -|<.token_params>>|label:enterprise-edition[Enterprise only]Optional query parameters that the token endpoint requires. -|<.user_info_uri>>|label:enterprise-edition[Enterprise only]The identity providers user info uri. -|<.well_known_discovery_uri>>|label:enterprise-edition[Enterprise only]The 'well known' OpenID Connect Discovery endpoint used to fetch identity provider settings. -|<>|label:enterprise-edition[Enterprise only]Comma separated list of groups to be used by the connect-randomly-to-server-group selection strategy. -|<>|Whether or not any database on this instance are read_only by default. -|<>|List of databases for which to prevent write queries. -|<>|List of databases for which to allow write queries. -|<>|label:enterprise-edition[Enterprise only]A list of tag names for the server used when configuring load balancing and replication policies. -|<>|Page cache can be configured to use a temporal buffer for flushing purposes. -|<>|Page cache can be configured to use a temporal buffer for flushing purposes. -|=== - -[[config_db.checkpoint.iops.limit]] -.db.checkpoint.iops.limit -[cols="<1s,<4"] -|=== -|Description -a|Limit the number of IOs the background checkpoint process will consume per second. This setting is advisory, is ignored in Neo4j Community Edition, and is followed to best effort in Enterprise Edition. An IO is in this case a 8 KiB (mostly sequential) write. Limiting the write IO in this way will leave more bandwidth in the IO subsystem to service random-read IOs, which is important for the response time of queries when the database cannot fit entirely in memory. The only drawback of this setting is that longer checkpoint times may lead to slightly longer recovery times in case of a database or system crash. A lower number means lower IO pressure, and consequently longer checkpoint times. Set this to -1 to disable the IOPS limit and remove the limitation entirely; this will let the checkpointer flush data as fast as the hardware will go. Removing the setting, or commenting it out, will set the default value of 600. -|Valid values -a|db.checkpoint.iops.limit, an integer -|Dynamic a|true -|Default value -m|+++600+++ -|=== - -[[config_db.format]] -.db.format -[cols="<1s,<4"] -|=== -|Description -a|Database format. This is the format that will be used for new databases. Valid values are `standard`, `aligned`, or `high_limit`.The `aligned` format is essentially the `standard` format with some minimal padding at the end of pages such that a single record will never cross a page boundary. The `high_limit` format is available for Enterprise Edition only. It is required if you have a graph that is larger than 34 billion nodes, 34 billion relationships, or 68 billion properties. -|Valid values -a|db.format, a string -|Dynamic a|true -|Default value -m|+++aligned+++ -|=== - -[[config_db.lock.acquisition.timeout]] -.db.lock.acquisition.timeout -[cols="<1s,<4"] -|=== -|Description -a|The maximum time interval within which lock should be acquired. Zero (default) means timeout is disabled. -|Valid values -a|db.lock.acquisition.timeout, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Dynamic a|true -|Default value -m|+++0s+++ -|=== - -[[config_db.logs.query.early_raw_logging_enabled]] -.db.logs.query.early_raw_logging_enabled -[cols="<1s,<4"] -|=== -|Description -a|Log query text and parameters without obfuscating passwords. This allows queries to be logged earlier before parsing starts. -|Valid values -a|db.logs.query.early_raw_logging_enabled, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_db.logs.query.enabled]] -.db.logs.query.enabled -[cols="<1s,<4"] -|=== -|Description -a|Log executed queries. Valid values are `OFF`, `INFO`, or `VERBOSE`. - -`OFF`:: no logging. -`INFO`:: log queries at the end of execution, that take longer than the configured threshold, `<>`. -`VERBOSE`:: log queries at the start and end of execution, regardless of `<>`. - -Log entries are written to the query log. - -This feature is available in the Neo4j Enterprise Edition. -|Valid values -a|db.logs.query.enabled, one of [OFF, INFO, VERBOSE] -|Dynamic a|true -|Default value -m|+++VERBOSE+++ -|=== - -[[config_db.logs.query.max_parameter_length]] -.db.logs.query.max_parameter_length -[cols="<1s,<4"] -|=== -|Description -a|Sets a maximum character length use for each parameter in the log. This only takes effect if `<> = true`. -|Valid values -a|db.logs.query.max_parameter_length, an integer -|Dynamic a|true -|Default value -m|+++2147483647+++ -|=== - -[[config_db.logs.query.obfuscate_literals]] -.db.logs.query.obfuscate_literals -[cols="<1s,<4"] -|=== -|Description -a|Obfuscates all literals of the query before writing to the log. Note that node labels, relationship types and map property keys are still shown. Changing the setting will not affect queries that are cached. So, if you want the switch to have immediate effect, you must also call `CALL db.clearQueryCaches()`. -|Valid values -a|db.logs.query.obfuscate_literals, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_db.logs.query.parameter_logging_enabled]] -.db.logs.query.parameter_logging_enabled -[cols="<1s,<4"] -|=== -|Description -a|Log parameters for the executed queries being logged. -|Valid values -a|db.logs.query.parameter_logging_enabled, a boolean -|Dynamic a|true -|Default value -m|+++true+++ -|=== - -[[config_db.logs.query.plan_description_enabled]] -.db.logs.query.plan_description_enabled -[cols="<1s,<4"] -|=== -|Description -a|Log query plan description table, useful for debugging purposes. -|Valid values -a|db.logs.query.plan_description_enabled, a boolean -|Dynamic a|true -|Default value -m|false -|=== - -[[config_db.logs.query.threshold]] -.db.logs.query.threshold -[cols="<1s,<4"] -|=== -|Description -a|If the execution of query takes more time than this threshold, the query is logged once completed - provided query logging is set to INFO. Defaults to 0 seconds, that is all queries are logged. -|Valid values -a|db.logs.query.threshold, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Dynamic a|true -|Default value -m|+++0s+++ -|=== - -[[config_db.logs.query.transaction.enabled]] -.db.logs.query.transaction.enabled -[cols="<1s,<4"] -|=== -|Description -a|Log the start and end of a transaction. Valid values are 'OFF', 'INFO', or 'VERBOSE'. -OFF: no logging. -INFO: log start and end of transactions that take longer than the configured threshold, <>. -VERBOSE: log start and end of all transactions. -Log entries are written to the query log. -This feature is available in the Neo4j Enterprise Edition. -|Valid values -a|db.logs.query.transaction.enabled, one of [OFF, INFO, VERBOSE] -|Dynamic a|true -|Default value -m|+++OFF+++ -|=== - -[[config_db.logs.query.transaction.threshold]] -.db.logs.query.transaction.threshold -[cols="<1s,<4"] -|=== -|Description -a|If the transaction is open for more time than this threshold, the transaction is logged once completed - provided transaction logging (<>) is set to `INFO`. Defaults to 0 seconds (all transactions are logged). -|Valid values -a|db.logs.query.transaction.threshold, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Dynamic a|true -|Default value -m|+++0s+++ -|=== - -[[config_db.memory.transaction.max]] -.db.memory.transaction.max -[cols="<1s,<4"] -|=== -|Description -a|Limit the amount of memory that a single transaction can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). Zero means 'largest possible value'. -|Valid values -a|db.memory.transaction.max, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `1.00MiB` or is `0B` -|Dynamic a|true -|Default value -m|+++0B+++ -|=== - -[[config_db.memory.transaction.total.max]] -.db.memory.transaction.total.max -[cols="<1s,<4"] -|=== -|Description -a|Limit the amount of memory that all transactions in one database can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). Zero means 'unlimited'. -|Valid values -a|db.memory.transaction.total.max, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `10.00MiB` or is `0B` -|Dynamic a|true -|Default value -m|+++0B+++ -|=== - -[[config_db.track_query_cpu_time]] -.db.track_query_cpu_time -[cols="<1s,<4"] -|=== -|Description -a|Enables or disables tracking of how much time a query spends actively executing on the CPU. Calling `SHOW TRANSACTIONS` will display the time. This can also be logged in the query log by using `db.logs.query.time_logging_enabled`. -|Valid values -a|db.track_query_cpu_time, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_db.transaction.bookmark_ready_timeout]] -.db.transaction.bookmark_ready_timeout -[cols="<1s,<4"] -|=== -|Description -a|The maximum amount of time to wait for the database state represented by the bookmark. -|Valid values -a|db.transaction.bookmark_ready_timeout, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) which is minimum `1s` -|Dynamic a|true -|Default value -m|+++30s+++ -|=== - -[[config_db.transaction.concurrent.maximum]] -.db.transaction.concurrent.maximum -[cols="<1s,<4"] -|=== -|Description -a|The maximum number of concurrently running transactions. If set to 0, limit is disabled. -|Valid values -a|db.transaction.concurrent.maximum, an integer -|Dynamic a|true -|Default value -m|+++1000+++ -|=== - -[[config_db.transaction.sampling.percentage]] -.db.transaction.sampling.percentage -[cols="<1s,<4"] -|=== -|Description -a|Transaction sampling percentage. -|Valid values -a|db.transaction.sampling.percentage, an integer which is in the range `1` to `100` -|Dynamic a|true -|Default value -m|+++5+++ -|=== - -[[config_db.transaction.timeout]] -.db.transaction.timeout -[cols="<1s,<4"] -|=== -|Description -a|The maximum time interval of a transaction within which it should be completed. -|Valid values -a|db.transaction.timeout, a duration (Valid units are: `ns`, `Îźs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) -|Dynamic a|true -|Default value -m|+++0s+++ -|=== - -[[config_db.transaction.tracing.level]] -.db.transaction.tracing.level -[cols="<1s,<4"] -|=== -|Description -a|Transaction creation tracing level. -|Valid values -a|db.transaction.tracing.level, one of [DISABLED, SAMPLE, ALL] -|Dynamic a|true -|Default value -m|+++DISABLED+++ -|=== - -[[config_db.tx_log.preallocate]] -.db.tx_log.preallocate -[cols="<1s,<4"] -|=== -|Description -a|Specify if Neo4j should try to preallocate logical log file in advance. -|Valid values -a|db.tx_log.preallocate, a boolean -|Dynamic a|true -|Default value -m|+++true+++ -|=== - -[[config_db.tx_log.rotation.retention_policy]] -.db.tx_log.rotation.retention_policy -[cols="<1s,<4"] -|=== -|Description -a|Tell Neo4j how long logical transaction logs should be kept to backup the database.For example, "10 days" will prune logical logs that only contain transactions older than 10 days.Alternatively, "100k txs" will keep the 100k latest transactions from each database and prune any older transactions. -|Valid values -a|db.tx_log.rotation.retention_policy, a string which matches the pattern `^(true{vbar}keep_all{vbar}false{vbar}keep_none{vbar}(\d+[KkMmGg]?( (files{vbar}size{vbar}txs{vbar}entries{vbar}hours{vbar}days))))$` (Must be `true` or `keep_all`, `false` or `keep_none`, or of format ` `. Valid units are `K`, `M` and `G`. Valid types are `files`, `size`, `txs`, `entries`, `hours` and `days`. For example, `100M size` will limit logical log space on disk to 100MB per database,and `200K txs` will limit the number of transactions kept to 200 000 per database.) -|Dynamic a|true -|Default value -m|+++2 days+++ -|=== - -[[config_db.tx_log.rotation.size]] -.db.tx_log.rotation.size -[cols="<1s,<4"] -|=== -|Description -a|Specifies at which file size the logical log will auto-rotate. Minimum accepted value is 128 KiB. -|Valid values -a|db.tx_log.rotation.size, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `128.00KiB` -|Dynamic a|true -|Default value -m|+++256.00MiB+++ -|=== - -[[config_dbms.cypher.render_plan_description]] -.dbms.cypher.render_plan_description -[cols="<1s,<4"] -|=== -|Description -a|If set to `true` a textual representation of the plan description will be rendered on the server for all queries running with `EXPLAIN` or `PROFILE`. This allows clients such as the neo4j browser and Cypher shell to show a more detailed plan description. -|Valid values -a|dbms.cypher.render_plan_description, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_dbms.memory.transaction.total.max]] -.dbms.memory.transaction.total.max -[cols="<1s,<4"] -|=== -|Description -a|Limit the amount of memory that all of the running transactions can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). Zero means 'unlimited'. -|Valid values -a|dbms.memory.transaction.total.max, a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `10.00MiB` or is `0B` -|Dynamic a|true -|Default value -m|+++0B+++ -|=== - -[[config_dbms.routing.client_side.enforce_for_domains]] -.dbms.routing.client_side.enforce_for_domains -[cols="<1s,<4"] -|=== -|Description -a|Always use client side routing (regardless of the default router) for neo4j:// protocol connections to these domains. A comma separated list of domains. Wildcards (*) are supported. -|Valid values -a|dbms.routing.client_side.enforce_for_domains, a ',' separated set with elements of type 'a string'. -|Dynamic a|true -|Default value -m|++++++ -|=== - -[[config_dbms.routing.reads_on_writers_enabled]] -.dbms.routing.reads_on_writers_enabled -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Configure if the `dbms.routing.getRoutingTable()` procedure should include the writer as read endpoint or return only non-writers (non writer primaries and secondaries) Note: writer is returned as read endpoint if no other member is present all. -|Valid values -a|dbms.routing.reads_on_writers_enabled, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_dbms.security.key.name]] -.dbms.security.key.name -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Name of the 256 length AES encryption key, which is used for the symmetric encryption. -|Valid values -a|dbms.security.key.name, a string -|Dynamic a|true -|Default value -m|+++aesKey+++ -|=== - -[[config_dbms.security.keystore.password]] -.dbms.security.keystore.password -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Password for accessing the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption. -|Valid values -a|dbms.security.keystore.password, a secure string -|Dynamic a|true -|=== - -[[config_dbms.security.keystore.path]] -.dbms.security.keystore.path -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Location of the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption of secrets held in system database. -|Valid values -a|dbms.security.keystore.path, a path -|Dynamic a|true -|=== - -[[config_dbms.security.ldap.authentication.attribute]] -.dbms.security.ldap.authentication.attribute -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The attribute to use when looking up users. -Using this setting requires `dbms.security.ldap.authentication.search_for_attribute` to be true and thus `dbms.security.ldap.authorization.system_username` and `dbms.security.ldap.authorization.system_password` to be configured. -|Valid values -a|dbms.security.ldap.authentication.attribute, a string which matches the pattern `[A-Za-z0-9-]*` (has to be a valid LDAP attribute name, only containing letters [A-Za-z], digits [0-9] and hyphens [-].) -|Dynamic a|true -|Default value -m|+++samaccountname+++ -|=== - -[[config_dbms.security.ldap.authentication.user_dn_template]] -.dbms.security.ldap.authentication.user_dn_template -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]LDAP user DN template. An LDAP object is referenced by its distinguished name (DN), and a user DN is an LDAP fully-qualified unique user identifier. This setting is used to generate an LDAP DN that conforms with the LDAP directory's schema from the user principal that is submitted with the authentication token when logging in. The special token {0} is a placeholder where the user principal will be substituted into the DN string. -|Valid values -a|dbms.security.ldap.authentication.user_dn_template, a string which Must be a string containing '{0}' to understand where to insert the runtime authentication principal. -|Dynamic a|true -|Default value -m|+++uid={0},ou=users,dc=example,dc=com+++ -|=== - -[[config_dbms.security.ldap.authorization.access_permitted_group]] -.dbms.security.ldap.authorization.access_permitted_group -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The LDAP group to which a user must belong to get any access to the system.Set this to restrict access to a subset of LDAP users belonging to a particular group. If this is not set, any user to successfully authenticate via LDAP will have access to the PUBLIC role and any other roles assigned to them via <>. -|Valid values -a|dbms.security.ldap.authorization.access_permitted_group, a string -|Dynamic a|true -|Default value -m|++++++ -|=== - -[[config_dbms.security.ldap.authorization.group_membership_attributes]] -.dbms.security.ldap.authorization.group_membership_attributes -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]A list of attribute names on a user object that contains groups to be used for mapping to roles when LDAP authorization is enabled. This setting is ignored when `dbms.ldap_authorization_nested_groups_enabled` is `true`. -|Valid values -a|dbms.security.ldap.authorization.group_membership_attributes, a ',' separated list with elements of type 'a string'. which Can not be empty -|Dynamic a|true -|Default value -m|+++memberOf+++ -|=== - -[[config_dbms.security.ldap.authorization.group_to_role_mapping]] -.dbms.security.ldap.authorization.group_to_role_mapping -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]An authorization mapping from LDAP group names to Neo4j role names. The map should be formatted as a semicolon separated list of key-value pairs, where the key is the LDAP group name and the value is a comma separated list of corresponding role names. For example: group1=role1;group2=role2;group3=role3,role4,role5 -You could also use whitespaces and quotes around group names to make this mapping more readable, for example: ----- -`dbms.security.ldap.authorization.group_to_role_mapping`=\ - "cn=Neo4j Read Only,cn=users,dc=example,dc=com" = reader; \ - "cn=Neo4j Read-Write,cn=users,dc=example,dc=com" = publisher; \ - "cn=Neo4j Schema Manager,cn=users,dc=example,dc=com" = architect; \ - "cn=Neo4j Administrator,cn=users,dc=example,dc=com" = admin ----- -|Valid values -a|dbms.security.ldap.authorization.group_to_role_mapping, a string which must be semicolon separated list of key-value pairs or empty -|Dynamic a|true -|Default value -m|++++++ -|=== - -[[config_dbms.security.ldap.authorization.nested_groups_enabled]] -.dbms.security.ldap.authorization.nested_groups_enabled -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]This setting determines whether multiple LDAP search results will be processed (as is required for the lookup of nested groups). If set to `true` then instead of using attributes on the user object to determine group membership (as specified by `<>`), the `user` object will only be used to determine the user's Distinguished Name, which will subsequently be used with `<>` in order to perform a nested group search. The Distinguished Names of the resultant group search results will be used to determine roles. -|Valid values -a|dbms.security.ldap.authorization.nested_groups_enabled, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_dbms.security.ldap.authorization.nested_groups_search_filter]] -.dbms.security.ldap.authorization.nested_groups_search_filter -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The search template which will be used to find the nested groups which the user is a member of. The filter should contain the placeholder token `{0}` which will be substituted with the user's Distinguished Name (which is found for the specified user principle using `<>`). The default value specifies Active Directory's LDAP_MATCHING_RULE_IN_CHAIN (aka 1.2.840.113556.1.4.1941) implementation which will walk the ancestry of group membership for the specified user. -|Valid values -a|dbms.security.ldap.authorization.nested_groups_search_filter, a string -|Dynamic a|true -|Default value -m|+++(&(objectclass=group)(member:1.2.840.113556.1.4.1941:={0}))+++ -|=== - -[[config_dbms.security.ldap.authorization.user_search_base]] -.dbms.security.ldap.authorization.user_search_base -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The name of the base object or named context to search for user objects when LDAP authorization is enabled. A common case is that this matches the last part of `<>`. -|Valid values -a|dbms.security.ldap.authorization.user_search_base, a string which Can not be empty -|Dynamic a|true -|Default value -m|+++ou=users,dc=example,dc=com+++ -|=== - -[[config_dbms.security.ldap.authorization.user_search_filter]] -.dbms.security.ldap.authorization.user_search_filter -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The LDAP search filter to search for a user principal when LDAP authorization is enabled. The filter should contain the placeholder token {0} which will be substituted for the user principal. -|Valid values -a|dbms.security.ldap.authorization.user_search_filter, a string -|Dynamic a|true -|Default value -m|+++(&(objectClass=*)(uid={0}))+++ -|=== - -[[config_dbms.security.oidc.-provider-.audience]] -.dbms.security.oidc..audience -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Expected values of the Audience (aud) claim in the id token. -|Valid values -a|dbms.security.oidc..audience, a ',' separated list with elements of type 'a string'. which Can not be empty -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.auth_endpoint]] -.dbms.security.oidc..auth_endpoint -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The OIDC authorization endpoint. If this is not supplied Neo4j will attempt to discover it from the well_known_discovery_uri. -|Valid values -a|dbms.security.oidc..auth_endpoint, a URI -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.auth_flow]] -.dbms.security.oidc..auth_flow -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The OIDC flow to use. This is exposed to clients via the discovery endpoint. Supported values are `pkce` and `implicit` -|Valid values -a|dbms.security.oidc..auth_flow, one of [PKCE, IMPLICIT] -|Dynamic a|true -|Default value -m|+++PKCE+++ -|=== - -[[config_dbms.security.oidc.-provider-.auth_params]] -.dbms.security.oidc..auth_params -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Optional additional parameters that the auth endpoint requires. Please use params instead. The map is a semicolon separated list of key-value pairs. For example: `k1=v1;k2=v2`. -|Valid values -a|dbms.security.oidc..auth_params, A simple key value map pattern `k1=v1;k2=v2`. -|Dynamic a|true -|Default value -m|+++{}+++ -|Deprecated -a|The `dbms.security.oidc..auth_params` configuration setting has been deprecated. -|=== - -[[config_dbms.security.oidc.-provider-.authorization.group_to_role_mapping]] -.dbms.security.oidc..authorization.group_to_role_mapping -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]An authorization mapping from IdP group names to Neo4j role names. The map should be formatted as a semicolon separated list of key-value pairs, where the key is the IdP group name and the value is a comma separated list of corresponding role names. For example: group1=role1;group2=role2;group3=role3,role4,role5 -You could also use whitespaces and quotes around group names to make this mapping more readable, for example: ----- -dbms.security.oidc..authorization.group_to_role_mapping=\ - "Neo4j Read Only" = reader; \ - "Neo4j Read-Write" = publisher; \ - "Neo4j Schema Manager" = architect; \ - "Neo4j Administrator" = admin ----- -|Valid values -a|dbms.security.oidc..authorization.group_to_role_mapping, a string which must be semicolon separated list of key-value pairs or empty -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.claims.groups]] -.dbms.security.oidc..claims.groups -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The claim to use as the list of groups in Neo4j. These could be Neo4J roles directly, or can be mapped using dbms.security.oidc..authorization.group_to_role_mapping. -|Valid values -a|dbms.security.oidc..claims.groups, a string -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.claims.username]] -.dbms.security.oidc..claims.username -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The claim to use as the username in Neo4j. This would typically be sub, but in some situations it may be be desirable to use something else such as email. -|Valid values -a|dbms.security.oidc..claims.username, a string -|Dynamic a|true -|Default value -m|+++sub+++ -|=== - -[[config_dbms.security.oidc.-provider-.client_id]] -.dbms.security.oidc..client_id -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Client id needed if token contains multiple Audience (aud) claims. -|Valid values -a|dbms.security.oidc..client_id, a string -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.config]] -.dbms.security.oidc..config -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The accepted values (all optional) are: ----- - principal: in which JWT claim the user's email address is specified, - email is the default. This is the value that will be shown in browser. - code_challenge_method: default is `S256` and it's the only supported method - at this moment. This setting applies only for pkce auth flow - token_type_principal: the options are almost always either access_token, - which is the default, or id_token. - token_type_authentication: the options are almost always either access_token, - which is the default, or id_token. - implicit_flow_requires_nonce: true or false. Defaults to false. ----- -|Valid values -a|dbms.security.oidc..config, A simple key value map pattern `k1=v1;k2=v2`. Valid key options are: `[principal, code_challenge_method, implicit_flow_requires_nonce, token_type_authentication, token_type_principal]`. -|Dynamic a|true -|Default value -m|+++{}+++ -|=== - -[[config_dbms.security.oidc.-provider-.get_groups_from_user_info]] -.dbms.security.oidc..get_groups_from_user_info -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]When turned on, Neo4j gets the groups from the provider user info endpoint. -|Valid values -a|dbms.security.oidc..get_groups_from_user_info, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_dbms.security.oidc.-provider-.get_username_from_user_info]] -.dbms.security.oidc..get_username_from_user_info -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]When turned on, Neo4j gets the username from the provider user info endpoint. -|Valid values -a|dbms.security.oidc..get_username_from_user_info, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_dbms.security.oidc.-provider-.issuer]] -.dbms.security.oidc..issuer -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The expected value of the iss claim in the id token. If this is not supplied Neo4j will attempt to discover it from the well_known_discovery_uri. -|Valid values -a|dbms.security.oidc..issuer, a string -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.jwks_uri]] -.dbms.security.oidc..jwks_uri -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The location of the JWK public key set for the identity provider. If this is not supplied Neo4j will attempt to discover it from the well_known_discovery_uri. -|Valid values -a|dbms.security.oidc..jwks_uri, a URI -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.params]] -.dbms.security.oidc..params -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The map is a semicolon separated list of key-value pairs. For example: `k1=v1;k2=v2`. -The user should at least provide: ----- - client_id: the SSO Idp client idenfifier. - response_type: code if auth_flow is pkce or token for implicit auth_flow. - scope: often containing a subset of 'email profile openid groups'. ----- -For example: `client_id=my-client-id;response_type=code;scope=openid profile email`. -|Valid values -a|dbms.security.oidc..params, A simple key value map pattern `k1=v1;k2=v2`. Required key options are: `[scope, client_id, response_type]`. -|Dynamic a|true -|Default value -m|+++{}+++ -|=== - -[[config_dbms.security.oidc.-provider-.token_endpoint]] -.dbms.security.oidc..token_endpoint -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The OIDC token endpoint. If this is not supplied Neo4j will attempt to discover it from the well_known_discovery_uri. -|Valid values -a|dbms.security.oidc..token_endpoint, a URI -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.token_params]] -.dbms.security.oidc..token_params -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Optional query parameters that the token endpoint requires. The map is a semicolon separated list of key-value pairs. For example: `k1=v1;k2=v2`.If the token endpoint requires a client_secret then this parameter should contain `client_secret=super-secret` -|Valid values -a|dbms.security.oidc..token_params, A simple key value map pattern `k1=v1;k2=v2`. -|Dynamic a|true -|Default value -m|+++{}+++ -|=== - -[[config_dbms.security.oidc.-provider-.user_info_uri]] -.dbms.security.oidc..user_info_uri -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The identity providers user info uri. -|Valid values -a|dbms.security.oidc..user_info_uri, a URI -|Dynamic a|true -|=== - -[[config_dbms.security.oidc.-provider-.well_known_discovery_uri]] -.dbms.security.oidc..well_known_discovery_uri -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]The 'well known' OpenID Connect Discovery endpoint used to fetch identity provider settings. If not provided, `issuer`, `jwks_uri`, `auth_endpoint` should be present. If the auth_flow is pkce, `token_endpoint` should also be provided. -|Valid values -a|dbms.security.oidc..well_known_discovery_uri, a URI -|Dynamic a|true -|=== - -[[config_server.cluster.catchup.connect_randomly_to_server_group]] -.server.cluster.catchup.connect_randomly_to_server_group -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]Comma separated list of groups to be used by the connect-randomly-to-server-group selection strategy. The connect-randomly-to-server-group strategy is used if the list of strategies (`server.cluster.catchup.upstream_strategy`) includes the value `connect-randomly-to-server-group`. -|Valid values -a|server.cluster.catchup.connect_randomly_to_server_group, a ',' separated list with elements of type 'a string identifying a Server Tag'. -|Dynamic a|true -|Default value -m|++++++ -|=== - -[[config_server.databases.default_to_read_only]] -.server.databases.default_to_read_only -[cols="<1s,<4"] -|=== -|Description -a|Whether or not any database on this instance are read_only by default. If false, individual databases may be marked as read_only using server.database.read_only. If true, individual databases may be marked as writable using <>. -|Valid values -a|server.databases.default_to_read_only, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_server.databases.read_only]] -.server.databases.read_only -[cols="<1s,<4"] -|=== -|Description -a|List of databases for which to prevent write queries. Databases not included in this list maybe read_only anyway depending upon the value of <>. -|Valid values -a|server.databases.read_only, a ',' separated set with elements of type 'A valid database name containing only alphabetic characters, numbers, dots and dashes with a length between 3 and 63 characters, starting with an alphabetic character but not with the name 'system''. which Value 'system' can't be included in read only databases collection! -|Dynamic a|true -|Default value -m|++++++ -|=== - -[[config_server.databases.writable]] -.server.databases.writable -[cols="<1s,<4"] -|=== -|Description -a|List of databases for which to allow write queries. Databases not included in this list will allow write queries anyway, unless <> is set to true. -|Valid values -a|server.databases.writable, a ',' separated set with elements of type 'A valid database name containing only alphabetic characters, numbers, dots and dashes with a length between 3 and 63 characters, starting with an alphabetic character but not with the name 'system''. -|Dynamic a|true -|Default value -m|++++++ -|=== - -[[config_server.groups]] -.server.groups -[cols="<1s,<4"] -|=== -|Description -a|label:enterprise-edition[Enterprise only]A list of tag names for the server used when configuring load balancing and replication policies. -|Valid values -a|server.groups, a ',' separated list with elements of type 'a string identifying a Server Tag'. -|Dynamic a|true -|Default value -m|++++++ -|=== - -[[config_server.memory.pagecache.flush.buffer.enabled]] -.server.memory.pagecache.flush.buffer.enabled -[cols="<1s,<4"] -|=== -|Description -a|Page cache can be configured to use a temporal buffer for flushing purposes. It is used to combine, if possible, sequence of several cache pages into one bigger buffer to minimize the number of individual IOPS performed and better utilization of available I/O resources, especially when those are restricted. -|Valid values -a|server.memory.pagecache.flush.buffer.enabled, a boolean -|Dynamic a|true -|Default value -m|+++false+++ -|=== - -[[config_server.memory.pagecache.flush.buffer.size_in_pages]] -.server.memory.pagecache.flush.buffer.size_in_pages -[cols="<1s,<4"] -|=== -|Description -a|Page cache can be configured to use a temporal buffer for flushing purposes. It is used to combine, if possible, sequence of several cache pages into one bigger buffer to minimize the number of individual IOPS performed and better utilization of available I/O resources, especially when those are restricted. Use this setting to configure individual file flush buffer size in pages (8KiB). To be able to utilize this buffer during page cache flushing, buffered flush should be enabled. -|Valid values -a|server.memory.pagecache.flush.buffer.size_in_pages, an integer which is in the range `1` to `512` -|Dynamic a|true -|Default value -m|+++128+++ -|=== - diff --git a/modules/ROOT/pages/reference/index.adoc b/modules/ROOT/pages/reference/index.adoc index 8ec0f52a1..756b97b24 100644 --- a/modules/ROOT/pages/reference/index.adoc +++ b/modules/ROOT/pages/reference/index.adoc @@ -5,8 +5,6 @@ This appendix contains the following topics: -* xref:reference/configuration-settings.adoc[All configuration settings] -* xref:reference/dynamic-settings-reference.adoc[Dynamic configuration settings] * xref:reference/procedures.adoc[Procedures] diff --git a/modules/ROOT/pages/routing-decisions.adoc b/modules/ROOT/pages/routing-decisions.adoc index ade448642..e9b29d684 100644 --- a/modules/ROOT/pages/routing-decisions.adoc +++ b/modules/ROOT/pages/routing-decisions.adoc @@ -2,7 +2,7 @@ [role=enterprise-edition] [[appendix-routing-decisions]] = Query routing decisions -:description: This page describes in detail how queries are routed to databases for execution. +:description: This page describes in detail how queries are routed to databases for execution. Query routing is the process of deciding which Cypher executor (database) should be used and at which physical location the query should be executed. Every query that arrives at a Neo4j server, over the bolt protocol from a driver, undergoes the process described here. @@ -37,12 +37,12 @@ Step 4: Determine the location of execution:: ** and the transaction mode is `READ` *** and the database is hosted on this server, then location is _Local_. *** and the database is hosted on another sever -**** and xref:clustering/setup/routing.adoc#clustering-routing[Server-side routing] is xref:reference/configuration-settings.adoc#config_dbms.routing.enabled[enabled], then location is _Remote_ (using the xref:reference/configuration-settings.adoc#config_server.routing.advertised_address[routing advertised address] of that server). +**** and xref:clustering/setup/routing.adoc#clustering-routing[Server-side routing] is xref:configuration/configuration-settings.adoc#config_dbms.routing.enabled[enabled], then location is _Remote_ (using the xref:configuration/configuration-settings.adoc#config_server.routing.advertised_address[routing advertised address] of that server). **** if not, then fail. ** if the transaction mode is `WRITE` *** and the local server is the leader for the database, then location is _Local_. *** and another server is the leader for the database -**** and xref:clustering/setup/routing.adoc#clustering-routing[Server-side routing] is xref:reference/configuration-settings.adoc#config_dbms.routing.enabled[enabled], then location is _Remote_ (using the xref:reference/configuration-settings.adoc#config_server.routing.advertised_address[routing advertised address] of that server). +**** and xref:clustering/setup/routing.adoc#clustering-routing[Server-side routing] is xref:configuration/configuration-settings.adoc#config_dbms.routing.enabled[enabled], then location is _Remote_ (using the xref:configuration/configuration-settings.adoc#config_server.routing.advertised_address[routing advertised address] of that server). **** and xref:clustering/setup/routing.adoc#clustering-routing[Server-side routing] is _not_ enabled, then fail. * If context type is _Composite_, then location is _Local_ (for this part of the query). * If context type is _External_, then location is _Remote_ (using the xref:manage-databases/remote-alias.adoc[URI and database] given in the configuration). diff --git a/modules/ROOT/pages/security/browser.adoc b/modules/ROOT/pages/security/browser.adoc index a31ae6f7f..f7af3adea 100644 --- a/modules/ROOT/pages/security/browser.adoc +++ b/modules/ROOT/pages/security/browser.adoc @@ -1,13 +1,13 @@ [[security-browser]] = Browser credentials handling -:description: This page explains how to control how credentials are handled in Neo4j Browser. +:description: This page explains how to control how credentials are handled in Neo4j Browser. Neo4j Browser has two mechanisms for avoiding users having to repeatedly enter their Neo4j credentials. This page explains how to control how credentials are handled. First, while the Browser is open in a web browser tab, it ensures that the existing database session is kept alive. This is subject to a timeout. -The timeout is configured in the setting `xref:reference/configuration-settings.adoc#config_browser.credential_timeout[browser.credential_timeout]`. +The timeout is configured in the setting `xref:configuration/configuration-settings.adoc#config_browser.credential_timeout[browser.credential_timeout]`. The timeout is reset whenever there is user interaction with the Browser. Second, the Browser can also cache the user's Neo4j credentials locally. @@ -15,7 +15,7 @@ When credentials are cached, they are stored unencrypted in the web browser's lo If the web browser tab is closed and then re-opened, the session is automatically re-established using the cached credentials. This local storage is also subject to the timeout configured in the setting `browser.credential_timeout`. In addition, caching credentials in browser local storage can be disabled altogether. -To disable credentials caching, set xref:reference/configuration-settings.adoc#config_browser.retain_connection_credentials[`browser.retain_connection_credentials=false`] in the server configuration. +To disable credentials caching, set xref:configuration/configuration-settings.adoc#config_browser.retain_connection_credentials[`browser.retain_connection_credentials=false`] in the server configuration. If the user issues a `:server disconnect` command then any existing session is terminated and the credentials are cleared from local storage. diff --git a/modules/ROOT/pages/security/checklist.adoc b/modules/ROOT/pages/security/checklist.adoc index 324ccc020..a5bbc9d39 100644 --- a/modules/ROOT/pages/security/checklist.adoc +++ b/modules/ROOT/pages/security/checklist.adoc @@ -1,6 +1,6 @@ [[security-checklist]] = Security checklist -:description: This page provides a summary of recommendations regarding post-deploy security in Neo4j. +:description: This page provides a summary of recommendations regarding post-deploy security in Neo4j. The following checklist highlights the specific areas within Neo4j that may need extra attention to ensure the appropriate level of security for your application after Neo4j is deployed. @@ -33,7 +33,7 @@ This ensures that only servers with the specified SSL policy and SSL certificate For more information, see xref:authentication-authorization/ldap-integration.adoc#auth-ldap-encrypted-starttls[Use LDAP with encryption via StartTLS]. . Be on top of the security for custom extensions: .. Validate any custom code you deploy (procedures and unmanaged extensions) and ensure that they do not unintentionally expose any parts of the product or data. -.. Survey the settings `xref:reference/configuration-settings.adoc#config_dbms.security.procedures.unrestricted[dbms.security.procedures.unrestricted]` and `xref:reference/configuration-settings.adoc#config_dbms.security.procedures.allowlist[dbms.security.procedures.allowlist]` to ensure that they exclusively contain intentionally exposed extensions. +.. Survey the settings `xref:configuration/configuration-settings.adoc#config_dbms.security.procedures.unrestricted[dbms.security.procedures.unrestricted]` and `xref:configuration/configuration-settings.adoc#config_dbms.security.procedures.allowlist[dbms.security.procedures.allowlist]` to ensure that they exclusively contain intentionally exposed extensions. . Make sure you have the xref:configuration/file-locations.adoc#file-locations-permissions[correct file permissions] on the Neo4j files. . Protect against the execution of unauthorized extensions by restricting access to the _bin_, _lib_, and _plugins_ directories. Only the operating system user that Neo4j runs as should have permissions to those files. @@ -41,7 +41,7 @@ Refer to xref:configuration/file-locations.adoc#file-locations-permissions[File . With `LOAD CSV` enabled, ensure that it does not allow unauthorized users to import data. How to configure `LOAD CSV` is described in link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/clauses/load-csv[Cypher Manual -> `LOAD CSV`]. . Use Neo4j authentication. -The setting `xref:reference/configuration-settings.adoc#config_dbms.security.auth_enabled[dbms.security.auth_enabled]` controls native authentication. +The setting `xref:configuration/configuration-settings.adoc#config_dbms.security.auth_enabled[dbms.security.auth_enabled]` controls native authentication. The default value is `true`. . Survey your xref:configuration/neo4j-conf.adoc#neo4j-conf-JVM[JVM-specific configuration settings] in the _neo4j.conf_ file for ports relating to deprecated functions, such as remote JMX (controlled by the parameter setting `dbms.jvm.additional=-Dcom.sun.management.jmxremote.port=3637`). . Review xref:security/browser.adoc[Browser credentials handling] to determine whether the default credentials handling in Neo4j Browser complies with your security regulations. diff --git a/modules/ROOT/pages/security/securing-extensions.adoc b/modules/ROOT/pages/security/securing-extensions.adoc index 5f139bbe9..d3e001054 100644 --- a/modules/ROOT/pages/security/securing-extensions.adoc +++ b/modules/ROOT/pages/security/securing-extensions.adoc @@ -13,7 +13,7 @@ Allow listing can be used to allow the loading of only a few extensions from a l It is recommended to load extensions using the principle of least privilege. This principle dictates that you only load the procedures and functions necessary to execute your queries. -The configuration setting xref:reference/configuration-settings.adoc#config_dbms.security.procedures.allowlist[`dbms.security.procedures.allowlist`] is used to name certain procedures and functions that should be available from a library. +The configuration setting xref:configuration/configuration-settings.adoc#config_dbms.security.procedures.allowlist[`dbms.security.procedures.allowlist`] is used to name certain procedures and functions that should be available from a library. It defines a comma-separated list of procedures and functions that are to be loaded. The list may contain both fully qualified procedure names, and partial names with the wildcard `*`. @@ -49,8 +49,8 @@ There are a few things that should be noted about `dbms.security.procedures.allo For security reasons, procedures and functions that use internal APIs are disabled by default. In this case, it is also recommended to use the principle of least privilege and only unrestrict those procedures and functions which you are certain to use. -Procedures and functions can be unrestricted using the configuration setting xref:reference/configuration-settings.adoc#config_dbms.security.procedures.unrestricted[`dbms.security.procedures.unrestricted`]. -It defines a comma-separated list of procedures and functions that are to be unrestricted. +Procedures and functions can be unrestricted using the configuration setting xref:configuration/configuration-settings.adoc#config_dbms.security.procedures.unrestricted[`dbms.security.procedures.unrestricted`]. +It defines a comma-separated list of procedures and functions that are to be unrestricted. The list may contain both fully qualified procedure and function names, and partial names with the wildcard (`*`) expression. .Unrestricting diff --git a/modules/ROOT/pages/security/ssl-framework.adoc b/modules/ROOT/pages/security/ssl-framework.adoc index 87f08c7f1..0963f5283 100644 --- a/modules/ROOT/pages/security/ssl-framework.adoc +++ b/modules/ROOT/pages/security/ssl-framework.adoc @@ -1,7 +1,7 @@ :description: How to set up SSL within your environment, how to view, validate, and test the certificates. [[ssl-framework]] = SSL framework -:description: Describes how to set up SSL within your environment, how to view, validate, and test the certificates. +:description: Describes how to set up SSL within your environment, how to view, validate, and test the certificates. The SSL framework provides support for securing the following Neo4j communication channels using standard SSL/TLS technology: @@ -10,7 +10,7 @@ The SSL framework provides support for securing the following Neo4j communicatio * `cluster` (ports - `5000`, `6000`, and `7000`) * `backups` (port - `6362`) -This page describes how to set up SSL within your environment, how to view, validate, and test the certificates. +This page describes how to set up SSL within your environment, how to view, validate, and test the certificates. [[ssl-providers]] == SSL providers @@ -30,7 +30,7 @@ See table below. ==== - Using non static versions of tcnative will require installation of platform-specific OpenSSL dependencies as described in https://netty.io/wiki/forked-tomcat-native.html. -- Set `xref:reference/configuration-settings.adoc#config_dbms.netty.ssl.provider[dbms.netty.ssl.provider]=OPENSSL`. +- Set `xref:configuration/configuration-settings.adoc#config_dbms.netty.ssl.provider[dbms.netty.ssl.provider]=OPENSSL`. - Restart Neo4j. Most supported versions of Neo4j use Netty 4.1.77.Final, which requires tcnative 2.0.52. diff --git a/modules/ROOT/pages/tools/neo4j-admin/consistency-checker.adoc b/modules/ROOT/pages/tools/neo4j-admin/consistency-checker.adoc index d334c0f9e..c3db7fc9a 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/consistency-checker.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/consistency-checker.adoc @@ -107,11 +107,11 @@ Value can be plain numbers, like `10000000` or e.g. `20G` for 20 gigabytes, or e |--from-path-data= |Path to the databases directory, containing the database directory to source from. -| xref:reference/configuration-settings.adoc#config_server.directories.data, [`server.directories.data`]/databases +| xref:configuration/configuration-settings.adoc#config_server.directories.data, [`server.directories.data`]/databases |--from-path-txn= |Path to the transactions directory, containing the transaction directory for the database to source from. -| xref:reference/configuration-settings.adoc#config_server.directories.transaction.logs.root[`server.directories.transaction.logs.root`] +| xref:configuration/configuration-settings.adoc#config_server.directories.transaction.logs.root[`server.directories.transaction.logs.root`] |--from-path= |Path to directory containing dump/backup artifacts to check the consistency of. diff --git a/modules/ROOT/pages/tools/neo4j-admin/migrate-database.adoc b/modules/ROOT/pages/tools/neo4j-admin/migrate-database.adoc index 27c1fce1f..b9b3bda53 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/migrate-database.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/migrate-database.adoc @@ -10,7 +10,7 @@ As of Neo4j 5, the store format of a database is versioned with the `MAJOR.MINOR An upgrade to the latest `MINOR` format version is an automatic operation performed on database startup. A migration to a higher `MAJOR` format version or another format is a manual action performed with the `migrate` command. -The store format for new databases can be set with the xref:reference/configuration-settings.adoc#config_db.format[`db.format`] configuration setting. +The store format for new databases can be set with the xref:configuration/configuration-settings.adoc#config_db.format[`db.format`] configuration setting. == Syntax diff --git a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc index e0e15d926..9c21f03f8 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc @@ -991,7 +991,7 @@ Special considerations for temporal data types:: The format for all temporal data types must be defined as described in link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/values-and-types/temporal/#cypher-temporal-instants[Cypher Manual -> Temporal instants syntax] and link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/values-and-types/temporal/#cypher-temporal-durations[Cypher Manual -> Durations syntax]. Two of the temporal types, _Time_ and _DateTime_, take a time zone parameter that might be common between all or many of the values in the data file. It is therefore possible to specify a default time zone for _Time_ and _DateTime_ values in the header, for example: `time{timezone:+02:00}` and: `datetime{timezone:Europe/Stockholm}`. -If no default time zone is specified, the default timezone is determined by the xref:/reference/configuration-settings.adoc#config_db.temporal.timezone[`db.temporal.timezone`] configuration setting. +If no default time zone is specified, the default timezone is determined by the xref:/configuration/configuration-settings.adoc#config_db.temporal.timezone[`db.temporal.timezone`] configuration setting. The default time zone can be explicitly overridden in the values in the data file. + .Property format for temporal data types diff --git a/modules/ROOT/pages/tools/neo4j-admin/unbind.adoc b/modules/ROOT/pages/tools/neo4j-admin/unbind.adoc index c90a98e25..3020bf291 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/unbind.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/unbind.adoc @@ -79,7 +79,7 @@ This may lead to having orphaned database stores on this server. === Turn a cluster member into a standalone server -To start the Neo4j server in single (standalone) mode after unbinding it from the cluster, verify that xref:reference/configuration-settings.adoc#config_initial.server.mode_constraint[`initial.server.mode_constraint`] is set to `NONE` in xref:configuration/neo4j-conf.adoc[The neo4j.conf file]. +To start the Neo4j server in single (standalone) mode after unbinding it from the cluster, verify that xref:configuration/configuration-settings.adoc#config_initial.server.mode_constraint[`initial.server.mode_constraint`] is set to `NONE` in xref:configuration/neo4j-conf.adoc[The neo4j.conf file]. === Archive cluster state diff --git a/modules/ROOT/pages/tutorial/tutorial-immutable-privileges.adoc b/modules/ROOT/pages/tutorial/tutorial-immutable-privileges.adoc index d9cb87838..75c22932e 100644 --- a/modules/ROOT/pages/tutorial/tutorial-immutable-privileges.adoc +++ b/modules/ROOT/pages/tutorial/tutorial-immutable-privileges.adoc @@ -1,7 +1,7 @@ [role=enterprise-edition] [[tutorial-immutable-privileges]] = Administering immutable privileges -:description: This tutorial describes methods for administering immutable privileges. +:description: This tutorial describes methods for administering immutable privileges. This tutorial describes how to administer immutable privileges, which are useful assets for restricting the actions of users who themselves are able to administer privileges. They offer a way to prevent such users from simply removing any restrictions by using their link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/administration/access-control/dbms-administration#access-control-dbms-administration-privilege-management[privilege management] privileges. @@ -17,7 +17,7 @@ This should only be performed when you have other means of preventing access to When auth is disabled, immutable privileges can be added and removed in the same way as regular privileges. To do so, follow these steps: -. Change the config setting xref:reference/configuration-settings.adoc#config_dbms.security.auth_enabled[`dbms.security.auth_enabled`] to `false`. +. Change the config setting xref:configuration/configuration-settings.adoc#config_dbms.security.auth_enabled[`dbms.security.auth_enabled`] to `false`. . Restart the Neo4j DBMS. . Create or remove immutable privileges in the same way as regular privileges using the keyword `IMMUTABLE`. For example: @@ -26,7 +26,7 @@ For example: DENY IMMUTABLE DATABASE MANAGEMENT ON DBMS TO PUBLIC ---- [start=4] -. Change the config setting xref:reference/configuration-settings.adoc#config_dbms.security.auth_enabled[`dbms.security.auth_enabled`] to `true`. +. Change the config setting xref:configuration/configuration-settings.adoc#config_dbms.security.auth_enabled[`dbms.security.auth_enabled`] to `true`. . Restart the Neo4j DBMS. . Observe that the following immutable privileges are now in place: diff --git a/modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc b/modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc index 6f61524ce..450572b56 100644 --- a/modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc +++ b/modules/ROOT/pages/tutorial/tutorial-sso-configuration.adoc @@ -1,11 +1,11 @@ [role=enterprise-edition] [[tutorial-sso-configuration]] = Neo4j Single Sign-On (SSO) configuration -:description: Detailed examples of how to configure Single Sign-On (SSO) for several identity providers. It also presents frequently asked questions and solutions to common problems encountered when configuring SSO. +:description: Detailed examples of how to configure Single Sign-On (SSO) for several identity providers. It also presents frequently asked questions and solutions to common problems encountered when configuring SSO. Neo4j supports SSO authentication and authorization through identity providers implementing the OpenID Connect (OIDC) standard. -This page features detailed examples of how to configure Single Sign-On (SSO) for several identity providers. -It also presents frequently asked questions and solutions to common problems encountered when configuring SSO. +This page features detailed examples of how to configure Single Sign-On (SSO) for several identity providers. +It also presents frequently asked questions and solutions to common problems encountered when configuring SSO. [NOTE] ==== @@ -27,10 +27,10 @@ SSO works in the following way: [IMPORTANT] ==== JWTs must *always* contain a value for `sub` even when using a different claim for `username`. -It is the only claim guaranteed to be unique and stable. +It is the only claim guaranteed to be unique and stable. Other claims, such as `email` or `preferred_username` are less secure and may change over time. They should *not* be used for authentication. -Neo4j may assign permissions to a user based on this username value in a hybrid authorization configuration. +Neo4j may assign permissions to a user based on this username value in a hybrid authorization configuration. Thus, changing the username claim from `sub` is not recommended. ==== @@ -174,7 +174,7 @@ dbms.security.oidc.azure.config=token_type_principal=id_token;token_type_authent + [IMPORTANT] ==== -`sub` is the only claim guaranteed to be unique and stable. +`sub` is the only claim guaranteed to be unique and stable. For details, see https://learn.microsoft.com/en-us/azure/active-directory/develop/id-tokens#using-claims-to-reliably-identify-a-user-subject-and-object-id[Microsoft documentation] as well as the https://openid.net/specs/openid-connect-core-1_0.html#ClaimStability[OpenId spec]. ==== + @@ -189,21 +189,21 @@ Decide whether you want to use Azure AD Groups directly or Azure App Roles. Using AD Groups directly might be convenient if you already have users assigned to relevant AD Groups and want to perform Group-to-Role mapping in Neo4j settings. -Azure App Roles allow a layer of separation between Neo4j roles and AD Groups. -When App Roles are used, only the roles relevant to Neo4j are sent in the JWT token. -This prevents leaking permissions between applications. +Azure App Roles allow a layer of separation between Neo4j roles and AD Groups. +When App Roles are used, only the roles relevant to Neo4j are sent in the JWT token. +This prevents leaking permissions between applications. JWT tokens also have a limitation of 200 roles per token per user, which can be avoided by sending only the relevant App Roles. Details about Azure App Roles can be found in the https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps[Microsoft documentation]. ==== Using Azure AD Groups directly -. Configure the server to return the AD Group Object IDs in the JWT identity tokens. +. Configure the server to return the AD Group Object IDs in the JWT identity tokens. To do this, set `groupMembershipClaims` to `SecurityGroup` in the Manifest of the registered application: + image::sso-configuration-tutorials/oidc-azure-server-claims.png[title="Azure OIDC server claims"] -. Create groups in the Azure AD console and assign users to them. +. Create groups in the Azure AD console and assign users to them. Take note of the Object Id column. In the next step, you must map these to user roles in the Neo4j settings. + @@ -232,7 +232,7 @@ dbms.security.oidc.azure.claims.groups=groups + image::sso-configuration-tutorials/oidc-azure-app-roles.png[title="Azure OIDC app roles config"] -. The *Value* column in the App roles config must either correspond to Neo4j Roles or be mapped in the _neo4j.conf_ file. +. The *Value* column in the App roles config must either correspond to Neo4j Roles or be mapped in the _neo4j.conf_ file. For details, see xref:authentication-authorization/sso-integration.adoc#auth-sso-map-idp-roles[Map the Identity Provider Groups to the Neo4j Roles]. + [source, properties] @@ -331,11 +331,11 @@ Neo4j Browser will try to reconnect and reflect the changed permissions faster t While setting up an OIDC integration, it is sometimes necessary to perform troubleshooting. In these cases, it can be useful to view the claims contained in the JWT supplied by the identity provider. -To enable the logging of these claims at `DEBUG` level in the security log, set xref:reference/configuration-settings.adoc#config_dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled[dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled] to `true` and the security log level to `DEBUG`. +To enable the logging of these claims at `DEBUG` level in the security log, set xref:configuration/configuration-settings.adoc#config_dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled[dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled] to `true` and the security log level to `DEBUG`. [WARNING] ==== -Make sure to set xref:reference/configuration-settings.adoc#config_dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled[dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled] back to `false` for production environments to avoid unwanted logging of potentially sensitive information. +Make sure to set xref:configuration/configuration-settings.adoc#config_dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled[dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled] back to `false` for production environments to avoid unwanted logging of potentially sensitive information. Also, bear in mind that the set of claims provided by an identity provider in the JWT can change over time. ==== From 743f31f8ca84609a49f8c551d0113fb91b032ed8 Mon Sep 17 00:00:00 2001 From: emmaholmbergohlsson Date: Mon, 15 May 2023 14:07:39 +0200 Subject: [PATCH 266/876] Store copy migration info (#769) We used to have this information, but it seems to have been lost at some point --- modules/ROOT/pages/backup-restore/copy-database.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/backup-restore/copy-database.adoc b/modules/ROOT/pages/backup-restore/copy-database.adoc index 75f0c9e20..5ecf260b2 100644 --- a/modules/ROOT/pages/backup-restore/copy-database.adoc +++ b/modules/ROOT/pages/backup-restore/copy-database.adoc @@ -3,7 +3,7 @@ [[copy-database]] = Copy a database store -You can use the `neo4j-admin database copy` command to copy a database, create a compacted/defragmented copy of a database, or clean up database inconsistencies. +You can use the `neo4j-admin database copy` command to copy a database, create a compacted/defragmented copy of a database, clean up database inconsistencies, or do a direct migration from Neo4j 4.4 to any 5.x version. `neo4j-admin database copy` reclaims the unused space, creates a defragmented copy of the _data store_, and creates the node label and relationship type lookup indexes. Any additional _schema_ (indexes and constraints) defined are not included. However, the command will output Cypher statements, which you can run to recreate the indexes and constraints. From d02b1118cb29dee98f9f9514aaa6bc8e7b37d18f Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Tue, 16 May 2023 15:45:38 +0200 Subject: [PATCH 267/876] Updating config description for clarity (#781) (#784) As requested. --------- Cherry-picked from https://github.com/neo4j/docs-operations/pull/781 Co-authored-by: Reneta Popova --- modules/ROOT/pages/configuration/configuration-settings.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/configuration/configuration-settings.adoc b/modules/ROOT/pages/configuration/configuration-settings.adoc index 698f53c16..a1adad961 100644 --- a/modules/ROOT/pages/configuration/configuration-settings.adoc +++ b/modules/ROOT/pages/configuration/configuration-settings.adoc @@ -3872,7 +3872,7 @@ a|dbms.security.oidc..well_known_discovery_uri, a URI [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] |=== |Description -a|A list of procedures (comma separated) that are to be loaded. The list may contain both fully-qualified procedure names, and partial names with the wildcard `*`. If this setting is left empty no procedures will be loaded. +a|A list of procedures (comma separated) that are to be loaded. The list may contain both fully-qualified procedure names, and partial names with the wildcard `*`. The default (`*`) loads all procedures. If no value is specified, no procedures will be loaded. |Valid values a|dbms.security.procedures.allowlist, a ',' separated list with elements of type 'a string'. |Default value From a000b4daf077431e5cb5aee44b392e3bc58f78c0 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Tue, 16 May 2023 15:37:07 +0100 Subject: [PATCH 268/876] Update the version to 5.9 (#788) --- antora.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/antora.yml b/antora.yml index eabbfa657..4465eb672 100644 --- a/antora.yml +++ b/antora.yml @@ -7,7 +7,7 @@ nav: asciidoc: attributes: neo4j-version: '5' - neo4j-version-minor: '5.8' - neo4j-version-exact: '5.8.0' - neo4j-buildnumber: '5.8' - neo4j-debian-package-version: '1:5.8.0@' + neo4j-version-minor: '5.9' + neo4j-version-exact: '5.9.0' + neo4j-buildnumber: '5.9' + neo4j-debian-package-version: '1:5.9.0@' From c0b59fddf3e7e97a05f5f48f7750a2bec833c92c Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Tue, 16 May 2023 15:38:28 +0100 Subject: [PATCH 269/876] Update ssl-framework.adoc (#778) (#786) I think we should mention to include the certificate chain in the `public.crt` file for clients to be able to verify them properly. --------- Cherry-picked from #778 Co-authored-by: Ali Ince --- modules/ROOT/pages/security/ssl-framework.adoc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/security/ssl-framework.adoc b/modules/ROOT/pages/security/ssl-framework.adoc index 0963f5283..310b3425b 100644 --- a/modules/ROOT/pages/security/ssl-framework.adoc +++ b/modules/ROOT/pages/security/ssl-framework.adoc @@ -96,7 +96,8 @@ xsUBvcQuyxewlvWRS18YB51J+yu0Xg== -----END CERTIFICATE----- ---- -The instructions on this page assume that you have already obtained the required certificates from the CA. +The instructions on this page assume that you have already obtained the required certificates from the CA and added them to the _public.crt_ file. +To achieve this, you should concatenate each PEM-encoded certificate, starting from the leaf certificate and moving up the chain toward the root. [TIP] ==== From e910895ac208dcb8d79b6d9a5bdc351db9592690 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 17 May 2023 11:48:36 +0100 Subject: [PATCH 270/876] Defaults --strict option in import to false (#792) --- modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc index 9c21f03f8..210b62a14 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc @@ -298,7 +298,7 @@ Skipped nodes will be logged, containing at most the number of entities specifie |Whether or not the lookup of nodes referred to from relationships needs to be checked strict. If disabled, most but not all relationships referring to non-existent nodes will be detected. If enabled all those relationships will be found but at the cost of lower performance. -|true +|false |--threads= | (advanced) Max number of worker threads used by the importer. Defaults to the number of available processors reported by the JVM. There is a certain amount of minimum threads needed so for that reason there is no lower bound for this value. For optimal @@ -673,7 +673,7 @@ For semi-online incremental import run `prepare` (on a stopped database) followe |Whether or not the lookup of nodes referred to from relationships needs to be checked strict. If disabled, most but not all relationships referring to non-existent nodes will be detected. If enabled all those relationships will be found but at the cost of lower performance. -|true +|false |--threads= | (advanced) Max number of worker threads used by the importer. Defaults to the number of available processors reported by the JVM. There is a certain amount of minimum threads needed so for that reason there is no lower bound for this value. For optimal From ab6bceba98230ad15ebd8732ac9b97a8f7038d10 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 17 May 2023 11:48:46 +0100 Subject: [PATCH 271/876] Document db.logs.query.annotation_data_as_json_enabled (#790) --- .../configuration/configuration-settings.adoc | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/modules/ROOT/pages/configuration/configuration-settings.adoc b/modules/ROOT/pages/configuration/configuration-settings.adoc index a1adad961..dde453e4b 100644 --- a/modules/ROOT/pages/configuration/configuration-settings.adoc +++ b/modules/ROOT/pages/configuration/configuration-settings.adoc @@ -1874,6 +1874,22 @@ m|+++5+++ == Logging settings +[[config_db.logs.query.annotation_data_as_json_enabled]] +=== `db.logs.query.annotation_data_as_json_enabled` + +label:dynamic[Dynamic] + +.db.logs.query.annotation_data_as_json_enabled +[frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] +|=== +|Description +a|Log the annotation data as JSON strings instead of a Cypher map. This configuration has an effect only when the query log is in JSON format. +|Valid values +a|db.logs.query.annotation_data_as_json_enabled, a boolean +|Default value +m|+++false+++ +|=== + [[config_db.logs.query.early_raw_logging_enabled]] === `db.logs.query.early_raw_logging_enabled` From cdca71a555f677726470a851e49b8c608c44c192 Mon Sep 17 00:00:00 2001 From: Stefano Ottolenghi Date: Mon, 22 May 2023 12:27:23 +0200 Subject: [PATCH 272/876] Polish server side routing information. (#779) From Petr, > The fact that server-side-routing uses Java driver is an internal detail. One cluster member forwards the query to another cluster member. The fact that it uses Java driver to do that is an implementation detail. that's the reason for the change in the first sentence. Sister PR: https://github.com/neo4j/docs-operations/pull/780 --- modules/ROOT/pages/clustering/setup/routing.adoc | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/modules/ROOT/pages/clustering/setup/routing.adoc b/modules/ROOT/pages/clustering/setup/routing.adoc index 1173b3e0f..e3eaca57f 100644 --- a/modules/ROOT/pages/clustering/setup/routing.adoc +++ b/modules/ROOT/pages/clustering/setup/routing.adoc @@ -38,14 +38,14 @@ Additionally, Neo4j automatically transfers database leaderships away from insta [[clustering-routing]] == Server-side routing -Server-side routing is a complement to the client-side routing, performed by a Neo4j Driver. +Server-side routing is a complement to the client-side routing. In a cluster deployment of Neo4j, Cypher queries may be directed to a cluster member that is unable to run the given queries. With server-side routing enabled, such queries are rerouted internally to a cluster member that is expected to be able to run them. This situation can occur for write-transaction queries when they address a database for which the receiving cluster member is not the leader. The cluster role for cluster members is per database. -Thus, if a write-transaction query is sent to a cluster member that is not the leader for the specified database (specified either via the Bolt Protocol or by the Cypher syntax: link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/clauses/use[`USE` clause]), server-side routing is performed if properly configured. +Thus, if a write-transaction query is sent to a cluster member that is not the leader for the specified database (specified either via the link:{neo4j-docs-base-uri}/bolt/current/bolt[Bolt Protocol] or with Cypher link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/clauses/use[`USE` clause]), server-side routing is performed if properly configured. Server-side routing is enabled by the DBMS, by setting xref:configuration/configuration-settings.adoc#config_dbms.routing.enabled[`dbms.routing.enabled=true`] for each cluster member. The listen address (xref:configuration/configuration-settings.adoc#config_server.routing.listen_address[`server.routing.listen_address`]) and advertised address (xref:configuration/configuration-settings.adoc#config_server.routing.advertised_address[`server.routing.advertised_address`]) also need to be configured for server-side routing communication. @@ -109,7 +109,7 @@ The HTTP-API of each member benefits from these settings automatically. Server-side routing connector configuration:: -Rerouted queries are communicated over the link:https://7687.org[Bolt Protocol] using a designated communication channel. +Rerouted queries are communicated over the link:{neo4j-docs-base-uri}/bolt/current/bolt[Bolt Protocol] using a designated communication channel. The receiving end of the communication is configured using the following settings: + * xref:configuration/configuration-settings.adoc#config_dbms.routing.enabled[`dbms.routing.enabled`] @@ -120,12 +120,8 @@ Server-side routing driver configuration:: Server-side routing uses the Neo4j Java driver to connect to other cluster members. This driver is configured with settings of the format: + -* <> -+ -[NOTE] -==== -The configuration options described in _Configuration_ in the link:{neo4j-docs-base-uri}[Neo4j Driver manuals] have an equivalent in the server-side routing configuration. -==== +* link:{neo4j-docs-base-uri}/operations-manual/current/configuration/configuration-settings/#config_dbms.routing.driver.connection.connect_timeout[`dbms.routing.driver.`] +// the settings list doesn't have a drivers section, so the link above is to the _first_ driver setting in the big list Server-side routing encryption:: Encryption of server-side routing communication is configured by the cluster SSL policy. From a1248ef45182c76de610613132fda2a16830e0ad Mon Sep 17 00:00:00 2001 From: Jack Waudby <33488812+jackwaudby@users.noreply.github.com> Date: Mon, 22 May 2023 16:30:14 +0100 Subject: [PATCH 273/876] Creating a database without specifying topology (#797) Adds a note on what allocation numbers are used if `TOPOLOGY` is not set. --------- Co-authored-by: Reneta Popova --- modules/ROOT/pages/clustering/databases.adoc | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/ROOT/pages/clustering/databases.adoc b/modules/ROOT/pages/clustering/databases.adoc index 9d1cca691..4b8c7e46a 100644 --- a/modules/ROOT/pages/clustering/databases.adoc +++ b/modules/ROOT/pages/clustering/databases.adoc @@ -22,6 +22,13 @@ The command can only be executed successfully if the cluster's servers are able If they are not, the command results in an error. For example, if the cluster's servers are set up with mode constraints to contain two primaries and three secondaries, or if only four servers exist, the command fails with an error. +[NOTE] +==== +If `TOPOLOGY` is not specified, the database is created according to `initial.dbms.default_primaries_count` and `initial.dbms.default_secondaries_count` specified in _neo4j.conf_. +After cluster startup, these values can be overwritten using the `dbms.setDefaultAllocationNumbers` procedure. +==== + + [[alter-topology]] == `ALTER DATABASE` From dc3cbf2f8e35373d74c0df37e7b039544f94892f Mon Sep 17 00:00:00 2001 From: Nick Giles <100630647+nick-giles-neo@users.noreply.github.com> Date: Tue, 23 May 2023 11:02:45 +0100 Subject: [PATCH 274/876] Clarify that you should put all cluster members in list of discovery endpoints (#802) Co-authored-by: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> --- modules/ROOT/pages/clustering/setup/deploy.adoc | 3 ++- modules/ROOT/pages/configuration/configuration-settings.adoc | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/clustering/setup/deploy.adoc b/modules/ROOT/pages/clustering/setup/deploy.adoc index 2b2c5f758..d655fad39 100644 --- a/modules/ROOT/pages/clustering/setup/deploy.adoc +++ b/modules/ROOT/pages/clustering/setup/deploy.adoc @@ -21,7 +21,8 @@ In the typical case, this should be set to the fully qualified domain name or th | The address or network interface this machine uses to listen for incoming messages. Setting this value to `0.0.0.0` makes Neo4j bind to all available network interfaces. | xref:configuration/configuration-settings.adoc#config_dbms.cluster.discovery.endpoints[`dbms.cluster.discovery.endpoints`] -| This setting contains the network for at least one server in the cluster and must be set to the same value on all cluster members. +| The discovery network address for all the members of the cluster, including this server. +The setting must be set to the same value on all cluster members. The behavior of this setting can be modified by configuring the setting `dbms.cluster.discovery.resolver_type`. This is described in detail in xref:clustering/setup/discovery.adoc[]. | <> diff --git a/modules/ROOT/pages/configuration/configuration-settings.adoc b/modules/ROOT/pages/configuration/configuration-settings.adoc index dde453e4b..6cdc12a67 100644 --- a/modules/ROOT/pages/configuration/configuration-settings.adoc +++ b/modules/ROOT/pages/configuration/configuration-settings.adoc @@ -291,7 +291,8 @@ label:enterprise-edition[Enterprise Edition] [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] |=== |Description -a|A comma-separated list of endpoints which a server should contact in order to discover other cluster members. +a|A comma-separated list of endpoints which a server should contact in order to discover other cluster members. +Typically, all members of the cluster, including the current server, should be specified in this list. |Valid values a|dbms.cluster.discovery.endpoints, a ',' separated list with elements of type 'a socket address in the format 'hostname:port', 'hostname' or ':port''. |=== From 770bc80e1587473b39c1151e44eb5fbe6d8ca5bd Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Tue, 23 May 2023 11:22:55 +0100 Subject: [PATCH 275/876] Invalid NEO4J_PLUGINS values now produces a helpful error message (#793) --- modules/ROOT/pages/docker/operations.adoc | 75 ++++++++++++++--------- 1 file changed, 46 insertions(+), 29 deletions(-) diff --git a/modules/ROOT/pages/docker/operations.adoc b/modules/ROOT/pages/docker/operations.adoc index 3fa338ce1..9a714f588 100644 --- a/modules/ROOT/pages/docker/operations.adoc +++ b/modules/ROOT/pages/docker/operations.adoc @@ -58,7 +58,6 @@ docker run --interactive --tty --rm \ --publish=7474:7474 --publish=7687:7687 \ --volume=$HOME/neo4j/data:/data \ --volume=$HOME/neo4j/import:/import \ - --user="$(id -u):$(id -g)" \ neo4j:{neo4j-version-exact} \ neo4j-admin database import full --nodes=Movies=/import/movies_header.csv,/import/movies.csv \ --nodes=Actors=/import/actors_header.csv,/import/actors.csv \ @@ -118,7 +117,6 @@ The following is an example of how to use the `cypher-shell` command to retrieve docker run --interactive --tty --name \ --publish=7474:7474 --publish=7687:7687 \ --volume=$HOME/neo4j/data:/data \ - --user="$(id -u):$(id -g)" \ neo4j:{neo4j-version-exact} ---- @@ -180,7 +178,7 @@ match (n:Actors)-[r]->(m:Movies) return n.name AS Actors, m.title AS Movies, m.y .Invoke `cypher-shell` with the `--file` option [source, shell, subs="attributes"] ---- -# Put the example.cypher file in the local folder ./examples. +# Put the example.cypher file in the local folder ./examples. # Start a Neo4j container and mount the ./examples folder inside the container: @@ -199,7 +197,7 @@ docker exec --interactive --tty cypher-shell -u neo4j -p Date: Wed, 24 May 2023 12:30:39 +0200 Subject: [PATCH 276/876] Bring incremental import command docs in sync with Neo4j help output. (#808) --- .../tools/neo4j-admin/neo4j-admin-import.adoc | 45 ++++++++++--------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc index 210b62a14..fed0109e7 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc @@ -67,7 +67,7 @@ neo4j-admin database import full [-h] [--expand-commands] [--verbose] [--auto-sk [--legacy-style-quoting[=true|false]] [--multiline-fields[=true|false]] [--normalize-types[=true|false]] [--overwrite-destination[=true|false]] [--skip-bad-entries-logging[=true|false]] [--skip-bad-relationships[=true|false]] - [--skip-duplicate-nodes[=true|false]] [--strict[=]] [--trim-strings + [--skip-duplicate-nodes[=true|false]] [--strict[=true|false]] [--trim-strings [=true|false]] [--additional-config=] [--array-delimiter=] [--bad-tolerance=] [--delimiter=] [--format=] [--high-parallel-io=on|off|auto] [--id-type=string|integer|actual] @@ -294,7 +294,7 @@ In the event of multiple nodes within the same group having the same ID, the fir Skipped nodes will be logged, containing at most the number of entities specified by `--bad-tolerance`, unless otherwise specified by the `--skip-bad-entries-logging` option. |false -|--strict[=] +|--strict[=true\|false] |Whether or not the lookup of nodes referred to from relationships needs to be checked strict. If disabled, most but not all relationships referring to non-existent nodes will be detected. If enabled all those relationships will be found but at the cost of lower performance. @@ -424,13 +424,14 @@ neo4j-admin database import incremental [-h] [--expand-commands] --force [--verb [=true|false]] [--legacy-style-quoting[=true|false]] [--multiline-fields [=true|false]] [--normalize-types[=true|false]] [--skip-bad-entries-logging [=true|false]] [--skip-bad-relationships[=true|false]] [--skip-duplicate-nodes - [=true|false]] [--strict[=]] [--trim-strings[=true|false]] + [=true|false]] [--strict[=true|false]] [--trim-strings[=true|false]] [--additional-config=] [--array-delimiter=] [--bad-tolerance=] [--delimiter=] [--high-parallel-io=on|off|auto] [--id-type=string|integer|actual] [--input-encoding=] [--max-off-heap-memory=] [--quote=] [--read-buffer-size=] [--report-file=] [--stage=all|prepare|build|merge] [--threads=] - --nodes=[
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=nodemon&package-manager=npm_and_yarn&previous-version=2.0.20&new-version=3.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 157 ++++++++++++++++++++++++++++------------------ package.json | 2 +- 2 files changed, 96 insertions(+), 63 deletions(-) diff --git a/package-lock.json b/package-lock.json index 28de13e0a..b4568ee0b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -21,7 +21,7 @@ }, "devDependencies": { "express": "^4.18.1", - "nodemon": "^2.0.19" + "nodemon": "^3.0.2" } }, "node_modules/@antora/asciidoc-loader": { @@ -1617,6 +1617,18 @@ "resolved": "https://registry.npmjs.org/lodash.clonedeep/-/lodash.clonedeep-4.5.0.tgz", "integrity": "sha512-H5ZhCF25riFd9uB5UCkVKo61m3S/xZk1x4wA6yp/L3RFP6Z/eHH1ymQcGLo7J3GMPfm0V/7m1tryHuGVxpqEBQ==" }, + "node_modules/lru-cache": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", + "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", + "dev": true, + "dependencies": { + "yallist": "^4.0.0" + }, + "engines": { + "node": ">=10" + } + }, "node_modules/media-typer": { "version": "0.3.0", "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", @@ -1739,18 +1751,18 @@ "integrity": "sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==" }, "node_modules/nodemon": { - "version": "2.0.20", - "resolved": "https://registry.npmjs.org/nodemon/-/nodemon-2.0.20.tgz", - "integrity": "sha512-Km2mWHKKY5GzRg6i1j5OxOHQtuvVsgskLfigG25yTtbyfRGn/GNvIbRyOf1PSCKJ2aT/58TiuUsuOU5UToVViw==", + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/nodemon/-/nodemon-3.0.2.tgz", + "integrity": "sha512-9qIN2LNTrEzpOPBaWHTm4Asy1LxXLSickZStAQ4IZe7zsoIpD/A7LWxhZV3t4Zu352uBcqVnRsDXSMR2Sc3lTA==", "dev": true, "dependencies": { "chokidar": "^3.5.2", - "debug": "^3.2.7", + "debug": "^4", "ignore-by-default": "^1.0.1", "minimatch": "^3.1.2", "pstree.remy": "^1.1.8", - "semver": "^5.7.1", - "simple-update-notifier": "^1.0.7", + "semver": "^7.5.3", + "simple-update-notifier": "^2.0.0", "supports-color": "^5.5.0", "touch": "^3.1.0", "undefsafe": "^2.0.5" @@ -1759,7 +1771,7 @@ "nodemon": "bin/nodemon.js" }, "engines": { - "node": ">=8.10.0" + "node": ">=10" }, "funding": { "type": "opencollective", @@ -1767,18 +1779,26 @@ } }, "node_modules/nodemon/node_modules/debug": { - "version": "3.2.7", - "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz", - "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==", + "version": "4.3.4", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==", "dev": true, "dependencies": { - "ms": "^2.1.1" + "ms": "2.1.2" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } } }, "node_modules/nodemon/node_modules/ms": { - "version": "2.1.3", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", - "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", "dev": true }, "node_modules/nopt": { @@ -2299,12 +2319,18 @@ "integrity": "sha512-ZQruFgZnIWH+WyO9t5rWt4ZEGqCKPwhiw+YbzTwpmT9elgLrLcfuyUiSnwwjUiVy9r4VM3urtbNF1xmEh9IL2w==" }, "node_modules/semver": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", - "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", + "version": "7.5.4", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", + "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", "dev": true, + "dependencies": { + "lru-cache": "^6.0.0" + }, "bin": { - "semver": "bin/semver" + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" } }, "node_modules/send": { @@ -2433,24 +2459,15 @@ } }, "node_modules/simple-update-notifier": { - "version": "1.0.7", - "resolved": "https://registry.npmjs.org/simple-update-notifier/-/simple-update-notifier-1.0.7.tgz", - "integrity": "sha512-BBKgR84BJQJm6WjWFMHgLVuo61FBDSj1z/xSFUIozqO6wO7ii0JxCqlIud7Enr/+LhlbNI0whErq96P2qHNWew==", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/simple-update-notifier/-/simple-update-notifier-2.0.0.tgz", + "integrity": "sha512-a2B9Y0KlNXl9u/vsW6sTIu9vGEpfKu2wRV6l1H3XEas/0gUIzGzBoP/IouTcUQbm9JWZLH3COxyn03TYlFax6w==", "dev": true, "dependencies": { - "semver": "~7.0.0" + "semver": "^7.5.3" }, "engines": { - "node": ">=8.10.0" - } - }, - "node_modules/simple-update-notifier/node_modules/semver": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.0.0.tgz", - "integrity": "sha512-+GB6zVA9LWh6zovYQLALHwv5rb2PHGlJi3lfiqIHxR0uuwCgefcOJc59v9fv1w8GbStwxuuqqAjI9NMAOOgq1A==", - "dev": true, - "bin": { - "semver": "bin/semver.js" + "node": ">=10" } }, "node_modules/sonic-boom": { @@ -2925,6 +2942,12 @@ "node": ">=0.4" } }, + "node_modules/yallist": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", + "dev": true + }, "node_modules/yargs-parser": { "version": "20.2.9", "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.9.tgz", @@ -4182,6 +4205,15 @@ "resolved": "https://registry.npmjs.org/lodash.clonedeep/-/lodash.clonedeep-4.5.0.tgz", "integrity": "sha512-H5ZhCF25riFd9uB5UCkVKo61m3S/xZk1x4wA6yp/L3RFP6Z/eHH1ymQcGLo7J3GMPfm0V/7m1tryHuGVxpqEBQ==" }, + "lru-cache": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", + "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", + "dev": true, + "requires": { + "yallist": "^4.0.0" + } + }, "media-typer": { "version": "0.3.0", "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", @@ -4269,36 +4301,36 @@ "integrity": "sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==" }, "nodemon": { - "version": "2.0.20", - "resolved": "https://registry.npmjs.org/nodemon/-/nodemon-2.0.20.tgz", - "integrity": "sha512-Km2mWHKKY5GzRg6i1j5OxOHQtuvVsgskLfigG25yTtbyfRGn/GNvIbRyOf1PSCKJ2aT/58TiuUsuOU5UToVViw==", + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/nodemon/-/nodemon-3.0.2.tgz", + "integrity": "sha512-9qIN2LNTrEzpOPBaWHTm4Asy1LxXLSickZStAQ4IZe7zsoIpD/A7LWxhZV3t4Zu352uBcqVnRsDXSMR2Sc3lTA==", "dev": true, "requires": { "chokidar": "^3.5.2", - "debug": "^3.2.7", + "debug": "^4", "ignore-by-default": "^1.0.1", "minimatch": "^3.1.2", "pstree.remy": "^1.1.8", - "semver": "^5.7.1", - "simple-update-notifier": "^1.0.7", + "semver": "^7.5.3", + "simple-update-notifier": "^2.0.0", "supports-color": "^5.5.0", "touch": "^3.1.0", "undefsafe": "^2.0.5" }, "dependencies": { "debug": { - "version": "3.2.7", - "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz", - "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==", + "version": "4.3.4", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==", "dev": true, "requires": { - "ms": "^2.1.1" + "ms": "2.1.2" } }, "ms": { - "version": "2.1.3", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", - "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", "dev": true } } @@ -4711,10 +4743,13 @@ "integrity": "sha512-ZQruFgZnIWH+WyO9t5rWt4ZEGqCKPwhiw+YbzTwpmT9elgLrLcfuyUiSnwwjUiVy9r4VM3urtbNF1xmEh9IL2w==" }, "semver": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", - "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", - "dev": true + "version": "7.5.4", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", + "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", + "dev": true, + "requires": { + "lru-cache": "^6.0.0" + } }, "send": { "version": "0.18.0", @@ -4804,20 +4839,12 @@ } }, "simple-update-notifier": { - "version": "1.0.7", - "resolved": "https://registry.npmjs.org/simple-update-notifier/-/simple-update-notifier-1.0.7.tgz", - "integrity": "sha512-BBKgR84BJQJm6WjWFMHgLVuo61FBDSj1z/xSFUIozqO6wO7ii0JxCqlIud7Enr/+LhlbNI0whErq96P2qHNWew==", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/simple-update-notifier/-/simple-update-notifier-2.0.0.tgz", + "integrity": "sha512-a2B9Y0KlNXl9u/vsW6sTIu9vGEpfKu2wRV6l1H3XEas/0gUIzGzBoP/IouTcUQbm9JWZLH3COxyn03TYlFax6w==", "dev": true, "requires": { - "semver": "~7.0.0" - }, - "dependencies": { - "semver": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.0.0.tgz", - "integrity": "sha512-+GB6zVA9LWh6zovYQLALHwv5rb2PHGlJi3lfiqIHxR0uuwCgefcOJc59v9fv1w8GbStwxuuqqAjI9NMAOOgq1A==", - "dev": true - } + "semver": "^7.5.3" } }, "sonic-boom": { @@ -5214,6 +5241,12 @@ "resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.2.tgz", "integrity": "sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==" }, + "yallist": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", + "dev": true + }, "yargs-parser": { "version": "20.2.9", "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.9.tgz", diff --git a/package.json b/package.json index 2755e7cc3..496bd4ff7 100644 --- a/package.json +++ b/package.json @@ -31,6 +31,6 @@ }, "devDependencies": { "express": "^4.18.1", - "nodemon": "^2.0.19" + "nodemon": "^3.0.2" } } From 776f97123acbc90273cf1d8f03d0df97696f0d14 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 21 Dec 2023 12:36:00 +0100 Subject: [PATCH 489/876] Bump @antora/cli from 3.1.2 to 3.1.5 (#1249) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [@antora/cli](https://gitlab.com/antora/antora) from 3.1.2 to 3.1.5.
Changelog

Sourced from @​antora/cli's changelog.

= Antora Changelog

This document provides a summary of all notable changes to the core Antora components by release. For a detailed view of what's changed, refer to the repository's https://gitlab.com/antora/antora/commits/main[commit history].

This project utilizes semantic versioning.

== Unreleased

=== Fixed

  • logger: Restore error stack in log output when using pino-std-serializers >= 6.1 (#1049)
  • content-aggregator: Consider local branches in non-managed bare repository that has at least one remote branch (#1064)
  • ui-loader: Correctly handle connection error when retrieving remote UI bundle
  • asciidoc-loader: Do not fail to load AsciiDoc if pub or pub.moduleRootPath properties are not set on virtual file
  • asciidoc-loader: Do not fail to load AsciiDoc if target of image macro resolves to an unpublished image (#1092)
  • site-generator: Retry loadUi in isolation after aggregateContent if network connection occurs when retrieving remote UI bundle (#1095)
  • cli: Remove empty default on description for --extension option

=== Changed

  • ui-loader: Change gulp-vinyl-zip dependency to @​vscode/gulp-vinyl-zip (no functional changes)
  • asciidoc-loader: Fix relative path computation when path is extensionless and to matches parent folder of from (#1094)
  • page-composer: Fix result of relativize helper when path is extensionless and to matches parent folder of from (#1094)
  • file-publisher: Change gulp-vinyl-zip dependency to @​vscode/gulp-vinyl-zip (no functional changes)

== 3.2.0-alpha.2 (2022-11-01)

=== Added

  • content-classifier: Emit componentsRegistered event after all components and versions have been registered (#1015)
  • content-classifier: Store raw files, nav, and startPage data on partially constructed component version until processed (#1015)
  • content-classifier: Add readable property named files to component version in ContentCatalog#registerComponentVersionStartPage to get files for component version on access (#1015)
  • content-classifier: Add readable property named startPage to component version in ContentCatalog#registerComponentVersionStartPage to look up start page for component version on access (#1015)
  • content-classifier: Discover implicit site start page in component version promoted to site root (#1021)
  • content-classifier: Update ContentCatalog#registerComponentVersionStartPage to return start page

=== Changed

  • content-classifier: Don't recompute resource ID on file from content aggregate if src.family is set (#1026)
  • content-classifier: Don't assign fallback value to url property on component version if property is already set
  • site-generator: Print site URL instead of file URI in completion message if CI=true

=== Fixed

  • playbook-builder: Decouple logic to compute default log format from process environment (#1022)
  • playbook-builder: Use consistent formatting for error messages in playbook builder
  • playbook-builder: Allow content aggregator to parse value of content.branches and content.tags playbook keys (#1025)
  • content-classifier: Add guard to prevent ContentCatalog#registerSiteStartPage from registering alias loop (#1020)
  • redirect-producer: Preserve target when creating static route if target is an absolute URL (#1024)

... (truncated)

Commits
  • 5e09b0a release 3.1.5
  • c907ab8 update what's new for 3.1.5 release
  • 083412b backport fix for #1095 retry loadUi in isolation after aggregateContent if ne...
  • ff2cf98 clarify that ~ is a shorthand in YAML for nil
  • 4a53118 clarify that empty string should be used to set an attribute without an expli...
  • 118a710 upgrade setup-node action in example GitHub Actions workflow
  • afe2a9b backport fix for #1094 fix relative path computation when path is extensionle...
  • 59d4d9c update GitHub Actions workflows
  • af72131 change gulp-vinyl-zip dependency to @​vscode/gulp-vinyl-zip (no functional cha...
  • 05202b2 remove empty default on description for --extension CLI option
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@antora/cli&package-manager=npm_and_yarn&previous-version=3.1.2&new-version=3.1.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 219 +++++++++++++++++++++++++++++++++++++++++----- package.json | 2 +- 2 files changed, 200 insertions(+), 21 deletions(-) diff --git a/package-lock.json b/package-lock.json index b4568ee0b..15ecb5575 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,7 +9,7 @@ "version": "1.0.0", "license": "ISC", "dependencies": { - "@antora/cli": "^3.1.1", + "@antora/cli": "^3.1.5", "@antora/site-generator-default": "^3.1.1", "@neo4j-antora/antora-add-notes": "^0.3.1", "@neo4j-antora/antora-modify-sitemaps": "^0.4.4", @@ -38,14 +38,14 @@ } }, "node_modules/@antora/cli": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/cli/-/cli-3.1.2.tgz", - "integrity": "sha512-/0ddoM9ZsY41LPmow8ic6IG+PIiTik82YJTHCM8CHRme2oNHU1ZBaXbH6ClS9yBwwPzVzwt4Bc6A/yQ/5+2XCA==", + "version": "3.1.5", + "resolved": "https://registry.npmjs.org/@antora/cli/-/cli-3.1.5.tgz", + "integrity": "sha512-vuKSdhlxtlwZq+JGi97lEzs26m9girNxPyGfCcZLQ9J+sYWvB1cxEbj22ZUQlWnprZUyysNyPZIglLNLBOZgqg==", "dependencies": { - "@antora/logger": "3.1.2", - "@antora/playbook-builder": "3.1.2", + "@antora/logger": "3.1.5", + "@antora/playbook-builder": "3.1.5", "@antora/user-require-helper": "~2.0", - "commander": "~9.4" + "commander": "~10.0" }, "bin": { "antora": "bin/antora" @@ -54,6 +54,102 @@ "node": ">=16.0.0" } }, + "node_modules/@antora/cli/node_modules/@antora/logger": { + "version": "3.1.5", + "resolved": "https://registry.npmjs.org/@antora/logger/-/logger-3.1.5.tgz", + "integrity": "sha512-DGIxiv/rsWRWxFTRD4Hu2TXiFUHOqCpiu4Rf7LxOPdKkuF6i167fw8BuZeFfTzvOE2W2FhB4sopI0EiAZ1D/vQ==", + "dependencies": { + "@antora/expand-path-helper": "~2.0", + "pino": "~8.14", + "pino-pretty": "~10.0", + "sonic-boom": "~3.3" + }, + "engines": { + "node": ">=16.0.0" + } + }, + "node_modules/@antora/cli/node_modules/@antora/playbook-builder": { + "version": "3.1.5", + "resolved": "https://registry.npmjs.org/@antora/playbook-builder/-/playbook-builder-3.1.5.tgz", + "integrity": "sha512-h3zD1FkN8BVnsmHSgB3CTatVu5Q8E8lqZs7Zfsh7uN5eQHhxsPjOvVByeM1RhCpQuY+o2hERY2XexoLb8V89TQ==", + "dependencies": { + "@iarna/toml": "~2.2", + "convict": "~6.2", + "js-yaml": "~4.1", + "json5": "~2.2" + }, + "engines": { + "node": ">=16.0.0" + } + }, + "node_modules/@antora/cli/node_modules/pino": { + "version": "8.14.2", + "resolved": "https://registry.npmjs.org/pino/-/pino-8.14.2.tgz", + "integrity": "sha512-zKu9aWeSWTy1JgvxIpZveJKKsAr4+6uNMZ0Vf0KRwzl/UNZA3XjHiIl/0WwqLMkDwuHuDkT5xAgPA2jpKq4whA==", + "dependencies": { + "atomic-sleep": "^1.0.0", + "fast-redact": "^3.1.1", + "on-exit-leak-free": "^2.1.0", + "pino-abstract-transport": "v1.0.0", + "pino-std-serializers": "^6.0.0", + "process-warning": "^2.0.0", + "quick-format-unescaped": "^4.0.3", + "real-require": "^0.2.0", + "safe-stable-stringify": "^2.3.1", + "sonic-boom": "^3.1.0", + "thread-stream": "^2.0.0" + }, + "bin": { + "pino": "bin.js" + } + }, + "node_modules/@antora/cli/node_modules/pino-pretty": { + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/pino-pretty/-/pino-pretty-10.0.1.tgz", + "integrity": "sha512-yrn00+jNpkvZX/NrPVCPIVHAfTDy3ahF0PND9tKqZk4j9s+loK8dpzrJj4dGb7i+WLuR50ussuTAiWoMWU+qeA==", + "dependencies": { + "colorette": "^2.0.7", + "dateformat": "^4.6.3", + "fast-copy": "^3.0.0", + "fast-safe-stringify": "^2.1.1", + "help-me": "^4.0.1", + "joycon": "^3.1.1", + "minimist": "^1.2.6", + "on-exit-leak-free": "^2.1.0", + "pino-abstract-transport": "^1.0.0", + "pump": "^3.0.0", + "readable-stream": "^4.0.0", + "secure-json-parse": "^2.4.0", + "sonic-boom": "^3.0.0", + "strip-json-comments": "^3.1.1" + }, + "bin": { + "pino-pretty": "bin.js" + } + }, + "node_modules/@antora/cli/node_modules/readable-stream": { + "version": "4.4.2", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.4.2.tgz", + "integrity": "sha512-Lk/fICSyIhodxy1IDK2HazkeGjSmezAWX2egdtJnYhtzKEsBPJowlI6F6LPb5tqIQILrMbx22S5o3GuJavPusA==", + "dependencies": { + "abort-controller": "^3.0.0", + "buffer": "^6.0.3", + "events": "^3.3.0", + "process": "^0.11.10", + "string_decoder": "^1.3.0" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + } + }, + "node_modules/@antora/cli/node_modules/sonic-boom": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/sonic-boom/-/sonic-boom-3.3.0.tgz", + "integrity": "sha512-LYxp34KlZ1a2Jb8ZQgFCK3niIHzibdwtwNUWKg0qQRzsDoJ3Gfgkf8KdBTFU3SkejDEIlWwnSnpVdOZIhFMl/g==", + "dependencies": { + "atomic-sleep": "^1.0.0" + } + }, "node_modules/@antora/content-aggregator": { "version": "3.1.2", "resolved": "https://registry.npmjs.org/@antora/content-aggregator/-/content-aggregator-3.1.2.tgz", @@ -683,11 +779,11 @@ "integrity": "sha512-3tlv/dIP7FWvj3BsbHrGLJ6l/oKh1O3TcgBqMn+yyCagOxc23fyzDS6HypQbgxWbkpDnf52p1LuR4eWDQ/K9WQ==" }, "node_modules/commander": { - "version": "9.4.1", - "resolved": "https://registry.npmjs.org/commander/-/commander-9.4.1.tgz", - "integrity": "sha512-5EEkTNyHNGFPD2H+c/dXXfQZYa/scCKasxWcXJaWnNJ99pnQN9Vnmqow+p+PlFPE63Q6mThaZws1T+HxfpgtPw==", + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz", + "integrity": "sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug==", "engines": { - "node": "^12.20.0 || >=14" + "node": ">=14" } }, "node_modules/concat-map": { @@ -2986,14 +3082,97 @@ } }, "@antora/cli": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/cli/-/cli-3.1.2.tgz", - "integrity": "sha512-/0ddoM9ZsY41LPmow8ic6IG+PIiTik82YJTHCM8CHRme2oNHU1ZBaXbH6ClS9yBwwPzVzwt4Bc6A/yQ/5+2XCA==", + "version": "3.1.5", + "resolved": "https://registry.npmjs.org/@antora/cli/-/cli-3.1.5.tgz", + "integrity": "sha512-vuKSdhlxtlwZq+JGi97lEzs26m9girNxPyGfCcZLQ9J+sYWvB1cxEbj22ZUQlWnprZUyysNyPZIglLNLBOZgqg==", "requires": { - "@antora/logger": "3.1.2", - "@antora/playbook-builder": "3.1.2", + "@antora/logger": "3.1.5", + "@antora/playbook-builder": "3.1.5", "@antora/user-require-helper": "~2.0", - "commander": "~9.4" + "commander": "~10.0" + }, + "dependencies": { + "@antora/logger": { + "version": "3.1.5", + "resolved": "https://registry.npmjs.org/@antora/logger/-/logger-3.1.5.tgz", + "integrity": "sha512-DGIxiv/rsWRWxFTRD4Hu2TXiFUHOqCpiu4Rf7LxOPdKkuF6i167fw8BuZeFfTzvOE2W2FhB4sopI0EiAZ1D/vQ==", + "requires": { + "@antora/expand-path-helper": "~2.0", + "pino": "~8.14", + "pino-pretty": "~10.0", + "sonic-boom": "~3.3" + } + }, + "@antora/playbook-builder": { + "version": "3.1.5", + "resolved": "https://registry.npmjs.org/@antora/playbook-builder/-/playbook-builder-3.1.5.tgz", + "integrity": "sha512-h3zD1FkN8BVnsmHSgB3CTatVu5Q8E8lqZs7Zfsh7uN5eQHhxsPjOvVByeM1RhCpQuY+o2hERY2XexoLb8V89TQ==", + "requires": { + "@iarna/toml": "~2.2", + "convict": "~6.2", + "js-yaml": "~4.1", + "json5": "~2.2" + } + }, + "pino": { + "version": "8.14.2", + "resolved": "https://registry.npmjs.org/pino/-/pino-8.14.2.tgz", + "integrity": "sha512-zKu9aWeSWTy1JgvxIpZveJKKsAr4+6uNMZ0Vf0KRwzl/UNZA3XjHiIl/0WwqLMkDwuHuDkT5xAgPA2jpKq4whA==", + "requires": { + "atomic-sleep": "^1.0.0", + "fast-redact": "^3.1.1", + "on-exit-leak-free": "^2.1.0", + "pino-abstract-transport": "v1.0.0", + "pino-std-serializers": "^6.0.0", + "process-warning": "^2.0.0", + "quick-format-unescaped": "^4.0.3", + "real-require": "^0.2.0", + "safe-stable-stringify": "^2.3.1", + "sonic-boom": "^3.1.0", + "thread-stream": "^2.0.0" + } + }, + "pino-pretty": { + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/pino-pretty/-/pino-pretty-10.0.1.tgz", + "integrity": "sha512-yrn00+jNpkvZX/NrPVCPIVHAfTDy3ahF0PND9tKqZk4j9s+loK8dpzrJj4dGb7i+WLuR50ussuTAiWoMWU+qeA==", + "requires": { + "colorette": "^2.0.7", + "dateformat": "^4.6.3", + "fast-copy": "^3.0.0", + "fast-safe-stringify": "^2.1.1", + "help-me": "^4.0.1", + "joycon": "^3.1.1", + "minimist": "^1.2.6", + "on-exit-leak-free": "^2.1.0", + "pino-abstract-transport": "^1.0.0", + "pump": "^3.0.0", + "readable-stream": "^4.0.0", + "secure-json-parse": "^2.4.0", + "sonic-boom": "^3.0.0", + "strip-json-comments": "^3.1.1" + } + }, + "readable-stream": { + "version": "4.4.2", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.4.2.tgz", + "integrity": "sha512-Lk/fICSyIhodxy1IDK2HazkeGjSmezAWX2egdtJnYhtzKEsBPJowlI6F6LPb5tqIQILrMbx22S5o3GuJavPusA==", + "requires": { + "abort-controller": "^3.0.0", + "buffer": "^6.0.3", + "events": "^3.3.0", + "process": "^0.11.10", + "string_decoder": "^1.3.0" + } + }, + "sonic-boom": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/sonic-boom/-/sonic-boom-3.3.0.tgz", + "integrity": "sha512-LYxp34KlZ1a2Jb8ZQgFCK3niIHzibdwtwNUWKg0qQRzsDoJ3Gfgkf8KdBTFU3SkejDEIlWwnSnpVdOZIhFMl/g==", + "requires": { + "atomic-sleep": "^1.0.0" + } + } } }, "@antora/content-aggregator": { @@ -3482,9 +3661,9 @@ "integrity": "sha512-3tlv/dIP7FWvj3BsbHrGLJ6l/oKh1O3TcgBqMn+yyCagOxc23fyzDS6HypQbgxWbkpDnf52p1LuR4eWDQ/K9WQ==" }, "commander": { - "version": "9.4.1", - "resolved": "https://registry.npmjs.org/commander/-/commander-9.4.1.tgz", - "integrity": "sha512-5EEkTNyHNGFPD2H+c/dXXfQZYa/scCKasxWcXJaWnNJ99pnQN9Vnmqow+p+PlFPE63Q6mThaZws1T+HxfpgtPw==" + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz", + "integrity": "sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug==" }, "concat-map": { "version": "0.0.1", diff --git a/package.json b/package.json index 496bd4ff7..dc94f2ce9 100644 --- a/package.json +++ b/package.json @@ -19,7 +19,7 @@ "author": "Neo4j", "license": "ISC", "dependencies": { - "@antora/cli": "^3.1.1", + "@antora/cli": "^3.1.5", "@antora/site-generator-default": "^3.1.1", "@neo4j-antora/antora-add-notes": "^0.3.1", "@neo4j-antora/antora-modify-sitemaps": "^0.4.4", From 3fbf749d5dc7238e04efb61324708e75eed023d5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 21 Dec 2023 11:42:05 +0000 Subject: [PATCH 490/876] Bump @neo4j-antora/antora-page-roles from 0.3.1 to 0.3.2 (#1251) Bumps @neo4j-antora/antora-page-roles from 0.3.1 to 0.3.2. --- package-lock.json | 14 +++++++------- package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index 15ecb5575..9fcb5e36f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -13,7 +13,7 @@ "@antora/site-generator-default": "^3.1.1", "@neo4j-antora/antora-add-notes": "^0.3.1", "@neo4j-antora/antora-modify-sitemaps": "^0.4.4", - "@neo4j-antora/antora-page-roles": "^0.3.1", + "@neo4j-antora/antora-page-roles": "^0.3.2", "@neo4j-antora/antora-table-footnotes": "^0.3.2", "@neo4j-antora/antora-unlisted-pages": "^0.1.0", "@neo4j-documentation/macros": "^1.0.2", @@ -406,9 +406,9 @@ "integrity": "sha512-IkXoilOJquZPB5G5ZhrgfSN6U3E2YToWakehtF55RA+CNQS0KboTAB2vUH01+Tkmkd8K6UElf41A6cGnnrvs0g==" }, "node_modules/@neo4j-antora/antora-page-roles": { - "version": "0.3.1", - "resolved": "https://registry.npmjs.org/@neo4j-antora/antora-page-roles/-/antora-page-roles-0.3.1.tgz", - "integrity": "sha512-YouSj6ekglfu/t7IMeJpS19JkvtzL125oMYWkWSxarWYB/LF4xjqs0NBdH9RS4raTG1lMMJSilnSMzGEOA52lQ==" + "version": "0.3.2", + "resolved": "https://registry.npmjs.org/@neo4j-antora/antora-page-roles/-/antora-page-roles-0.3.2.tgz", + "integrity": "sha512-RqmMHcTyM87lJAhjSPdkoUzFxQCjsM2N4+ryVK4GIahAJyNV9OYydBrsjGrDbIh6F4YS+LWG+SXyvLD2zJ1keQ==" }, "node_modules/@neo4j-antora/antora-table-footnotes": { "version": "0.3.2", @@ -3378,9 +3378,9 @@ "integrity": "sha512-IkXoilOJquZPB5G5ZhrgfSN6U3E2YToWakehtF55RA+CNQS0KboTAB2vUH01+Tkmkd8K6UElf41A6cGnnrvs0g==" }, "@neo4j-antora/antora-page-roles": { - "version": "0.3.1", - "resolved": "https://registry.npmjs.org/@neo4j-antora/antora-page-roles/-/antora-page-roles-0.3.1.tgz", - "integrity": "sha512-YouSj6ekglfu/t7IMeJpS19JkvtzL125oMYWkWSxarWYB/LF4xjqs0NBdH9RS4raTG1lMMJSilnSMzGEOA52lQ==" + "version": "0.3.2", + "resolved": "https://registry.npmjs.org/@neo4j-antora/antora-page-roles/-/antora-page-roles-0.3.2.tgz", + "integrity": "sha512-RqmMHcTyM87lJAhjSPdkoUzFxQCjsM2N4+ryVK4GIahAJyNV9OYydBrsjGrDbIh6F4YS+LWG+SXyvLD2zJ1keQ==" }, "@neo4j-antora/antora-table-footnotes": { "version": "0.3.2", diff --git a/package.json b/package.json index dc94f2ce9..73589ff63 100644 --- a/package.json +++ b/package.json @@ -23,7 +23,7 @@ "@antora/site-generator-default": "^3.1.1", "@neo4j-antora/antora-add-notes": "^0.3.1", "@neo4j-antora/antora-modify-sitemaps": "^0.4.4", - "@neo4j-antora/antora-page-roles": "^0.3.1", + "@neo4j-antora/antora-page-roles": "^0.3.2", "@neo4j-antora/antora-table-footnotes": "^0.3.2", "@neo4j-antora/antora-unlisted-pages": "^0.1.0", "@neo4j-documentation/macros": "^1.0.2", From ee06f5cbd3bef78019da697b41250259b15a50a2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 21 Dec 2023 11:46:01 +0000 Subject: [PATCH 491/876] Bump @antora/cli from 3.1.2 to 3.1.6 (#1280) Bumps [@antora/cli](https://gitlab.com/antora/antora) from 3.1.2 to 3.1.6. --- package-lock.json | 58 +++++++++++++++++++++++------------------------ package.json | 2 +- 2 files changed, 30 insertions(+), 30 deletions(-) diff --git a/package-lock.json b/package-lock.json index 9fcb5e36f..24b23f752 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,7 +9,7 @@ "version": "1.0.0", "license": "ISC", "dependencies": { - "@antora/cli": "^3.1.5", + "@antora/cli": "^3.1.6", "@antora/site-generator-default": "^3.1.1", "@neo4j-antora/antora-add-notes": "^0.3.1", "@neo4j-antora/antora-modify-sitemaps": "^0.4.4", @@ -38,12 +38,12 @@ } }, "node_modules/@antora/cli": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/@antora/cli/-/cli-3.1.5.tgz", - "integrity": "sha512-vuKSdhlxtlwZq+JGi97lEzs26m9girNxPyGfCcZLQ9J+sYWvB1cxEbj22ZUQlWnprZUyysNyPZIglLNLBOZgqg==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/cli/-/cli-3.1.6.tgz", + "integrity": "sha512-aJLN6JyXYUfMfMVr/6JEenxnnG8evKfyp01wd/Cj7mkJXD/lj/Gqws2bXyP/hjUEl/HuX4/P9AcIfMLT/vfQJw==", "dependencies": { - "@antora/logger": "3.1.5", - "@antora/playbook-builder": "3.1.5", + "@antora/logger": "3.1.6", + "@antora/playbook-builder": "3.1.6", "@antora/user-require-helper": "~2.0", "commander": "~10.0" }, @@ -55,9 +55,9 @@ } }, "node_modules/@antora/cli/node_modules/@antora/logger": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/@antora/logger/-/logger-3.1.5.tgz", - "integrity": "sha512-DGIxiv/rsWRWxFTRD4Hu2TXiFUHOqCpiu4Rf7LxOPdKkuF6i167fw8BuZeFfTzvOE2W2FhB4sopI0EiAZ1D/vQ==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/logger/-/logger-3.1.6.tgz", + "integrity": "sha512-36kU8gMbPslcPu8u9EbXsz6+9G9+LWPKhO7n8mEQqxlcCqmChwgetK6VbsL102rynpgPsstX6IAKg2wbptJK5g==", "dependencies": { "@antora/expand-path-helper": "~2.0", "pino": "~8.14", @@ -69,9 +69,9 @@ } }, "node_modules/@antora/cli/node_modules/@antora/playbook-builder": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/@antora/playbook-builder/-/playbook-builder-3.1.5.tgz", - "integrity": "sha512-h3zD1FkN8BVnsmHSgB3CTatVu5Q8E8lqZs7Zfsh7uN5eQHhxsPjOvVByeM1RhCpQuY+o2hERY2XexoLb8V89TQ==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/playbook-builder/-/playbook-builder-3.1.6.tgz", + "integrity": "sha512-bZcDastZViAgPVPNvvbbw7ci63gL5YnyG5X7NuHJoORgzyGQAsMYEjzfa9yfNfXubUmXv/oSteUSxbACjdjzWg==", "dependencies": { "@iarna/toml": "~2.2", "convict": "~6.2", @@ -128,9 +128,9 @@ } }, "node_modules/@antora/cli/node_modules/readable-stream": { - "version": "4.4.2", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.4.2.tgz", - "integrity": "sha512-Lk/fICSyIhodxy1IDK2HazkeGjSmezAWX2egdtJnYhtzKEsBPJowlI6F6LPb5tqIQILrMbx22S5o3GuJavPusA==", + "version": "4.5.1", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.5.1.tgz", + "integrity": "sha512-uQjbf34vmf/asGnOHQEw07Q4llgMACQZTWWa4MmICS0IKJoHbLwKCy71H3eR99Dw5iYejc6W+pqZZEeqRtUFAw==", "dependencies": { "abort-controller": "^3.0.0", "buffer": "^6.0.3", @@ -3082,20 +3082,20 @@ } }, "@antora/cli": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/@antora/cli/-/cli-3.1.5.tgz", - "integrity": "sha512-vuKSdhlxtlwZq+JGi97lEzs26m9girNxPyGfCcZLQ9J+sYWvB1cxEbj22ZUQlWnprZUyysNyPZIglLNLBOZgqg==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/cli/-/cli-3.1.6.tgz", + "integrity": "sha512-aJLN6JyXYUfMfMVr/6JEenxnnG8evKfyp01wd/Cj7mkJXD/lj/Gqws2bXyP/hjUEl/HuX4/P9AcIfMLT/vfQJw==", "requires": { - "@antora/logger": "3.1.5", - "@antora/playbook-builder": "3.1.5", + "@antora/logger": "3.1.6", + "@antora/playbook-builder": "3.1.6", "@antora/user-require-helper": "~2.0", "commander": "~10.0" }, "dependencies": { "@antora/logger": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/@antora/logger/-/logger-3.1.5.tgz", - "integrity": "sha512-DGIxiv/rsWRWxFTRD4Hu2TXiFUHOqCpiu4Rf7LxOPdKkuF6i167fw8BuZeFfTzvOE2W2FhB4sopI0EiAZ1D/vQ==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/logger/-/logger-3.1.6.tgz", + "integrity": "sha512-36kU8gMbPslcPu8u9EbXsz6+9G9+LWPKhO7n8mEQqxlcCqmChwgetK6VbsL102rynpgPsstX6IAKg2wbptJK5g==", "requires": { "@antora/expand-path-helper": "~2.0", "pino": "~8.14", @@ -3104,9 +3104,9 @@ } }, "@antora/playbook-builder": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/@antora/playbook-builder/-/playbook-builder-3.1.5.tgz", - "integrity": "sha512-h3zD1FkN8BVnsmHSgB3CTatVu5Q8E8lqZs7Zfsh7uN5eQHhxsPjOvVByeM1RhCpQuY+o2hERY2XexoLb8V89TQ==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/playbook-builder/-/playbook-builder-3.1.6.tgz", + "integrity": "sha512-bZcDastZViAgPVPNvvbbw7ci63gL5YnyG5X7NuHJoORgzyGQAsMYEjzfa9yfNfXubUmXv/oSteUSxbACjdjzWg==", "requires": { "@iarna/toml": "~2.2", "convict": "~6.2", @@ -3154,9 +3154,9 @@ } }, "readable-stream": { - "version": "4.4.2", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.4.2.tgz", - "integrity": "sha512-Lk/fICSyIhodxy1IDK2HazkeGjSmezAWX2egdtJnYhtzKEsBPJowlI6F6LPb5tqIQILrMbx22S5o3GuJavPusA==", + "version": "4.5.1", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.5.1.tgz", + "integrity": "sha512-uQjbf34vmf/asGnOHQEw07Q4llgMACQZTWWa4MmICS0IKJoHbLwKCy71H3eR99Dw5iYejc6W+pqZZEeqRtUFAw==", "requires": { "abort-controller": "^3.0.0", "buffer": "^6.0.3", diff --git a/package.json b/package.json index 73589ff63..26c76056f 100644 --- a/package.json +++ b/package.json @@ -19,7 +19,7 @@ "author": "Neo4j", "license": "ISC", "dependencies": { - "@antora/cli": "^3.1.5", + "@antora/cli": "^3.1.6", "@antora/site-generator-default": "^3.1.1", "@neo4j-antora/antora-add-notes": "^0.3.1", "@neo4j-antora/antora-modify-sitemaps": "^0.4.4", From 79848c06c455a621900c1b9f06ac54e158f6281a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 21 Dec 2023 12:10:58 +0000 Subject: [PATCH 492/876] Bump @antora/site-generator-default from 3.1.2 to 3.1.6 (#1281) Bumps [@antora/site-generator-default](https://gitlab.com/antora/antora) from 3.1.2 to 3.1.6. --- package-lock.json | 772 ++++++++++++++++++++++++++-------------------- package.json | 2 +- 2 files changed, 434 insertions(+), 340 deletions(-) diff --git a/package-lock.json b/package-lock.json index 24b23f752..ee26c44c4 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,7 +10,7 @@ "license": "ISC", "dependencies": { "@antora/cli": "^3.1.6", - "@antora/site-generator-default": "^3.1.1", + "@antora/site-generator-default": "^3.1.6", "@neo4j-antora/antora-add-notes": "^0.3.1", "@neo4j-antora/antora-modify-sitemaps": "^0.4.4", "@neo4j-antora/antora-page-roles": "^0.3.2", @@ -25,11 +25,11 @@ } }, "node_modules/@antora/asciidoc-loader": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/asciidoc-loader/-/asciidoc-loader-3.1.2.tgz", - "integrity": "sha512-j5nNo8XastKxu8WYV9muCgRB4iGo88KIePIegcdQ5tcbuPmamOlp2/XuwYzGDAjWmaadqLD+3y9Mu18hA+wUYg==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/asciidoc-loader/-/asciidoc-loader-3.1.6.tgz", + "integrity": "sha512-Tqy4QFuZiKe/yX+3H8+vTLE6HH+VDm9OkKwq3G769jcC+40wz6y3poV4r4t1XJFAWwa/AKGM99ZcnJcJ3rtW+A==", "dependencies": { - "@antora/logger": "3.1.2", + "@antora/logger": "3.1.6", "@antora/user-require-helper": "~2.0", "@asciidoctor/core": "~2.2" }, @@ -151,17 +151,17 @@ } }, "node_modules/@antora/content-aggregator": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/content-aggregator/-/content-aggregator-3.1.2.tgz", - "integrity": "sha512-gRseJBYO7DpyCa2vwkRM7e2ZQ8D7813Q91sn9fg94D+8H/Em4SborO057jkOOgsxNAcXsQgiHfX2X8L+S+Vkqg==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/content-aggregator/-/content-aggregator-3.1.6.tgz", + "integrity": "sha512-kOKWn/1gBvd9XOp00/wFzH4lb3yCa5u65ZKmfe9VwC7uOl5Tg9zT0lxMa7miEbPAmfhcOr0zRYXa2ybsoKBWNw==", "dependencies": { "@antora/expand-path-helper": "~2.0", - "@antora/logger": "3.1.2", + "@antora/logger": "3.1.6", "@antora/user-require-helper": "~2.0", "braces": "~3.0", "cache-directory": "~2.0", "glob-stream": "~7.0", - "hpagent": "~1.1", + "hpagent": "~1.2", "isomorphic-git": "~1.21", "js-yaml": "~4.1", "multi-progress": "~4.0", @@ -176,12 +176,12 @@ } }, "node_modules/@antora/content-classifier": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/content-classifier/-/content-classifier-3.1.2.tgz", - "integrity": "sha512-Kisp/VlnTFiG6YnEMyTCnFqXks1SG6AuYrUADCW+KmDuXI7xZGHrLJjFeTUIDp0+HzuW96TJUhuMB8UL9TDNFA==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/content-classifier/-/content-classifier-3.1.6.tgz", + "integrity": "sha512-e5Fs38Cfbl2kecxpRLFftflphbjg2wPfWlwjLZjs8d0R5ISSCM38q8ecDKCQHQlrYJkSrxiSpWqg0irNqAHnLw==", "dependencies": { - "@antora/asciidoc-loader": "3.1.2", - "@antora/logger": "3.1.2", + "@antora/asciidoc-loader": "3.1.6", + "@antora/logger": "3.1.6", "mime-types": "~2.1", "vinyl": "~2.2" }, @@ -190,11 +190,11 @@ } }, "node_modules/@antora/document-converter": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/document-converter/-/document-converter-3.1.2.tgz", - "integrity": "sha512-zOFMK0wcmL3aZuO2k61MaWDZ86vzuG16YIIqebg/V0QZcSsS06Vvo79fplQz91KL2vPgB0+rl//Roqbr28MfUw==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/document-converter/-/document-converter-3.1.6.tgz", + "integrity": "sha512-bdzlkwq1WMnfdc6FUZNcO58LwjMqYmv3m9dI/eAJryGiKa9ChBFskwA1ob7rB87Qxjzu6UHcNucbt910hjEOAw==", "dependencies": { - "@antora/asciidoc-loader": "3.1.2" + "@antora/asciidoc-loader": "3.1.6" }, "engines": { "node": ">=16.0.0" @@ -209,13 +209,13 @@ } }, "node_modules/@antora/file-publisher": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/file-publisher/-/file-publisher-3.1.2.tgz", - "integrity": "sha512-yWE1E4kg5obAzX9nl/oYou86BlSeKCf9lONiYuWqeqdUdeZPxW5RE2YahJk6i9+9Zwrxgm65oc/oDdvsdwSqYw==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/file-publisher/-/file-publisher-3.1.6.tgz", + "integrity": "sha512-UPTyFWY7lrG/Qj6SBxgoVBg1fW3JemJzW62y6pKuGHF59TEKJiaVTUlHEaVgkbpkCngn2os+VOX7fHK0jsBU9A==", "dependencies": { "@antora/expand-path-helper": "~2.0", "@antora/user-require-helper": "~2.0", - "gulp-vinyl-zip": "~2.5", + "@vscode/gulp-vinyl-zip": "~2.5", "vinyl": "~2.2", "vinyl-fs": "~3.0" }, @@ -224,36 +224,36 @@ } }, "node_modules/@antora/logger": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/logger/-/logger-3.1.2.tgz", - "integrity": "sha512-xmKCpchp0IU8SpKUa/AwlLsvOcO7edNjQ3dOzpxm223avCWm/lCnNBtC++lnLYE7jOfOFYjnhveE16JKPj6akA==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/logger/-/logger-3.1.6.tgz", + "integrity": "sha512-36kU8gMbPslcPu8u9EbXsz6+9G9+LWPKhO7n8mEQqxlcCqmChwgetK6VbsL102rynpgPsstX6IAKg2wbptJK5g==", "dependencies": { "@antora/expand-path-helper": "~2.0", - "pino": "~8.7", - "pino-pretty": "~9.1", - "sonic-boom": "~3.2" + "pino": "~8.14", + "pino-pretty": "~10.0", + "sonic-boom": "~3.3" }, "engines": { "node": ">=16.0.0" } }, "node_modules/@antora/navigation-builder": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/navigation-builder/-/navigation-builder-3.1.2.tgz", - "integrity": "sha512-gWiFTZDfM31mHgHKs3og6e1/2y4idFFBLwTfXZWbgBlUDKmhWQKeg1CUQUzXR0Ts4SJhiViGlOzptPXQPQURtA==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/navigation-builder/-/navigation-builder-3.1.6.tgz", + "integrity": "sha512-0iqktzBKQ4kgOM+pbm1bYdGUlN6Blw5zAxURr+W7X96b45mUHCTNz1nZrsDvBLbVXpSTk//ih85Ioh0RU4RJTw==", "dependencies": { - "@antora/asciidoc-loader": "3.1.2" + "@antora/asciidoc-loader": "3.1.6" }, "engines": { "node": ">=16.0.0" } }, "node_modules/@antora/page-composer": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/page-composer/-/page-composer-3.1.2.tgz", - "integrity": "sha512-rwYNEGh4cxQHsm+fEk4R+Wi2silRe5eCeyPvW52caXvfaTcmSK92iOnXMYpsthws5UmBV3D+1eSXbjMfe4xC7w==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/page-composer/-/page-composer-3.1.6.tgz", + "integrity": "sha512-zl2UXVmHEy23zWsGzz3ZpnqtzTVfYvAVS7osPZpSyto3unwtQUI0dR+JpWndElsEDt71JJedbsXa/y/tNC2ZOQ==", "dependencies": { - "@antora/logger": "3.1.2", + "@antora/logger": "3.1.6", "handlebars": "~4.7", "require-from-string": "~2.0" }, @@ -262,9 +262,9 @@ } }, "node_modules/@antora/playbook-builder": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/playbook-builder/-/playbook-builder-3.1.2.tgz", - "integrity": "sha512-hfQom+UDFXdfDZVscGLtSBHZzkoi2HL8mt2Iiu+xh/6FFiAwCpU8eAlFzYHz2+yf8OpaMytvVNavvJXe3uo3qw==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/playbook-builder/-/playbook-builder-3.1.6.tgz", + "integrity": "sha512-bZcDastZViAgPVPNvvbbw7ci63gL5YnyG5X7NuHJoORgzyGQAsMYEjzfa9yfNfXubUmXv/oSteUSxbACjdjzWg==", "dependencies": { "@iarna/toml": "~2.2", "convict": "~6.2", @@ -276,9 +276,9 @@ } }, "node_modules/@antora/redirect-producer": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/redirect-producer/-/redirect-producer-3.1.2.tgz", - "integrity": "sha512-MUzjYH+2nKgW5oY9afkLzUdRsdSb+aOWF7BEPcvdCcA6/Gkm+fFs1bBATrtjjq70tbsKe6pMpsHEHqxuOz0WIQ==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/redirect-producer/-/redirect-producer-3.1.6.tgz", + "integrity": "sha512-tzlrJa2vny0HPBtIAgEM/xCMTfOi4z2CYUt4Ctz7rV8PBv6NOjlLkbu7Goc57CpR9wmJ3C4AGJcVHN0tah0FmA==", "dependencies": { "vinyl": "~2.2" }, @@ -287,23 +287,23 @@ } }, "node_modules/@antora/site-generator": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/site-generator/-/site-generator-3.1.2.tgz", - "integrity": "sha512-BpdX3hcWhtPPpq4+lyQe1XLoaxSPd6dcB+AzQTpg5oIb3+mXte8Tie45WXmiCX9F1Dp6Ug9BDImf/2HJFsbG0Q==", - "dependencies": { - "@antora/asciidoc-loader": "3.1.2", - "@antora/content-aggregator": "3.1.2", - "@antora/content-classifier": "3.1.2", - "@antora/document-converter": "3.1.2", - "@antora/file-publisher": "3.1.2", - "@antora/logger": "3.1.2", - "@antora/navigation-builder": "3.1.2", - "@antora/page-composer": "3.1.2", - "@antora/playbook-builder": "3.1.2", - "@antora/redirect-producer": "3.1.2", - "@antora/site-mapper": "3.1.2", - "@antora/site-publisher": "3.1.2", - "@antora/ui-loader": "3.1.2", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/site-generator/-/site-generator-3.1.6.tgz", + "integrity": "sha512-NKRTVDGB7CuzEBx68iQGweSTDXLvqccExEfBiudPEhyagcn4U+fwef+0LjE4A2imcpD/QQC7l5U8VaNObQYnRQ==", + "dependencies": { + "@antora/asciidoc-loader": "3.1.6", + "@antora/content-aggregator": "3.1.6", + "@antora/content-classifier": "3.1.6", + "@antora/document-converter": "3.1.6", + "@antora/file-publisher": "3.1.6", + "@antora/logger": "3.1.6", + "@antora/navigation-builder": "3.1.6", + "@antora/page-composer": "3.1.6", + "@antora/playbook-builder": "3.1.6", + "@antora/redirect-producer": "3.1.6", + "@antora/site-mapper": "3.1.6", + "@antora/site-publisher": "3.1.6", + "@antora/ui-loader": "3.1.6", "@antora/user-require-helper": "~2.0" }, "engines": { @@ -311,22 +311,22 @@ } }, "node_modules/@antora/site-generator-default": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/site-generator-default/-/site-generator-default-3.1.2.tgz", - "integrity": "sha512-zd/7CEYzMo85t4/TVristVG5hMoZqw/bcSnr5+KVEpexBfnl3WtuD10hdo2TL7SSxqEsj0dvDK0PwgHN//l0yg==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/site-generator-default/-/site-generator-default-3.1.6.tgz", + "integrity": "sha512-HXnqYYQdQHwjg6NAvEr3oolt4Kmb3cEVqMsR9BoN8ZPfVpnx+kM9r1/qqpgx9BZxY2oTDYPhFFeygdq2Fu5rIg==", "dependencies": { - "@antora/site-generator": "3.1.2" + "@antora/site-generator": "3.1.6" }, "engines": { "node": ">=16.0.0" } }, "node_modules/@antora/site-mapper": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/site-mapper/-/site-mapper-3.1.2.tgz", - "integrity": "sha512-WQEYac4KMIjc2H+5GUkzikgkZ1jSe8KXnDz9dzSL0A5zIwjVxlM2mnzAfzG8g1kKtlh1BwU4Famh97BfRzLQKg==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/site-mapper/-/site-mapper-3.1.6.tgz", + "integrity": "sha512-Jc5AqY2uS3wO21iwEFyJuXOspTLN6UdNnZP/Os2oguR+cSsjwUx+l6+X7lquIndq+dXUQS3tMQkwNkhLgfcsrw==", "dependencies": { - "@antora/content-classifier": "3.1.2", + "@antora/content-classifier": "3.1.6", "vinyl": "~2.2" }, "engines": { @@ -334,27 +334,27 @@ } }, "node_modules/@antora/site-publisher": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/site-publisher/-/site-publisher-3.1.2.tgz", - "integrity": "sha512-I/GeYypIVvpRH84amCWK3BUOEUplGpjx2rN+UgaXQ0UvBGVHrex6sfmS0G7R7g0cmK3X5hND44wTFxbaSBPUnw==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/site-publisher/-/site-publisher-3.1.6.tgz", + "integrity": "sha512-AOpM12gmMJeucebEGneHvOJAXQgco0lAg7Vx9CH7slHVeJy6mM74Mcut7KkKlv3AOJJKgYfdYkJndvq9dqbWmQ==", "dependencies": { - "@antora/file-publisher": "3.1.2" + "@antora/file-publisher": "3.1.6" }, "engines": { "node": ">=16.0.0" } }, "node_modules/@antora/ui-loader": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/ui-loader/-/ui-loader-3.1.2.tgz", - "integrity": "sha512-4tE7FT0pvvQ7PjGBe/NiRhqGdyfvx/8YSZJwcC2RLxFFusrv/8WlGjbgOVU+gGRFy1AKZDFgzbQWtJcyLjsyAQ==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/ui-loader/-/ui-loader-3.1.6.tgz", + "integrity": "sha512-IivfKW7fCaV7GpXIOxyk8X2mJiYoM6U0CDaFzWiKerJeDikW1Oi9KGxCMe2+onYBJrgzQxAZsIzjr9fXUcDZWw==", "dependencies": { "@antora/expand-path-helper": "~2.0", + "@vscode/gulp-vinyl-zip": "~2.5", "braces": "~3.0", "cache-directory": "~2.0", "glob-stream": "~7.0", - "gulp-vinyl-zip": "~2.5", - "hpagent": "~1.1", + "hpagent": "~1.2", "js-yaml": "~4.1", "picomatch": "~2.3", "should-proxy": "~1.0", @@ -430,6 +430,23 @@ "resolved": "https://registry.npmjs.org/@neo4j-documentation/remote-include/-/remote-include-1.0.0.tgz", "integrity": "sha512-SprNp9XsWiMBC0T44vs3JUwEYhoyJlg+du5kP0f9RGewXrSeEgsr5tY7nQDa4Bou9iG0sBl0+2u4XZjiVMkiuw==" }, + "node_modules/@vscode/gulp-vinyl-zip": { + "version": "2.5.0", + "resolved": "https://registry.npmjs.org/@vscode/gulp-vinyl-zip/-/gulp-vinyl-zip-2.5.0.tgz", + "integrity": "sha512-PP/xkOoLBSY3V04HmzRxF+NOxkRJ/m2D0YwWpfx1FCFv5G8+sZUGPvxX+LRgdJ5vQcR1RHck5x1IkHi75Qjdbw==", + "dependencies": { + "queue": "^4.2.1", + "through": "^2.3.8", + "through2": "^2.0.3", + "vinyl": "^2.0.2", + "vinyl-fs": "^3.0.3", + "yauzl": "^2.2.1", + "yazl": "^2.2.1" + }, + "engines": { + "node": ">= 10" + } + }, "node_modules/abbrev": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz", @@ -660,12 +677,13 @@ } }, "node_modules/call-bind": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz", - "integrity": "sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==", + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.5.tgz", + "integrity": "sha512-C3nQxfFZxFRVoJoGKKI8y3MOEo129NQ+FgQ08iye+Mk4zNZZGdjfs06bVTr+DBSlA66Q2VEcMki/cUCP4SercQ==", "dependencies": { - "function-bind": "^1.1.1", - "get-intrinsic": "^1.0.2" + "function-bind": "^1.1.2", + "get-intrinsic": "^1.2.1", + "set-function-length": "^1.1.1" }, "funding": { "url": "https://github.com/sponsors/ljharb" @@ -747,9 +765,9 @@ } }, "node_modules/cloneable-readable/node_modules/readable-stream": { - "version": "2.3.7", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz", - "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==", + "version": "2.3.8", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", + "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", "dependencies": { "core-util-is": "~1.0.0", "inherits": "~2.0.3", @@ -891,11 +909,25 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/define-data-property": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.1.tgz", + "integrity": "sha512-E7uGkTzkk1d0ByLeSc6ZsFS79Axg+m1P/VsgYsxHgiuc3tFSj+MjMIwe90FC4lOAZzNBdY7kkO2P2wKdsQ1vgQ==", + "dependencies": { + "get-intrinsic": "^1.2.1", + "gopd": "^1.0.1", + "has-property-descriptors": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + } + }, "node_modules/define-properties": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.1.4.tgz", - "integrity": "sha512-uckOqKcfaVvtBdsVkdPv3XjveQJsNQqmhXgRi8uhvWWuPYZCNlzT8qAyblUgNoXdHdjMTzAqeGjAoli8f+bzPA==", + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.2.1.tgz", + "integrity": "sha512-8QmQKqEASLd5nx0U1B1okLElbUuuttJ/AnYmRXbbbGDWh6uS208EjD4Xqq/I9wK7u0v6O08XhTWnt5XtEbR6Dg==", "dependencies": { + "define-data-property": "^1.0.1", "has-property-descriptors": "^1.0.0", "object-keys": "^1.1.1" }, @@ -1107,9 +1139,9 @@ } }, "node_modules/flush-write-stream/node_modules/readable-stream": { - "version": "2.3.7", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz", - "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==", + "version": "2.3.8", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", + "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", "dependencies": { "core-util-is": "~1.0.0", "inherits": "~2.0.3", @@ -1183,18 +1215,22 @@ } }, "node_modules/function-bind": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", - "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==" + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } }, "node_modules/get-intrinsic": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.1.3.tgz", - "integrity": "sha512-QJVz1Tj7MS099PevUG5jvnt9tSkXN8K14dxQlikJuPt4uD9hHAHjLyLBiLR5zELelBdD9QNRAXZzsJx0WaDL9A==", + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.2.tgz", + "integrity": "sha512-0gSo4ml/0j98Y3lngkFEot/zhiCeWsbYIlZ+uZOVgzLyLaUw7wxUL+nCTP0XJvJg1AXulJRI3UJi8GsbDuxdGA==", "dependencies": { - "function-bind": "^1.1.1", - "has": "^1.0.3", - "has-symbols": "^1.0.3" + "function-bind": "^1.1.2", + "has-proto": "^1.0.1", + "has-symbols": "^1.0.3", + "hasown": "^2.0.0" }, "funding": { "url": "https://github.com/sponsors/ljharb" @@ -1266,35 +1302,29 @@ "url": "https://github.com/sponsors/isaacs" } }, - "node_modules/graceful-fs": { - "version": "4.2.10", - "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.10.tgz", - "integrity": "sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA==" - }, - "node_modules/gulp-vinyl-zip": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/gulp-vinyl-zip/-/gulp-vinyl-zip-2.5.0.tgz", - "integrity": "sha512-KPi5/2SUmkXXDvKU4L2U1dkPOP03SbhONTOgNZlL23l9Yopt+euJ1bBXwWrSMbsyh3JLW/TYuC8CI4c4Kq4qrw==", + "node_modules/gopd": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz", + "integrity": "sha512-d65bNlIadxvpb/A2abVdlqKqV563juRnZ1Wtk6s1sIR8uNsXR70xqIzVqxVf1eTqDunwT2MkczEeaezCKTZhwA==", "dependencies": { - "queue": "^4.2.1", - "through": "^2.3.8", - "through2": "^2.0.3", - "vinyl": "^2.0.2", - "vinyl-fs": "^3.0.3", - "yauzl": "^2.2.1", - "yazl": "^2.2.1" + "get-intrinsic": "^1.1.3" }, - "engines": { - "node": ">= 10" + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/graceful-fs": { + "version": "4.2.11", + "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", + "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==" + }, "node_modules/handlebars": { - "version": "4.7.7", - "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.7.tgz", - "integrity": "sha512-aAcXm5OAfE/8IXkcZvCepKU3VzW1/39Fb5ZuqMtgI/hT8X2YgoMvBY5dLhq/cpOvw7Lk1nK/UF71aLG/ZnVYRA==", + "version": "4.7.8", + "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.8.tgz", + "integrity": "sha512-vafaFqs8MZkRrSX7sFVUdo3ap/eNiLnb4IakshzvP56X5Nr1iGKAIqdX6tMlm6HcNRIkr6AxO5jFEoJzzpT8aQ==", "dependencies": { "minimist": "^1.2.5", - "neo-async": "^2.6.0", + "neo-async": "^2.6.2", "source-map": "^0.6.1", "wordwrap": "^1.0.0" }, @@ -1308,17 +1338,6 @@ "uglify-js": "^3.1.4" } }, - "node_modules/has": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz", - "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==", - "dependencies": { - "function-bind": "^1.1.1" - }, - "engines": { - "node": ">= 0.4.0" - } - }, "node_modules/has-flag": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", @@ -1329,11 +1348,22 @@ } }, "node_modules/has-property-descriptors": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.0.tgz", - "integrity": "sha512-62DVLZGoiEBDHQyqG4w9xCuZ7eJEwNmJRWw2VY84Oedb7WFcA27fiEVe8oUQx9hAUJ4ekurquucTGwsyO1XGdQ==", + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.1.tgz", + "integrity": "sha512-VsX8eaIewvas0xnvinAe9bw4WfIeODpGYikiWYLH+dma0Jw6KHYqWiWfhQlgOVK8D6PvjubK5Uc4P0iIhIcNVg==", "dependencies": { - "get-intrinsic": "^1.1.1" + "get-intrinsic": "^1.2.2" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.1.tgz", + "integrity": "sha512-7qE+iP+O+bgF9clE5+UoBFzE65mlBiVj3tKCrlNQ0Ogwm0BjpT/gK4SlLYDMybDh5I3TCTKnPPa0oMG7JDYrhg==", + "engines": { + "node": ">= 0.4" }, "funding": { "url": "https://github.com/sponsors/ljharb" @@ -1350,6 +1380,17 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/hasown": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.0.tgz", + "integrity": "sha512-vUptKVTpIJhcczKBbgnS+RtcuYMB8+oNzPK2/Hp3hanz8JmpATdmmgLgSaadVREkDm+e2giHwY3ZRkyjSIDDFA==", + "dependencies": { + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, "node_modules/help-me": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/help-me/-/help-me-4.1.0.tgz", @@ -1397,9 +1438,9 @@ } }, "node_modules/hpagent": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/hpagent/-/hpagent-1.1.0.tgz", - "integrity": "sha512-bgJcBmNTZaJO03xtXOTNfoFEf/3VwoZ/gJ2O4ekTCZu4LSFtfzQFrJ0kjq8ZSS0+IdghXqQIiDUnpp0eUR9IJg==", + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/hpagent/-/hpagent-1.2.0.tgz", + "integrity": "sha512-A91dYTeIB6NoXG+PxTQpCCDDnfHsW9kc06Lvpu1TEe9gnd6ZFeiBoRO9JvzEv6xK7EX97/dUE8g/vBMTqTS3CA==", "engines": { "node": ">=14" } @@ -1452,9 +1493,9 @@ ] }, "node_modules/ignore": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.2.0.tgz", - "integrity": "sha512-CmxgYGiEPCLhfLnpPp1MoRmifwEIOgjcHXxOBjv7mY96c+eWScsOP9c112ZyLdWHi0FxHjI+4uVhKYp/gcdRmQ==", + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.0.tgz", + "integrity": "sha512-g7dmpshy+gD7mh88OC9NwSGTKoc3kyLAZQRU1mt53Aw/vnvfXnbC+F/7F7QoYVKbV+KNvJx8wArewKy1vXMtlg==", "engines": { "node": ">= 4" } @@ -1671,9 +1712,9 @@ } }, "node_modules/lazystream/node_modules/readable-stream": { - "version": "2.3.7", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz", - "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==", + "version": "2.3.8", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", + "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", "dependencies": { "core-util-is": "~1.0.0", "inherits": "~2.0.3", @@ -1950,12 +1991,12 @@ } }, "node_modules/object.assign": { - "version": "4.1.4", - "resolved": "https://registry.npmjs.org/object.assign/-/object.assign-4.1.4.tgz", - "integrity": "sha512-1mxKf0e58bvyjSCtKYY4sRe9itRk3PJpquJOjeIkz885CczcI4IvJJDLPS72oowuSh+pBxUFROpX+TU++hxhZQ==", + "version": "4.1.5", + "resolved": "https://registry.npmjs.org/object.assign/-/object.assign-4.1.5.tgz", + "integrity": "sha512-byy+U7gp+FVwmyzKPYhW2h5l3crpmGsxl7X2s8y43IgxvG4g3QZ6CffDtsNQy1WsmZpQbO+ybo0AlW7TY6DcBQ==", "dependencies": { - "call-bind": "^1.0.2", - "define-properties": "^1.1.4", + "call-bind": "^1.0.5", + "define-properties": "^1.2.1", "has-symbols": "^1.0.3", "object-keys": "^1.1.1" }, @@ -2000,9 +2041,9 @@ } }, "node_modules/ordered-read-streams/node_modules/readable-stream": { - "version": "2.3.7", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz", - "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==", + "version": "2.3.8", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", + "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", "dependencies": { "core-util-is": "~1.0.0", "inherits": "~2.0.3", @@ -2084,9 +2125,9 @@ } }, "node_modules/pino": { - "version": "8.7.0", - "resolved": "https://registry.npmjs.org/pino/-/pino-8.7.0.tgz", - "integrity": "sha512-l9sA5uPxmZzwydhMWUcm1gI0YxNnYl8MfSr2h8cwLvOAzQLBLewzF247h/vqHe3/tt6fgtXeG9wdjjoetdI/vA==", + "version": "8.14.2", + "resolved": "https://registry.npmjs.org/pino/-/pino-8.14.2.tgz", + "integrity": "sha512-zKu9aWeSWTy1JgvxIpZveJKKsAr4+6uNMZ0Vf0KRwzl/UNZA3XjHiIl/0WwqLMkDwuHuDkT5xAgPA2jpKq4whA==", "dependencies": { "atomic-sleep": "^1.0.0", "fast-redact": "^3.1.1", @@ -2128,9 +2169,9 @@ } }, "node_modules/pino-pretty": { - "version": "9.1.1", - "resolved": "https://registry.npmjs.org/pino-pretty/-/pino-pretty-9.1.1.tgz", - "integrity": "sha512-iJrnjgR4FWQIXZkUF48oNgoRI9BpyMhaEmihonHeCnZ6F50ZHAS4YGfGBT/ZVNsPmd+hzkIPGzjKdY08+/yAXw==", + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/pino-pretty/-/pino-pretty-10.0.1.tgz", + "integrity": "sha512-yrn00+jNpkvZX/NrPVCPIVHAfTDy3ahF0PND9tKqZk4j9s+loK8dpzrJj4dGb7i+WLuR50ussuTAiWoMWU+qeA==", "dependencies": { "colorette": "^2.0.7", "dateformat": "^4.6.3", @@ -2152,14 +2193,15 @@ } }, "node_modules/pino-pretty/node_modules/readable-stream": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.2.0.tgz", - "integrity": "sha512-gJrBHsaI3lgBoGMW/jHZsQ/o/TIWiu5ENCJG1BB7fuCKzpFM8GaS2UoBVt9NO+oI+3FcrBNbUkl3ilDe09aY4A==", + "version": "4.5.1", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.5.1.tgz", + "integrity": "sha512-uQjbf34vmf/asGnOHQEw07Q4llgMACQZTWWa4MmICS0IKJoHbLwKCy71H3eR99Dw5iYejc6W+pqZZEeqRtUFAw==", "dependencies": { "abort-controller": "^3.0.0", "buffer": "^6.0.3", "events": "^3.3.0", - "process": "^0.11.10" + "process": "^0.11.10", + "string_decoder": "^1.3.0" }, "engines": { "node": "^12.22.0 || ^14.17.0 || >=16.0.0" @@ -2474,6 +2516,20 @@ "node": ">= 0.8.0" } }, + "node_modules/set-function-length": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.1.1.tgz", + "integrity": "sha512-VoaqjbBJKiWtg4yRcKBQ7g7wnGnLV3M8oLvVWwOk2PdYY6PEFegR1vezXR0tw6fZGF9csVakIRjrJiy2veSBFQ==", + "dependencies": { + "define-data-property": "^1.1.1", + "get-intrinsic": "^1.2.1", + "gopd": "^1.0.1", + "has-property-descriptors": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + } + }, "node_modules/setprototypeof": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", @@ -2567,9 +2623,9 @@ } }, "node_modules/sonic-boom": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/sonic-boom/-/sonic-boom-3.2.0.tgz", - "integrity": "sha512-SbbZ+Kqj/XIunvIAgUZRlqd6CGQYq71tRRbXR92Za8J/R3Yh4Av+TWENiSiEgnlwckYLyP0YZQWVfyNC0dzLaA==", + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/sonic-boom/-/sonic-boom-3.3.0.tgz", + "integrity": "sha512-LYxp34KlZ1a2Jb8ZQgFCK3niIHzibdwtwNUWKg0qQRzsDoJ3Gfgkf8KdBTFU3SkejDEIlWwnSnpVdOZIhFMl/g==", "dependencies": { "atomic-sleep": "^1.0.0" } @@ -2667,9 +2723,9 @@ } }, "node_modules/through2/node_modules/readable-stream": { - "version": "2.3.7", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz", - "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==", + "version": "2.3.8", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", + "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", "dependencies": { "core-util-is": "~1.0.0", "inherits": "~2.0.3", @@ -2958,9 +3014,9 @@ } }, "node_modules/vinyl-fs/node_modules/readable-stream": { - "version": "2.3.7", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz", - "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==", + "version": "2.3.8", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", + "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", "dependencies": { "core-util-is": "~1.0.0", "inherits": "~2.0.3", @@ -3072,11 +3128,11 @@ }, "dependencies": { "@antora/asciidoc-loader": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/asciidoc-loader/-/asciidoc-loader-3.1.2.tgz", - "integrity": "sha512-j5nNo8XastKxu8WYV9muCgRB4iGo88KIePIegcdQ5tcbuPmamOlp2/XuwYzGDAjWmaadqLD+3y9Mu18hA+wUYg==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/asciidoc-loader/-/asciidoc-loader-3.1.6.tgz", + "integrity": "sha512-Tqy4QFuZiKe/yX+3H8+vTLE6HH+VDm9OkKwq3G769jcC+40wz6y3poV4r4t1XJFAWwa/AKGM99ZcnJcJ3rtW+A==", "requires": { - "@antora/logger": "3.1.2", + "@antora/logger": "3.1.6", "@antora/user-require-helper": "~2.0", "@asciidoctor/core": "~2.2" } @@ -3176,17 +3232,17 @@ } }, "@antora/content-aggregator": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/content-aggregator/-/content-aggregator-3.1.2.tgz", - "integrity": "sha512-gRseJBYO7DpyCa2vwkRM7e2ZQ8D7813Q91sn9fg94D+8H/Em4SborO057jkOOgsxNAcXsQgiHfX2X8L+S+Vkqg==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/content-aggregator/-/content-aggregator-3.1.6.tgz", + "integrity": "sha512-kOKWn/1gBvd9XOp00/wFzH4lb3yCa5u65ZKmfe9VwC7uOl5Tg9zT0lxMa7miEbPAmfhcOr0zRYXa2ybsoKBWNw==", "requires": { "@antora/expand-path-helper": "~2.0", - "@antora/logger": "3.1.2", + "@antora/logger": "3.1.6", "@antora/user-require-helper": "~2.0", "braces": "~3.0", "cache-directory": "~2.0", "glob-stream": "~7.0", - "hpagent": "~1.1", + "hpagent": "~1.2", "isomorphic-git": "~1.21", "js-yaml": "~4.1", "multi-progress": "~4.0", @@ -3198,22 +3254,22 @@ } }, "@antora/content-classifier": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/content-classifier/-/content-classifier-3.1.2.tgz", - "integrity": "sha512-Kisp/VlnTFiG6YnEMyTCnFqXks1SG6AuYrUADCW+KmDuXI7xZGHrLJjFeTUIDp0+HzuW96TJUhuMB8UL9TDNFA==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/content-classifier/-/content-classifier-3.1.6.tgz", + "integrity": "sha512-e5Fs38Cfbl2kecxpRLFftflphbjg2wPfWlwjLZjs8d0R5ISSCM38q8ecDKCQHQlrYJkSrxiSpWqg0irNqAHnLw==", "requires": { - "@antora/asciidoc-loader": "3.1.2", - "@antora/logger": "3.1.2", + "@antora/asciidoc-loader": "3.1.6", + "@antora/logger": "3.1.6", "mime-types": "~2.1", "vinyl": "~2.2" } }, "@antora/document-converter": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/document-converter/-/document-converter-3.1.2.tgz", - "integrity": "sha512-zOFMK0wcmL3aZuO2k61MaWDZ86vzuG16YIIqebg/V0QZcSsS06Vvo79fplQz91KL2vPgB0+rl//Roqbr28MfUw==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/document-converter/-/document-converter-3.1.6.tgz", + "integrity": "sha512-bdzlkwq1WMnfdc6FUZNcO58LwjMqYmv3m9dI/eAJryGiKa9ChBFskwA1ob7rB87Qxjzu6UHcNucbt910hjEOAw==", "requires": { - "@antora/asciidoc-loader": "3.1.2" + "@antora/asciidoc-loader": "3.1.6" } }, "@antora/expand-path-helper": { @@ -3222,50 +3278,50 @@ "integrity": "sha512-CSMBGC+tI21VS2kGW3PV7T2kQTM5eT3f2GTPVLttwaNYbNxDve08en/huzszHJfxo11CcEs26Ostr0F2c1QqeA==" }, "@antora/file-publisher": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/file-publisher/-/file-publisher-3.1.2.tgz", - "integrity": "sha512-yWE1E4kg5obAzX9nl/oYou86BlSeKCf9lONiYuWqeqdUdeZPxW5RE2YahJk6i9+9Zwrxgm65oc/oDdvsdwSqYw==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/file-publisher/-/file-publisher-3.1.6.tgz", + "integrity": "sha512-UPTyFWY7lrG/Qj6SBxgoVBg1fW3JemJzW62y6pKuGHF59TEKJiaVTUlHEaVgkbpkCngn2os+VOX7fHK0jsBU9A==", "requires": { "@antora/expand-path-helper": "~2.0", "@antora/user-require-helper": "~2.0", - "gulp-vinyl-zip": "~2.5", + "@vscode/gulp-vinyl-zip": "~2.5", "vinyl": "~2.2", "vinyl-fs": "~3.0" } }, "@antora/logger": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/logger/-/logger-3.1.2.tgz", - "integrity": "sha512-xmKCpchp0IU8SpKUa/AwlLsvOcO7edNjQ3dOzpxm223avCWm/lCnNBtC++lnLYE7jOfOFYjnhveE16JKPj6akA==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/logger/-/logger-3.1.6.tgz", + "integrity": "sha512-36kU8gMbPslcPu8u9EbXsz6+9G9+LWPKhO7n8mEQqxlcCqmChwgetK6VbsL102rynpgPsstX6IAKg2wbptJK5g==", "requires": { "@antora/expand-path-helper": "~2.0", - "pino": "~8.7", - "pino-pretty": "~9.1", - "sonic-boom": "~3.2" + "pino": "~8.14", + "pino-pretty": "~10.0", + "sonic-boom": "~3.3" } }, "@antora/navigation-builder": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/navigation-builder/-/navigation-builder-3.1.2.tgz", - "integrity": "sha512-gWiFTZDfM31mHgHKs3og6e1/2y4idFFBLwTfXZWbgBlUDKmhWQKeg1CUQUzXR0Ts4SJhiViGlOzptPXQPQURtA==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/navigation-builder/-/navigation-builder-3.1.6.tgz", + "integrity": "sha512-0iqktzBKQ4kgOM+pbm1bYdGUlN6Blw5zAxURr+W7X96b45mUHCTNz1nZrsDvBLbVXpSTk//ih85Ioh0RU4RJTw==", "requires": { - "@antora/asciidoc-loader": "3.1.2" + "@antora/asciidoc-loader": "3.1.6" } }, "@antora/page-composer": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/page-composer/-/page-composer-3.1.2.tgz", - "integrity": "sha512-rwYNEGh4cxQHsm+fEk4R+Wi2silRe5eCeyPvW52caXvfaTcmSK92iOnXMYpsthws5UmBV3D+1eSXbjMfe4xC7w==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/page-composer/-/page-composer-3.1.6.tgz", + "integrity": "sha512-zl2UXVmHEy23zWsGzz3ZpnqtzTVfYvAVS7osPZpSyto3unwtQUI0dR+JpWndElsEDt71JJedbsXa/y/tNC2ZOQ==", "requires": { - "@antora/logger": "3.1.2", + "@antora/logger": "3.1.6", "handlebars": "~4.7", "require-from-string": "~2.0" } }, "@antora/playbook-builder": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/playbook-builder/-/playbook-builder-3.1.2.tgz", - "integrity": "sha512-hfQom+UDFXdfDZVscGLtSBHZzkoi2HL8mt2Iiu+xh/6FFiAwCpU8eAlFzYHz2+yf8OpaMytvVNavvJXe3uo3qw==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/playbook-builder/-/playbook-builder-3.1.6.tgz", + "integrity": "sha512-bZcDastZViAgPVPNvvbbw7ci63gL5YnyG5X7NuHJoORgzyGQAsMYEjzfa9yfNfXubUmXv/oSteUSxbACjdjzWg==", "requires": { "@iarna/toml": "~2.2", "convict": "~6.2", @@ -3274,70 +3330,70 @@ } }, "@antora/redirect-producer": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/redirect-producer/-/redirect-producer-3.1.2.tgz", - "integrity": "sha512-MUzjYH+2nKgW5oY9afkLzUdRsdSb+aOWF7BEPcvdCcA6/Gkm+fFs1bBATrtjjq70tbsKe6pMpsHEHqxuOz0WIQ==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/redirect-producer/-/redirect-producer-3.1.6.tgz", + "integrity": "sha512-tzlrJa2vny0HPBtIAgEM/xCMTfOi4z2CYUt4Ctz7rV8PBv6NOjlLkbu7Goc57CpR9wmJ3C4AGJcVHN0tah0FmA==", "requires": { "vinyl": "~2.2" } }, "@antora/site-generator": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/site-generator/-/site-generator-3.1.2.tgz", - "integrity": "sha512-BpdX3hcWhtPPpq4+lyQe1XLoaxSPd6dcB+AzQTpg5oIb3+mXte8Tie45WXmiCX9F1Dp6Ug9BDImf/2HJFsbG0Q==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/site-generator/-/site-generator-3.1.6.tgz", + "integrity": "sha512-NKRTVDGB7CuzEBx68iQGweSTDXLvqccExEfBiudPEhyagcn4U+fwef+0LjE4A2imcpD/QQC7l5U8VaNObQYnRQ==", "requires": { - "@antora/asciidoc-loader": "3.1.2", - "@antora/content-aggregator": "3.1.2", - "@antora/content-classifier": "3.1.2", - "@antora/document-converter": "3.1.2", - "@antora/file-publisher": "3.1.2", - "@antora/logger": "3.1.2", - "@antora/navigation-builder": "3.1.2", - "@antora/page-composer": "3.1.2", - "@antora/playbook-builder": "3.1.2", - "@antora/redirect-producer": "3.1.2", - "@antora/site-mapper": "3.1.2", - "@antora/site-publisher": "3.1.2", - "@antora/ui-loader": "3.1.2", + "@antora/asciidoc-loader": "3.1.6", + "@antora/content-aggregator": "3.1.6", + "@antora/content-classifier": "3.1.6", + "@antora/document-converter": "3.1.6", + "@antora/file-publisher": "3.1.6", + "@antora/logger": "3.1.6", + "@antora/navigation-builder": "3.1.6", + "@antora/page-composer": "3.1.6", + "@antora/playbook-builder": "3.1.6", + "@antora/redirect-producer": "3.1.6", + "@antora/site-mapper": "3.1.6", + "@antora/site-publisher": "3.1.6", + "@antora/ui-loader": "3.1.6", "@antora/user-require-helper": "~2.0" } }, "@antora/site-generator-default": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/site-generator-default/-/site-generator-default-3.1.2.tgz", - "integrity": "sha512-zd/7CEYzMo85t4/TVristVG5hMoZqw/bcSnr5+KVEpexBfnl3WtuD10hdo2TL7SSxqEsj0dvDK0PwgHN//l0yg==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/site-generator-default/-/site-generator-default-3.1.6.tgz", + "integrity": "sha512-HXnqYYQdQHwjg6NAvEr3oolt4Kmb3cEVqMsR9BoN8ZPfVpnx+kM9r1/qqpgx9BZxY2oTDYPhFFeygdq2Fu5rIg==", "requires": { - "@antora/site-generator": "3.1.2" + "@antora/site-generator": "3.1.6" } }, "@antora/site-mapper": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/site-mapper/-/site-mapper-3.1.2.tgz", - "integrity": "sha512-WQEYac4KMIjc2H+5GUkzikgkZ1jSe8KXnDz9dzSL0A5zIwjVxlM2mnzAfzG8g1kKtlh1BwU4Famh97BfRzLQKg==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/site-mapper/-/site-mapper-3.1.6.tgz", + "integrity": "sha512-Jc5AqY2uS3wO21iwEFyJuXOspTLN6UdNnZP/Os2oguR+cSsjwUx+l6+X7lquIndq+dXUQS3tMQkwNkhLgfcsrw==", "requires": { - "@antora/content-classifier": "3.1.2", + "@antora/content-classifier": "3.1.6", "vinyl": "~2.2" } }, "@antora/site-publisher": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/site-publisher/-/site-publisher-3.1.2.tgz", - "integrity": "sha512-I/GeYypIVvpRH84amCWK3BUOEUplGpjx2rN+UgaXQ0UvBGVHrex6sfmS0G7R7g0cmK3X5hND44wTFxbaSBPUnw==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/site-publisher/-/site-publisher-3.1.6.tgz", + "integrity": "sha512-AOpM12gmMJeucebEGneHvOJAXQgco0lAg7Vx9CH7slHVeJy6mM74Mcut7KkKlv3AOJJKgYfdYkJndvq9dqbWmQ==", "requires": { - "@antora/file-publisher": "3.1.2" + "@antora/file-publisher": "3.1.6" } }, "@antora/ui-loader": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@antora/ui-loader/-/ui-loader-3.1.2.tgz", - "integrity": "sha512-4tE7FT0pvvQ7PjGBe/NiRhqGdyfvx/8YSZJwcC2RLxFFusrv/8WlGjbgOVU+gGRFy1AKZDFgzbQWtJcyLjsyAQ==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@antora/ui-loader/-/ui-loader-3.1.6.tgz", + "integrity": "sha512-IivfKW7fCaV7GpXIOxyk8X2mJiYoM6U0CDaFzWiKerJeDikW1Oi9KGxCMe2+onYBJrgzQxAZsIzjr9fXUcDZWw==", "requires": { "@antora/expand-path-helper": "~2.0", + "@vscode/gulp-vinyl-zip": "~2.5", "braces": "~3.0", "cache-directory": "~2.0", "glob-stream": "~7.0", - "gulp-vinyl-zip": "~2.5", - "hpagent": "~1.1", + "hpagent": "~1.2", "js-yaml": "~4.1", "picomatch": "~2.3", "should-proxy": "~1.0", @@ -3402,6 +3458,20 @@ "resolved": "https://registry.npmjs.org/@neo4j-documentation/remote-include/-/remote-include-1.0.0.tgz", "integrity": "sha512-SprNp9XsWiMBC0T44vs3JUwEYhoyJlg+du5kP0f9RGewXrSeEgsr5tY7nQDa4Bou9iG0sBl0+2u4XZjiVMkiuw==" }, + "@vscode/gulp-vinyl-zip": { + "version": "2.5.0", + "resolved": "https://registry.npmjs.org/@vscode/gulp-vinyl-zip/-/gulp-vinyl-zip-2.5.0.tgz", + "integrity": "sha512-PP/xkOoLBSY3V04HmzRxF+NOxkRJ/m2D0YwWpfx1FCFv5G8+sZUGPvxX+LRgdJ5vQcR1RHck5x1IkHi75Qjdbw==", + "requires": { + "queue": "^4.2.1", + "through": "^2.3.8", + "through2": "^2.0.3", + "vinyl": "^2.0.2", + "vinyl-fs": "^3.0.3", + "yauzl": "^2.2.1", + "yazl": "^2.2.1" + } + }, "abbrev": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz", @@ -3561,12 +3631,13 @@ } }, "call-bind": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz", - "integrity": "sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==", + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.5.tgz", + "integrity": "sha512-C3nQxfFZxFRVoJoGKKI8y3MOEo129NQ+FgQ08iye+Mk4zNZZGdjfs06bVTr+DBSlA66Q2VEcMki/cUCP4SercQ==", "requires": { - "function-bind": "^1.1.1", - "get-intrinsic": "^1.0.2" + "function-bind": "^1.1.2", + "get-intrinsic": "^1.2.1", + "set-function-length": "^1.1.1" } }, "chokidar": { @@ -3627,9 +3698,9 @@ }, "dependencies": { "readable-stream": { - "version": "2.3.7", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz", - "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==", + "version": "2.3.8", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", + "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", "requires": { "core-util-is": "~1.0.0", "inherits": "~2.0.3", @@ -3743,11 +3814,22 @@ "mimic-response": "^3.1.0" } }, + "define-data-property": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.1.tgz", + "integrity": "sha512-E7uGkTzkk1d0ByLeSc6ZsFS79Axg+m1P/VsgYsxHgiuc3tFSj+MjMIwe90FC4lOAZzNBdY7kkO2P2wKdsQ1vgQ==", + "requires": { + "get-intrinsic": "^1.2.1", + "gopd": "^1.0.1", + "has-property-descriptors": "^1.0.0" + } + }, "define-properties": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.1.4.tgz", - "integrity": "sha512-uckOqKcfaVvtBdsVkdPv3XjveQJsNQqmhXgRi8uhvWWuPYZCNlzT8qAyblUgNoXdHdjMTzAqeGjAoli8f+bzPA==", + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.2.1.tgz", + "integrity": "sha512-8QmQKqEASLd5nx0U1B1okLElbUuuttJ/AnYmRXbbbGDWh6uS208EjD4Xqq/I9wK7u0v6O08XhTWnt5XtEbR6Dg==", "requires": { + "define-data-property": "^1.0.1", "has-property-descriptors": "^1.0.0", "object-keys": "^1.1.1" } @@ -3922,9 +4004,9 @@ }, "dependencies": { "readable-stream": { - "version": "2.3.7", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz", - "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==", + "version": "2.3.8", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", + "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", "requires": { "core-util-is": "~1.0.0", "inherits": "~2.0.3", @@ -3984,18 +4066,19 @@ "optional": true }, "function-bind": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", - "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==" + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==" }, "get-intrinsic": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.1.3.tgz", - "integrity": "sha512-QJVz1Tj7MS099PevUG5jvnt9tSkXN8K14dxQlikJuPt4uD9hHAHjLyLBiLR5zELelBdD9QNRAXZzsJx0WaDL9A==", + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.2.tgz", + "integrity": "sha512-0gSo4ml/0j98Y3lngkFEot/zhiCeWsbYIlZ+uZOVgzLyLaUw7wxUL+nCTP0XJvJg1AXulJRI3UJi8GsbDuxdGA==", "requires": { - "function-bind": "^1.1.1", - "has": "^1.0.3", - "has-symbols": "^1.0.3" + "function-bind": "^1.1.2", + "has-proto": "^1.0.1", + "has-symbols": "^1.0.3", + "hasown": "^2.0.0" } }, "glob": { @@ -4051,45 +4134,31 @@ } } }, - "graceful-fs": { - "version": "4.2.10", - "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.10.tgz", - "integrity": "sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA==" - }, - "gulp-vinyl-zip": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/gulp-vinyl-zip/-/gulp-vinyl-zip-2.5.0.tgz", - "integrity": "sha512-KPi5/2SUmkXXDvKU4L2U1dkPOP03SbhONTOgNZlL23l9Yopt+euJ1bBXwWrSMbsyh3JLW/TYuC8CI4c4Kq4qrw==", + "gopd": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz", + "integrity": "sha512-d65bNlIadxvpb/A2abVdlqKqV563juRnZ1Wtk6s1sIR8uNsXR70xqIzVqxVf1eTqDunwT2MkczEeaezCKTZhwA==", "requires": { - "queue": "^4.2.1", - "through": "^2.3.8", - "through2": "^2.0.3", - "vinyl": "^2.0.2", - "vinyl-fs": "^3.0.3", - "yauzl": "^2.2.1", - "yazl": "^2.2.1" + "get-intrinsic": "^1.1.3" } }, + "graceful-fs": { + "version": "4.2.11", + "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", + "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==" + }, "handlebars": { - "version": "4.7.7", - "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.7.tgz", - "integrity": "sha512-aAcXm5OAfE/8IXkcZvCepKU3VzW1/39Fb5ZuqMtgI/hT8X2YgoMvBY5dLhq/cpOvw7Lk1nK/UF71aLG/ZnVYRA==", + "version": "4.7.8", + "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.8.tgz", + "integrity": "sha512-vafaFqs8MZkRrSX7sFVUdo3ap/eNiLnb4IakshzvP56X5Nr1iGKAIqdX6tMlm6HcNRIkr6AxO5jFEoJzzpT8aQ==", "requires": { "minimist": "^1.2.5", - "neo-async": "^2.6.0", + "neo-async": "^2.6.2", "source-map": "^0.6.1", "uglify-js": "^3.1.4", "wordwrap": "^1.0.0" } }, - "has": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz", - "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==", - "requires": { - "function-bind": "^1.1.1" - } - }, "has-flag": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", @@ -4097,18 +4166,31 @@ "dev": true }, "has-property-descriptors": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.0.tgz", - "integrity": "sha512-62DVLZGoiEBDHQyqG4w9xCuZ7eJEwNmJRWw2VY84Oedb7WFcA27fiEVe8oUQx9hAUJ4ekurquucTGwsyO1XGdQ==", + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.1.tgz", + "integrity": "sha512-VsX8eaIewvas0xnvinAe9bw4WfIeODpGYikiWYLH+dma0Jw6KHYqWiWfhQlgOVK8D6PvjubK5Uc4P0iIhIcNVg==", "requires": { - "get-intrinsic": "^1.1.1" + "get-intrinsic": "^1.2.2" } }, + "has-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.1.tgz", + "integrity": "sha512-7qE+iP+O+bgF9clE5+UoBFzE65mlBiVj3tKCrlNQ0Ogwm0BjpT/gK4SlLYDMybDh5I3TCTKnPPa0oMG7JDYrhg==" + }, "has-symbols": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", "integrity": "sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==" }, + "hasown": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.0.tgz", + "integrity": "sha512-vUptKVTpIJhcczKBbgnS+RtcuYMB8+oNzPK2/Hp3hanz8JmpATdmmgLgSaadVREkDm+e2giHwY3ZRkyjSIDDFA==", + "requires": { + "function-bind": "^1.1.2" + } + }, "help-me": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/help-me/-/help-me-4.1.0.tgz", @@ -4149,9 +4231,9 @@ } }, "hpagent": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/hpagent/-/hpagent-1.1.0.tgz", - "integrity": "sha512-bgJcBmNTZaJO03xtXOTNfoFEf/3VwoZ/gJ2O4ekTCZu4LSFtfzQFrJ0kjq8ZSS0+IdghXqQIiDUnpp0eUR9IJg==" + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/hpagent/-/hpagent-1.2.0.tgz", + "integrity": "sha512-A91dYTeIB6NoXG+PxTQpCCDDnfHsW9kc06Lvpu1TEe9gnd6ZFeiBoRO9JvzEv6xK7EX97/dUE8g/vBMTqTS3CA==" }, "http-errors": { "version": "2.0.0", @@ -4181,9 +4263,9 @@ "integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==" }, "ignore": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.2.0.tgz", - "integrity": "sha512-CmxgYGiEPCLhfLnpPp1MoRmifwEIOgjcHXxOBjv7mY96c+eWScsOP9c112ZyLdWHi0FxHjI+4uVhKYp/gcdRmQ==" + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.0.tgz", + "integrity": "sha512-g7dmpshy+gD7mh88OC9NwSGTKoc3kyLAZQRU1mt53Aw/vnvfXnbC+F/7F7QoYVKbV+KNvJx8wArewKy1vXMtlg==" }, "ignore-by-default": { "version": "1.0.1", @@ -4343,9 +4425,9 @@ }, "dependencies": { "readable-stream": { - "version": "2.3.7", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz", - "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==", + "version": "2.3.8", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", + "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", "requires": { "core-util-is": "~1.0.0", "inherits": "~2.0.3", @@ -4549,12 +4631,12 @@ "integrity": "sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA==" }, "object.assign": { - "version": "4.1.4", - "resolved": "https://registry.npmjs.org/object.assign/-/object.assign-4.1.4.tgz", - "integrity": "sha512-1mxKf0e58bvyjSCtKYY4sRe9itRk3PJpquJOjeIkz885CczcI4IvJJDLPS72oowuSh+pBxUFROpX+TU++hxhZQ==", + "version": "4.1.5", + "resolved": "https://registry.npmjs.org/object.assign/-/object.assign-4.1.5.tgz", + "integrity": "sha512-byy+U7gp+FVwmyzKPYhW2h5l3crpmGsxl7X2s8y43IgxvG4g3QZ6CffDtsNQy1WsmZpQbO+ybo0AlW7TY6DcBQ==", "requires": { - "call-bind": "^1.0.2", - "define-properties": "^1.1.4", + "call-bind": "^1.0.5", + "define-properties": "^1.2.1", "has-symbols": "^1.0.3", "object-keys": "^1.1.1" } @@ -4590,9 +4672,9 @@ }, "dependencies": { "readable-stream": { - "version": "2.3.7", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz", - "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==", + "version": "2.3.8", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", + "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", "requires": { "core-util-is": "~1.0.0", "inherits": "~2.0.3", @@ -4661,9 +4743,9 @@ "integrity": "sha512-uB80kBFb/tfd68bVleG9T5GGsGPjJrLAUpR5PZIrhBnIaRTQRjqdJSsIKkOP6OAIFbj7GOrcudc5pNjZ+geV2g==" }, "pino": { - "version": "8.7.0", - "resolved": "https://registry.npmjs.org/pino/-/pino-8.7.0.tgz", - "integrity": "sha512-l9sA5uPxmZzwydhMWUcm1gI0YxNnYl8MfSr2h8cwLvOAzQLBLewzF247h/vqHe3/tt6fgtXeG9wdjjoetdI/vA==", + "version": "8.14.2", + "resolved": "https://registry.npmjs.org/pino/-/pino-8.14.2.tgz", + "integrity": "sha512-zKu9aWeSWTy1JgvxIpZveJKKsAr4+6uNMZ0Vf0KRwzl/UNZA3XjHiIl/0WwqLMkDwuHuDkT5xAgPA2jpKq4whA==", "requires": { "atomic-sleep": "^1.0.0", "fast-redact": "^3.1.1", @@ -4701,9 +4783,9 @@ } }, "pino-pretty": { - "version": "9.1.1", - "resolved": "https://registry.npmjs.org/pino-pretty/-/pino-pretty-9.1.1.tgz", - "integrity": "sha512-iJrnjgR4FWQIXZkUF48oNgoRI9BpyMhaEmihonHeCnZ6F50ZHAS4YGfGBT/ZVNsPmd+hzkIPGzjKdY08+/yAXw==", + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/pino-pretty/-/pino-pretty-10.0.1.tgz", + "integrity": "sha512-yrn00+jNpkvZX/NrPVCPIVHAfTDy3ahF0PND9tKqZk4j9s+loK8dpzrJj4dGb7i+WLuR50ussuTAiWoMWU+qeA==", "requires": { "colorette": "^2.0.7", "dateformat": "^4.6.3", @@ -4722,14 +4804,15 @@ }, "dependencies": { "readable-stream": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.2.0.tgz", - "integrity": "sha512-gJrBHsaI3lgBoGMW/jHZsQ/o/TIWiu5ENCJG1BB7fuCKzpFM8GaS2UoBVt9NO+oI+3FcrBNbUkl3ilDe09aY4A==", + "version": "4.5.1", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.5.1.tgz", + "integrity": "sha512-uQjbf34vmf/asGnOHQEw07Q4llgMACQZTWWa4MmICS0IKJoHbLwKCy71H3eR99Dw5iYejc6W+pqZZEeqRtUFAw==", "requires": { "abort-controller": "^3.0.0", "buffer": "^6.0.3", "events": "^3.3.0", - "process": "^0.11.10" + "process": "^0.11.10", + "string_decoder": "^1.3.0" } } } @@ -4971,6 +5054,17 @@ "send": "0.18.0" } }, + "set-function-length": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.1.1.tgz", + "integrity": "sha512-VoaqjbBJKiWtg4yRcKBQ7g7wnGnLV3M8oLvVWwOk2PdYY6PEFegR1vezXR0tw6fZGF9csVakIRjrJiy2veSBFQ==", + "requires": { + "define-data-property": "^1.1.1", + "get-intrinsic": "^1.2.1", + "gopd": "^1.0.1", + "has-property-descriptors": "^1.0.0" + } + }, "setprototypeof": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", @@ -5027,9 +5121,9 @@ } }, "sonic-boom": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/sonic-boom/-/sonic-boom-3.2.0.tgz", - "integrity": "sha512-SbbZ+Kqj/XIunvIAgUZRlqd6CGQYq71tRRbXR92Za8J/R3Yh4Av+TWENiSiEgnlwckYLyP0YZQWVfyNC0dzLaA==", + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/sonic-boom/-/sonic-boom-3.3.0.tgz", + "integrity": "sha512-LYxp34KlZ1a2Jb8ZQgFCK3niIHzibdwtwNUWKg0qQRzsDoJ3Gfgkf8KdBTFU3SkejDEIlWwnSnpVdOZIhFMl/g==", "requires": { "atomic-sleep": "^1.0.0" } @@ -5100,9 +5194,9 @@ }, "dependencies": { "readable-stream": { - "version": "2.3.7", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz", - "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==", + "version": "2.3.8", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", + "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", "requires": { "core-util-is": "~1.0.0", "inherits": "~2.0.3", @@ -5348,9 +5442,9 @@ } }, "readable-stream": { - "version": "2.3.7", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz", - "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==", + "version": "2.3.8", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", + "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", "requires": { "core-util-is": "~1.0.0", "inherits": "~2.0.3", diff --git a/package.json b/package.json index 26c76056f..0a1feefa0 100644 --- a/package.json +++ b/package.json @@ -20,7 +20,7 @@ "license": "ISC", "dependencies": { "@antora/cli": "^3.1.6", - "@antora/site-generator-default": "^3.1.1", + "@antora/site-generator-default": "^3.1.6", "@neo4j-antora/antora-add-notes": "^0.3.1", "@neo4j-antora/antora-modify-sitemaps": "^0.4.4", "@neo4j-antora/antora-page-roles": "^0.3.2", From 27a31fad11db0f3ed1c9aa52df2eacfb9ddf2b88 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Thu, 21 Dec 2023 14:25:11 +0100 Subject: [PATCH 493/876] Moving the password page to auth (#1260) Co-authored-by: Reneta Popova --- modules/ROOT/content-nav.adoc | 2 +- .../password-and-user-recovery.adoc | 17 +++++++++-------- modules/ROOT/pages/configuration/index.adoc | 1 - 3 files changed, 10 insertions(+), 10 deletions(-) rename modules/ROOT/pages/{configuration => authentication-authorization}/password-and-user-recovery.adoc (85%) diff --git a/modules/ROOT/content-nav.adoc b/modules/ROOT/content-nav.adoc index e0b85034b..e56f7167d 100644 --- a/modules/ROOT/content-nav.adoc +++ b/modules/ROOT/content-nav.adoc @@ -79,7 +79,6 @@ ** xref:configuration/ports.adoc[] ** xref:configuration/connectors.adoc[] ** xref:configuration/set-initial-password.adoc[] -** xref:configuration/password-and-user-recovery.adoc[] ** xref:configuration/plugins.adoc[Plugins] ** xref:configuration/dynamic-settings.adoc[] ** xref:configuration/configuration-settings.adoc[] @@ -165,6 +164,7 @@ * xref:authentication-authorization/index.adoc[] ** xref:authentication-authorization/manage-users.adoc[] ** xref:authentication-authorization/manage-roles.adoc[] +** xref:authentication-authorization/password-and-user-recovery.adoc[] ** Manage privileges *** xref:authentication-authorization/manage-privileges.adoc[] *** xref:authentication-authorization/privileges-reads.adoc[] diff --git a/modules/ROOT/pages/configuration/password-and-user-recovery.adoc b/modules/ROOT/pages/authentication-authorization/password-and-user-recovery.adoc similarity index 85% rename from modules/ROOT/pages/configuration/password-and-user-recovery.adoc rename to modules/ROOT/pages/authentication-authorization/password-and-user-recovery.adoc index 21e6d3cdf..175bf6bb0 100644 --- a/modules/ROOT/pages/configuration/password-and-user-recovery.adoc +++ b/modules/ROOT/pages/authentication-authorization/password-and-user-recovery.adoc @@ -1,6 +1,7 @@ :description: This page describes how to reset a password to recover a user's access when their password is lost. It specifically focuses on how to recover an admin user if all the admin users have been unassigned the admin role, and how to recreate the built-in admin role if it has been dropped. +:page-aliases: configuration/password-and-user-recovery.adoc [[password-and-user-recovery]] -= Password and user recovery += Recover admin user and password This page describes how to reset a password to recover a user's access when their password is lost. It specifically focuses on how to recover an admin user if all the admin users have been unassigned the admin role, and how to recreate the built-in admin role if it has been dropped. @@ -100,7 +101,7 @@ You can use a client such as xref:tools/cypher-shell.adoc[Cypher Shell] or the N In a cluster deployment, you should complete the steps only on one of the Core servers. ==== -. Complete the steps in xref:configuration/password-and-user-recovery.adoc#disable-authentication[Disable authentication] as per your deployment. +. Complete the steps in xref:authentication-authorization/password-and-user-recovery.adoc#disable-authentication[Disable authentication] as per your deployment. . Connect to the `system` database using Cypher shell. Alternatively, log into Neo4j Browser. + @@ -126,7 +127,7 @@ ALTER USER neo4j SET PASSWORD 'mynewpassword' ---- :exit; ---- -. Proceed with the xref:configuration/password-and-user-recovery.adoc#post-recovery[post-recovery steps] as per your deployment. +. Proceed with the xref:authentication-authorization/password-and-user-recovery.adoc#post-recovery[post-recovery steps] as per your deployment. [[recover-unassigned-admin-role]] == Recover an unassigned admin role @@ -138,7 +139,7 @@ You can use a client such as xref:tools/cypher-shell.adoc[Cypher Shell] or the N In a cluster deployment, you should complete the steps only on one of the Core servers. ==== -. Complete the steps in xref:configuration/password-and-user-recovery.adoc#disable-authentication[Disable authentication] as per your deployment. +. Complete the steps in xref:authentication-authorization/password-and-user-recovery.adoc#disable-authentication[Disable authentication] as per your deployment. . Connect to the `system` database using Cypher shell. Alternatively, log into Neo4j Browser. + @@ -164,7 +165,7 @@ GRANT ROLE admin TO neo4j ---- :exit; ---- -. Proceed with the xref:configuration/password-and-user-recovery.adoc#post-recovery[post-recovery steps] as per your deployment. +. Proceed with the xref:authentication-authorization/password-and-user-recovery.adoc#post-recovery[post-recovery steps] as per your deployment. [[recover-admin-role]] == Recover the admin role @@ -176,7 +177,7 @@ If you have removed the admin role from your system entirely, you can use a clie In a cluster deployment, you should complete the steps only on one of the Core servers. ==== -. Complete the steps in xref:configuration/password-and-user-recovery.adoc#disable-authentication[Disable authentication] as per your deployment. +. Complete the steps in xref:authentication-authorization/password-and-user-recovery.adoc#disable-authentication[Disable authentication] as per your deployment. . Connect to the `system` database using Cypher shell. Alternatively, log into Neo4j Browser. + @@ -217,7 +218,7 @@ To grant the role to a user (assuming your existing user is named `neo4j`), you ---- :exit; ---- -. Proceed with the xref:configuration/password-and-user-recovery.adoc#post-recovery[post-recovery steps] as per your deployment. +. Proceed with the xref:authentication-authorization/password-and-user-recovery.adoc#post-recovery[post-recovery steps] as per your deployment. [[post-recovery]] == Post-recovery steps @@ -233,7 +234,7 @@ To grant the role to a user (assuming your existing user is named `neo4j`), you ---- $ bin/neo4j stop ---- -. Enable the authentication and restore your Neo4j to its original configuration (See xref:configuration/password-and-user-recovery.adoc#disable-authentication[Disable authentication]). +. Enable the authentication and restore your Neo4j to its original configuration (See xref:authentication-authorization/password-and-user-recovery.adoc#disable-authentication[Disable authentication]). . Start Neo4j: + [source, shell] diff --git a/modules/ROOT/pages/configuration/index.adoc b/modules/ROOT/pages/configuration/index.adoc index 3b13a96be..1a9ee970f 100644 --- a/modules/ROOT/pages/configuration/index.adoc +++ b/modules/ROOT/pages/configuration/index.adoc @@ -10,7 +10,6 @@ The topics described are: * xref:configuration/ports.adoc[Ports] -- An overview of the ports relevant to a Neo4j installation. * xref:configuration/connectors.adoc[Configure Neo4j connectors] -- How to configure Neo4j connectors. * xref:configuration/set-initial-password.adoc[Set initial password] -- How to set an initial password. -* xref:configuration/password-and-user-recovery.adoc[Password and user recovery] -- How to recover after a lost admin password. * xref:configuration/dynamic-settings.adoc[Update dynamic settings] -- How to configure certain Neo4j parameters while Neo4j is running. * xref:configuration/configuration-settings.adoc[Configuration settings] -- A complete reference of all configuration settings. From 4d9fb44f3de0997f40faac319f05668dff22beb9 Mon Sep 17 00:00:00 2001 From: Neil Dewhurst Date: Thu, 21 Dec 2023 17:56:56 +0000 Subject: [PATCH 494/876] Use groups in dependabot.yml (#1291) --- .github/dependabot.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 3a3cce576..1e63f2a92 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,3 +9,8 @@ updates: directory: "/" # Location of package manifests schedule: interval: "weekly" + groups: + prod-dependencies: + dependency-type: "production" + dev-dependencies: + dependency-type: "development" From 558f4ac529968f5a062a0c63dcff3cf371e5c9f6 Mon Sep 17 00:00:00 2001 From: Neil Dewhurst Date: Thu, 21 Dec 2023 18:36:03 +0000 Subject: [PATCH 495/876] Update packages (#1293) --- package-lock.json | 505 +++++++++++++--------------------------------- package.json | 7 +- 2 files changed, 148 insertions(+), 364 deletions(-) diff --git a/package-lock.json b/package-lock.json index ee26c44c4..05bfe2d1e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -20,7 +20,7 @@ "@neo4j-documentation/remote-include": "^1.0.0" }, "devDependencies": { - "express": "^4.18.1", + "express": "^4.18.2", "nodemon": "^3.0.2" } }, @@ -54,102 +54,6 @@ "node": ">=16.0.0" } }, - "node_modules/@antora/cli/node_modules/@antora/logger": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/logger/-/logger-3.1.6.tgz", - "integrity": "sha512-36kU8gMbPslcPu8u9EbXsz6+9G9+LWPKhO7n8mEQqxlcCqmChwgetK6VbsL102rynpgPsstX6IAKg2wbptJK5g==", - "dependencies": { - "@antora/expand-path-helper": "~2.0", - "pino": "~8.14", - "pino-pretty": "~10.0", - "sonic-boom": "~3.3" - }, - "engines": { - "node": ">=16.0.0" - } - }, - "node_modules/@antora/cli/node_modules/@antora/playbook-builder": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/playbook-builder/-/playbook-builder-3.1.6.tgz", - "integrity": "sha512-bZcDastZViAgPVPNvvbbw7ci63gL5YnyG5X7NuHJoORgzyGQAsMYEjzfa9yfNfXubUmXv/oSteUSxbACjdjzWg==", - "dependencies": { - "@iarna/toml": "~2.2", - "convict": "~6.2", - "js-yaml": "~4.1", - "json5": "~2.2" - }, - "engines": { - "node": ">=16.0.0" - } - }, - "node_modules/@antora/cli/node_modules/pino": { - "version": "8.14.2", - "resolved": "https://registry.npmjs.org/pino/-/pino-8.14.2.tgz", - "integrity": "sha512-zKu9aWeSWTy1JgvxIpZveJKKsAr4+6uNMZ0Vf0KRwzl/UNZA3XjHiIl/0WwqLMkDwuHuDkT5xAgPA2jpKq4whA==", - "dependencies": { - "atomic-sleep": "^1.0.0", - "fast-redact": "^3.1.1", - "on-exit-leak-free": "^2.1.0", - "pino-abstract-transport": "v1.0.0", - "pino-std-serializers": "^6.0.0", - "process-warning": "^2.0.0", - "quick-format-unescaped": "^4.0.3", - "real-require": "^0.2.0", - "safe-stable-stringify": "^2.3.1", - "sonic-boom": "^3.1.0", - "thread-stream": "^2.0.0" - }, - "bin": { - "pino": "bin.js" - } - }, - "node_modules/@antora/cli/node_modules/pino-pretty": { - "version": "10.0.1", - "resolved": "https://registry.npmjs.org/pino-pretty/-/pino-pretty-10.0.1.tgz", - "integrity": "sha512-yrn00+jNpkvZX/NrPVCPIVHAfTDy3ahF0PND9tKqZk4j9s+loK8dpzrJj4dGb7i+WLuR50ussuTAiWoMWU+qeA==", - "dependencies": { - "colorette": "^2.0.7", - "dateformat": "^4.6.3", - "fast-copy": "^3.0.0", - "fast-safe-stringify": "^2.1.1", - "help-me": "^4.0.1", - "joycon": "^3.1.1", - "minimist": "^1.2.6", - "on-exit-leak-free": "^2.1.0", - "pino-abstract-transport": "^1.0.0", - "pump": "^3.0.0", - "readable-stream": "^4.0.0", - "secure-json-parse": "^2.4.0", - "sonic-boom": "^3.0.0", - "strip-json-comments": "^3.1.1" - }, - "bin": { - "pino-pretty": "bin.js" - } - }, - "node_modules/@antora/cli/node_modules/readable-stream": { - "version": "4.5.1", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.5.1.tgz", - "integrity": "sha512-uQjbf34vmf/asGnOHQEw07Q4llgMACQZTWWa4MmICS0IKJoHbLwKCy71H3eR99Dw5iYejc6W+pqZZEeqRtUFAw==", - "dependencies": { - "abort-controller": "^3.0.0", - "buffer": "^6.0.3", - "events": "^3.3.0", - "process": "^0.11.10", - "string_decoder": "^1.3.0" - }, - "engines": { - "node": "^12.22.0 || ^14.17.0 || >=16.0.0" - } - }, - "node_modules/@antora/cli/node_modules/sonic-boom": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/sonic-boom/-/sonic-boom-3.3.0.tgz", - "integrity": "sha512-LYxp34KlZ1a2Jb8ZQgFCK3niIHzibdwtwNUWKg0qQRzsDoJ3Gfgkf8KdBTFU3SkejDEIlWwnSnpVdOZIhFMl/g==", - "dependencies": { - "atomic-sleep": "^1.0.0" - } - }, "node_modules/@antora/content-aggregator": { "version": "3.1.6", "resolved": "https://registry.npmjs.org/@antora/content-aggregator/-/content-aggregator-3.1.6.tgz", @@ -478,9 +382,9 @@ } }, "node_modules/anymatch": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.2.tgz", - "integrity": "sha512-P43ePfOAIupkguHUycrc4qJ9kz8ZiuOUijaETwX7THt0Y/GNK7v0aa8rY816xWjZ7rJdA5XdMcpVFTKMq+RvWg==", + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", + "integrity": "sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==", "dev": true, "dependencies": { "normalize-path": "^3.0.0", @@ -792,9 +696,9 @@ } }, "node_modules/colorette": { - "version": "2.0.19", - "resolved": "https://registry.npmjs.org/colorette/-/colorette-2.0.19.tgz", - "integrity": "sha512-3tlv/dIP7FWvj3BsbHrGLJ6l/oKh1O3TcgBqMn+yyCagOxc23fyzDS6HypQbgxWbkpDnf52p1LuR4eWDQ/K9WQ==" + "version": "2.0.20", + "resolved": "https://registry.npmjs.org/colorette/-/colorette-2.0.20.tgz", + "integrity": "sha512-IfEDxwoWIjkeXL1eXcDiow4UbKjhLdq6/EuSVR9GMN7KVH3r9gQ83e73hsz1Nd1T3ijd5xv1wcWRYO+D6kCI2w==" }, "node_modules/commander": { "version": "10.0.1", @@ -822,9 +726,9 @@ } }, "node_modules/content-type": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz", - "integrity": "sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA==", + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", + "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==", "dev": true, "engines": { "node": ">= 0.6" @@ -836,9 +740,9 @@ "integrity": "sha512-ASFBup0Mz1uyiIjANan1jzLQami9z1PoYSZCiiYW2FczPbenXc45FZdBZLzOT+r6+iciuEModtmCti+hjaAk0A==" }, "node_modules/convict": { - "version": "6.2.3", - "resolved": "https://registry.npmjs.org/convict/-/convict-6.2.3.tgz", - "integrity": "sha512-mTY04Qr7WrqiXifdeUYXr4/+Te4hPFWDvz6J2FVIKCLc2XBhq63VOSSYAKJ+unhZAYOAjmEdNswTOeHt7s++pQ==", + "version": "6.2.4", + "resolved": "https://registry.npmjs.org/convict/-/convict-6.2.4.tgz", + "integrity": "sha512-qN60BAwdMVdofckX7AlohVJ2x9UvjTNoKVXCL2LxFk1l7757EJqf1nySdMkPQer0bt8kQ5lQiyZ9/2NvrFBuwQ==", "dependencies": { "lodash.clonedeep": "^4.5.0", "yargs-parser": "^20.2.7" @@ -1075,14 +979,14 @@ "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==" }, "node_modules/fast-copy": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/fast-copy/-/fast-copy-3.0.0.tgz", - "integrity": "sha512-4HzS+9pQ5Yxtv13Lhs1Z1unMXamBdn5nA4bEi1abYpDNSpSp7ODYQ1KPMF6nTatfEzgH6/zPvXKU1zvHiUjWlA==" + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/fast-copy/-/fast-copy-3.0.1.tgz", + "integrity": "sha512-Knr7NOtK3HWRYGtHoJrjkaWepqT8thIVGAwt0p0aUs1zqkAzXZV4vo9fFNwyb5fcqK1GKYFYxldQdIDVKhUAfA==" }, "node_modules/fast-redact": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/fast-redact/-/fast-redact-3.1.2.tgz", - "integrity": "sha512-+0em+Iya9fKGfEQGcd62Yv6onjBmmhV1uh86XVfOU8VwAe6kaFdQCWI9s0/Nnugx5Vd9tdbZ7e6gE2tR9dzXdw==", + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/fast-redact/-/fast-redact-3.3.0.tgz", + "integrity": "sha512-6T5V1QK1u4oF+ATxs1lWUmlEk6P2T9HqJG3e2DnHOdVgZy2rFJBoEnrIedcTXlkAHU/zKC+7KETJ+KGGKwxgMQ==", "engines": { "node": ">=6" } @@ -1201,9 +1105,9 @@ "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==" }, "node_modules/fsevents": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", - "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", "dev": true, "hasInstallScript": true, "optional": true, @@ -1392,9 +1296,9 @@ } }, "node_modules/help-me": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/help-me/-/help-me-4.1.0.tgz", - "integrity": "sha512-5HMrkOks2j8Fpu2j5nTLhrBhT7VwHwELpqnSnx802ckofys5MO2SkLpgSz3dgNFHV7IYFX2igm5CM75SmuYidw==", + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/help-me/-/help-me-4.2.0.tgz", + "integrity": "sha512-TAOnTB8Tz5Dw8penUuzHVrKNKlCIbwwbHnXraNJxPwf8LRtE2HlM84RYuezMFcwOJmoYOCWVDyJ8TQGxn9PgxA==", "dependencies": { "glob": "^8.0.0", "readable-stream": "^3.6.0" @@ -1409,9 +1313,9 @@ } }, "node_modules/help-me/node_modules/glob": { - "version": "8.0.3", - "resolved": "https://registry.npmjs.org/glob/-/glob-8.0.3.tgz", - "integrity": "sha512-ull455NHSHI/Y1FqGaaYFaLGkNMMJbavMrEGFXG/PGrg6y7sutWHUHrz6gy6WEBH6akM1M414dWKCNs+IhKdiQ==", + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/glob/-/glob-8.1.0.tgz", + "integrity": "sha512-r8hpEjiQEYlF2QU0df3dS+nxxSIreXQS1qRhMJM0Q5NDdR386C7jb7Hwwod8Fgiuex+k0GFjgft18yvxm5XoCQ==", "dependencies": { "fs.realpath": "^1.0.0", "inflight": "^1.0.4", @@ -1427,9 +1331,9 @@ } }, "node_modules/help-me/node_modules/minimatch": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.0.tgz", - "integrity": "sha512-9TPBGGak4nHfGZsPBohm9AWg6NoT7QTCehS3BIJABslyZbzxfV78QM2Y6+i741OPZIafFAaiiEMh5OyIrJPgtg==", + "version": "5.1.6", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz", + "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==", "dependencies": { "brace-expansion": "^2.0.1" }, @@ -1690,9 +1594,9 @@ "integrity": "sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw==" }, "node_modules/json5": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.1.tgz", - "integrity": "sha512-1hqLFMSrGHRHxav9q9gNjJ5EXznIxGVO09xQRrwplcS8qs28pZ8s8hupZAmqDwZUmVZ2Qb2jnyPOWcDH8m8dlA==", + "version": "2.2.3", + "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz", + "integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==", "bin": { "json5": "lib/cli.js" }, @@ -1844,9 +1748,9 @@ } }, "node_modules/minimist": { - "version": "1.2.7", - "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.7.tgz", - "integrity": "sha512-bzfL1YUZsP41gmu/qjrEk0Q6i2ix/cVeAhbCbqH9u3zYutS1cLg00qhrD0M2MVdCcx4Sc0UpP2eBWo9rotpq6g==", + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", + "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==", "funding": { "url": "https://github.com/sponsors/ljharb" } @@ -1974,9 +1878,9 @@ } }, "node_modules/object-inspect": { - "version": "1.12.2", - "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.2.tgz", - "integrity": "sha512-z+cPxW0QGUp0mcqcsgQyLVRDoXFQbXOwBaqyF7VIgI4TWNQsDHrBpUQslRmIfAoYWdYzs6UlKJtB2XJpTaNSpQ==", + "version": "1.13.1", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.1.tgz", + "integrity": "sha512-5qoj1RUiKOMsCCNLV1CBiPYE10sziTsnmNxkAI/rZhiD63CF7IqdFGC/XzjWjpSgLf0LxXX3bDFIh0E18f6UhQ==", "dev": true, "funding": { "url": "https://github.com/sponsors/ljharb" @@ -2008,9 +1912,12 @@ } }, "node_modules/on-exit-leak-free": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/on-exit-leak-free/-/on-exit-leak-free-2.1.0.tgz", - "integrity": "sha512-VuCaZZAjReZ3vUwgOB8LxAosIurDiAW0s13rI1YwmaP++jvcxP77AWoQvenZebpCA2m8WC1/EosPYPMjnRAp/w==" + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/on-exit-leak-free/-/on-exit-leak-free-2.1.2.tgz", + "integrity": "sha512-0eJJY6hXLGf1udHwfNftBqH+g73EU4B504nZeKpz1sYRKafAghwxEJunB2O7rDZkL4PGfsMVnTXZ2EjibbqcsA==", + "engines": { + "node": ">=14.0.0" + } }, "node_modules/on-finished": { "version": "2.4.1", @@ -2081,11 +1988,6 @@ "node": ">= 0.8" } }, - "node_modules/path-dirname": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/path-dirname/-/path-dirname-1.0.2.tgz", - "integrity": "sha512-ALzNPpyNq9AqXMBjeymIjFDAkAFH06mHJH/cSBHAgU0s4vfpBn6b2nf8tiRLvagKD8RbTpq2FKTBg7cl9l3c7Q==" - }, "node_modules/path-is-absolute": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", @@ -2155,14 +2057,15 @@ } }, "node_modules/pino-abstract-transport/node_modules/readable-stream": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.2.0.tgz", - "integrity": "sha512-gJrBHsaI3lgBoGMW/jHZsQ/o/TIWiu5ENCJG1BB7fuCKzpFM8GaS2UoBVt9NO+oI+3FcrBNbUkl3ilDe09aY4A==", + "version": "4.5.1", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.5.1.tgz", + "integrity": "sha512-uQjbf34vmf/asGnOHQEw07Q4llgMACQZTWWa4MmICS0IKJoHbLwKCy71H3eR99Dw5iYejc6W+pqZZEeqRtUFAw==", "dependencies": { "abort-controller": "^3.0.0", "buffer": "^6.0.3", "events": "^3.3.0", - "process": "^0.11.10" + "process": "^0.11.10", + "string_decoder": "^1.3.0" }, "engines": { "node": "^12.22.0 || ^14.17.0 || >=16.0.0" @@ -2208,9 +2111,9 @@ } }, "node_modules/pino-std-serializers": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/pino-std-serializers/-/pino-std-serializers-6.0.0.tgz", - "integrity": "sha512-mMMOwSKrmyl+Y12Ri2xhH1lbzQxwwpuru9VjyJpgFIH4asSj88F2csdMwN6+M5g1Ll4rmsYghHLQJw81tgZ7LQ==" + "version": "6.2.2", + "resolved": "https://registry.npmjs.org/pino-std-serializers/-/pino-std-serializers-6.2.2.tgz", + "integrity": "sha512-cHjPPsE+vhj/tnhCy/wiMh3M3z3h/j15zHQX+S9GkTBgqJuTuJzYJ4gUyACLhDaJ7kk9ba9iRDmbH2tJU03OiA==" }, "node_modules/process": { "version": "0.11.10", @@ -2226,9 +2129,9 @@ "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==" }, "node_modules/process-warning": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/process-warning/-/process-warning-2.0.0.tgz", - "integrity": "sha512-+MmoAXoUX+VTHAlwns0h+kFUWFs/3FZy+ZuchkgjyOu3oioLAo2LB5aCfKPh2+P9O18i3m43tUEv3YqttSy0Ww==" + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/process-warning/-/process-warning-2.3.2.tgz", + "integrity": "sha512-n9wh8tvBe5sFmsqlg+XQhaQLumwpqoAUruLwjCopgTmUBjJ/fjtBsJzKleCaIGBOMXYEhp1YfKl4d7rJ5ZKJGA==" }, "node_modules/progress": { "version": "2.0.3", @@ -2329,9 +2232,9 @@ } }, "node_modules/readable-stream": { - "version": "3.6.0", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.0.tgz", - "integrity": "sha512-BViHy7LKeTz4oNnkcLJ+lVSL6vpiFeX6/d3oSH8zCW7UxP2onchk+vTGB143xuFjHS3deTgkKoXXymXqymiIdA==", + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz", + "integrity": "sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==", "dependencies": { "inherits": "^2.0.3", "string_decoder": "^1.1.1", @@ -2438,9 +2341,9 @@ ] }, "node_modules/safe-stable-stringify": { - "version": "2.4.1", - "resolved": "https://registry.npmjs.org/safe-stable-stringify/-/safe-stable-stringify-2.4.1.tgz", - "integrity": "sha512-dVHE6bMtS/bnL2mwualjc6IxEv1F+OCUpA46pKUj6F8uDbUM0jCCulPqRNPSnWwGNKx5etqMjZYdXtrm5KJZGA==", + "version": "2.4.3", + "resolved": "https://registry.npmjs.org/safe-stable-stringify/-/safe-stable-stringify-2.4.3.tgz", + "integrity": "sha512-e2bDA2WJT0wxseVd4lsDP4+3ONX6HpMXQa1ZhFQ7SU+GjvORCmShbCMltrtIDfkYhVHrOcPtj+KhmDBdPdZD1g==", "engines": { "node": ">=10" } @@ -2452,9 +2355,9 @@ "dev": true }, "node_modules/secure-json-parse": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/secure-json-parse/-/secure-json-parse-2.5.0.tgz", - "integrity": "sha512-ZQruFgZnIWH+WyO9t5rWt4ZEGqCKPwhiw+YbzTwpmT9elgLrLcfuyUiSnwwjUiVy9r4VM3urtbNF1xmEh9IL2w==" + "version": "2.7.0", + "resolved": "https://registry.npmjs.org/secure-json-parse/-/secure-json-parse-2.7.0.tgz", + "integrity": "sha512-6aU+Rwsezw7VR8/nyvKTx8QpWH9FrcYiXXlqC4z5d5XQBDRqtbfsRjnwGyqbi3gddNtWHuEk9OANUotL26qKUw==" }, "node_modules/semver": { "version": "7.5.4", @@ -2639,9 +2542,9 @@ } }, "node_modules/split2": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/split2/-/split2-4.1.0.tgz", - "integrity": "sha512-VBiJxFkxiXRlUIeyMQi8s4hgvKCSjtknJv/LVYbrgALPwf5zSKmEwV9Lst25AkvMDnvxODugjdl6KZgwKM1WYQ==", + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/split2/-/split2-4.2.0.tgz", + "integrity": "sha512-UcjcJOWknrNkF6PLX83qcHM6KHgVKNkV62Y8a5uYDVv9ydGQVwAHMKqHdJje1VTWpljG0WYpCDhrCdAOYH4TWg==", "engines": { "node": ">= 10.x" } @@ -2692,9 +2595,9 @@ } }, "node_modules/thread-stream": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/thread-stream/-/thread-stream-2.2.0.tgz", - "integrity": "sha512-rUkv4/fnb4rqy/gGy7VuqK6wE1+1DOCOWy4RMeaV69ZHMP11tQKZvZSip1yTgrKCMZzEMcCL/bKfHvSfDHx+iQ==", + "version": "2.4.1", + "resolved": "https://registry.npmjs.org/thread-stream/-/thread-stream-2.4.1.tgz", + "integrity": "sha512-d/Ex2iWd1whipbT681JmTINKw0ZwOUBZm7+Gjs64DHuX34mmw8vJL2bFAaNacaW72zYiTJxSHi5abUuOi5nsfg==", "dependencies": { "real-require": "^0.2.0" } @@ -2954,15 +2857,6 @@ "stream-shift": "^1.0.0" } }, - "node_modules/vinyl-fs/node_modules/glob-parent": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-3.1.0.tgz", - "integrity": "sha512-E8Ak/2+dZY6fnzlR7+ueWvhsH1SjHr4jjss4YS/h4py44jY9MhK/VFdaZJAWDz6BbL21KeteKxFSFpq8OS5gVA==", - "dependencies": { - "is-glob": "^3.1.0", - "path-dirname": "^1.0.0" - } - }, "node_modules/vinyl-fs/node_modules/glob-stream": { "version": "6.1.0", "resolved": "https://registry.npmjs.org/glob-stream/-/glob-stream-6.1.0.tgz", @@ -2983,17 +2877,6 @@ "node": ">= 0.10" } }, - "node_modules/vinyl-fs/node_modules/is-glob": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-3.1.0.tgz", - "integrity": "sha512-UFpDDrPgM6qpnFNI+rh/p3bUaq9hKLZN8bMUWzxmcnZVS3omf4IPK+BrewlnWjO1WmUsMYuSjKh4UJuV4+Lqmw==", - "dependencies": { - "is-extglob": "^2.1.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/vinyl-fs/node_modules/pump": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/pump/-/pump-2.0.1.tgz", @@ -3146,89 +3029,6 @@ "@antora/playbook-builder": "3.1.6", "@antora/user-require-helper": "~2.0", "commander": "~10.0" - }, - "dependencies": { - "@antora/logger": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/logger/-/logger-3.1.6.tgz", - "integrity": "sha512-36kU8gMbPslcPu8u9EbXsz6+9G9+LWPKhO7n8mEQqxlcCqmChwgetK6VbsL102rynpgPsstX6IAKg2wbptJK5g==", - "requires": { - "@antora/expand-path-helper": "~2.0", - "pino": "~8.14", - "pino-pretty": "~10.0", - "sonic-boom": "~3.3" - } - }, - "@antora/playbook-builder": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/playbook-builder/-/playbook-builder-3.1.6.tgz", - "integrity": "sha512-bZcDastZViAgPVPNvvbbw7ci63gL5YnyG5X7NuHJoORgzyGQAsMYEjzfa9yfNfXubUmXv/oSteUSxbACjdjzWg==", - "requires": { - "@iarna/toml": "~2.2", - "convict": "~6.2", - "js-yaml": "~4.1", - "json5": "~2.2" - } - }, - "pino": { - "version": "8.14.2", - "resolved": "https://registry.npmjs.org/pino/-/pino-8.14.2.tgz", - "integrity": "sha512-zKu9aWeSWTy1JgvxIpZveJKKsAr4+6uNMZ0Vf0KRwzl/UNZA3XjHiIl/0WwqLMkDwuHuDkT5xAgPA2jpKq4whA==", - "requires": { - "atomic-sleep": "^1.0.0", - "fast-redact": "^3.1.1", - "on-exit-leak-free": "^2.1.0", - "pino-abstract-transport": "v1.0.0", - "pino-std-serializers": "^6.0.0", - "process-warning": "^2.0.0", - "quick-format-unescaped": "^4.0.3", - "real-require": "^0.2.0", - "safe-stable-stringify": "^2.3.1", - "sonic-boom": "^3.1.0", - "thread-stream": "^2.0.0" - } - }, - "pino-pretty": { - "version": "10.0.1", - "resolved": "https://registry.npmjs.org/pino-pretty/-/pino-pretty-10.0.1.tgz", - "integrity": "sha512-yrn00+jNpkvZX/NrPVCPIVHAfTDy3ahF0PND9tKqZk4j9s+loK8dpzrJj4dGb7i+WLuR50ussuTAiWoMWU+qeA==", - "requires": { - "colorette": "^2.0.7", - "dateformat": "^4.6.3", - "fast-copy": "^3.0.0", - "fast-safe-stringify": "^2.1.1", - "help-me": "^4.0.1", - "joycon": "^3.1.1", - "minimist": "^1.2.6", - "on-exit-leak-free": "^2.1.0", - "pino-abstract-transport": "^1.0.0", - "pump": "^3.0.0", - "readable-stream": "^4.0.0", - "secure-json-parse": "^2.4.0", - "sonic-boom": "^3.0.0", - "strip-json-comments": "^3.1.1" - } - }, - "readable-stream": { - "version": "4.5.1", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.5.1.tgz", - "integrity": "sha512-uQjbf34vmf/asGnOHQEw07Q4llgMACQZTWWa4MmICS0IKJoHbLwKCy71H3eR99Dw5iYejc6W+pqZZEeqRtUFAw==", - "requires": { - "abort-controller": "^3.0.0", - "buffer": "^6.0.3", - "events": "^3.3.0", - "process": "^0.11.10", - "string_decoder": "^1.3.0" - } - }, - "sonic-boom": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/sonic-boom/-/sonic-boom-3.3.0.tgz", - "integrity": "sha512-LYxp34KlZ1a2Jb8ZQgFCK3niIHzibdwtwNUWKg0qQRzsDoJ3Gfgkf8KdBTFU3SkejDEIlWwnSnpVdOZIhFMl/g==", - "requires": { - "atomic-sleep": "^1.0.0" - } - } } }, "@antora/content-aggregator": { @@ -3497,9 +3297,9 @@ } }, "anymatch": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.2.tgz", - "integrity": "sha512-P43ePfOAIupkguHUycrc4qJ9kz8ZiuOUijaETwX7THt0Y/GNK7v0aa8rY816xWjZ7rJdA5XdMcpVFTKMq+RvWg==", + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", + "integrity": "sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==", "dev": true, "requires": { "normalize-path": "^3.0.0", @@ -3727,9 +3527,9 @@ } }, "colorette": { - "version": "2.0.19", - "resolved": "https://registry.npmjs.org/colorette/-/colorette-2.0.19.tgz", - "integrity": "sha512-3tlv/dIP7FWvj3BsbHrGLJ6l/oKh1O3TcgBqMn+yyCagOxc23fyzDS6HypQbgxWbkpDnf52p1LuR4eWDQ/K9WQ==" + "version": "2.0.20", + "resolved": "https://registry.npmjs.org/colorette/-/colorette-2.0.20.tgz", + "integrity": "sha512-IfEDxwoWIjkeXL1eXcDiow4UbKjhLdq6/EuSVR9GMN7KVH3r9gQ83e73hsz1Nd1T3ijd5xv1wcWRYO+D6kCI2w==" }, "commander": { "version": "10.0.1", @@ -3751,9 +3551,9 @@ } }, "content-type": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz", - "integrity": "sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA==", + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", + "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==", "dev": true }, "convert-source-map": { @@ -3762,9 +3562,9 @@ "integrity": "sha512-ASFBup0Mz1uyiIjANan1jzLQami9z1PoYSZCiiYW2FczPbenXc45FZdBZLzOT+r6+iciuEModtmCti+hjaAk0A==" }, "convict": { - "version": "6.2.3", - "resolved": "https://registry.npmjs.org/convict/-/convict-6.2.3.tgz", - "integrity": "sha512-mTY04Qr7WrqiXifdeUYXr4/+Te4hPFWDvz6J2FVIKCLc2XBhq63VOSSYAKJ+unhZAYOAjmEdNswTOeHt7s++pQ==", + "version": "6.2.4", + "resolved": "https://registry.npmjs.org/convict/-/convict-6.2.4.tgz", + "integrity": "sha512-qN60BAwdMVdofckX7AlohVJ2x9UvjTNoKVXCL2LxFk1l7757EJqf1nySdMkPQer0bt8kQ5lQiyZ9/2NvrFBuwQ==", "requires": { "lodash.clonedeep": "^4.5.0", "yargs-parser": "^20.2.7" @@ -3949,14 +3749,14 @@ "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==" }, "fast-copy": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/fast-copy/-/fast-copy-3.0.0.tgz", - "integrity": "sha512-4HzS+9pQ5Yxtv13Lhs1Z1unMXamBdn5nA4bEi1abYpDNSpSp7ODYQ1KPMF6nTatfEzgH6/zPvXKU1zvHiUjWlA==" + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/fast-copy/-/fast-copy-3.0.1.tgz", + "integrity": "sha512-Knr7NOtK3HWRYGtHoJrjkaWepqT8thIVGAwt0p0aUs1zqkAzXZV4vo9fFNwyb5fcqK1GKYFYxldQdIDVKhUAfA==" }, "fast-redact": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/fast-redact/-/fast-redact-3.1.2.tgz", - "integrity": "sha512-+0em+Iya9fKGfEQGcd62Yv6onjBmmhV1uh86XVfOU8VwAe6kaFdQCWI9s0/Nnugx5Vd9tdbZ7e6gE2tR9dzXdw==" + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/fast-redact/-/fast-redact-3.3.0.tgz", + "integrity": "sha512-6T5V1QK1u4oF+ATxs1lWUmlEk6P2T9HqJG3e2DnHOdVgZy2rFJBoEnrIedcTXlkAHU/zKC+7KETJ+KGGKwxgMQ==" }, "fast-safe-stringify": { "version": "2.1.1", @@ -4059,9 +3859,9 @@ "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==" }, "fsevents": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", - "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", "dev": true, "optional": true }, @@ -4109,7 +3909,7 @@ "requires": { "extend": "^3.0.2", "glob": "^7.2.0", - "glob-parent": "^6.0.2", + "glob-parent": "6.0.2", "is-negated-glob": "^1.0.0", "ordered-read-streams": "^1.0.1", "pumpify": "^2.0.1", @@ -4192,9 +3992,9 @@ } }, "help-me": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/help-me/-/help-me-4.1.0.tgz", - "integrity": "sha512-5HMrkOks2j8Fpu2j5nTLhrBhT7VwHwELpqnSnx802ckofys5MO2SkLpgSz3dgNFHV7IYFX2igm5CM75SmuYidw==", + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/help-me/-/help-me-4.2.0.tgz", + "integrity": "sha512-TAOnTB8Tz5Dw8penUuzHVrKNKlCIbwwbHnXraNJxPwf8LRtE2HlM84RYuezMFcwOJmoYOCWVDyJ8TQGxn9PgxA==", "requires": { "glob": "^8.0.0", "readable-stream": "^3.6.0" @@ -4209,9 +4009,9 @@ } }, "glob": { - "version": "8.0.3", - "resolved": "https://registry.npmjs.org/glob/-/glob-8.0.3.tgz", - "integrity": "sha512-ull455NHSHI/Y1FqGaaYFaLGkNMMJbavMrEGFXG/PGrg6y7sutWHUHrz6gy6WEBH6akM1M414dWKCNs+IhKdiQ==", + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/glob/-/glob-8.1.0.tgz", + "integrity": "sha512-r8hpEjiQEYlF2QU0df3dS+nxxSIreXQS1qRhMJM0Q5NDdR386C7jb7Hwwod8Fgiuex+k0GFjgft18yvxm5XoCQ==", "requires": { "fs.realpath": "^1.0.0", "inflight": "^1.0.4", @@ -4221,9 +4021,9 @@ } }, "minimatch": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.0.tgz", - "integrity": "sha512-9TPBGGak4nHfGZsPBohm9AWg6NoT7QTCehS3BIJABslyZbzxfV78QM2Y6+i741OPZIafFAaiiEMh5OyIrJPgtg==", + "version": "5.1.6", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz", + "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==", "requires": { "brace-expansion": "^2.0.1" } @@ -4412,9 +4212,9 @@ "integrity": "sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw==" }, "json5": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.1.tgz", - "integrity": "sha512-1hqLFMSrGHRHxav9q9gNjJ5EXznIxGVO09xQRrwplcS8qs28pZ8s8hupZAmqDwZUmVZ2Qb2jnyPOWcDH8m8dlA==" + "version": "2.2.3", + "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz", + "integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==" }, "lazystream": { "version": "1.0.1", @@ -4526,9 +4326,9 @@ } }, "minimist": { - "version": "1.2.7", - "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.7.tgz", - "integrity": "sha512-bzfL1YUZsP41gmu/qjrEk0Q6i2ix/cVeAhbCbqH9u3zYutS1cLg00qhrD0M2MVdCcx4Sc0UpP2eBWo9rotpq6g==" + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", + "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==" }, "minimisted": { "version": "2.0.1", @@ -4620,9 +4420,9 @@ } }, "object-inspect": { - "version": "1.12.2", - "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.2.tgz", - "integrity": "sha512-z+cPxW0QGUp0mcqcsgQyLVRDoXFQbXOwBaqyF7VIgI4TWNQsDHrBpUQslRmIfAoYWdYzs6UlKJtB2XJpTaNSpQ==", + "version": "1.13.1", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.1.tgz", + "integrity": "sha512-5qoj1RUiKOMsCCNLV1CBiPYE10sziTsnmNxkAI/rZhiD63CF7IqdFGC/XzjWjpSgLf0LxXX3bDFIh0E18f6UhQ==", "dev": true }, "object-keys": { @@ -4642,9 +4442,9 @@ } }, "on-exit-leak-free": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/on-exit-leak-free/-/on-exit-leak-free-2.1.0.tgz", - "integrity": "sha512-VuCaZZAjReZ3vUwgOB8LxAosIurDiAW0s13rI1YwmaP++jvcxP77AWoQvenZebpCA2m8WC1/EosPYPMjnRAp/w==" + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/on-exit-leak-free/-/on-exit-leak-free-2.1.2.tgz", + "integrity": "sha512-0eJJY6hXLGf1udHwfNftBqH+g73EU4B504nZeKpz1sYRKafAghwxEJunB2O7rDZkL4PGfsMVnTXZ2EjibbqcsA==" }, "on-finished": { "version": "2.4.1", @@ -4711,11 +4511,6 @@ "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==", "dev": true }, - "path-dirname": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/path-dirname/-/path-dirname-1.0.2.tgz", - "integrity": "sha512-ALzNPpyNq9AqXMBjeymIjFDAkAFH06mHJH/cSBHAgU0s4vfpBn6b2nf8tiRLvagKD8RbTpq2FKTBg7cl9l3c7Q==" - }, "path-is-absolute": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", @@ -4770,14 +4565,15 @@ }, "dependencies": { "readable-stream": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.2.0.tgz", - "integrity": "sha512-gJrBHsaI3lgBoGMW/jHZsQ/o/TIWiu5ENCJG1BB7fuCKzpFM8GaS2UoBVt9NO+oI+3FcrBNbUkl3ilDe09aY4A==", + "version": "4.5.1", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.5.1.tgz", + "integrity": "sha512-uQjbf34vmf/asGnOHQEw07Q4llgMACQZTWWa4MmICS0IKJoHbLwKCy71H3eR99Dw5iYejc6W+pqZZEeqRtUFAw==", "requires": { "abort-controller": "^3.0.0", "buffer": "^6.0.3", "events": "^3.3.0", - "process": "^0.11.10" + "process": "^0.11.10", + "string_decoder": "^1.3.0" } } } @@ -4818,9 +4614,9 @@ } }, "pino-std-serializers": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/pino-std-serializers/-/pino-std-serializers-6.0.0.tgz", - "integrity": "sha512-mMMOwSKrmyl+Y12Ri2xhH1lbzQxwwpuru9VjyJpgFIH4asSj88F2csdMwN6+M5g1Ll4rmsYghHLQJw81tgZ7LQ==" + "version": "6.2.2", + "resolved": "https://registry.npmjs.org/pino-std-serializers/-/pino-std-serializers-6.2.2.tgz", + "integrity": "sha512-cHjPPsE+vhj/tnhCy/wiMh3M3z3h/j15zHQX+S9GkTBgqJuTuJzYJ4gUyACLhDaJ7kk9ba9iRDmbH2tJU03OiA==" }, "process": { "version": "0.11.10", @@ -4833,9 +4629,9 @@ "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==" }, "process-warning": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/process-warning/-/process-warning-2.0.0.tgz", - "integrity": "sha512-+MmoAXoUX+VTHAlwns0h+kFUWFs/3FZy+ZuchkgjyOu3oioLAo2LB5aCfKPh2+P9O18i3m43tUEv3YqttSy0Ww==" + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/process-warning/-/process-warning-2.3.2.tgz", + "integrity": "sha512-n9wh8tvBe5sFmsqlg+XQhaQLumwpqoAUruLwjCopgTmUBjJ/fjtBsJzKleCaIGBOMXYEhp1YfKl4d7rJ5ZKJGA==" }, "progress": { "version": "2.0.3", @@ -4918,9 +4714,9 @@ } }, "readable-stream": { - "version": "3.6.0", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.0.tgz", - "integrity": "sha512-BViHy7LKeTz4oNnkcLJ+lVSL6vpiFeX6/d3oSH8zCW7UxP2onchk+vTGB143xuFjHS3deTgkKoXXymXqymiIdA==", + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz", + "integrity": "sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==", "requires": { "inherits": "^2.0.3", "string_decoder": "^1.1.1", @@ -4989,9 +4785,9 @@ "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==" }, "safe-stable-stringify": { - "version": "2.4.1", - "resolved": "https://registry.npmjs.org/safe-stable-stringify/-/safe-stable-stringify-2.4.1.tgz", - "integrity": "sha512-dVHE6bMtS/bnL2mwualjc6IxEv1F+OCUpA46pKUj6F8uDbUM0jCCulPqRNPSnWwGNKx5etqMjZYdXtrm5KJZGA==" + "version": "2.4.3", + "resolved": "https://registry.npmjs.org/safe-stable-stringify/-/safe-stable-stringify-2.4.3.tgz", + "integrity": "sha512-e2bDA2WJT0wxseVd4lsDP4+3ONX6HpMXQa1ZhFQ7SU+GjvORCmShbCMltrtIDfkYhVHrOcPtj+KhmDBdPdZD1g==" }, "safer-buffer": { "version": "2.1.2", @@ -5000,9 +4796,9 @@ "dev": true }, "secure-json-parse": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/secure-json-parse/-/secure-json-parse-2.5.0.tgz", - "integrity": "sha512-ZQruFgZnIWH+WyO9t5rWt4ZEGqCKPwhiw+YbzTwpmT9elgLrLcfuyUiSnwwjUiVy9r4VM3urtbNF1xmEh9IL2w==" + "version": "2.7.0", + "resolved": "https://registry.npmjs.org/secure-json-parse/-/secure-json-parse-2.7.0.tgz", + "integrity": "sha512-6aU+Rwsezw7VR8/nyvKTx8QpWH9FrcYiXXlqC4z5d5XQBDRqtbfsRjnwGyqbi3gddNtWHuEk9OANUotL26qKUw==" }, "semver": { "version": "7.5.4", @@ -5134,9 +4930,9 @@ "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==" }, "split2": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/split2/-/split2-4.1.0.tgz", - "integrity": "sha512-VBiJxFkxiXRlUIeyMQi8s4hgvKCSjtknJv/LVYbrgALPwf5zSKmEwV9Lst25AkvMDnvxODugjdl6KZgwKM1WYQ==" + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/split2/-/split2-4.2.0.tgz", + "integrity": "sha512-UcjcJOWknrNkF6PLX83qcHM6KHgVKNkV62Y8a5uYDVv9ydGQVwAHMKqHdJje1VTWpljG0WYpCDhrCdAOYH4TWg==" }, "statuses": { "version": "2.0.1", @@ -5172,9 +4968,9 @@ } }, "thread-stream": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/thread-stream/-/thread-stream-2.2.0.tgz", - "integrity": "sha512-rUkv4/fnb4rqy/gGy7VuqK6wE1+1DOCOWy4RMeaV69ZHMP11tQKZvZSip1yTgrKCMZzEMcCL/bKfHvSfDHx+iQ==", + "version": "2.4.1", + "resolved": "https://registry.npmjs.org/thread-stream/-/thread-stream-2.4.1.tgz", + "integrity": "sha512-d/Ex2iWd1whipbT681JmTINKw0ZwOUBZm7+Gjs64DHuX34mmw8vJL2bFAaNacaW72zYiTJxSHi5abUuOi5nsfg==", "requires": { "real-require": "^0.2.0" } @@ -5388,15 +5184,6 @@ "stream-shift": "^1.0.0" } }, - "glob-parent": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-3.1.0.tgz", - "integrity": "sha512-E8Ak/2+dZY6fnzlR7+ueWvhsH1SjHr4jjss4YS/h4py44jY9MhK/VFdaZJAWDz6BbL21KeteKxFSFpq8OS5gVA==", - "requires": { - "is-glob": "^3.1.0", - "path-dirname": "^1.0.0" - } - }, "glob-stream": { "version": "6.1.0", "resolved": "https://registry.npmjs.org/glob-stream/-/glob-stream-6.1.0.tgz", @@ -5404,7 +5191,7 @@ "requires": { "extend": "^3.0.0", "glob": "^7.1.1", - "glob-parent": "^3.1.0", + "glob-parent": "6.0.2", "is-negated-glob": "^1.0.0", "ordered-read-streams": "^1.0.0", "pumpify": "^1.3.5", @@ -5414,14 +5201,6 @@ "unique-stream": "^2.0.2" } }, - "is-glob": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-3.1.0.tgz", - "integrity": "sha512-UFpDDrPgM6qpnFNI+rh/p3bUaq9hKLZN8bMUWzxmcnZVS3omf4IPK+BrewlnWjO1WmUsMYuSjKh4UJuV4+Lqmw==", - "requires": { - "is-extglob": "^2.1.0" - } - }, "pump": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/pump/-/pump-2.0.1.tgz", diff --git a/package.json b/package.json index 0a1feefa0..b6a3592ca 100644 --- a/package.json +++ b/package.json @@ -30,7 +30,12 @@ "@neo4j-documentation/remote-include": "^1.0.0" }, "devDependencies": { - "express": "^4.18.1", + "express": "^4.18.2", "nodemon": "^3.0.2" + }, + "overrides": { + "@antora/site-generator-default": { + "glob-parent": "6.0.2" + } } } From 0d877ba8667f66bcb6674ce919d405dab3329c07 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Tue, 2 Jan 2024 11:59:41 +0000 Subject: [PATCH 496/876] Deploy an analytics cluster using the Neo4j Helm chart (#1244) --- modules/ROOT/content-nav.adoc | 1 + .../ROOT/pages/kubernetes/configuration.adoc | 53 ++++++ modules/ROOT/pages/kubernetes/index.adoc | 1 + modules/ROOT/pages/kubernetes/plugins.adoc | 1 + .../quickstart-analytics-cluster.adoc | 180 ++++++++++++++++++ 5 files changed, 236 insertions(+) create mode 100644 modules/ROOT/pages/kubernetes/quickstart-analytics-cluster.adoc diff --git a/modules/ROOT/content-nav.adoc b/modules/ROOT/content-nav.adoc index e56f7167d..4c350c8c2 100644 --- a/modules/ROOT/content-nav.adoc +++ b/modules/ROOT/content-nav.adoc @@ -48,6 +48,7 @@ *** xref:kubernetes/quickstart-cluster/access-inside-k8s.adoc[] *** xref:kubernetes/quickstart-cluster/access-outside-k8s.adoc[] *** xref:kubernetes/quickstart-cluster/uninstall-cleanup.adoc[] +** xref:kubernetes/quickstart-analytics-cluster.adoc[] ** xref:kubernetes/persistent-volumes.adoc[] ** xref:kubernetes/configuration.adoc[] ** xref:kubernetes/security.adoc[] diff --git a/modules/ROOT/pages/kubernetes/configuration.adoc b/modules/ROOT/pages/kubernetes/configuration.adoc index 9ae1a9d45..4924f85ca 100644 --- a/modules/ROOT/pages/kubernetes/configuration.adoc +++ b/modules/ROOT/pages/kubernetes/configuration.adoc @@ -509,6 +509,7 @@ services: # This service is available even if the deployment is not "ready" internals: enabled: false + # Annotations for the internals service annotations: { } # n.b. there is no ports object for this service. Ports are autogenerated based on the neo4j configuration @@ -697,6 +698,12 @@ podSpec: # If set to false then no anti-affinity rules are applied # If set to an object then that object is used for the Neo4j podAntiAffinity podAntiAffinity: true +# requiredDuringSchedulingIgnoredDuringExecution: +# - labelSelector: +# matchLabels: +# app: "demo" +# helm.neo4j.com/pod_category: "neo4j-instance" +# topologyKey: kubernetes.io/hostname #Add tolerations to the Neo4j pod tolerations: [] @@ -837,6 +844,52 @@ logging: # # # + +# define your podDisruptionBudget details here +podDisruptionBudget: + enabled: false + matchLabels: {} +# "demo": "neo4j" + matchExpressions: [] +# - key: "demo" +# operator: "Equals" +# value: "neo4j" + labels: {} +# "name": "neo4j" + minAvailable: "" + maxUnavailable: "" + +# Service Monitor for prometheus +# Please ensure prometheus operator or the service monitor CRD is present in your cluster before using service monitor config +serviceMonitor: + enabled: false + labels: {} +# "demo": "value" + jobLabel: "" + interval: "" + port: "" + path: "" + namespaceSelector: {} +# any: false +# matchNames: +# - default + targetLabels: [] +# - "demo" +# - "value" + selector: {} +# matchLabels: +# helm.neo4j.com/service: "admin" + + +# this section is to be used only when setting up (1 primary + n secondary neo4j instances scenario) +# Disabled by default. +analytics: + # This flag will enable the internal ports and certain configs necessary to allow 1 primary + n secondary neo4j instances scenario + enabled: false + type: + # values can be primary or secondary + # this field denotes the neo4j instance type either primary or secondary + name: primary ---- + . Pass the _neo4j-values.yaml_ file during installation. diff --git a/modules/ROOT/pages/kubernetes/index.adoc b/modules/ROOT/pages/kubernetes/index.adoc index 2b704890d..2dce05a8e 100644 --- a/modules/ROOT/pages/kubernetes/index.adoc +++ b/modules/ROOT/pages/kubernetes/index.adoc @@ -15,6 +15,7 @@ This chapter describes the following: * xref:kubernetes/helm-charts-setup.adoc[Configure the Neo4j Helm chart repository] -- Configure the Neo4j Helm chart repository and check for the available charts. * xref:kubernetes/quickstart-standalone/index.adoc[Quickstart: Deploy a standalone instance] -- Deploy a Neo4j standalone instance to a cloud (GKE, AWS, AKS) or a local (via Docker Desktop for macOS) Kubernetes cluster. * xref:kubernetes/quickstart-cluster/index.adoc[Quickstart: Deploy a cluster] -- Deploy a Neo4j cluster to a cloud (GKE, AWS, AKS) Kubernetes cluster. +* xref:kubernetes/quickstart-analytics-cluster.adoc[Quickstart: Deploy a Neo4j cluster for analytic queries] -- Deploy an analytics Neo4j cluster with 1 primary and N secondary servers to a local or a cloud (GKE, AWS, AKS) Kubernetes cluster. * xref:kubernetes/persistent-volumes.adoc[Volume mounts and persistent volumes] -- Use persistent volumes with the Neo4j Helm chart and what types Neo4j supports. * xref:kubernetes/configuration.adoc[Customizing a Neo4j Helm chart] -- Configure a Neo4j deployment using a customized _values.yaml_ file. * xref:kubernetes/security.adoc[Configuring SSL] -- Configure SSL for a Neo4j deployment running on Kubernetes. diff --git a/modules/ROOT/pages/kubernetes/plugins.adoc b/modules/ROOT/pages/kubernetes/plugins.adoc index cc109c77b..4279d5eeb 100644 --- a/modules/ROOT/pages/kubernetes/plugins.adoc +++ b/modules/ROOT/pages/kubernetes/plugins.adoc @@ -33,6 +33,7 @@ config: dbms.security.procedures.unrestricted: "gds.*" ---- +[[install-gds-ee-bloom]] === Install GDS Enterprise Edition (EE) and Bloom plugins To install GDS EE and Bloom, you must provide a license for each plugin. diff --git a/modules/ROOT/pages/kubernetes/quickstart-analytics-cluster.adoc b/modules/ROOT/pages/kubernetes/quickstart-analytics-cluster.adoc new file mode 100644 index 000000000..3c1ff56eb --- /dev/null +++ b/modules/ROOT/pages/kubernetes/quickstart-analytics-cluster.adoc @@ -0,0 +1,180 @@ +:description: How to deploy a Neo4j cluster that comprises one primary server and N secondary servers to support analytic queries. +[role=enterprise-edition] +[[quick-start-analytic-cluster]] += Quickstart: Deploy a Neo4j cluster for analytic queries + +_The feature is available in the Neo4j Helm chart from version 5.14._ + +This quickstart shows how to configure and deploy a special Neo4j cluster that comprises one primary server and N secondary servers to support analytic queries. +The primary server handles the transaction workloads, whereas the secondary servers are configured with the Neo4j Graph Data Science library (GDS) and are used only for the analytic workload. + +Information on using GDS in a cluster can be found in the link:https://neo4j.com/docs/graph-data-science/current/[Neo4j Graph Data Science library documentation]. + +The cluster is deployed to a cloud or a local Kubernetes cluster using the Neo4j Helm chart. + +== Prerequisites + +Before you can deploy a Neo4j cluster on Kubernetes, you need to have: + +* A Kubernetes cluster running and the `kubectl` command-line tool installed and configured to communicate with your cluster. +For more information, see link:xref:kubernetes/quickstart-cluster/prerequisites.adoc[Quickstart: Deploy a cluster -> Prerequisites]. +* A valid license for Neo4j Enterprise Edition. +For more information, see xref:/kubernetes/plugins.adoc#install-gds-ee-bloom[Install GDS Enterprise Edition (EE) and Bloom plugins]. +* The xref:kubernetes/helm-charts-setup.adoc[latest version of the Neo4j Helm chart repository]. +* (Optional) A valid license for GDS Enterprise Edition. +To install a licensed plugin, you must provide the license files in a Kubernetes secret. +For more information, see xref:/kubernetes/plugins.adoc#install-gds-ee-bloom[Install GDS Enterprise Edition (EE) and Bloom plugins]. + +== Create a value YAML file for each type of server + +To set up a Neo4j cluster for analytic queries, you need to create a value YAML file for each type of server, primary and secondary. +For example: + +[.tabbed-example] +===== +[.include-with-primary] +====== + +Create a value YAML file for the primary server, for example, _primary-value.yaml_: + +[source, yaml] +---- +neo4j: + name: analytics-cluster + acceptLicenseAgreement: "yes" + edition: enterprise + password: my-password +volumes: + data: + mode: defaultStorageClass + +# Disable the Neo4j load balancer and enable the internal service so that the servers can access each other: +services: + neo4j: + enabled: false + internals: + enabled: true + +# Enable the analytics cluster and set the type to primary: +analytics: + enabled: true + type: + name: primary +---- +====== +[.include-with-secondary] +====== +Create a value YAML file for the secondary servers, for example, _secondary-gds.yaml_. +The password must be the same as for the primary server. +If you are using GDS Enterprise Edition, you also need to create a secret with the license file and mount it as the _/licenses_ volume mount. +For more information on how to create a secret, see xref:/kubernetes/plugins.adoc#install-gds-ee-bloom[Install GDS Enterprise Edition (EE) and Bloom plugins]. + +[source, yaml] +---- +neo4j: + name: analytics-cluster + acceptLicenseAgreement: "yes" + edition: enterprise + password: my-password +volumes: + data: + mode: defaultStorageClass + # Define the volume mount for the license file: + licenses: + disableSubPathExpr: true + mode: volume + volume: + secret: + secretName: gds-license + items: + - key: gds.license + path: gds.license + +# Set the environment variables to download the plugins: +env: + NEO4J_PLUGINS: '["graph-data-science"]' + +# Set the configuration for the plugins directory and the mount for the license file: +config: + gds.enterprise.license_file: "/licenses/gds.license" + server.directories.plugins: "plugins" + +# Disable the Neo4j load balancer and enable the internal service so that the servers can access each other: +services: + neo4j: + enabled: false + internals: + enabled: true + +# Enable the analytics cluster and set the type to secondary: +analytics: + enabled: true + type: + name: secondary + +---- +====== +===== + +For all available options, see xref:kubernetes/configuration.adoc[Customizing a Neo4j Helm chart]. + +== Install the servers + +. Install a single Neo4j server using the _neo4j-primary.yaml_ file, created in the previous section: ++ +[source, bash] +---- +helm install primary neo4j/neo4j -f /path/to/neo4j-primary.yaml +---- +. Install the first secondary server using the _secondary-gds.yaml_ file, created in the previous section: ++ +[source, bash] +---- +helm install gds1 neo4j/neo4j -f /path/to/secondary-gds.yaml +---- +. Repeat step 2 to deploy a second secondary server. +Use a different name, for example, _gds2_. + +== Verify that the GDS library is installed and licensed + +. Connect to each of the `gds` pods using the `kubectl exec` command: ++ +[source, bash] +---- +kubectl exec -it gds1-0 -- bash +---- +. From the _bin_ folder, connect to the `system` database of the `gds1` server using the `cypher-shell` command: ++ +[source, bash] +---- +cypher-shell -u neo4j -p my-password -d system -a bolt://gds1-internals.default.svc.cluster.local:7687 +---- +. Run the following Cypher function to verify that the GDS library is installed: ++ +[source, cypher] +---- +RETURN gds.version(); +---- +. Call `gds.isLicensed()` to verify that the GDS library is licensed: ++ +[source, cypher] +---- +RETURN gds.isLicensed(); +---- ++ +The returned value must be `true`. + +== Verify the cluster formation + +To verify that the cluster is deployed and running, you can install a load balancer and access Neo4j from the Neo4j Browser. + +. Deploy a Neo4j load balancer to the same namespace as the Neo4j cluster: ++ +[source, bash] +---- +helm install lb neo4j/neo4j-load-balancer --set neo4j.name="analytics-cluster" +---- +. When deployed, copy the `EXTERNAL_IP` of the LoadBalancer service. +For more information, see xref:kubernetes/quickstart-cluster/access-outside-k8s.adoc[Access the Neo4j cluster from outside Kubernetes]. +. In a web browser, open the Neo4j Browser at _http://EXTERNAL_IP:7474/browser_ and log in using the password you have configured in your values YAML files. +. Run the `SHOW SERVERS` command to verify that the cluster is deployed and running. +. Run the `SHOW DATABASES` command to verify that the standalone server is of type `primary` and the GDS servers are of type `secondary`. \ No newline at end of file From bdf5e17172e1381f76d6d005e96bf924b94b776c Mon Sep 17 00:00:00 2001 From: Matthew Parnell Date: Tue, 2 Jan 2024 14:59:05 +0000 Subject: [PATCH 497/876] db.index.vector.createNodeIndex replaced by CREATE VECTOR INDEX (#1295) Paired with https://github.com/neo4j/docs-cypher/pull/824 --- modules/ROOT/pages/reference/procedures.adoc | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index 8602247e1..5860fe448 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -86,7 +86,7 @@ For more information, see xref:authentication-authorization/dbms-administration. | xref:reference/procedures.adoc#procedure_db_create_setVectorProperty[`db.create.setVectorProperty()`] | label:yes[] | label:yes[] -| label:new[Introduced in 5.11] label:beta[] label:deprecated[Deprecated in 5.13] Replaced by xref:reference/procedures.adoc#procedure_db_create_setNodeVectorProperty[`db.create.setNodeVectorProperty()`] +| label:new[Introduced in 5.11] label:beta[] label:deprecated[Deprecated in 5.13] Replaced by: xref:reference/procedures.adoc#procedure_db_create_setNodeVectorProperty[`db.create.setNodeVectorProperty()`] | xref:reference/procedures.adoc#procedure_db_createlabel[`db.createLabel()`] | label:yes[] @@ -126,7 +126,7 @@ For more information, see xref:authentication-authorization/dbms-administration. | xref:reference/procedures.adoc#procedure_db_index_vector_createNodeIndex[`db.index.vector.createNodeIndex()`] | label:yes[] | label:yes[] -| label:new[Introduced in 5.11] label:beta[Beta until 5.13] +| label:new[Introduced in 5.11] label:beta[Beta until 5.13] Replaced by: `CREATE VECTOR INDEX ...` | xref:reference/procedures.adoc#procedure_db_index_vector_queryNodes[`db.index.vector.queryNodes()`] | label:yes[] @@ -278,7 +278,7 @@ label:deprecated[Deprecated in 5.6] | label:no[] | label:yes[] | label:admin-only[] label:deprecated[Deprecated in 5.6]. + -Replaced by xref:reference/procedures.adoc#procedure_dbms_cluster_secondaryreplicationdisable[`dbms.cluster.secondaryReplicationDisable()`]. +Replaced by: xref:reference/procedures.adoc#procedure_dbms_cluster_secondaryreplicationdisable[`dbms.cluster.secondaryReplicationDisable()`]. | xref:reference/procedures.adoc#procedure_dbms_cluster_secondaryreplicationdisable[`dbms.cluster.secondaryReplicationDisable()`] | label:no[] @@ -1030,6 +1030,8 @@ In the above equation, the trigonometric cosine is given by the scalar product o m| db.index.vector.createNodeIndex(indexName :: STRING, label :: STRING, propertyKey :: STRING, vectorDimension :: INTEGER, vectorSimilarityFunction :: STRING) | Mode m|SCHEMA +| Replaced by +m|CREATE VECTOR INDEX ... |=== [[procedure_db_index_vector_queryNodes]] From 8a09e1ecdd71414eede77118295df78c8a204b08 Mon Sep 17 00:00:00 2001 From: David Pond Date: Tue, 2 Jan 2024 16:08:38 +0100 Subject: [PATCH 498/876] Clarify lock note again (#1282) The reason I moved the Note, was because it wasn't clear which section the Note refers to. --- .../ROOT/pages/database-internals/locks-deadlocks.adoc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/ROOT/pages/database-internals/locks-deadlocks.adoc b/modules/ROOT/pages/database-internals/locks-deadlocks.adoc index 5fc6a9b56..0990c1963 100644 --- a/modules/ROOT/pages/database-internals/locks-deadlocks.adoc +++ b/modules/ROOT/pages/database-internals/locks-deadlocks.adoc @@ -201,6 +201,11 @@ For these additional locks, no assumptions or guarantees can be made concerning === Locks for dense nodes +[NOTE] +==== +This _Locks for dense nodes_ section describes the behavior of the `standard`, `aligned`, and `high-limit` store formats. The `block` format has a similar but not identical feature. +==== + A node is considered dense if it at any point has had 50 or more relationships (i.e. it will still be considered dense even if it comes to have less than 50 relationships at any point in the future). A node is considered sparse if it has never had more than 50 relationships. You can configure the relationship count threshold for when a node is considered dense by setting xref:configuration/configuration-settings.adoc#config_db.relationship_grouping_threshold[`db.relationship_grouping_threshold`] configuration parameter. @@ -216,11 +221,6 @@ The locking is very similar for sparse and dense nodes. The biggest contention for sparse nodes is the update of the degree (i.e. number of relationships) for the node. Dense nodes store this data in a concurrent data structure, and so can avoid exclusive node locks in almost all cases for relationship modifications. -[NOTE] -==== -This section applies only to `standard`, `aligned`, and `high-limit` store formats. -==== - [[transaction-management-lock-acquisition-timeout]] === Configure lock acquisition timeout From 6f7a47f75e25b676b824ba1be2b2cf318a19c6cc Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Tue, 2 Jan 2024 16:55:25 +0000 Subject: [PATCH 499/876] Add support for Amazon Linux 2023 AMI (#1271) --- modules/ROOT/pages/installation/requirements.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/installation/requirements.adoc b/modules/ROOT/pages/installation/requirements.adoc index e0a001d5a..24ec55781 100644 --- a/modules/ROOT/pages/installation/requirements.adoc +++ b/modules/ROOT/pages/installation/requirements.adoc @@ -100,7 +100,7 @@ For cloud environments, and server-based, on-premise environments: [options="header"] |=== | Operating System | Supported JDK -| *Amazon Linux 2022 AMI* | Amazon Corretto 17, and OracleJDK 17 +| *Amazon Linux 2022 AMI, Amazon Linux 2023 AMI* | Amazon Corretto 17, and OracleJDK 17 | *CentOS Stream 8, 9* | OpenJDK 17, OracleJDK 17, and ZuluJDK 17 | *Debian 11, 12* | OpenJDK 17, OracleJDK 17, and ZuluJDK 17 | *Red Hat Enterprise Linux Server 8.6, 8.8, 9.0, 9.2* | Red Hat OpenJDK 17, Oracle JDK 17, and ZuluJDK 17 From d4c6e34c012d752fdb175bcbddb1889fb3849643 Mon Sep 17 00:00:00 2001 From: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> Date: Wed, 3 Jan 2024 13:24:42 +0100 Subject: [PATCH 500/876] =?UTF-8?q?update=20instructions=20on=20how=20to?= =?UTF-8?q?=20recover=20admin=20user=20and=20password=20in=20a=20cl?= =?UTF-8?q?=E2=80=A6=20(#1298)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit …uster --- .../password-and-user-recovery.adoc | 24 +++++++++---------- package-lock.json | 4 ++-- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/modules/ROOT/pages/authentication-authorization/password-and-user-recovery.adoc b/modules/ROOT/pages/authentication-authorization/password-and-user-recovery.adoc index 175bf6bb0..af16c3d27 100644 --- a/modules/ROOT/pages/authentication-authorization/password-and-user-recovery.adoc +++ b/modules/ROOT/pages/authentication-authorization/password-and-user-recovery.adoc @@ -57,14 +57,14 @@ $ bin/neo4j start ====== [.include-with-cluster] ====== -. Stop the cluster (all Core servers and Read Replicas). +. Stop all members of the cluster: + [source, shell] ---- $ bin/neo4j stop ---- + -. On each Core server, open the _neo4j.conf_ file and modify the following settings: +. On each member, open the _neo4j.conf_ file and modify the following settings: .. Set `dbms.security.auth_enabled` parameter to `false` to disable the authentication: + [source, properties] @@ -82,7 +82,7 @@ This ensures that no one from outside can access the cluster during the recovery server.bolt.listen_address:127.0.0.1 ---- + -. Start all Core servers: +. Start all members of the cluster: + [source, shell] ---- @@ -98,7 +98,7 @@ You can use a client such as xref:tools/cypher-shell.adoc[Cypher Shell] or the N [NOTE] ==== -In a cluster deployment, you should complete the steps only on one of the Core servers. +In a cluster deployment, you should complete the steps only on one of the cluster members. ==== . Complete the steps in xref:authentication-authorization/password-and-user-recovery.adoc#disable-authentication[Disable authentication] as per your deployment. @@ -112,7 +112,7 @@ $ bin/cypher-shell -d system + [NOTE] ==== -label:Cluster[] If you have specified a non-default port for your `bolt` connector, add `-a neo4j://:` to the `cypher-shell` command to be able to connect to your Core server. +label:Cluster[] If you have specified a non-default port for your `bolt` connector, add `-a neo4j://:` to the `cypher-shell` command to be able to connect to your cluster member. ==== . Set a new password for the admin user. In this example, the admin user is named `neo4j`. @@ -136,7 +136,7 @@ You can use a client such as xref:tools/cypher-shell.adoc[Cypher Shell] or the N [NOTE] ==== -In a cluster deployment, you should complete the steps only on one of the Core servers. +In a cluster deployment, you should complete the steps only on one of the cluster members. ==== . Complete the steps in xref:authentication-authorization/password-and-user-recovery.adoc#disable-authentication[Disable authentication] as per your deployment. @@ -150,7 +150,7 @@ $ bin/cypher-shell -d system + [NOTE] ==== -label:Cluster[] If you have specified a non-default port for your `bolt` connector, add `-a neo4j://:` to the `cypher-shell` command to be able to connect to your Core server. +label:Cluster[] If you have specified a non-default port for your `bolt` connector, add `-a neo4j://:` to the `cypher-shell` command to be able to connect to your cluster member. ==== . Grant the admin user role to an existing user. In this example, the user is named `neo4j`. @@ -174,7 +174,7 @@ If you have removed the admin role from your system entirely, you can use a clie [NOTE] ==== -In a cluster deployment, you should complete the steps only on one of the Core servers. +In a cluster deployment, you should complete the steps only on one of the cluster members. ==== . Complete the steps in xref:authentication-authorization/password-and-user-recovery.adoc#disable-authentication[Disable authentication] as per your deployment. @@ -188,7 +188,7 @@ $ bin/cypher-shell -d system + [NOTE] ==== -label:Cluster[] If you have specified a non-default port for your `bolt` connector, add `-a neo4j://:` to the `cypher-shell` command to be able to connect to your Core server. +label:Cluster[] If you have specified a non-default port for your `bolt` connector, add `-a neo4j://:` to the `cypher-shell` command to be able to connect to your cluster member. ==== . Recreate the admin role with its original capabilities. + @@ -244,15 +244,15 @@ $ bin/neo4j start ====== [.include-with-cluster] ====== -. Stop the Core servers. +. Stop the cluster members. + [source, shell] ---- $ bin/neo4j stop ---- + -. Enable the authentication and restore each Core server to its original configuration (See xref:configuration/password-and-user-recovery.adoc#disable-authentication[Disable authentication]). -. Start the cluster (all Core servers and Read Replicas): +. Enable the authentication and restore each cluster member to its original configuration (See xref:configuration/password-and-user-recovery.adoc#disable-authentication[Disable authentication]). +. Start the cluster (all cluster members): + [source, shell] ---- diff --git a/package-lock.json b/package-lock.json index 05bfe2d1e..525fd9eef 100644 --- a/package-lock.json +++ b/package-lock.json @@ -3909,7 +3909,7 @@ "requires": { "extend": "^3.0.2", "glob": "^7.2.0", - "glob-parent": "6.0.2", + "glob-parent": "^6.0.2", "is-negated-glob": "^1.0.0", "ordered-read-streams": "^1.0.1", "pumpify": "^2.0.1", @@ -5191,7 +5191,7 @@ "requires": { "extend": "^3.0.0", "glob": "^7.1.1", - "glob-parent": "6.0.2", + "glob-parent": "^3.1.0", "is-negated-glob": "^1.0.0", "ordered-read-streams": "^1.0.0", "pumpify": "^1.3.5", From 6a27c0dd8044755457f35102486b026735f65674 Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Wed, 3 Jan 2024 15:06:10 +0100 Subject: [PATCH 501/876] Update the procedure descriptions (#1181) We have mismatches in the descriptions of the following procedures: * `db.index.fulltext.queryNodes()` * `db.index.fulltext.queryRelationships()` * `db.index.vector.createNodeIndex()` The proposed changes are taken from the code, and I suggest to modify them a little bit. When we update the descriptions in documentation, we have to update them in the codebase. --------- Co-authored-by: Matthew Parnell --- .../images/cosine_similarity_equation.svg | 249 ------------------ .../images/cosine_similarity_equation.tex | 10 - .../images/euclidean_similarity_equation.svg | 180 ------------- .../images/euclidean_similarity_equation.tex | 9 - modules/ROOT/pages/reference/procedures.adoc | 43 +-- 5 files changed, 13 insertions(+), 478 deletions(-) delete mode 100644 modules/ROOT/images/cosine_similarity_equation.svg delete mode 100644 modules/ROOT/images/cosine_similarity_equation.tex delete mode 100644 modules/ROOT/images/euclidean_similarity_equation.svg delete mode 100644 modules/ROOT/images/euclidean_similarity_equation.tex diff --git a/modules/ROOT/images/cosine_similarity_equation.svg b/modules/ROOT/images/cosine_similarity_equation.svg deleted file mode 100644 index 200ec44dd..000000000 --- a/modules/ROOT/images/cosine_similarity_equation.svg +++ /dev/null @@ -1,249 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/modules/ROOT/images/cosine_similarity_equation.tex b/modules/ROOT/images/cosine_similarity_equation.tex deleted file mode 100644 index 5d493d717..000000000 --- a/modules/ROOT/images/cosine_similarity_equation.tex +++ /dev/null @@ -1,10 +0,0 @@ -\documentclass[preview,class=extarticle,14pt]{standalone} -\usepackage{mathtools,amsmath} -\begin{document} - \begin{align*} - \operatorname{cosine}(\vec v,\vec u) - &\coloneqq\tfrac12\left(1 + \hat v\cdot\hat u\right) \\[\jot] - &\phantom{:}= \dfrac12\left[1 + \dfrac{\vec v\cdot\vec u}{\lVert\vec v\rVert\,\lVert\vec u\rVert}\right] - \qquad\in\left[0,1\right] - \end{align*} -\end{document} diff --git a/modules/ROOT/images/euclidean_similarity_equation.svg b/modules/ROOT/images/euclidean_similarity_equation.svg deleted file mode 100644 index a89f3e74c..000000000 --- a/modules/ROOT/images/euclidean_similarity_equation.svg +++ /dev/null @@ -1,180 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/modules/ROOT/images/euclidean_similarity_equation.tex b/modules/ROOT/images/euclidean_similarity_equation.tex deleted file mode 100644 index a5c9262b7..000000000 --- a/modules/ROOT/images/euclidean_similarity_equation.tex +++ /dev/null @@ -1,9 +0,0 @@ -\documentclass[preview,class=extarticle,14pt]{standalone} -\usepackage{mathtools,amsmath} -\begin{document} - \begin{equation*} - \operatorname{Euclidean}(\vec v,\vec u) - \coloneqq\dfrac1{1 + \left\lVert\vec v - \vec u\right\rVert^2} - \qquad\in\left(0,1\right] - \end{equation*} -\end{document} diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index 5860fe448..f374fef92 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -957,15 +957,13 @@ m|READ |=== | Description a| -Query the given full-text index. - +Query the given full-text index. Returns the matching nodes and their Lucene query score, ordered by score. +Valid _key: value_ pairs for the `options` map are: -Valid _key: value_ pairs for the `options` map are: - -* `skip: ` -- skip the top N results. -* `limit: ` -- limit the number of results returned. -* `analyzer: ` -- use the specified analyzer as a search analyzer for this query. +* `skip: ` -- to skip the top N results. +* `limit: ` -- to limit the number of results returned. +* `analyzer: ` -- to use the specified analyzer as a search analyzer for this query. The `options` map and any of the keys are optional. An example of the `options` map: `{skip: 30, limit: 10, analyzer: 'whitespace'}` @@ -984,15 +982,13 @@ m|READ |=== | Description a| -Query the given full-text index. - +Query the given full-text index. Returns the matching relationships and their Lucene query score, ordered by score. +Valid _key: value_ pairs for the `options` map are: -Valid _key: value_ pairs for the `options` map are: - -* `skip: ` -- skip the top N results. -* `limit: ` -- limit the number of results returned. -* `analyzer: ` -- use the specified analyzer as a search analyzer for this query. +* `skip: ` -- to skip the top N results. +* `limit: ` -- to limit the number of results returned. +* `analyzer: ` -- to use the specified analyzer as a search analyzer for this query. The `options` map and any of the keys are optional. An example of the `options` map: `{skip: 30, limit: 10, analyzer: 'whitespace'}` @@ -1010,22 +1006,9 @@ m|READ |=== | Description a| -Create a named vector index for the given label, and property with given vector dimensionality, using the given similarity function. - -`vectorDimension` must be between `1` and `2048` _inclusively_. - -Valid case-insensitive values for the `vectorSimilarityFunction` are: - -* `"euclidean"` -- Euclidean similarity, where: -+ -image::euclidean_similarity_equation.svg["The Euclidean of vector v and vector u is defined as 1 over the quantity 1 plus the square of the l2-norm of vector v subtract vector u, which exists in the bounded set of real numbers between 0 exclusive and 1 inclusive."] -+ - -* `"cosine"` -- Cosine similarity, where: -+ -image::cosine_similarity_equation.svg["The cosine of vector v and vector u is defined as half of the quanity 1 plus the scalar product of v hat u hat, which equals half of the quantity 1 plus the scalar product of vector v vector u over the product of the l2-norm of vector v and the l2 norm ov vector u, which exists in the bounded set of real numbers between 0 inclusive and 1 inclusive."] -In the above equation, the trigonometric cosine is given by the scalar product of the two unit vectors. -+ +Create a named node vector index for the specified label and property with the given vector dimensionality using either the EUCLIDEAN or COSINE similarity function. +Both similarity functions are case-insensitive. +Use the `db.index.vector.queryNodes` procedure to query the named index. | Signature m| db.index.vector.createNodeIndex(indexName :: STRING, label :: STRING, propertyKey :: STRING, vectorDimension :: INTEGER, vectorSimilarityFunction :: STRING) | Mode From bb945d4e34818a7cfb4290083a6efc21bc589032 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 3 Jan 2024 14:33:31 +0000 Subject: [PATCH 502/876] Add a missing space (#1304) --- modules/ROOT/pages/database-administration/index.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/database-administration/index.adoc b/modules/ROOT/pages/database-administration/index.adoc index fa572889a..94c2a006a 100644 --- a/modules/ROOT/pages/database-administration/index.adoc +++ b/modules/ROOT/pages/database-administration/index.adoc @@ -15,7 +15,7 @@ This chapter describes how to manage local and remote standard databases, compos In Neo4j {neo4j-version}, each standard database contains a single graph. Many administrative commands refer to a specific graph by using the database name. -A database defines a _transaction domain_ (a collection of graphs that can be updated within the context of a single transaction) and an _execution context_(a runtime environment for the execution of a request). +A database defines a _transaction domain_ (a collection of graphs that can be updated within the context of a single transaction) and an _execution context_ (a runtime environment for the execution of a request). This means that a transaction cannot span across multiple databases. Similarly, a procedure is called within a database, although its logic may access data that is stored in other databases. From 7b5ef0bd9011dc329ad7a5c96eb251ea12cf28b3 Mon Sep 17 00:00:00 2001 From: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> Date: Thu, 4 Jan 2024 14:28:50 +0100 Subject: [PATCH 503/876] add details about topology (#1305) --- modules/ROOT/pages/clustering/databases.adoc | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/pages/clustering/databases.adoc b/modules/ROOT/pages/clustering/databases.adoc index dd527366b..03c5c028c 100644 --- a/modules/ROOT/pages/clustering/databases.adoc +++ b/modules/ROOT/pages/clustering/databases.adoc @@ -72,7 +72,7 @@ Keep in mind that during such a transition, the database will be unavailable for `ALTER DATABASE` commands are optionally idempotent, with the default behavior to fail with an error if the database does not exist. Appending `IF EXISTS` to the command ensures that no error is returned and nothing happens should the database not exist. -If the `ALTER DATABASE` command decreases the number of allocations of a database, allocations on xref:clustering/servers.adoc#_cordoned_servers[cordoned servers] are removed first. +If the `ALTER DATABASE` command decreases the number of allocations of a database, allocations on xref:clustering/servers.adoc#_cordoned_servers[cordoned servers] are removed first. .Query [source, cypher] @@ -172,12 +172,15 @@ SHOW SERVERS YIELD serverId, name, address, state, health, hosting; In this case, the address for `server01` is `localhost:7687` and thus, the server ID is `8512c9b9-d9e8-48e6-b037-b15b0004ca18`. + . On one of the servers, use the `system` database and create the database `foo` using the server ID of `server01`. -If you know how your restored database should be allocated across the cluster, you can also specify the desired topology in the `CREATE DATABASE` command. +If you know how your restored database should be allocated across the cluster, you can specify the desired topology in the `CREATE DATABASE` command. +If you don't specify a topology, the database is allocated according to what is specified in the _neo4j.conf_ file. See <<#_create_database, `CREATE DATABASE`>> for more information. + [source, cypher, role=noplay] ---- -CREATE DATABASE foo OPTIONS {existingData: 'use', existingDataSeedInstance: '8512c9b9-d9e8-48e6-b037-b15b0004ca18'}; +CREATE DATABASE foo +TOPOLOGY [desired number of primaries] PRIMARIES [desired number of secondaries] SECONDARIES +OPTIONS {existingData: 'use', existingDataSeedInstance: '8512c9b9-d9e8-48e6-b037-b15b0004ca18'}; ---- . Verify that the `foo` database is online on the desired number of servers, in the desired roles. If the `foo` database is of considerable size, the execution of the command can take some time. From d420e9060e16aef2fc64dd8864ea9eb8fa72d599 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 4 Jan 2024 15:01:38 +0000 Subject: [PATCH 504/876] Rename Neo4j connectors to network connectors to differentiate them from Kafka, Spark, etc. (#1301) --- .../ROOT/pages/configuration/connectors.adoc | 49 +++++++++---------- 1 file changed, 24 insertions(+), 25 deletions(-) diff --git a/modules/ROOT/pages/configuration/connectors.adoc b/modules/ROOT/pages/configuration/connectors.adoc index 06e21350b..d4e2dbb1f 100644 --- a/modules/ROOT/pages/configuration/connectors.adoc +++ b/modules/ROOT/pages/configuration/connectors.adoc @@ -1,34 +1,33 @@ -:description: How to configure connectors (Bolt, HTTP, and HTTPS) for Neo4j. +:description: How to configure network connectors (Bolt, HTTP, and HTTPS) for Neo4j. [[connectors]] -= Configure connectors += Configure network connectors -Neo4j provides support for Bolt, HTTP, and HTTPS protocols using connectors. -Connectors are configured in the _neo4j.conf_ file. +Neo4j provides support for Bolt, HTTP, and HTTPS protocols using network connectors. +Network connectors are configured in the _neo4j.conf_ file. [[connectors-available-connectors]] -== Available connectors +== Available network connectors -The table below lists the available Neo4j connectors: +The table below lists the available network connectors in Neo4j: -.Neo4j connectors and port number +.Neo4j network connectors and port number [options="header"] |=== -| Connector name | Protocol | Default port number +| Network connector name | Protocol | Default port number | `server.bolt` | Bolt | `7687` | `server.http` | HTTP | `7474` | `server.https` | HTTPS | `7473` |=== -When configuring the HTTPS or Bolt connector, see also xref:security/ssl-framework.adoc[SSL framework] for details on how to work with SSL certificates. +When configuring the HTTPS or Bolt connectors, see also xref:security/ssl-framework.adoc[SSL framework] for details on how to work with SSL certificates. [[connectors-configuration-options]] == Configuration options -The connectors are configured by settings on the format `server..>`. -The available suffixes are described in the table below: +The network connectors are configured by settings in the format `server..>`. -.Configuration option suffixes for connectors +.Configuration option suffixes for network connectors [options="header",cols="15,25,60,60"] |=== | Option name @@ -43,17 +42,17 @@ The available suffixes are described in the table below: When disabled, Neo4j does not listen for incoming connections on the relevant port. | `listen_address` -| `127.0.0.1:` +| `127.0.0.1:` | `xref:configuration/configuration-settings.adoc#config_server.bolt.listen_address[server.bolt.listen_address]`, `xref:configuration/configuration-settings.adoc#config_server.https.listen_address[server.https.listen_address]`, `xref:configuration/configuration-settings.adoc#config_server.http.listen_address[server.http.listen_address]` | This setting specifies how Neo4j listens for incoming connections. It consists of two parts; an IP address (e.g. 127.0.0.1 or 0.0.0.0) and a port number (e.g. 7687), and is expressed in the format `:`. See below for an example of usage. | `advertised_address` -| `localhost:` +| `localhost:` | `xref:configuration/configuration-settings.adoc#config_server.bolt.advertised_address[server.bolt.advertised_address]`, `xref:configuration/configuration-settings.adoc#config_server.https.advertised_address[server.https.advertised_address]`, `xref:configuration/configuration-settings.adoc#config_server.http.advertised_address[server.http.advertised_address]` -| This setting specifies the address that clients should use for this connector. -This is useful in a cluster as it allows each server to correctly advertise addresses of the other servers in the cluster. +| This setting specifies the address that clients should use for this network connector. +This is useful in a cluster as it allows each server to correctly advertise the addresses of the other servers in the cluster. The advertised address consists of two parts; an address (fully qualified domain name, hostname, or IP address) and a port number (e.g. 7687), and is expressed in the format `
:`. See below for an example of usage. @@ -61,7 +60,7 @@ See below for an example of usage. | `DISABLED` | `xref:configuration/configuration-settings.adoc#config_server.bolt.tls_level[server.bolt.tls_level]` | This setting is only applicable to the Bolt connector. -It allows the connector to accept encrypted and/or unencrypted connections. +It allows the Bolt connector to accept encrypted and/or unencrypted connections. The default value is `DISABLED`, where only unencrypted client connections are to be accepted by this connector, and all encrypted connections will be rejected. Other values are `REQUIRED` and `OPTIONAL`. @@ -79,8 +78,8 @@ server.bolt.listen_address=0.0.0.0:7000 .Specify `advertised_address` for the Bolt connector ==== -If routing traffic via a proxy, or if port mappings are in use, it is possible to specify `advertised_address` for each connector individually. -For example, if port 7687 on the Neo4j Server is mapped from port 9000 on the external network, specify the `advertised_address` for the Bolt connector: +If routing traffic via a proxy, or if port mappings are in use, it is possible to specify `advertised_address` for each network connector individually. +For example, if port `7687` on the Neo4j server is mapped from port `9000` on the external network, specify the `advertised_address` for the Bolt connector: ---- server.bolt.advertised_address=:9000 ---- @@ -90,17 +89,17 @@ server.bolt.advertised_address=:9000 [[connectors-options-for-bolt-thread-pooling]] == Options for Bolt thread pooling -See xref:performance/bolt-thread-pool-configuration.adoc[Bolt thread pool configuration] to learn more about Bolt thread pooling and how to configure it on the connector level. +See xref:performance/bolt-thread-pool-configuration.adoc[Bolt thread pool configuration] to learn more about Bolt thread pooling and how to configure it on the network connector level. [[connectors-defaults-for-addresses]] == Defaults for addresses -It is possible to specify defaults for the configuration options with `listen_address` and `advertised_address` suffixes, as described below. -Setting a default value will apply to all the connectors, unless specifically configured for a certain connector. +It is possible to specify defaults for the configuration options with `listen_address` and `advertised_address` suffixes. +Setting a default value applies to all network connectors unless specifically configured for a certain connector. `xref:configuration/configuration-settings.adoc#config_server.default_listen_address[server.default_listen_address]`:: -This configuration option defines a default IP address of the settings with the `listen_address` suffix for all connectors. +This configuration option defines a default IP address of the settings with the `listen_address` suffix for all network connectors. If the IP address part of the `listen_address` is not specified, it is inherited from the shared setting `server.default_listen_address`. + .Specify `listen_address` for the Bolt connector @@ -120,7 +119,7 @@ server.bolt.listen_address=:7000 ==== `xref:configuration/configuration-settings.adoc#config_server.default_advertised_address[server.default_advertised_address]`:: -This configuration option defines a default address of the settings with the `advertised_address` suffix for all connectors. +This configuration option defines a default address of the settings with the `advertised_address` suffix for all network connectors. If the address part of the `advertised_address` is not specified, it is inherited from the shared setting `server.default_advertised_address`. + .Specify `advertised_address` for the Bolt connector @@ -144,7 +143,7 @@ server.bolt.advertised_address=:9000 [WARNING] ==== The default address settings can only accept the hostname or IP address portion of the full socket address. -Port numbers are protocol-specific, and can only be added by the protocol-specific connector configuration. +Port numbers are protocol-specific, and can only be added by the protocol-specific network connector configuration. For example, if you configure the default address value to be `example.com:9999`, Neo4j will fail to start and you will get an error in xref:configuration/file-locations.adoc[_neo4j.log_]. ==== From 0df6421bff8da07499fa62bd9c5511e90f8cd8c8 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 4 Jan 2024 15:16:02 +0000 Subject: [PATCH 505/876] Remove the EE label from the backup and restore index page (#1310) --- modules/ROOT/pages/backup-restore/index.adoc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/ROOT/pages/backup-restore/index.adoc b/modules/ROOT/pages/backup-restore/index.adoc index 70ca1a6e2..9257361c8 100644 --- a/modules/ROOT/pages/backup-restore/index.adoc +++ b/modules/ROOT/pages/backup-restore/index.adoc @@ -1,7 +1,6 @@ -[role=enterprise-edition] [[backup-restore]] = Backup and restore -:description: This chapter describes how to back up and restore Neo4j. +:description: This chapter describes how to back up and restore Neo4j. This chapter describes the following: From 8f035a697619e5daf79beb77c2786511a2729142 Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Mon, 8 Jan 2024 15:03:45 +0100 Subject: [PATCH 506/876] Restructure the installation page (#1307) --- modules/ROOT/content-nav.adoc | 3 +-- modules/ROOT/pages/installation/index.adoc | 3 +-- .../pages/installation/neo4j-browser.adoc | 24 ------------------- modules/ROOT/pages/tools/index.adoc | 3 +++ 4 files changed, 5 insertions(+), 28 deletions(-) delete mode 100644 modules/ROOT/pages/installation/neo4j-browser.adoc diff --git a/modules/ROOT/content-nav.adoc b/modules/ROOT/content-nav.adoc index 4c350c8c2..144112a8f 100644 --- a/modules/ROOT/content-nav.adoc +++ b/modules/ROOT/content-nav.adoc @@ -2,8 +2,6 @@ * xref:introduction.adoc[] * xref:installation/index.adoc[] ** xref:installation/requirements.adoc[] -** xref:installation/neo4j-browser.adoc[] -** xref:installation/neo4j-desktop.adoc[] ** xref:installation/linux/index.adoc[] *** xref:installation/linux/debian.adoc[] *** xref:installation/linux/rpm.adoc[] @@ -11,6 +9,7 @@ *** xref:installation/linux/systemd.adoc[] ** xref:installation/osx.adoc[] ** xref:installation/windows.adoc[] +** xref:installation/neo4j-desktop.adoc[] * xref:cloud-deployments/index.adoc[] ** xref:cloud-deployments/neo4j-aws.adoc[] diff --git a/modules/ROOT/pages/installation/index.adoc b/modules/ROOT/pages/installation/index.adoc index 3d764a0fe..4e4adcb10 100644 --- a/modules/ROOT/pages/installation/index.adoc +++ b/modules/ROOT/pages/installation/index.adoc @@ -7,11 +7,10 @@ Neo4j can be installed in different deployment contexts, such as Linux, macOS, a The following topics are covered: * xref:installation/requirements.adoc[System requirements] -- The system requirements for a production deployment of Neo4j. -* xref:installation/neo4j-browser.adoc[Neo4j Browser] -- About Neo4j Browser. -* xref:installation/neo4j-desktop.adoc[Neo4j Desktop] -- About Neo4j Desktop. * xref:installation/linux/index.adoc[Linux] -- Installation instructions for Linux. * xref:installation/osx.adoc[macOS] -- Installation instructions for macOS. * xref:installation/windows.adoc[Windows] -- Installation instructions for Windows. +* xref:installation/neo4j-desktop.adoc[Neo4j Desktop] -- About Neo4j Desktop. .Installation-free options [TIP] diff --git a/modules/ROOT/pages/installation/neo4j-browser.adoc b/modules/ROOT/pages/installation/neo4j-browser.adoc deleted file mode 100644 index f3870b6ae..000000000 --- a/modules/ROOT/pages/installation/neo4j-browser.adoc +++ /dev/null @@ -1,24 +0,0 @@ -:description: Introduction to Neo4j Browser. -[[neo4j-browser]] -= Neo4j Browser - -Neo4j Browser is a tool for developers to interact with the graph. -It is the default interface for both Enterprise and Community Editions of the Neo4j database. - -Neo4j Browser is bundled with Neo4j DBMS, including both Neo4j Server and xref:installation/neo4j-desktop.adoc[Neo4j Desktop]. - -[TIP] -==== -For more information on how to use Neo4j Browser and its capabilities, see the link:https://neo4j.com/docs/browser-manual/current/[Neo4j Browser documentation]. -==== - -The following web browsers are supported: - -* Chrome (Latest version) -* Firefox (Latest version) -* Edge (Latest version) - -[NOTE] -==== -Internet Explorer web browser is _not_ supported. -==== diff --git a/modules/ROOT/pages/tools/index.adoc b/modules/ROOT/pages/tools/index.adoc index 7976c39ae..190c98b95 100644 --- a/modules/ROOT/pages/tools/index.adoc +++ b/modules/ROOT/pages/tools/index.adoc @@ -17,5 +17,8 @@ This chapter covers the following topics: ** xref:tools/neo4j-admin/migrate-configuration.adoc[Migrate the Neo4j configuration file] -- How to migrate a Neo4j configuration file. ** xref:tools/neo4j-admin/validate-config.adoc[Validate configurations] -- How to validate Neo4j configuration files, including the Log4j files. * xref:tools/cypher-shell.adoc[Cypher Shell] -- How to use the Cypher Shell. +* link:https://neo4j.com/docs/browser-manual/current/[Neo4j Browser] is a tool for developers to interact with the graph. +It is the default interface for both Enterprise and Community Editions of the Neo4j database. +Neo4j Browser is bundled with Neo4j DBMS, including both Neo4j server and xref:installation/neo4j-desktop.adoc[Neo4j Desktop]. From 5e36a94171e3f79375c3211df9eb8b63ade1a95c Mon Sep 17 00:00:00 2001 From: Bruno Caricchio Buss Date: Mon, 8 Jan 2024 12:24:41 +0000 Subject: [PATCH 507/876] Fix duplicated entry for `page_cache.page_cancelled_faults` metric There is a duplicated entry for that metric, with the only difference being one has the description spelled `canceled` and the other one `cancelled`. I merged both into the first entry just because because that matches the order of the metrics in the code-base. --- modules/ROOT/pages/monitoring/metrics/reference.adoc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/ROOT/pages/monitoring/metrics/reference.adoc b/modules/ROOT/pages/monitoring/metrics/reference.adoc index f5afc96e2..1d42d10d2 100644 --- a/modules/ROOT/pages/monitoring/metrics/reference.adoc +++ b/modules/ROOT/pages/monitoring/metrics/reference.adoc @@ -214,11 +214,10 @@ By default, database metrics include: |.page_cache.evictions.cooperative|The total number of cooperative page evictions executed by the page cache due to low available pages. (counter) |.page_cache.page_faults|The total number of page faults in the page cache. If this count keeps increasing over time, it may indicate that more page cache is required. However, note that when Neo4j Enterprise starts up, all page cache warmup activities result in page faults. Therefore, it is normal to observe a significant page fault count immediately after startup. (counter) |.page_cache.page_fault_failures|The total number of failed page faults happened in the page cache. (counter) -|.page_cache.page_cancelled_faults|The total number of canceled page faults happened in the page cache. (counter) +|.page_cache.page_cancelled_faults|The total number of cancelled page faults happened in the page cache. (counter) |.page_cache.page_vectored_faults|The total number of vectored page faults happened in the page cache. (counter) |.page_cache.page_vectored_faults_failures|The total number of failed vectored page faults happened in the page cache. (counter) |.page_cache.page_no_pin_page_faults|The total number of page faults that are not caused by the page pins happened in the page cache. Represent pages loaded by the vectored faults (counter) -|.page_cache.page_cancelled_faults|The total number of cancelled page faults happened in the page cache. (counter) |.page_cache.hits|The total number of page hits happened in the page cache. (counter) |.page_cache.hit_ratio|The ratio of hits to the total number of lookups in the page cache. Performance relies on efficiently using the page cache, so this metric should be in the 98-100% range consistently. If it is much lower than that, then the database is going to disk too often. (gauge) |.page_cache.usage_ratio|The ratio of number of used pages to total number of available pages. This metric shows what percentage of the allocated page cache is actually being used. If it is 100%, then it is likely that the hit ratio will start dropping, and you should consider allocating more RAM to page cache. (gauge) From 46f6653b6b03a263f3e3468e69e2c2e864c44020 Mon Sep 17 00:00:00 2001 From: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> Date: Mon, 8 Jan 2024 15:42:26 +0100 Subject: [PATCH 508/876] clarify topology (#1313) --- modules/ROOT/pages/clustering/databases.adoc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/clustering/databases.adoc b/modules/ROOT/pages/clustering/databases.adoc index 03c5c028c..604d4feb3 100644 --- a/modules/ROOT/pages/clustering/databases.adoc +++ b/modules/ROOT/pages/clustering/databases.adoc @@ -172,8 +172,9 @@ SHOW SERVERS YIELD serverId, name, address, state, health, hosting; In this case, the address for `server01` is `localhost:7687` and thus, the server ID is `8512c9b9-d9e8-48e6-b037-b15b0004ca18`. + . On one of the servers, use the `system` database and create the database `foo` using the server ID of `server01`. -If you know how your restored database should be allocated across the cluster, you can specify the desired topology in the `CREATE DATABASE` command. -If you don't specify a topology, the database is allocated according to what is specified in the _neo4j.conf_ file. +The topology of `foo` is stored in the `system` database and when you create it, it is allocated according to the default topology (which can be shown with `CALL dbms.showTopologyGraphConfig`). +This may be different from the topology of `foo` when it was backed up. +If you want to ensure a certain allocation across the cluster, you can specify the desired topology with the `TOPOLOGY` clause in the `CREATE DATABASE` command. See <<#_create_database, `CREATE DATABASE`>> for more information. + [source, cypher, role=noplay] From 7b2b0b32dae8451211dc4c52de501d0b2979d866 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Tue, 9 Jan 2024 14:38:21 +0100 Subject: [PATCH 509/876] Removing enterprise label from cloud deployment pages and adding more context (#1270) --- modules/ROOT/pages/cloud-deployments/index.adoc | 2 +- modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc | 8 ++++---- modules/ROOT/pages/cloud-deployments/neo4j-azure.adoc | 6 +++--- modules/ROOT/pages/cloud-deployments/neo4j-gcp.adoc | 6 +++--- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/modules/ROOT/pages/cloud-deployments/index.adoc b/modules/ROOT/pages/cloud-deployments/index.adoc index 773118c76..2d97b9fb0 100644 --- a/modules/ROOT/pages/cloud-deployments/index.adoc +++ b/modules/ROOT/pages/cloud-deployments/index.adoc @@ -28,7 +28,7 @@ Neo4j's cloud marketplace listings represent a quick and easy way of getting sta [TIP] ==== *Neo4j Aura* is a fully managed Neo4j database, hosted in the cloud and requires no installation. -For more information, see https://neo4j.com/aura/[the Aura product^] and https://aura.support.neo4j.com/[support pages^]. +For more information, see https://neo4j.com/aura/[the Aura product^], https://aura.support.neo4j.com/[support pages^], and the https://www.neo4j.com/docs/aura[Aura documentationˆ]. //Neo4j can be run in a *Docker* container. //For information on running Neo4j on Docker, see xref:docker/index.adoc[Docker]. diff --git a/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc b/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc index 659c9f929..7a7152292 100644 --- a/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc +++ b/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc @@ -1,9 +1,8 @@ :description: Deploy Neo4j on Amazon Web Services (AWS) directly from the AWS Marketplace or by using the Neo4j CloudFormation templates hosted on GitHub. -[role=enterprise-edition] [[aws]] = Neo4j on AWS -Neo4j Enterprise Edition can be easily deployed on EC2 instances in Amazon Web Services (AWS) by using the link:https://aws.amazon.com/marketplace/pp/prodview-akmzjikgawgn4?sr=0-1&ref_=beagle&applicationId=AWSMPContessa[official listing for Neo4j Enterprise on the AWS Marketplace^]. +Neo4j can be easily deployed on EC2 instances in Amazon Web Services (AWS) by using the link:https://aws.amazon.com/marketplace/pp/prodview-akmzjikgawgn4?sr=0-1&ref_=beagle&applicationId=AWSMPContessa[official listing for Neo4j Enterprise] or https://aws.amazon.com/marketplace/pp/prodview-lxxbmpqvwo5eq[Neo4j Community Edition] on the AWS Marketplace. The AWS Marketplace listing uses a CloudFormation template maintained by Neo4j. The template's code is available on link:https://github.com/neo4j-partners/amazon-cloud-formation-neo4j/tree/main/marketplace[GitHub^] and can be customized to meet more complex or bespoke use cases. @@ -17,7 +16,7 @@ The Neo4j AWS Marketplace listings (and listings on GitHub) use CloudFormation t == Supported Neo4j versions -The Neo4j link:https://aws.amazon.com/marketplace/seller-profile?id=23ec694a-d2af-4641-b4d3-b7201ab2f5f9[AWS marketplace listing^] can be configured to deploy either Neo4j Enterprise Edition 5 or 4.4. +The Neo4j link:https://aws.amazon.com/marketplace/seller-profile?id=23ec694a-d2af-4641-b4d3-b7201ab2f5f9[AWS marketplace listing^] can be configured to deploy either Neo4j Enterprise Edition 5 or 4.4, or Neo4j Community Edition 5. The CloudFormation template always installs the latest available minor version of each release. For example, the latest minor release of Neo4j 5 is {neo4j-version-minor}. @@ -132,7 +131,8 @@ After the installation finishes successfully, the CloudFormation template provid When the CloudFormation template creates a new Neo4j cluster, an Auto Scaling group (ASG) is created and tagged with the minor version of the installed Neo4j database. If you add more EC2 instances to your ASG, they will be installed with the same minor version, ensuring that all Neo4j cluster servers are installed with the same version, regardless of when the EC2 instances were created. -== Licensing +== Licensing +label:Enterprise[] Installing and starting Neo4j from the AWS marketplace constitutes an acceptance of the Neo4j license agreement. When deploying Neo4j, users are required to confirm that they either have an enterprise license or accept the terms of the Neo4j evaluation license. diff --git a/modules/ROOT/pages/cloud-deployments/neo4j-azure.adoc b/modules/ROOT/pages/cloud-deployments/neo4j-azure.adoc index 6cdadda9e..780695143 100644 --- a/modules/ROOT/pages/cloud-deployments/neo4j-azure.adoc +++ b/modules/ROOT/pages/cloud-deployments/neo4j-azure.adoc @@ -1,9 +1,8 @@ :description: Deploy Neo4j on Microsoft Azure directly from the Azure Marketplace or by using the Neo4j Azure Resource Manager (ARM) template hosted on GitHub. -[role=enterprise-edition] [[azure]] = Neo4j on Azure -Neo4j Enterprise Edition can be easily deployed on Virtual Machine instances in Microsoft Azure by using the link:https://azuremarketplace.microsoft.com/en-us/marketplace/apps/neo4j.neo4j-ee?tab=Overview[official listing for Neo4j Enterprise on the Azure Marketplace^]. +Neo4j can be easily deployed on Virtual Machine instances in Microsoft Azure by using the link:https://azuremarketplace.microsoft.com/en-us/marketplace/apps/neo4j.neo4j-ee?tab=Overview[official listing for Neo4j Enterprise] or https://azuremarketplace.microsoft.com/en-us/marketplace/apps/neo4j.neo4j-community[Neo4j Community Edition] on the Azure Marketplace. The Azure Marketplace listing uses an Azure Resource Manager (ARM) template maintained by Neo4j. The template's code is available on link:https://github.com/neo4j-partners/azure-resource-manager-neo4j/tree/main/marketplace[GitHub^] and can be customized to meet more complex or bespoke use cases. @@ -17,7 +16,7 @@ The Neo4j Azure Marketplace listings (and listings on GitHub) use Azure Resource == Supported Neo4j versions -The Neo4j link:https://azuremarketplace.microsoft.com/en-us/marketplace/apps/neo4j.neo4j-ee?tab=Overview[Azure marketplace listing^] can be configured to deploy either Neo4j Enterprise Edition 5 or 4.4. +The Neo4j link:https://azuremarketplace.microsoft.com/en-us/marketplace/apps/neo4j.neo4j-ee?tab=Overview[Azure marketplace listing^] can be configured to deploy either Neo4j Enterprise Edition 5 or 4.4, or Neo4j Community Edition 5. The ARM template always installs the latest available minor version of each release. For example, the latest minor release of Neo4j 5 is {neo4j-version-minor}. @@ -127,6 +126,7 @@ When the ARM template creates a new Neo4j cluster, a Virtual Machine Scale Set ( If you add more VM instances to your VMSS, they will be installed using the same minor version, ensuring that all Neo4j cluster servers are installed with the same version, regardless of when the VM instances were created. == Licensing +label:Enterprise[] Installing and starting Neo4j from the Azure marketplace constitutes an acceptance of the Neo4j license agreement. When deploying Neo4j, users are required to confirm that they either have an enterprise license. diff --git a/modules/ROOT/pages/cloud-deployments/neo4j-gcp.adoc b/modules/ROOT/pages/cloud-deployments/neo4j-gcp.adoc index c83462684..165731ae5 100644 --- a/modules/ROOT/pages/cloud-deployments/neo4j-gcp.adoc +++ b/modules/ROOT/pages/cloud-deployments/neo4j-gcp.adoc @@ -1,9 +1,8 @@ :description: Deploy Neo4j on Google Cloud Platform (GCP) directly from the GCP Marketplace or by using the Neo4j Deployment Manager templates hosted on GitHub. -[role=enterprise-edition] [[gcp]] = Neo4j on GCP -Neo4j Enterprise Edition can be easily deployed on Virtual Machines in Google Cloud Platform (GCP) by using the link:https://console.cloud.google.com/marketplace/product/neo4j/neo4j-enterprise-edition[official listing for Neo4j Enterprise on the GCP Marketplace^]. +Neo4j Edition can be easily deployed on Virtual Machines in Google Cloud Platform (GCP) by using the link:https://console.cloud.google.com/marketplace/bproduct/neo4j/neo4j-enterprise-edition[official listing for Neo4j Enterprise Edition] or https://console.cloud.google.com/marketplace/product/neo4j/neo4j-community-edition?project=cohesive-point-368015[Neo4j Community Edition] on the GCP Marketplace^]. The GCP Marketplace listing uses a Deployment Manager template maintained by Neo4j. The template's code is available on link:https://github.com/neo4j-partners/google-deployment-manager-neo4j[GitHub^] and can be customized to meet more complex or bespoke use cases. @@ -17,7 +16,7 @@ The Neo4j GCP Marketplace listings (and listings on GitHub) use Deployment Manag == Supported Neo4j versions -The Neo4j link:https://console.cloud.google.com/marketplace/product/neo4j/neo4j-enterprise-edition[GCP marketplace listing^] can be configured to deploy either Neo4j Enterprise Edition 5 or 4.4. +The Neo4j link:https://console.cloud.google.com/marketplace/product/neo4j/neo4j-enterprise-edition[GCP marketplace listing^] can be configured to deploy either Neo4j Enterprise Edition 5 or 4.4, or Neo4j Community Edition 5. The Deployment Manager template always installs the latest available minor version of each release. For example, the latest minor release of Neo4j 5 is {neo4j-version-minor}. @@ -120,6 +119,7 @@ The Neo4j Browser can be easily launched in a new window by clicking the button ==== == Licensing +label:Enterprise[] Installing and starting Neo4j from the GCP marketplace constitutes an acceptance of the Neo4j license agreement. When deploying Neo4j, you are required to confirm that you either have an Enterprise license or accept the terms of the Neo4j evaluation license. From c70e7f750694ba0434615dfc5d01175df10d5bc5 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Tue, 9 Jan 2024 15:30:49 +0100 Subject: [PATCH 510/876] Fixing typo in url (#1320) Related to https://github.com/neo4j/docs-operations/pull/1270 --- modules/ROOT/pages/cloud-deployments/neo4j-gcp.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/cloud-deployments/neo4j-gcp.adoc b/modules/ROOT/pages/cloud-deployments/neo4j-gcp.adoc index 165731ae5..4571f4cc2 100644 --- a/modules/ROOT/pages/cloud-deployments/neo4j-gcp.adoc +++ b/modules/ROOT/pages/cloud-deployments/neo4j-gcp.adoc @@ -2,7 +2,7 @@ [[gcp]] = Neo4j on GCP -Neo4j Edition can be easily deployed on Virtual Machines in Google Cloud Platform (GCP) by using the link:https://console.cloud.google.com/marketplace/bproduct/neo4j/neo4j-enterprise-edition[official listing for Neo4j Enterprise Edition] or https://console.cloud.google.com/marketplace/product/neo4j/neo4j-community-edition?project=cohesive-point-368015[Neo4j Community Edition] on the GCP Marketplace^]. +Neo4j Edition can be easily deployed on Virtual Machines in Google Cloud Platform (GCP) by using the link:https://console.cloud.google.com/marketplace/product/neo4j/neo4j-enterprise-edition[official listing for Neo4j Enterprise Edition] or https://console.cloud.google.com/marketplace/product/neo4j/neo4j-community-edition?project=cohesive-point-368015[Neo4j Community Edition] on the GCP Marketplace^]. The GCP Marketplace listing uses a Deployment Manager template maintained by Neo4j. The template's code is available on link:https://github.com/neo4j-partners/google-deployment-manager-neo4j[GitHub^] and can be customized to meet more complex or bespoke use cases. From 8236b4beba579cc94bcc31dadb846cb64b123450 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 9 Jan 2024 17:23:46 +0000 Subject: [PATCH 511/876] Bump the prod-dependencies group with 2 updates (#1316) Bumps the prod-dependencies group with 2 updates: [@antora/cli](https://gitlab.com/antora/antora) and [@antora/site-generator-default](https://gitlab.com/antora/antora). Updates `@antora/cli` from 3.1.6 to 3.1.7 Updates `@antora/site-generator-default` from 3.1.6 to 3.1.7 Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 330 +++++++++++++++++++++++----------------------- package.json | 4 +- 2 files changed, 167 insertions(+), 167 deletions(-) diff --git a/package-lock.json b/package-lock.json index 525fd9eef..c14f2e7d8 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,8 +9,8 @@ "version": "1.0.0", "license": "ISC", "dependencies": { - "@antora/cli": "^3.1.6", - "@antora/site-generator-default": "^3.1.6", + "@antora/cli": "^3.1.7", + "@antora/site-generator-default": "^3.1.7", "@neo4j-antora/antora-add-notes": "^0.3.1", "@neo4j-antora/antora-modify-sitemaps": "^0.4.4", "@neo4j-antora/antora-page-roles": "^0.3.2", @@ -25,11 +25,11 @@ } }, "node_modules/@antora/asciidoc-loader": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/asciidoc-loader/-/asciidoc-loader-3.1.6.tgz", - "integrity": "sha512-Tqy4QFuZiKe/yX+3H8+vTLE6HH+VDm9OkKwq3G769jcC+40wz6y3poV4r4t1XJFAWwa/AKGM99ZcnJcJ3rtW+A==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/asciidoc-loader/-/asciidoc-loader-3.1.7.tgz", + "integrity": "sha512-sM/poPtAi8Cx0g2oLGHoEYjTdE9pvIYLgbHW07fGf6c9wQYMd2DMsevtbhNKWp+xqxj/QinToz4JOaNLoy1nfg==", "dependencies": { - "@antora/logger": "3.1.6", + "@antora/logger": "3.1.7", "@antora/user-require-helper": "~2.0", "@asciidoctor/core": "~2.2" }, @@ -38,12 +38,12 @@ } }, "node_modules/@antora/cli": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/cli/-/cli-3.1.6.tgz", - "integrity": "sha512-aJLN6JyXYUfMfMVr/6JEenxnnG8evKfyp01wd/Cj7mkJXD/lj/Gqws2bXyP/hjUEl/HuX4/P9AcIfMLT/vfQJw==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/cli/-/cli-3.1.7.tgz", + "integrity": "sha512-yHo30VmiLLsZU4JW8VZR6fql9m5lIxocA2d0tduKQ+r4YSD1kt+bbwX3You3iMwW7oLoNo62zfU76F8CQBnm2g==", "dependencies": { - "@antora/logger": "3.1.6", - "@antora/playbook-builder": "3.1.6", + "@antora/logger": "3.1.7", + "@antora/playbook-builder": "3.1.7", "@antora/user-require-helper": "~2.0", "commander": "~10.0" }, @@ -55,18 +55,18 @@ } }, "node_modules/@antora/content-aggregator": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/content-aggregator/-/content-aggregator-3.1.6.tgz", - "integrity": "sha512-kOKWn/1gBvd9XOp00/wFzH4lb3yCa5u65ZKmfe9VwC7uOl5Tg9zT0lxMa7miEbPAmfhcOr0zRYXa2ybsoKBWNw==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/content-aggregator/-/content-aggregator-3.1.7.tgz", + "integrity": "sha512-2gBbxaDxqY4QRw9Vut0IbKNqI9zAAohxjT0zcA5Am10kE3ywvzXaBa3tvb+A7vUl/vRcCC0LPM7pO37RVrbsGA==", "dependencies": { "@antora/expand-path-helper": "~2.0", - "@antora/logger": "3.1.6", + "@antora/logger": "3.1.7", "@antora/user-require-helper": "~2.0", "braces": "~3.0", "cache-directory": "~2.0", "glob-stream": "~7.0", "hpagent": "~1.2", - "isomorphic-git": "~1.21", + "isomorphic-git": "~1.25", "js-yaml": "~4.1", "multi-progress": "~4.0", "picomatch": "~2.3", @@ -80,12 +80,12 @@ } }, "node_modules/@antora/content-classifier": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/content-classifier/-/content-classifier-3.1.6.tgz", - "integrity": "sha512-e5Fs38Cfbl2kecxpRLFftflphbjg2wPfWlwjLZjs8d0R5ISSCM38q8ecDKCQHQlrYJkSrxiSpWqg0irNqAHnLw==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/content-classifier/-/content-classifier-3.1.7.tgz", + "integrity": "sha512-94XwJ35pkWJU6dJqQg5oreJRCkaXwU6yw9XSyB731o4i/0romkazKnu7deHugqdgvzqn92AlMRG6R0clhJLEsw==", "dependencies": { - "@antora/asciidoc-loader": "3.1.6", - "@antora/logger": "3.1.6", + "@antora/asciidoc-loader": "3.1.7", + "@antora/logger": "3.1.7", "mime-types": "~2.1", "vinyl": "~2.2" }, @@ -94,11 +94,11 @@ } }, "node_modules/@antora/document-converter": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/document-converter/-/document-converter-3.1.6.tgz", - "integrity": "sha512-bdzlkwq1WMnfdc6FUZNcO58LwjMqYmv3m9dI/eAJryGiKa9ChBFskwA1ob7rB87Qxjzu6UHcNucbt910hjEOAw==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/document-converter/-/document-converter-3.1.7.tgz", + "integrity": "sha512-cRVJf7QyclxjWbA0gWz7hncZYThIREikkwaxaa26LsRCfBNlw7wxs7lWejvIvEl1LVshupbinJwKUPPQPOsHhw==", "dependencies": { - "@antora/asciidoc-loader": "3.1.6" + "@antora/asciidoc-loader": "3.1.7" }, "engines": { "node": ">=16.0.0" @@ -113,9 +113,9 @@ } }, "node_modules/@antora/file-publisher": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/file-publisher/-/file-publisher-3.1.6.tgz", - "integrity": "sha512-UPTyFWY7lrG/Qj6SBxgoVBg1fW3JemJzW62y6pKuGHF59TEKJiaVTUlHEaVgkbpkCngn2os+VOX7fHK0jsBU9A==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/file-publisher/-/file-publisher-3.1.7.tgz", + "integrity": "sha512-UH2o0DJuv9BJvWgn+QSE3MhtHB3oN3lG5lJkV3fQi1jAV+qPIHoiTIYhbw02mj5KQ3Qbt7YWWAKZKuGl3rEdjg==", "dependencies": { "@antora/expand-path-helper": "~2.0", "@antora/user-require-helper": "~2.0", @@ -128,9 +128,9 @@ } }, "node_modules/@antora/logger": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/logger/-/logger-3.1.6.tgz", - "integrity": "sha512-36kU8gMbPslcPu8u9EbXsz6+9G9+LWPKhO7n8mEQqxlcCqmChwgetK6VbsL102rynpgPsstX6IAKg2wbptJK5g==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/logger/-/logger-3.1.7.tgz", + "integrity": "sha512-Z2tfNIi9G4BnAZq26Kp30974FxCVCtvH46FOi6ClnkJg6Uf2gTrVlJERmtsDTsHjWsf1qKbnj/4b99/AU31iQg==", "dependencies": { "@antora/expand-path-helper": "~2.0", "pino": "~8.14", @@ -142,22 +142,22 @@ } }, "node_modules/@antora/navigation-builder": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/navigation-builder/-/navigation-builder-3.1.6.tgz", - "integrity": "sha512-0iqktzBKQ4kgOM+pbm1bYdGUlN6Blw5zAxURr+W7X96b45mUHCTNz1nZrsDvBLbVXpSTk//ih85Ioh0RU4RJTw==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/navigation-builder/-/navigation-builder-3.1.7.tgz", + "integrity": "sha512-QvMPb0qY1zfgyLCfuEhJOpO5qSVjaVe5X/bQjSii9vDGgpIEiC2yt/hgqER37E/3zsBGEZvCH5lSLk1c7x0+EQ==", "dependencies": { - "@antora/asciidoc-loader": "3.1.6" + "@antora/asciidoc-loader": "3.1.7" }, "engines": { "node": ">=16.0.0" } }, "node_modules/@antora/page-composer": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/page-composer/-/page-composer-3.1.6.tgz", - "integrity": "sha512-zl2UXVmHEy23zWsGzz3ZpnqtzTVfYvAVS7osPZpSyto3unwtQUI0dR+JpWndElsEDt71JJedbsXa/y/tNC2ZOQ==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/page-composer/-/page-composer-3.1.7.tgz", + "integrity": "sha512-zJMzYznPT6Vd59nEXio/2rolkX070Nup6g4a8d4RCz0WoE8dmMidw6XFgjAHr0Lyh14/FHgBPlYXfhkDFR16Mw==", "dependencies": { - "@antora/logger": "3.1.6", + "@antora/logger": "3.1.7", "handlebars": "~4.7", "require-from-string": "~2.0" }, @@ -166,9 +166,9 @@ } }, "node_modules/@antora/playbook-builder": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/playbook-builder/-/playbook-builder-3.1.6.tgz", - "integrity": "sha512-bZcDastZViAgPVPNvvbbw7ci63gL5YnyG5X7NuHJoORgzyGQAsMYEjzfa9yfNfXubUmXv/oSteUSxbACjdjzWg==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/playbook-builder/-/playbook-builder-3.1.7.tgz", + "integrity": "sha512-lU80S1BqUy9DvqziEzRwpYTaWhOshxgrGAjf/F5VjAIaHCGVx0rZgfoI2rgFFkbVaH94kauOngdtTXDPXC1fPQ==", "dependencies": { "@iarna/toml": "~2.2", "convict": "~6.2", @@ -180,9 +180,9 @@ } }, "node_modules/@antora/redirect-producer": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/redirect-producer/-/redirect-producer-3.1.6.tgz", - "integrity": "sha512-tzlrJa2vny0HPBtIAgEM/xCMTfOi4z2CYUt4Ctz7rV8PBv6NOjlLkbu7Goc57CpR9wmJ3C4AGJcVHN0tah0FmA==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/redirect-producer/-/redirect-producer-3.1.7.tgz", + "integrity": "sha512-6zAHfcOb0v0829nAbn/3HMilbactjbjU7zBT9Iy6JHQfbqXT/g/mUT9N13Lj/wbq/nm0qKQJweB0Mi6BS2fbMw==", "dependencies": { "vinyl": "~2.2" }, @@ -191,23 +191,23 @@ } }, "node_modules/@antora/site-generator": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/site-generator/-/site-generator-3.1.6.tgz", - "integrity": "sha512-NKRTVDGB7CuzEBx68iQGweSTDXLvqccExEfBiudPEhyagcn4U+fwef+0LjE4A2imcpD/QQC7l5U8VaNObQYnRQ==", - "dependencies": { - "@antora/asciidoc-loader": "3.1.6", - "@antora/content-aggregator": "3.1.6", - "@antora/content-classifier": "3.1.6", - "@antora/document-converter": "3.1.6", - "@antora/file-publisher": "3.1.6", - "@antora/logger": "3.1.6", - "@antora/navigation-builder": "3.1.6", - "@antora/page-composer": "3.1.6", - "@antora/playbook-builder": "3.1.6", - "@antora/redirect-producer": "3.1.6", - "@antora/site-mapper": "3.1.6", - "@antora/site-publisher": "3.1.6", - "@antora/ui-loader": "3.1.6", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/site-generator/-/site-generator-3.1.7.tgz", + "integrity": "sha512-39KWip9bLdQ+4ssyqjI+O0COquKHxoeznxY2/3w5pNZEoeTg8cD7kOsnWfbocw0R3Rj+kJV5MnqICFNq0nuPeA==", + "dependencies": { + "@antora/asciidoc-loader": "3.1.7", + "@antora/content-aggregator": "3.1.7", + "@antora/content-classifier": "3.1.7", + "@antora/document-converter": "3.1.7", + "@antora/file-publisher": "3.1.7", + "@antora/logger": "3.1.7", + "@antora/navigation-builder": "3.1.7", + "@antora/page-composer": "3.1.7", + "@antora/playbook-builder": "3.1.7", + "@antora/redirect-producer": "3.1.7", + "@antora/site-mapper": "3.1.7", + "@antora/site-publisher": "3.1.7", + "@antora/ui-loader": "3.1.7", "@antora/user-require-helper": "~2.0" }, "engines": { @@ -215,22 +215,22 @@ } }, "node_modules/@antora/site-generator-default": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/site-generator-default/-/site-generator-default-3.1.6.tgz", - "integrity": "sha512-HXnqYYQdQHwjg6NAvEr3oolt4Kmb3cEVqMsR9BoN8ZPfVpnx+kM9r1/qqpgx9BZxY2oTDYPhFFeygdq2Fu5rIg==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/site-generator-default/-/site-generator-default-3.1.7.tgz", + "integrity": "sha512-m9UbejttKzp8MKJTEc+aKXi5SNb864QO7lQiQzSR0fiWnIR8WIM73CPPwkVeOXdKqaJvQp5IF9rlXXTkkC19fw==", "dependencies": { - "@antora/site-generator": "3.1.6" + "@antora/site-generator": "3.1.7" }, "engines": { "node": ">=16.0.0" } }, "node_modules/@antora/site-mapper": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/site-mapper/-/site-mapper-3.1.6.tgz", - "integrity": "sha512-Jc5AqY2uS3wO21iwEFyJuXOspTLN6UdNnZP/Os2oguR+cSsjwUx+l6+X7lquIndq+dXUQS3tMQkwNkhLgfcsrw==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/site-mapper/-/site-mapper-3.1.7.tgz", + "integrity": "sha512-x++89btbwk8FxyU2+H/RHQMnsC9sdvQvXcwXwNt11eXN1qj7t8TPiQZTalg7gkf0/osY4l7JRpGBY5JJfOJVig==", "dependencies": { - "@antora/content-classifier": "3.1.6", + "@antora/content-classifier": "3.1.7", "vinyl": "~2.2" }, "engines": { @@ -238,20 +238,20 @@ } }, "node_modules/@antora/site-publisher": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/site-publisher/-/site-publisher-3.1.6.tgz", - "integrity": "sha512-AOpM12gmMJeucebEGneHvOJAXQgco0lAg7Vx9CH7slHVeJy6mM74Mcut7KkKlv3AOJJKgYfdYkJndvq9dqbWmQ==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/site-publisher/-/site-publisher-3.1.7.tgz", + "integrity": "sha512-zHaJc7UeBfFSIhBbQ5U5Ud4u671M84oqSJb3pPxlUiJDP7iVJlSl+0GNm0NAIoDizjPtVksUI88fzqCy5rfSUQ==", "dependencies": { - "@antora/file-publisher": "3.1.6" + "@antora/file-publisher": "3.1.7" }, "engines": { "node": ">=16.0.0" } }, "node_modules/@antora/ui-loader": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/ui-loader/-/ui-loader-3.1.6.tgz", - "integrity": "sha512-IivfKW7fCaV7GpXIOxyk8X2mJiYoM6U0CDaFzWiKerJeDikW1Oi9KGxCMe2+onYBJrgzQxAZsIzjr9fXUcDZWw==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/ui-loader/-/ui-loader-3.1.7.tgz", + "integrity": "sha512-79QuZB0c91dveoESa3RcE18ZZFJo0rDZX9aJKHVc20dInQBGCgfURPqB2OytkzaXD3lNtDJ41yjKNYZqsAQy1Q==", "dependencies": { "@antora/expand-path-helper": "~2.0", "@vscode/gulp-vinyl-zip": "~2.5", @@ -429,9 +429,9 @@ } }, "node_modules/async-lock": { - "version": "1.4.0", - "resolved": "https://registry.npmjs.org/async-lock/-/async-lock-1.4.0.tgz", - "integrity": "sha512-coglx5yIWuetakm3/1dsX9hxCNox22h7+V80RQOu2XUUMidtArxKoZoOtHUPuR84SycKTXzgGzAUR5hJxujyJQ==" + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/async-lock/-/async-lock-1.4.1.tgz", + "integrity": "sha512-Az2ZTpuytrtqENulXwO3GGv1Bztugx6TT37NIo7imr/Qo0gsYiGtSdBa2B6fsXhTpVZDNfu1Qn3pk531e3q+nQ==" }, "node_modules/atomic-sleep": { "version": "1.0.0", @@ -1546,9 +1546,9 @@ "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==" }, "node_modules/isomorphic-git": { - "version": "1.21.0", - "resolved": "https://registry.npmjs.org/isomorphic-git/-/isomorphic-git-1.21.0.tgz", - "integrity": "sha512-ZqCAUM63CYepA3fB8H7NVyPSiOkgzIbQ7T+QPrm9xtYgQypN9JUJ5uLMjB5iTfomdJf3mdm6aSxjZwnT6ubvEA==", + "version": "1.25.3", + "resolved": "https://registry.npmjs.org/isomorphic-git/-/isomorphic-git-1.25.3.tgz", + "integrity": "sha512-iUaDB5kObupWpwjQ+EGkDQmaYQzbq1XaPqo+xJCCfbPViGZL94rU2RvK4EDJKpYbyiwbq5OSLEjkXHa8r5I1aw==", "dependencies": { "async-lock": "^1.1.0", "clean-git-ref": "^2.0.1", @@ -3011,39 +3011,39 @@ }, "dependencies": { "@antora/asciidoc-loader": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/asciidoc-loader/-/asciidoc-loader-3.1.6.tgz", - "integrity": "sha512-Tqy4QFuZiKe/yX+3H8+vTLE6HH+VDm9OkKwq3G769jcC+40wz6y3poV4r4t1XJFAWwa/AKGM99ZcnJcJ3rtW+A==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/asciidoc-loader/-/asciidoc-loader-3.1.7.tgz", + "integrity": "sha512-sM/poPtAi8Cx0g2oLGHoEYjTdE9pvIYLgbHW07fGf6c9wQYMd2DMsevtbhNKWp+xqxj/QinToz4JOaNLoy1nfg==", "requires": { - "@antora/logger": "3.1.6", + "@antora/logger": "3.1.7", "@antora/user-require-helper": "~2.0", "@asciidoctor/core": "~2.2" } }, "@antora/cli": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/cli/-/cli-3.1.6.tgz", - "integrity": "sha512-aJLN6JyXYUfMfMVr/6JEenxnnG8evKfyp01wd/Cj7mkJXD/lj/Gqws2bXyP/hjUEl/HuX4/P9AcIfMLT/vfQJw==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/cli/-/cli-3.1.7.tgz", + "integrity": "sha512-yHo30VmiLLsZU4JW8VZR6fql9m5lIxocA2d0tduKQ+r4YSD1kt+bbwX3You3iMwW7oLoNo62zfU76F8CQBnm2g==", "requires": { - "@antora/logger": "3.1.6", - "@antora/playbook-builder": "3.1.6", + "@antora/logger": "3.1.7", + "@antora/playbook-builder": "3.1.7", "@antora/user-require-helper": "~2.0", "commander": "~10.0" } }, "@antora/content-aggregator": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/content-aggregator/-/content-aggregator-3.1.6.tgz", - "integrity": "sha512-kOKWn/1gBvd9XOp00/wFzH4lb3yCa5u65ZKmfe9VwC7uOl5Tg9zT0lxMa7miEbPAmfhcOr0zRYXa2ybsoKBWNw==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/content-aggregator/-/content-aggregator-3.1.7.tgz", + "integrity": "sha512-2gBbxaDxqY4QRw9Vut0IbKNqI9zAAohxjT0zcA5Am10kE3ywvzXaBa3tvb+A7vUl/vRcCC0LPM7pO37RVrbsGA==", "requires": { "@antora/expand-path-helper": "~2.0", - "@antora/logger": "3.1.6", + "@antora/logger": "3.1.7", "@antora/user-require-helper": "~2.0", "braces": "~3.0", "cache-directory": "~2.0", "glob-stream": "~7.0", "hpagent": "~1.2", - "isomorphic-git": "~1.21", + "isomorphic-git": "~1.25", "js-yaml": "~4.1", "multi-progress": "~4.0", "picomatch": "~2.3", @@ -3054,22 +3054,22 @@ } }, "@antora/content-classifier": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/content-classifier/-/content-classifier-3.1.6.tgz", - "integrity": "sha512-e5Fs38Cfbl2kecxpRLFftflphbjg2wPfWlwjLZjs8d0R5ISSCM38q8ecDKCQHQlrYJkSrxiSpWqg0irNqAHnLw==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/content-classifier/-/content-classifier-3.1.7.tgz", + "integrity": "sha512-94XwJ35pkWJU6dJqQg5oreJRCkaXwU6yw9XSyB731o4i/0romkazKnu7deHugqdgvzqn92AlMRG6R0clhJLEsw==", "requires": { - "@antora/asciidoc-loader": "3.1.6", - "@antora/logger": "3.1.6", + "@antora/asciidoc-loader": "3.1.7", + "@antora/logger": "3.1.7", "mime-types": "~2.1", "vinyl": "~2.2" } }, "@antora/document-converter": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/document-converter/-/document-converter-3.1.6.tgz", - "integrity": "sha512-bdzlkwq1WMnfdc6FUZNcO58LwjMqYmv3m9dI/eAJryGiKa9ChBFskwA1ob7rB87Qxjzu6UHcNucbt910hjEOAw==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/document-converter/-/document-converter-3.1.7.tgz", + "integrity": "sha512-cRVJf7QyclxjWbA0gWz7hncZYThIREikkwaxaa26LsRCfBNlw7wxs7lWejvIvEl1LVshupbinJwKUPPQPOsHhw==", "requires": { - "@antora/asciidoc-loader": "3.1.6" + "@antora/asciidoc-loader": "3.1.7" } }, "@antora/expand-path-helper": { @@ -3078,9 +3078,9 @@ "integrity": "sha512-CSMBGC+tI21VS2kGW3PV7T2kQTM5eT3f2GTPVLttwaNYbNxDve08en/huzszHJfxo11CcEs26Ostr0F2c1QqeA==" }, "@antora/file-publisher": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/file-publisher/-/file-publisher-3.1.6.tgz", - "integrity": "sha512-UPTyFWY7lrG/Qj6SBxgoVBg1fW3JemJzW62y6pKuGHF59TEKJiaVTUlHEaVgkbpkCngn2os+VOX7fHK0jsBU9A==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/file-publisher/-/file-publisher-3.1.7.tgz", + "integrity": "sha512-UH2o0DJuv9BJvWgn+QSE3MhtHB3oN3lG5lJkV3fQi1jAV+qPIHoiTIYhbw02mj5KQ3Qbt7YWWAKZKuGl3rEdjg==", "requires": { "@antora/expand-path-helper": "~2.0", "@antora/user-require-helper": "~2.0", @@ -3090,9 +3090,9 @@ } }, "@antora/logger": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/logger/-/logger-3.1.6.tgz", - "integrity": "sha512-36kU8gMbPslcPu8u9EbXsz6+9G9+LWPKhO7n8mEQqxlcCqmChwgetK6VbsL102rynpgPsstX6IAKg2wbptJK5g==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/logger/-/logger-3.1.7.tgz", + "integrity": "sha512-Z2tfNIi9G4BnAZq26Kp30974FxCVCtvH46FOi6ClnkJg6Uf2gTrVlJERmtsDTsHjWsf1qKbnj/4b99/AU31iQg==", "requires": { "@antora/expand-path-helper": "~2.0", "pino": "~8.14", @@ -3101,27 +3101,27 @@ } }, "@antora/navigation-builder": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/navigation-builder/-/navigation-builder-3.1.6.tgz", - "integrity": "sha512-0iqktzBKQ4kgOM+pbm1bYdGUlN6Blw5zAxURr+W7X96b45mUHCTNz1nZrsDvBLbVXpSTk//ih85Ioh0RU4RJTw==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/navigation-builder/-/navigation-builder-3.1.7.tgz", + "integrity": "sha512-QvMPb0qY1zfgyLCfuEhJOpO5qSVjaVe5X/bQjSii9vDGgpIEiC2yt/hgqER37E/3zsBGEZvCH5lSLk1c7x0+EQ==", "requires": { - "@antora/asciidoc-loader": "3.1.6" + "@antora/asciidoc-loader": "3.1.7" } }, "@antora/page-composer": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/page-composer/-/page-composer-3.1.6.tgz", - "integrity": "sha512-zl2UXVmHEy23zWsGzz3ZpnqtzTVfYvAVS7osPZpSyto3unwtQUI0dR+JpWndElsEDt71JJedbsXa/y/tNC2ZOQ==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/page-composer/-/page-composer-3.1.7.tgz", + "integrity": "sha512-zJMzYznPT6Vd59nEXio/2rolkX070Nup6g4a8d4RCz0WoE8dmMidw6XFgjAHr0Lyh14/FHgBPlYXfhkDFR16Mw==", "requires": { - "@antora/logger": "3.1.6", + "@antora/logger": "3.1.7", "handlebars": "~4.7", "require-from-string": "~2.0" } }, "@antora/playbook-builder": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/playbook-builder/-/playbook-builder-3.1.6.tgz", - "integrity": "sha512-bZcDastZViAgPVPNvvbbw7ci63gL5YnyG5X7NuHJoORgzyGQAsMYEjzfa9yfNfXubUmXv/oSteUSxbACjdjzWg==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/playbook-builder/-/playbook-builder-3.1.7.tgz", + "integrity": "sha512-lU80S1BqUy9DvqziEzRwpYTaWhOshxgrGAjf/F5VjAIaHCGVx0rZgfoI2rgFFkbVaH94kauOngdtTXDPXC1fPQ==", "requires": { "@iarna/toml": "~2.2", "convict": "~6.2", @@ -3130,63 +3130,63 @@ } }, "@antora/redirect-producer": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/redirect-producer/-/redirect-producer-3.1.6.tgz", - "integrity": "sha512-tzlrJa2vny0HPBtIAgEM/xCMTfOi4z2CYUt4Ctz7rV8PBv6NOjlLkbu7Goc57CpR9wmJ3C4AGJcVHN0tah0FmA==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/redirect-producer/-/redirect-producer-3.1.7.tgz", + "integrity": "sha512-6zAHfcOb0v0829nAbn/3HMilbactjbjU7zBT9Iy6JHQfbqXT/g/mUT9N13Lj/wbq/nm0qKQJweB0Mi6BS2fbMw==", "requires": { "vinyl": "~2.2" } }, "@antora/site-generator": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/site-generator/-/site-generator-3.1.6.tgz", - "integrity": "sha512-NKRTVDGB7CuzEBx68iQGweSTDXLvqccExEfBiudPEhyagcn4U+fwef+0LjE4A2imcpD/QQC7l5U8VaNObQYnRQ==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/site-generator/-/site-generator-3.1.7.tgz", + "integrity": "sha512-39KWip9bLdQ+4ssyqjI+O0COquKHxoeznxY2/3w5pNZEoeTg8cD7kOsnWfbocw0R3Rj+kJV5MnqICFNq0nuPeA==", "requires": { - "@antora/asciidoc-loader": "3.1.6", - "@antora/content-aggregator": "3.1.6", - "@antora/content-classifier": "3.1.6", - "@antora/document-converter": "3.1.6", - "@antora/file-publisher": "3.1.6", - "@antora/logger": "3.1.6", - "@antora/navigation-builder": "3.1.6", - "@antora/page-composer": "3.1.6", - "@antora/playbook-builder": "3.1.6", - "@antora/redirect-producer": "3.1.6", - "@antora/site-mapper": "3.1.6", - "@antora/site-publisher": "3.1.6", - "@antora/ui-loader": "3.1.6", + "@antora/asciidoc-loader": "3.1.7", + "@antora/content-aggregator": "3.1.7", + "@antora/content-classifier": "3.1.7", + "@antora/document-converter": "3.1.7", + "@antora/file-publisher": "3.1.7", + "@antora/logger": "3.1.7", + "@antora/navigation-builder": "3.1.7", + "@antora/page-composer": "3.1.7", + "@antora/playbook-builder": "3.1.7", + "@antora/redirect-producer": "3.1.7", + "@antora/site-mapper": "3.1.7", + "@antora/site-publisher": "3.1.7", + "@antora/ui-loader": "3.1.7", "@antora/user-require-helper": "~2.0" } }, "@antora/site-generator-default": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/site-generator-default/-/site-generator-default-3.1.6.tgz", - "integrity": "sha512-HXnqYYQdQHwjg6NAvEr3oolt4Kmb3cEVqMsR9BoN8ZPfVpnx+kM9r1/qqpgx9BZxY2oTDYPhFFeygdq2Fu5rIg==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/site-generator-default/-/site-generator-default-3.1.7.tgz", + "integrity": "sha512-m9UbejttKzp8MKJTEc+aKXi5SNb864QO7lQiQzSR0fiWnIR8WIM73CPPwkVeOXdKqaJvQp5IF9rlXXTkkC19fw==", "requires": { - "@antora/site-generator": "3.1.6" + "@antora/site-generator": "3.1.7" } }, "@antora/site-mapper": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/site-mapper/-/site-mapper-3.1.6.tgz", - "integrity": "sha512-Jc5AqY2uS3wO21iwEFyJuXOspTLN6UdNnZP/Os2oguR+cSsjwUx+l6+X7lquIndq+dXUQS3tMQkwNkhLgfcsrw==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/site-mapper/-/site-mapper-3.1.7.tgz", + "integrity": "sha512-x++89btbwk8FxyU2+H/RHQMnsC9sdvQvXcwXwNt11eXN1qj7t8TPiQZTalg7gkf0/osY4l7JRpGBY5JJfOJVig==", "requires": { - "@antora/content-classifier": "3.1.6", + "@antora/content-classifier": "3.1.7", "vinyl": "~2.2" } }, "@antora/site-publisher": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/site-publisher/-/site-publisher-3.1.6.tgz", - "integrity": "sha512-AOpM12gmMJeucebEGneHvOJAXQgco0lAg7Vx9CH7slHVeJy6mM74Mcut7KkKlv3AOJJKgYfdYkJndvq9dqbWmQ==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/site-publisher/-/site-publisher-3.1.7.tgz", + "integrity": "sha512-zHaJc7UeBfFSIhBbQ5U5Ud4u671M84oqSJb3pPxlUiJDP7iVJlSl+0GNm0NAIoDizjPtVksUI88fzqCy5rfSUQ==", "requires": { - "@antora/file-publisher": "3.1.6" + "@antora/file-publisher": "3.1.7" } }, "@antora/ui-loader": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/@antora/ui-loader/-/ui-loader-3.1.6.tgz", - "integrity": "sha512-IivfKW7fCaV7GpXIOxyk8X2mJiYoM6U0CDaFzWiKerJeDikW1Oi9KGxCMe2+onYBJrgzQxAZsIzjr9fXUcDZWw==", + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@antora/ui-loader/-/ui-loader-3.1.7.tgz", + "integrity": "sha512-79QuZB0c91dveoESa3RcE18ZZFJo0rDZX9aJKHVc20dInQBGCgfURPqB2OytkzaXD3lNtDJ41yjKNYZqsAQy1Q==", "requires": { "@antora/expand-path-helper": "~2.0", "@vscode/gulp-vinyl-zip": "~2.5", @@ -3335,9 +3335,9 @@ } }, "async-lock": { - "version": "1.4.0", - "resolved": "https://registry.npmjs.org/async-lock/-/async-lock-1.4.0.tgz", - "integrity": "sha512-coglx5yIWuetakm3/1dsX9hxCNox22h7+V80RQOu2XUUMidtArxKoZoOtHUPuR84SycKTXzgGzAUR5hJxujyJQ==" + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/async-lock/-/async-lock-1.4.1.tgz", + "integrity": "sha512-Az2ZTpuytrtqENulXwO3GGv1Bztugx6TT37NIo7imr/Qo0gsYiGtSdBa2B6fsXhTpVZDNfu1Qn3pk531e3q+nQ==" }, "atomic-sleep": { "version": "1.0.0", @@ -3909,7 +3909,7 @@ "requires": { "extend": "^3.0.2", "glob": "^7.2.0", - "glob-parent": "^6.0.2", + "glob-parent": "6.0.2", "is-negated-glob": "^1.0.0", "ordered-read-streams": "^1.0.1", "pumpify": "^2.0.1", @@ -4176,9 +4176,9 @@ "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==" }, "isomorphic-git": { - "version": "1.21.0", - "resolved": "https://registry.npmjs.org/isomorphic-git/-/isomorphic-git-1.21.0.tgz", - "integrity": "sha512-ZqCAUM63CYepA3fB8H7NVyPSiOkgzIbQ7T+QPrm9xtYgQypN9JUJ5uLMjB5iTfomdJf3mdm6aSxjZwnT6ubvEA==", + "version": "1.25.3", + "resolved": "https://registry.npmjs.org/isomorphic-git/-/isomorphic-git-1.25.3.tgz", + "integrity": "sha512-iUaDB5kObupWpwjQ+EGkDQmaYQzbq1XaPqo+xJCCfbPViGZL94rU2RvK4EDJKpYbyiwbq5OSLEjkXHa8r5I1aw==", "requires": { "async-lock": "^1.1.0", "clean-git-ref": "^2.0.1", @@ -5191,7 +5191,7 @@ "requires": { "extend": "^3.0.0", "glob": "^7.1.1", - "glob-parent": "^3.1.0", + "glob-parent": "6.0.2", "is-negated-glob": "^1.0.0", "ordered-read-streams": "^1.0.0", "pumpify": "^1.3.5", diff --git a/package.json b/package.json index b6a3592ca..41a295311 100644 --- a/package.json +++ b/package.json @@ -19,8 +19,8 @@ "author": "Neo4j", "license": "ISC", "dependencies": { - "@antora/cli": "^3.1.6", - "@antora/site-generator-default": "^3.1.6", + "@antora/cli": "^3.1.7", + "@antora/site-generator-default": "^3.1.7", "@neo4j-antora/antora-add-notes": "^0.3.1", "@neo4j-antora/antora-modify-sitemaps": "^0.4.4", "@neo4j-antora/antora-page-roles": "^0.3.2", From 0eb7164b559b912665ab0afe18e8db20d9fa6af0 Mon Sep 17 00:00:00 2001 From: Neil Dewhurst Date: Tue, 9 Jan 2024 17:24:23 +0000 Subject: [PATCH 512/876] New workflows (#1322) --- .github/workflows/docs-branch-checks.yml | 54 ++++++++++++++++++++++ .github/workflows/docs-deploy-surge.yml | 55 +++++++++++++++++----- .github/workflows/docs-pr-checks.yml | 58 ++++++++++++++++++++++++ .github/workflows/docs-pr.yml | 29 ------------ .github/workflows/docs-teardown.yml | 19 ++++++-- 5 files changed, 170 insertions(+), 45 deletions(-) create mode 100644 .github/workflows/docs-branch-checks.yml create mode 100644 .github/workflows/docs-pr-checks.yml delete mode 100644 .github/workflows/docs-pr.yml diff --git a/.github/workflows/docs-branch-checks.yml b/.github/workflows/docs-branch-checks.yml new file mode 100644 index 000000000..1c9acd05e --- /dev/null +++ b/.github/workflows/docs-branch-checks.yml @@ -0,0 +1,54 @@ +# This is an example of the docs-pr.yml workflow available from the recrwplay org +name: "Verify Branch" + +on: + # push: + # branches: + # - main + # - dev + # schedule: + # - cron: '00 16 * * *' + workflow_dispatch: + inputs: + html: + description: 'Generate HTML' + type: boolean + required: false + default: true + links: + description: 'Check links' + type: boolean + required: false + default: true + lint: + description: 'Lint docs' + type: boolean + required: false + default: false + +jobs: + + docs-build: + if: ${{ inputs.html || github.event_name == 'push' }} + name: Generate HTML + uses: neo4j/docs-tools/.github/workflows/reusable-docs-build.yml@dev + with: + retain-artifacts: 14 + deploy-id: 0 + + docs-verify: + name: Verify HTML + needs: docs-build + uses: neo4j/docs-tools/.github/workflows/reusable-docs-verify.yml@dev + + docs-links: + if: ${{ inputs.links || github.event_name == 'push' }} + name: Check links + needs: docs-build + uses: neo4j/docs-tools/.github/workflows/reusable-docs-links.yml@dev + + docs-lint: + if: ${{ inputs.lint || github.event_name == 'push' }} + name: Lint docs + uses: neo4j/docs-tools/.github/workflows/reusable-docs-vale.yml@dev + diff --git a/.github/workflows/docs-deploy-surge.yml b/.github/workflows/docs-deploy-surge.yml index 0eeec088d..3c99e26ee 100644 --- a/.github/workflows/docs-deploy-surge.yml +++ b/.github/workflows/docs-deploy-surge.yml @@ -1,32 +1,38 @@ # Use this starter workflow to deploy HTML generated by Antora to surge.sh # Docs are published at --.surge.sh -# By default, this workflow runs on completion of a workflow called "Verify PR" +# +# By default, this workflow runs on completion of a workflow called "Verify docs PR" +# # This workflow expects the triggering workflow to generate an artifact called "docs" - # - update the reference to "docs" and "docs.zip" in this workflow if your triggering workflow generates an artifact with a different name -name: "Deploy to surge" + +name: "Deploy docs preview" on: workflow_run: - workflows: ["Verify PR"] + workflows: ["Verify docs PR"] types: - completed jobs: publish-docs: + # Uncomment this if statement to deploy only when the PR builds cleanly # if: github.event.workflow_run.conclusion == 'success' runs-on: ubuntu-latest steps: - name: "Download built documentation" - uses: actions/github-script@v6.0.0 + uses: actions/github-script@v6.4.1 + env: + RUN_ID: ${{ github.event.workflow_run.id }} + WORKSPACE: ${{ github.workspace }} with: script: | var artifacts = await github.rest.actions.listWorkflowRunArtifacts({ owner: context.repo.owner, repo: context.repo.repo, - run_id: ${{ github.event.workflow_run.id }}, + run_id: ${{ env.RUN_ID }}, }); var matchArtifact = artifacts.data.artifacts.filter((artifact) => { return artifact.name == "docs" @@ -38,7 +44,7 @@ jobs: archive_format: 'zip', }); var fs = require('fs'); - fs.writeFileSync('${{ github.workspace }}/docs.zip', Buffer.from(download.data)); + fs.writeFileSync('${{ env.WORKSPACE }}/docs.zip', Buffer.from(download.data)); - run: unzip docs.zip @@ -47,6 +53,15 @@ jobs: deployid=$(> "$GITHUB_OUTPUT" + + - id: get-deploy-url + env: + ORG: ${{ github.event.repository.owner.login }} + REPO: ${{ github.event.repository.name }} + DEPLOYID: ${{ steps.get-deploy-id.outputs.deploy-id }} + run: | + deployurl=$ORG-$REPO-$DEPLOYID.surge.sh + echo "deploy-url=$deployurl" >> $GITHUB_OUTPUT - uses: actions/setup-node@v3 with: @@ -55,17 +70,35 @@ jobs: - name: Deploy docs to surge shell: bash env: + DEPLOY_URL: ${{ steps.get-deploy-url.outputs.deploy-url }} SURGE_TOKEN: "${{ secrets.DOCS_SURGE_TOKEN }}" run: | npm install -g surge - surge ./site ${{ github.event.repository.owner.login}}-${{ github.event.repository.name}}-${{ steps.get-deploy-id.outputs.deploy-id }}.surge.sh --token "$SURGE_TOKEN" + surge ./site $DEPLOY_URL --token "$SURGE_TOKEN" - - name: Comment on PR + # If the PR artifacts include a changelog file, add it to the PR as a comment + # The changelog contains links to new and changed files in the deployed docs + - name: Comment on PR (changelog) + if: ${{ hashFiles('changelog') != '' }} + uses: marocchino/sticky-pull-request-comment@v2 + with: + number: ${{ steps.get-deploy-id.outputs.deploy-id }} + recreate: true + header: docs-pr-changes + path: changelog + GITHUB_TOKEN: ${{ secrets.DOCS_PR_COMMENT_TOKEN }} + + # If there's no changelog, add a generic comment to the PR + - name: Comment on PR (no changelog) + if: ${{ hashFiles('changelog') == '' }} + env: + DEPLOY_URL: ${{ steps.get-deploy-url.outputs.deploy-url }} uses: marocchino/sticky-pull-request-comment@v2 with: number: ${{ steps.get-deploy-id.outputs.deploy-id }} + header: docs-pr-changes message: | - This PR includes documentation updates. + Looks like you've updated the documentation! - You can view the updated docs at https://${{ github.event.repository.owner.login}}-${{ github.event.repository.name}}-${{ steps.get-deploy-id.outputs.deploy-id }}.surge.sh + Check out your changes at https://${{ env.DEPLOY_URL }} GITHUB_TOKEN: ${{ secrets.DOCS_PR_COMMENT_TOKEN }} diff --git a/.github/workflows/docs-pr-checks.yml b/.github/workflows/docs-pr-checks.yml new file mode 100644 index 000000000..86c9be40a --- /dev/null +++ b/.github/workflows/docs-pr-checks.yml @@ -0,0 +1,58 @@ + +name: "Verify docs PR" + +on: + pull_request: + branches: + - dev + +jobs: + + # Generate HTML + docs-build-pr: + uses: neo4j/docs-tools/.github/workflows/reusable-docs-build.yml@main + with: + deploy-id: ${{ github.event.number }} + retain-artifacts: 14 + + # Parse the json log output from the HTML build, and output warnings and errors as annotations + # Optionally, fail the build if there are warnings or errors + # By default, the job fails if there are errors, passes if there are warnings only. + docs-verify-pr: + needs: docs-build-pr + uses: neo4j/docs-tools/.github/workflows/reusable-docs-verify.yml@main + with: + failOnWarnings: true + + # Get lists of changes in the PR + # - all updated asciidoc files + # - all updated asciidoc pages + # - all new asciidoc pages + docs-changes-pr: + runs-on: ubuntu-latest + outputs: + asciidoc-files: ${{ steps.get-file-changes.outputs.asciidoc_all_changed_files }} + pages-modified: ${{ steps.get-file-changes.outputs.pages_modified_files }} + pages-added: ${{ steps.get-file-changes.outputs.pages_added_files }} + steps: + - name: Get file changes + id: get-file-changes + uses: tj-actions/changed-files@v41 + with: + separator: ',' + files_yaml: | + pages: + - modules/**/pages/**/*.adoc + asciidoc: + - modules/**/*.adoc + + # Generate a PR comment if the docs are using the pageList extension + # The extension maps asciidoc source files to their HTML output paths + # The comment will contain links to new and changed pages in the deployed HTML docs + docs-updates-comment-pr: + if: needs.docs-build-pr.outputs.pages-listed == 'success' + needs: [docs-build-pr, docs-changes-pr] + uses: neo4j/docs-tools/.github/workflows/reusable-docs-pr-changes.yml@main + with: + pages-modified: ${{ needs.docs-changes-pr.outputs.pages-modified }} + pages-added: ${{ needs.docs-changes-pr.outputs.pages-added }} diff --git a/.github/workflows/docs-pr.yml b/.github/workflows/docs-pr.yml deleted file mode 100644 index 12a00c4c0..000000000 --- a/.github/workflows/docs-pr.yml +++ /dev/null @@ -1,29 +0,0 @@ -# Use this starter workflow to verify PRs that include a change to the docs -# The default setup runs against PRs targeting your default branch -# Default artifact retention is 7 days - -name: "Verify PR" - -on: - pull_request: - branches: - - "4.[0-9]" - - "5.x" - - "dev" - -jobs: - - # note that the build job requires a build-verify script in package.json - # build-verify should build html with Antora, and output a .json log file - # eg 'antora playbook.yml --log-format=json --log-file ./build/log/log.json' - docs-build-for-pr: - uses: recrwplay/actions-demo/.github/workflows/reusable-docs-build.yml@main - with: - deploy-id: ${{ github.event.number }} - retain-artifacts: 14 - - docs-verify-for-pr: - needs: docs-build-for-pr - uses: recrwplay/actions-demo/.github/workflows/reusable-docs-verify.yml@main - with: - failOnWarnings: true diff --git a/.github/workflows/docs-teardown.yml b/.github/workflows/docs-teardown.yml index 3cce651e7..002a24ef2 100644 --- a/.github/workflows/docs-teardown.yml +++ b/.github/workflows/docs-teardown.yml @@ -3,10 +3,6 @@ name: "Documentation Teardown" on: pull_request_target: - branches: - - "4.[0-9]" - - "5.x" - - "dev" types: - closed @@ -18,17 +14,30 @@ jobs: - uses: actions/setup-node@v3 with: node-version: lts/* + + - id: get-deploy-url + env: + ORG: ${{ github.event.repository.owner.login }} + REPO: ${{ github.event.repository.name }} + DEPLOYID: ${{ github.event.pull_request.number }} + run: | + deployurl=$ORG-$REPO-$DEPLOYID.surge.sh + echo "deploy-url=$deployurl" >> $GITHUB_OUTPUT + - name: Teardown documentation shell: bash env: SURGE_TOKEN: "${{ secrets.DOCS_SURGE_TOKEN }}" + DEPLOY_URL: ${{ steps.get-deploy-url.outputs.deploy-url }} run: | npm install -g surge - surge teardown ${{ github.event.repository.owner.login}}-${{ github.event.repository.name}}-${{ github.event.pull_request.number }}.surge.sh --token "$SURGE_TOKEN" + surge teardown $DEPLOY_URL --token "$SURGE_TOKEN" + - name: Comment on PR uses: marocchino/sticky-pull-request-comment@v2 with: number: ${{ github.event.pull_request.number }} + header: docs-pr-changes message: | Thanks for the documentation updates. From 17fb7be446941b85e656b57d33ff3d243a48c877 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 10 Jan 2024 11:07:15 +0000 Subject: [PATCH 513/876] Report command handles several dbs and allows for specifying which (#1323) --- .../pages/tools/neo4j-admin/neo4j-admin-report.adoc | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-report.adoc b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-report.adoc index dde547289..b53230f9d 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-report.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-report.adoc @@ -16,8 +16,8 @@ The `neo4j-admin server report` command has the following syntax: neo4j-admin server report [-h] [--expand-commands] [--list] [--verbose] [--ignore-disk-space-check[=true|false]] - [--additional-config=] [--to-path=] - [...] [COMMAND] + [--additional-config=] [--database=] + [--to-path=] [...] [COMMAND] ---- === Description @@ -26,6 +26,11 @@ The command collects information about the system and packages everything in an If you specify `all`, everything is included. You can also finetune the selection by passing classifiers to the tool, e.g `logs tx threads`. +Starting from Neo4j version 5.16, the Neo4j Admin report tool allows you to choose the databases for which you want to include database-specific information. +You can generate a report covering all databases in the DBMS, a specific database, or databases that match a specified pattern. +For example, if you run the command `neo4j-admin server report --database=ne*`, a report will be generated for all databases that start with "ne". +If not specified, the tool generates a report for all databases in the DBMS. + This tool does not send any information automatically. To share this information with the Neo4j Support organization, you have to send it manually. @@ -126,6 +131,10 @@ The `neo4j-admin server report` command has the following options: |Configuration file with additional configuration. | +|--database= +|Name of the database to report for. Can contain * and ? for globbing. Note that * and ? have special meaning in some shells and might need to be escaped or used with quotes. +|* + |--expand-commands |Allow command expansion in config value evaluation. | From 49e6ba4403111bce49604eb340107063e0242982 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 10 Jan 2024 11:15:57 +0000 Subject: [PATCH 514/876] Neo4-admin-backup-globbing (#1222) Cherry-picked from #1217. Depends on https://github.com/neo-technology/neo4j/pull/23391 Co-authored-by: David Pond --- modules/ROOT/pages/backup-restore/online-backup.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/backup-restore/online-backup.adoc b/modules/ROOT/pages/backup-restore/online-backup.adoc index 4cbc5eea6..ea28ee45d 100644 --- a/modules/ROOT/pages/backup-restore/online-backup.adoc +++ b/modules/ROOT/pages/backup-restore/online-backup.adoc @@ -88,13 +88,13 @@ neo4j-admin database backup [-h] [--expand-commands] [--verbose] | Default | -|Name of the remote database to backup. Can contain `*` and `?` for globbing (required unless `--inspect-path` is used). +|Name of the remote database to backup. Supports globbing inside of double quotes, for example, "data*". ( is required unless `--inspect-path` is used). |neo4j |=== [TIP] ==== -With a single `*` as a value, you can back up all the databases of the DBMS. +If is "*", `neo4j-admin` will attempt to back up all databases of the DBMS. ==== [[backup-command-options]] From 87511553c3ef81c2df1c711d561d8f01683c3276 Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Wed, 10 Jan 2024 13:56:00 +0100 Subject: [PATCH 515/876] Improve the page on the incremental import (#1294) Co-authored-by: Reneta Popova --- .../tools/neo4j-admin/neo4j-admin-import.adoc | 68 ++++++++++++------- 1 file changed, 43 insertions(+), 25 deletions(-) diff --git a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc index 419b23be1..2157f0dc8 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc @@ -412,10 +412,28 @@ label:enterprise-only[] Incremental import is not supported for `block` format yet. ==== -When the initial data load cannot be completed in a single full import, incremental import allows the operation to be completed as a series of smaller imports. +Incremental import allows you to incorporate large amounts of data in batches into the graph. +You can run this operation as part of the initial data load when it cannot be completed in a single full import. +Besides, you can update your graph by importing data incrementally, which is more performant than transactional insertion of such data. -Incremental import requires the use of `--force` because it must only be run on databases in precisely the expected state and as part of an initial load. -When an incremental import fails, it can leave the data corrupted. +Incremental import requires the use of `--force` and can be run on an existing database only. + +You must stop your database, if you want to perform the incremental import within one command. + +If you cannot afford a full downtime of your database, split the operation into several stages: + +* _prepare_ stage (offline) +* _build_ stage (offline or read-only) +* _merge_ stage (offline) + +The database must be stopped for the `prepare` and `merge` stages. +During the `build` stage, the database can be left online but put into read-only mode. +For a detailed example, see <>. + +[WARNING] +==== +It is highly recommended to back up your database before running the incremental import, as if the _merge_ stage fails, is aborted, or crashes, it may corrupt the database. +==== [[import-tool-incremental-syntax]] === Syntax @@ -450,6 +468,7 @@ The incremental import command can be used to add: [WARNING] ==== Note that you must have node property uniqueness constraints in place for the property key and label combinations that form the primary key, or the uniquely identifiable nodes. +Otherwise, the command will throw an error and exit. For more information, see <>. ==== * New relationships between existing or new nodes. @@ -696,30 +715,13 @@ performance, this value should not be greater than the number of available proce [[import-tool-incremental-examples]] === Examples -There are two ways of importing data incrementally: - -* If downtime is not a concern, you can run a single command with the option `--stage=all`. -This option requires the database to be stopped. -* If you cannot afford a full downtime of your database, you can run the import in three stages: +There are two ways of importing data incrementally. -** _prepare_ stage: -+ -During this stage, the import tool analyzes the CSV headers and copies the relevant data over to the new increment database path. -The import command is run with the option `--stage=prepare` and the database must be stopped. +==== Incremental import in a single command -** _build_ stage: -+ -During this stage, the import tool imports the data into the database. -This is the longest stage and you can put the database in read-only mode to allow read access. -The import command is run with the option `--stage=build`. - -** _merge_ stage: -+ -During this stage, the import tool merges the new with the existing data in the database. -It also updates the affected indexes and upholds the affected property uniqueness constraints and property existence constraints. -The import command is run with the option `--stage=merge` and the database must be stopped. +If downtime is not a concern, you can run a single command with the option `--stage=all`. +This option requires the database to be stopped. -.Incremental import in a single command ==== [source, shell, role=noplay] ---- @@ -729,9 +731,17 @@ $ bin/neo4j-admin database import incremental --stage=all --nodes=N1=../../raw-d ---- ==== -.Incremental import in stages +[[incremental-import-stages]] +==== Incremental import in stages + +If you cannot afford a full downtime of your database, you can run the import in three stages. + ==== . `prepare` stage: ++ +During this stage, the import tool analyzes the CSV headers and copies the relevant data over to the new increment database path. +The import command is run with the option `--stage=prepare` and the database must be stopped. ++ .. Stop the database with the `WAIT` option to ensure a checkpoint happens before you run the incremental import command. The database must be stopped to run `--stage=prepare`. + @@ -746,6 +756,11 @@ neo4j@system> STOP DATABASE db1 WAIT; $ bin/neo4j-admin database import incremental --stage=prepare --nodes=N1=../../raw-data/incremental-import/c.csv db1 ---- . `build` stage: ++ +During this stage, the import tool imports the data, deduplicates it, and validates it in the new increment database path. +This is the longest stage and you can put the database in read-only mode to allow read access. +The import command is run with the option `--stage=build`. ++ .. Put the database in read-only mode: + [source, shell, role=noplay] @@ -760,6 +775,9 @@ $ bin/neo4j-admin database import incremental --stage=build --nodes=N1=../../raw ---- . `merge` stage: + +During this stage, the import tool merges the new with the existing data in the database. +It also updates the affected indexes and upholds the affected property uniqueness constraints and property existence constraints. +The import command is run with the option `--stage=merge` and the database must be stopped. It is not necessary to include the `--nodes` or `--relationships` options when using `--stage=merge`. + .. Stop the database with the `WAIT` option to ensure a checkpoint happens before you run the incremental import command. From efe78e5268cdf059bed29182e3696bed36651088 Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Thu, 11 Jan 2024 09:14:05 +0100 Subject: [PATCH 516/876] Fix wrong env variables to deploy Neo4j in Docker (#1325) --- modules/ROOT/pages/docker/clustering.adoc | 4 ++-- .../tutorial/tutorial-clustering-docker.adoc | 16 ++++++++-------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/modules/ROOT/pages/docker/clustering.adoc b/modules/ROOT/pages/docker/clustering.adoc index f2bcd8b9b..31db8d0cb 100644 --- a/modules/ROOT/pages/docker/clustering.adoc +++ b/modules/ROOT/pages/docker/clustering.adoc @@ -38,8 +38,8 @@ docker run --name=server1 --detach \ --env NEO4J_server_cluster.raft.advertised_address=public-address:7000 \ --env NEO4J_server_default_advertised_address=public-address \ --env NEO4J_ACCEPT_LICENSE_AGREEMENT=yes \ - --env NEO4j_server_bolt_advertised_address=public-address:7687 \ - --env NEO4j_server_http_advertised_address=public-address:7474 \ + --env NEO4J_server_bolt_advertised__address=public-address:7687 \ + --env NEO4J_server_http_advertised__address=public-address:7474 \ neo4j:{neo4j-version-exact}-enterprise ---- diff --git a/modules/ROOT/pages/tutorial/tutorial-clustering-docker.adoc b/modules/ROOT/pages/tutorial/tutorial-clustering-docker.adoc index e8a5ad3f1..d56259192 100644 --- a/modules/ROOT/pages/tutorial/tutorial-clustering-docker.adoc +++ b/modules/ROOT/pages/tutorial/tutorial-clustering-docker.adoc @@ -297,8 +297,8 @@ docker run --name=server1 --detach --network=neo4j-cluster \ --env NEO4J_initial_server_mode__constraint=PRIMARY \ --env NEO4J_dbms_cluster_discovery_endpoints=server1:5000,server2:5000,server3:5000 \ --env NEO4J_ACCEPT_LICENSE_AGREEMENT=yes \ - --env NEO4j_server_bolt_advertised_address=localhost:7687 \ - --env NEO4j_server_http_advertised_address=localhost:7474 \ + --env NEO4J_server_bolt_advertised__address=localhost:7687 \ + --env NEO4J_server_http_advertised__address=localhost:7474 \ --env NEO4J_AUTH=neo4j/mypassword \ neo4j:{neo4j-version-exact}-enterprise @@ -308,8 +308,8 @@ docker run --name=server2 --detach --network=neo4j-cluster \ --env NEO4J_initial_server_mode__constraint=PRIMARY \ --env NEO4J_dbms_cluster_discovery_endpoints=server1:5000,server2:5000,server3:5000 \ --env NEO4J_ACCEPT_LICENSE_AGREEMENT=yes \ - --env NEO4j_server_bolt_advertised_address=localhost:8687 \ - --env NEO4j_server_http_advertised_address=localhost:8474 \ + --env NEO4J_server_bolt_advertised__address=localhost:8687 \ + --env NEO4J_server_http_advertised__address=localhost:8474 \ --env NEO4J_AUTH=neo4j/mypassword \ neo4j:{neo4j-version-exact}-enterprise @@ -319,8 +319,8 @@ docker run --name=server3 --detach --network=neo4j-cluster \ --env NEO4J_initial_server_mode__constraint=PRIMARY \ --env NEO4J_dbms_cluster_discovery_endpoints=server1:5000,server2:5000,server3:5000 \ --env NEO4J_ACCEPT_LICENSE_AGREEMENT=yes \ - --env NEO4j_server_bolt_advertised_address=localhost:9687 \ - --env NEO4j_server_http_advertised_address=localhost:9474 \ + --env NEO4J_server_bolt_advertised__address=localhost:9687 \ + --env NEO4J_server_http_advertised__address=localhost:9474 \ --env NEO4J_AUTH=neo4j/mypassword \ neo4j:{neo4j-version-exact}-enterprise ---- @@ -337,7 +337,7 @@ docker run --name=read-server4 --detach --network=neo4j-cluster \ --env NEO4J_initial_server_mode__constraint=SECONDARY \ --env NEO4J_dbms_cluster_discovery_endpoints=server1:5000,server2:5000,server3:5000 \ --env NEO4J_ACCEPT_LICENSE_AGREEMENT=yes \ - --env NEO4j_server_bolt_advertised_address=localhost:10687 \ - --env NEO4j_server_http_advertised_address=localhost:10474 \ + --env NEO4J_server_bolt_advertised__address=localhost:10687 \ + --env NEO4J_server_http_advertised__address=localhost:10474 \ neo4j:{neo4j-version-exact}-enterprise ---- From beffc700be20d884b2c969aa63c9e836e39e1432 Mon Sep 17 00:00:00 2001 From: Neil Dewhurst Date: Thu, 11 Jan 2024 14:40:37 +0000 Subject: [PATCH 517/876] Run PR checks on all publishable branches (#1327) --- .github/workflows/docs-pr-checks.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docs-pr-checks.yml b/.github/workflows/docs-pr-checks.yml index 86c9be40a..be3912498 100644 --- a/.github/workflows/docs-pr-checks.yml +++ b/.github/workflows/docs-pr-checks.yml @@ -4,7 +4,10 @@ name: "Verify docs PR" on: pull_request: branches: - - dev + - "dev" + - "5.x" + - "4.[0-9]" + - "3.5" jobs: From e86cd5f29ed24fc5caef0842a4c8a6282667f3b8 Mon Sep 17 00:00:00 2001 From: Mark Dixon <1756429+mnd999@users.noreply.github.com> Date: Wed, 17 Jan 2024 09:27:36 +0000 Subject: [PATCH 518/876] Add a note about Idp connectivity (#1329) Add a note to ensure the Neo4j server is able to connect to the identity provider, as this is required for operation. --------- Co-authored-by: Phil Wright <95368282+phil198@users.noreply.github.com> Co-authored-by: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Co-authored-by: Reneta Popova --- .../pages/authentication-authorization/sso-integration.adoc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/ROOT/pages/authentication-authorization/sso-integration.adoc b/modules/ROOT/pages/authentication-authorization/sso-integration.adoc index db0122480..6ece24eb8 100644 --- a/modules/ROOT/pages/authentication-authorization/sso-integration.adoc +++ b/modules/ROOT/pages/authentication-authorization/sso-integration.adoc @@ -152,6 +152,11 @@ dbms.security.authentication_providers=oidc-newsso,oidc-oldsso,native dbms.security.authorization_providers=oidc-newsso,oidc-oldsso,native ---- ====== +. Check connectivity. +Neo4j needs to connect to the identity provider to discover settings and fetch public keys to verify tokens. +Check firewall settings and security controls, and, if necessary, logs to ensure that the Neo4j server is able to connect to the identity provider using HTTPS. +If a proxy is required, this can be https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/net/doc-files/net-properties.html#Proxies[configured] in the Java virtual machine using the configuration setting xref:configuration/configuration-settings.adoc#config_server.jvm.additional[server.jvm.additional]. +Proxies that require credentials are not supported. [[auth-sso-map-idp-roles]] == Map the Identity Provider Groups to the Neo4j Roles From 2bfaf4dad966a5a3751fccdbf040e2c559d9fe5b Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Wed, 17 Jan 2024 10:28:19 +0100 Subject: [PATCH 519/876] Rename the section according to the TOC (#1332) Rename the section title according to the recent changes in page _Configure network connectors_. See PR #1301 --- modules/ROOT/pages/configuration/index.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/configuration/index.adoc b/modules/ROOT/pages/configuration/index.adoc index 1a9ee970f..842f30cd1 100644 --- a/modules/ROOT/pages/configuration/index.adoc +++ b/modules/ROOT/pages/configuration/index.adoc @@ -8,7 +8,7 @@ The topics described are: * xref:configuration/file-locations.adoc[Default file locations] -- An overview of where files are stored in the different Neo4j distributions and the necessary file permissions for running Neo4j. //* <> -- A visual representation of the Neo4j network architecture. * xref:configuration/ports.adoc[Ports] -- An overview of the ports relevant to a Neo4j installation. -* xref:configuration/connectors.adoc[Configure Neo4j connectors] -- How to configure Neo4j connectors. +* xref:configuration/connectors.adoc[Configure network connectors] -- How to configure network connectors for Neo4j. * xref:configuration/set-initial-password.adoc[Set initial password] -- How to set an initial password. * xref:configuration/dynamic-settings.adoc[Update dynamic settings] -- How to configure certain Neo4j parameters while Neo4j is running. * xref:configuration/configuration-settings.adoc[Configuration settings] -- A complete reference of all configuration settings. From 63c7573bfed0fe54bd4353d75aae6a713a2a7c89 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 17 Jan 2024 10:34:10 +0000 Subject: [PATCH 520/876] Mark block format as beta (#1328) --- .../ROOT/pages/database-internals/store-formats.adoc | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/modules/ROOT/pages/database-internals/store-formats.adoc b/modules/ROOT/pages/database-internals/store-formats.adoc index 0a9eb3771..24017a82d 100644 --- a/modules/ROOT/pages/database-internals/store-formats.adoc +++ b/modules/ROOT/pages/database-internals/store-formats.adoc @@ -7,9 +7,10 @@ The available formats are: * `aligned` label:default[Default] * `standard` * `high_limit` label:enterprise-edition[] -* `block` label:enterprise-edition[]label:version-number[Neo4j 5.14] +* `block` label:enterprise-edition[] label:beta[Beta] label:version-number[Introduced in Neo4j 5.14] -Neo4j's newest store format is `block`, it has the best performance and supports the highest limits. +Neo4j's newest store format is `block`. +It has the best performance and supports the highest limits. `block` format is intended to replace all the older formats. The `block` format uses a range of different data structures and inlining techniques to achieve data locality and store related data together on disk. This allows more related data to be fetched by fewer read operations, resulting in better resource utilization. @@ -268,16 +269,11 @@ The following tables show the format and Neo4j version compatibility and the lim |=== | Name | Store format version | Introduced in | Unsupported from -| `BLOCK_V1` +| `BLOCK_V1` label:beta[Beta] | `block-block-1.1` | `5.14.0` | -| `BLOCK_V2B` (beta) -| `block-block-2b.1` -| `5.10.0` -| `5.14.0` - |=== From 59a15bba01e9dbd16e98b7d56d244bacaf65188d Mon Sep 17 00:00:00 2001 From: Balazs Lendvai <56266523+gfx54b@users.noreply.github.com> Date: Thu, 18 Jan 2024 16:17:46 +0100 Subject: [PATCH 521/876] Tag deallocated state with version (#1336) The operations manual refers to the `Deallocated` state as it was always available. Actually it is a rather new invention, so it is worth pointing out that to the reader. --- modules/ROOT/pages/clustering/servers.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/clustering/servers.adoc b/modules/ROOT/pages/clustering/servers.adoc index ef211f0ce..558ed1801 100644 --- a/modules/ROOT/pages/clustering/servers.adoc +++ b/modules/ROOT/pages/clustering/servers.adoc @@ -14,7 +14,7 @@ A server can exist in five different states within the DBMS: * Free * Enabled * Deallocating -* Deallocated +* Deallocated label:new[Introduced in 5.15] * Cordoned * Dropped @@ -85,7 +85,7 @@ When a server is no longer needed, it cannot be removed from the cluster while i The command `DEALLOCATE DATABASE[S] FROM SERVER[S] _server_[,...]` is used to transition servers to the _Deallocating_ state, reallocating all their hosted databases to other servers in the cluster. Additionally, servers which are deallocating will not have any further databases allocated to them. -=== Deallocated state +=== Deallocated state label:new[Introduced in 5.15] When a server is in the deallocated state it no longer hosts any databases any databases besides system and can be removed from the cluster. Additionally, deallocated servers cannot have any further databases allocated to them. From fe7e08fba242eb86afb43e7fdafc194ed6c63fcd Mon Sep 17 00:00:00 2001 From: Neil Dewhurst Date: Thu, 18 Jan 2024 18:06:23 +0000 Subject: [PATCH 522/876] Update called workflow lines (#1338) --- .github/workflows/docs-branch-checks.yml | 11 +++++------ .github/workflows/docs-deploy-surge.yml | 6 +++--- .github/workflows/docs-pr-checks.yml | 10 +++++----- .github/workflows/docs-teardown.yml | 8 ++++++-- 4 files changed, 19 insertions(+), 16 deletions(-) diff --git a/.github/workflows/docs-branch-checks.yml b/.github/workflows/docs-branch-checks.yml index 1c9acd05e..7763f826b 100644 --- a/.github/workflows/docs-branch-checks.yml +++ b/.github/workflows/docs-branch-checks.yml @@ -3,8 +3,7 @@ name: "Verify Branch" on: # push: - # branches: - # - main + # branches: # - dev # schedule: # - cron: '00 16 * * *' @@ -31,7 +30,7 @@ jobs: docs-build: if: ${{ inputs.html || github.event_name == 'push' }} name: Generate HTML - uses: neo4j/docs-tools/.github/workflows/reusable-docs-build.yml@dev + uses: neo4j/docs-tools/.github/workflows/reusable-docs-build.yml@v1.0.3 with: retain-artifacts: 14 deploy-id: 0 @@ -39,16 +38,16 @@ jobs: docs-verify: name: Verify HTML needs: docs-build - uses: neo4j/docs-tools/.github/workflows/reusable-docs-verify.yml@dev + uses: neo4j/docs-tools/.github/workflows/reusable-docs-verify.yml@v1.0.3 docs-links: if: ${{ inputs.links || github.event_name == 'push' }} name: Check links needs: docs-build - uses: neo4j/docs-tools/.github/workflows/reusable-docs-links.yml@dev + uses: neo4j/docs-tools/.github/workflows/reusable-docs-links.yml@v1.0.3 docs-lint: if: ${{ inputs.lint || github.event_name == 'push' }} name: Lint docs - uses: neo4j/docs-tools/.github/workflows/reusable-docs-vale.yml@dev + uses: neo4j/docs-tools/.github/workflows/reusable-docs-lint.yml@v1.0.3 diff --git a/.github/workflows/docs-deploy-surge.yml b/.github/workflows/docs-deploy-surge.yml index 3c99e26ee..7d3248b44 100644 --- a/.github/workflows/docs-deploy-surge.yml +++ b/.github/workflows/docs-deploy-surge.yml @@ -10,7 +10,7 @@ name: "Deploy docs preview" on: workflow_run: - workflows: ["Verify docs PR"] + workflows: ["Verify Docs PR"] types: - completed @@ -80,7 +80,7 @@ jobs: # The changelog contains links to new and changed files in the deployed docs - name: Comment on PR (changelog) if: ${{ hashFiles('changelog') != '' }} - uses: marocchino/sticky-pull-request-comment@v2 + uses: marocchino/sticky-pull-request-comment@efaaab3fd41a9c3de579aba759d2552635e590fd #v2.8.0 with: number: ${{ steps.get-deploy-id.outputs.deploy-id }} recreate: true @@ -93,7 +93,7 @@ jobs: if: ${{ hashFiles('changelog') == '' }} env: DEPLOY_URL: ${{ steps.get-deploy-url.outputs.deploy-url }} - uses: marocchino/sticky-pull-request-comment@v2 + uses: marocchino/sticky-pull-request-comment@efaaab3fd41a9c3de579aba759d2552635e590fd #v2.8.0 with: number: ${{ steps.get-deploy-id.outputs.deploy-id }} header: docs-pr-changes diff --git a/.github/workflows/docs-pr-checks.yml b/.github/workflows/docs-pr-checks.yml index be3912498..ec4640239 100644 --- a/.github/workflows/docs-pr-checks.yml +++ b/.github/workflows/docs-pr-checks.yml @@ -1,5 +1,5 @@ -name: "Verify docs PR" +name: "Verify Docs PR" on: pull_request: @@ -13,7 +13,7 @@ jobs: # Generate HTML docs-build-pr: - uses: neo4j/docs-tools/.github/workflows/reusable-docs-build.yml@main + uses: neo4j/docs-tools/.github/workflows/reusable-docs-build.yml@v1.0.3 with: deploy-id: ${{ github.event.number }} retain-artifacts: 14 @@ -23,7 +23,7 @@ jobs: # By default, the job fails if there are errors, passes if there are warnings only. docs-verify-pr: needs: docs-build-pr - uses: neo4j/docs-tools/.github/workflows/reusable-docs-verify.yml@main + uses: neo4j/docs-tools/.github/workflows/reusable-docs-verify.yml@v1.0.3 with: failOnWarnings: true @@ -40,7 +40,7 @@ jobs: steps: - name: Get file changes id: get-file-changes - uses: tj-actions/changed-files@v41 + uses: tj-actions/changed-files@cbda684547adc8c052d50711417fa61b428a9f88 # v41.1.2 with: separator: ',' files_yaml: | @@ -55,7 +55,7 @@ jobs: docs-updates-comment-pr: if: needs.docs-build-pr.outputs.pages-listed == 'success' needs: [docs-build-pr, docs-changes-pr] - uses: neo4j/docs-tools/.github/workflows/reusable-docs-pr-changes.yml@main + uses: neo4j/docs-tools/.github/workflows/reusable-docs-pr-changes.yml@v1.0.3 with: pages-modified: ${{ needs.docs-changes-pr.outputs.pages-modified }} pages-added: ${{ needs.docs-changes-pr.outputs.pages-added }} diff --git a/.github/workflows/docs-teardown.yml b/.github/workflows/docs-teardown.yml index 002a24ef2..9ab7f8774 100644 --- a/.github/workflows/docs-teardown.yml +++ b/.github/workflows/docs-teardown.yml @@ -3,6 +3,11 @@ name: "Documentation Teardown" on: pull_request_target: + branches: + - "dev" + - "5.x" + - "4.[0-9]" + - "3.5" types: - closed @@ -34,7 +39,7 @@ jobs: surge teardown $DEPLOY_URL --token "$SURGE_TOKEN" - name: Comment on PR - uses: marocchino/sticky-pull-request-comment@v2 + uses: marocchino/sticky-pull-request-comment@efaaab3fd41a9c3de579aba759d2552635e590fd # v2.8.0 with: number: ${{ github.event.pull_request.number }} header: docs-pr-changes @@ -43,4 +48,3 @@ jobs: The preview documentation has now been torn down - reopening this PR will republish it. GITHUB_TOKEN: ${{ secrets.DOCS_PR_COMMENT_TOKEN }} - From aef22463c21dd2a30a82b89398ff5ac440189ff5 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Fri, 19 Jan 2024 15:15:01 +0100 Subject: [PATCH 523/876] Add uninstallation steps (#1331) Co-authored-by: Reneta Popova --- .../ROOT/pages/installation/linux/debian.adoc | 12 +++++++++++ .../ROOT/pages/installation/linux/rpm.adoc | 12 +++++++++++ .../pages/installation/linux/systemd.adoc | 12 +++++++++++ .../pages/installation/linux/tarball.adoc | 20 +++++++++++++++++++ modules/ROOT/pages/installation/osx.adoc | 20 +++++++++++++++++++ modules/ROOT/pages/installation/windows.adoc | 19 ++++++++++++++++++ 6 files changed, 95 insertions(+) diff --git a/modules/ROOT/pages/installation/linux/debian.adoc b/modules/ROOT/pages/installation/linux/debian.adoc index 438b141cd..60e57e3fa 100644 --- a/modules/ROOT/pages/installation/linux/debian.adoc +++ b/modules/ROOT/pages/installation/linux/debian.adoc @@ -295,3 +295,15 @@ For more information, see xref:configuration/set-initial-password.adoc[]. ==== For more information on operating the Neo4j system service, see xref:installation/linux/systemd.adoc[Neo4j system service]. + +== Uninstall Neo4j + +Follow these steps to uninstall Neo4j: + +. (Optional) Create a xref:/backup-restore/index.adoc[backup] to avoid losing your data. +. Uninstall Neo4j: ++ +[source, shell] +--- +sudo apt remove neo4j +--- \ No newline at end of file diff --git a/modules/ROOT/pages/installation/linux/rpm.adoc b/modules/ROOT/pages/installation/linux/rpm.adoc index 885638358..1b21dc9d7 100644 --- a/modules/ROOT/pages/installation/linux/rpm.adoc +++ b/modules/ROOT/pages/installation/linux/rpm.adoc @@ -259,3 +259,15 @@ For more information, see xref:configuration/set-initial-password.adoc[]. ==== For more information on operating the Neo4j system service, see xref:installation/linux/systemd.adoc[Neo4j system service]. + +== Uninstall Neo4j + +Follow these steps to uninstall Neo4j: + +. (Optional) Create a xref:/backup-restore/index.adoc[backup] to avoid losing your data. +. Uninstall Neo4j: ++ +[source, shell] +--- +sudo yum remove neo4j +--- \ No newline at end of file diff --git a/modules/ROOT/pages/installation/linux/systemd.adoc b/modules/ROOT/pages/installation/linux/systemd.adoc index 032cdb35c..78f3edf1a 100644 --- a/modules/ROOT/pages/installation/linux/systemd.adoc +++ b/modules/ROOT/pages/installation/linux/systemd.adoc @@ -78,3 +78,15 @@ journalctl -e -u neo4j `journald` automatically rotates the log after a certain time and by default it commonly does not persist across reboots. Please see `man journald.conf` for further details. + +== Uninstall Neo4j + +Follow these steps to uninstall Neo4j: + +. (Optional) Create a xref:/backup-restore/index.adoc[backup] to avoid losing your data. +. Uninstall Neo4j: ++ +[source, shell] +--- +sudo apt remove neo4j +--- \ No newline at end of file diff --git a/modules/ROOT/pages/installation/linux/tarball.adoc b/modules/ROOT/pages/installation/linux/tarball.adoc index d83651d7c..3b5ee70a3 100644 --- a/modules/ROOT/pages/installation/linux/tarball.adoc +++ b/modules/ROOT/pages/installation/linux/tarball.adoc @@ -197,3 +197,23 @@ sudo systemctl daemon-reload ---- . Reboot your machine. + +== Uninstall Neo4j + +Follow these steps to uninstall Neo4j on Linux: + +. (Optional) Create a xref:/backup-restore/index.adoc[backup] to avoid losing your data. +. Stop all Neo4j running services: ++ +[source, shell] +--- +sudo systemctl stop neo4j +sudo systemctl disable neo4j +--- +. Delete _NEO4J_HOME_ and the file _/lib/systemd/system/neo4j.service_: ++ +[source, shell] +--- +rm /lib/systemd/system/neo4j.service +rm -rf NEO4J_HOME +--- \ No newline at end of file diff --git a/modules/ROOT/pages/installation/osx.adoc b/modules/ROOT/pages/installation/osx.adoc index 210d92f71..9ed488999 100644 --- a/modules/ROOT/pages/installation/osx.adoc +++ b/modules/ROOT/pages/installation/osx.adoc @@ -66,3 +66,23 @@ server.jvm.additional=-XX:-MaxFDLimit Without this setting, the file descriptor limit for the JVM will not be increased beyond 10240. Note, however, that this only applies to macOS. On all other operating systems, you should always leave the `MaxFDLimit` JVM setting enabled. + +== Uninstall Neo4j + +Here are the steps to uninstall Neo4j on macOS: + +. (Optional) Create a xref:/backup-restore/index.adoc[backup] to avoid losing your data. +. Stop all Neo4j running services: ++ +[source, shell] +--- +sudo systemctl stop neo4j +sudo systemctl disable neo4j +--- +. Delete _NEO4J_HOME_ and the file _/lib/systemd/system/neo4j.service_: ++ +[source, shell] +--- +rm /lib/systemd/system/neo4j.service +rm -rf NEO4J_HOME +--- \ No newline at end of file diff --git a/modules/ROOT/pages/installation/windows.adoc b/modules/ROOT/pages/installation/windows.adoc index 3393e5b2a..cae57ceb0 100644 --- a/modules/ROOT/pages/installation/windows.adoc +++ b/modules/ROOT/pages/installation/windows.adoc @@ -227,3 +227,22 @@ Invoke-Neo4jAdmin === Common PowerShell parameters The module commands support the common PowerShell parameter of `Verbose`. + +== Uninstall Neo4j + +Here are the steps to uninstall Neo4j on Windows: + +. (Optional) Create a xref:/backup-restore/index.adoc[backup] to avoid losing your data. +. Stop all Neo4j processes by using the Task Manager. +. Uninstall the Neo4j Windows service: ++ +[source, shell] +--- +bin\neo4j windows-service uninstall +--- +. Delete _NEO4J_HOME_: ++ +[source, shell] +--- +rmdir NEO4J_HOME +--- \ No newline at end of file From 221147f57916ceeed25baef6556453368625116a Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Mon, 22 Jan 2024 13:27:53 +0100 Subject: [PATCH 524/876] Bump version number to 5.17 and update copyright year to 2024 (#1352) --- antora.yml | 6 +++--- preview.yml | 2 +- publish.yml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/antora.yml b/antora.yml index b959356f1..eba1e58cb 100644 --- a/antora.yml +++ b/antora.yml @@ -7,7 +7,7 @@ nav: asciidoc: attributes: neo4j-version: '5' - neo4j-version-minor: '5.16' - neo4j-version-exact: '5.16.0' - neo4j-buildnumber: '5.16' + neo4j-version-minor: '5.17' + neo4j-version-exact: '5.17.0' + neo4j-buildnumber: '5.17' neo4j-debian-package-version: '1:5.15.0@' diff --git a/preview.yml b/preview.yml index c2eb842c6..3f2c035c1 100644 --- a/preview.yml +++ b/preview.yml @@ -51,7 +51,7 @@ asciidoc: includePDF: false nonhtmloutput: "" experimental: '' - copyright: '2023' + copyright: '2024' common-license-page-uri: https://neo4j.com/docs/license/ check-mark: icon:check[] cross-mark: icon:times[] diff --git a/publish.yml b/publish.yml index a9b9f8611..8b1a5f4fc 100644 --- a/publish.yml +++ b/publish.yml @@ -52,7 +52,7 @@ asciidoc: includePDF: false nonhtmloutput: "" experimental: '' - copyright: '2023' + copyright: '2024' common-license-page-uri: https://neo4j.com/docs/license/ check-mark: icon:check[] cross-mark: icon:times[] From 6ddaf053bec7cf658eb1d34ea0b4224f50363ca5 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Tue, 23 Jan 2024 09:18:10 +0000 Subject: [PATCH 525/876] fix mismatching configs (#1340) Co-authored-by: Stefano Ottolenghi --- .../configuration/configuration-settings.adoc | 717 ++++++++++-------- 1 file changed, 393 insertions(+), 324 deletions(-) diff --git a/modules/ROOT/pages/configuration/configuration-settings.adoc b/modules/ROOT/pages/configuration/configuration-settings.adoc index 090eac162..821ca2464 100644 --- a/modules/ROOT/pages/configuration/configuration-settings.adoc +++ b/modules/ROOT/pages/configuration/configuration-settings.adoc @@ -29,8 +29,6 @@ The checkpoint settings control the frequency of checkpoints, and the amount of //For more information, see <>. See also, <>. -[[config_db.checkpoint]] - [[config_db.checkpoint]] === `db.checkpoint` @@ -40,7 +38,7 @@ See also, <>. |Description a|Configures the general policy for when checkpoints should occur. The default policy is the 'periodic' checkpoint policy, as specified by the xref:configuration/configuration-settings.adoc#config_db.checkpoint.interval.tx[`db.checkpoint.interval.tx`] and xref:configuration/configuration-settings.adoc#config_db.checkpoint.interval.time[`db.checkpoint.interval.time`] settings. The Neo4j Enterprise Edition provides two alternative policies: The first is the 'continuous' checkpoint policy, which will ignore those settings and run the checkpoint process all the time. The second is the 'volumetric' checkpoint policy, which makes a best-effort at checkpointing often enough so that the database doesn't get too far behind on deleting old transaction logs in accordance with the `<>` setting. |Valid values -a|one of [PERIODIC, CONTINUOUS, VOLUME, VOLUMETRIC] +a|One of [PERIODIC, CONTINUOUS, VOLUME, VOLUMETRIC]. |Default value m|+++PERIODIC+++ |=== @@ -54,7 +52,7 @@ m|+++PERIODIC+++ |Description a|Configures the time interval between checkpoints. The database will not checkpoint more often than this (unless checkpointing is triggered by a different event), but might checkpoint less often than this interval, if performing a checkpoint takes longer time than the configured interval. A checkpoint is a point in the transaction logs, which recovery would start from. Longer checkpoint intervals typically mean that recovery will take longer to complete in case of a crash. On the other hand, a longer checkpoint interval can also reduce the I/O load that the database places on the system, as each checkpoint implies a flushing and forcing of all the store files. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`). |Default value m|+++15m+++ |=== @@ -68,7 +66,7 @@ m|+++15m+++ |Description a|Configures the transaction interval between checkpoints. The database will not checkpoint more often than this (unless check pointing is triggered by a different event), but might checkpoint less often than this interval, if performing a checkpoint takes longer time than the configured interval. A checkpoint is a point in the transaction logs, which recovery would start from. Longer checkpoint intervals typically mean that recovery will take longer to complete in case of a crash. On the other hand, a longer checkpoint interval can also reduce the I/O load that the database places on the system, as each checkpoint implies a flushing and forcing of all the store files. The default is '100000' for a checkpoint every 100000 transactions. |Valid values -a|an integer which is minimum `1` +a|An integer that is minimum `1`. |Default value m|+++100000+++ |=== @@ -82,7 +80,7 @@ m|+++100000+++ |Description a|Configures the volume of transaction logs between checkpoints. The database will not checkpoint more often than this (unless check pointing is triggered by a different event), but might checkpoint less often than this interval, if performing a checkpoint takes longer time than the configured interval. A checkpoint is a point in the transaction logs, which recovery would start from. Longer checkpoint intervals typically mean that recovery will take longer to complete in case of a crash. On the other hand, a longer checkpoint interval can also reduce the I/O load that the database places on the system, as each checkpoint implies a flushing and forcing of all the store files. |Valid values -a|a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `1.00KiB` +a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) that is minimum `1.00KiB`. |Default value m|+++250.00MiB+++ |=== @@ -98,7 +96,7 @@ label:dynamic[Dynamic] |Description a|Limit the number of IOs the background checkpoint process will consume per second. This setting is advisory, is ignored in Neo4j Community Edition, and is followed to best effort in Enterprise Edition. An IO is in this case a 8 KiB (mostly sequential) write. Limiting the write IO in this way will leave more bandwidth in the IO subsystem to service random-read IOs, which is important for the response time of queries when the database cannot fit entirely in memory. The only drawback of this setting is that longer checkpoint times may lead to slightly longer recovery times in case of a database or system crash. A lower number means lower IO pressure, and consequently longer checkpoint times. Set this to -1 to disable the IOPS limit and remove the limitation entirely; this will let the checkpointer flush data as fast as the hardware will go. Removing the setting, or commenting it out, will set the default value of 600. |Valid values -a|an integer +a|An integer. |Default value m|+++600+++ |=== @@ -120,7 +118,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Interval of pulling updates from primaries. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`). |Default value m|+++1s+++ |=== @@ -136,7 +134,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|The maximum number of bytes in the apply buffer. This parameter limits the amount of memory that can be consumed by the apply buffer. If the bytes limit is reached, buffer size will be limited even if max_entries is not exceeded. |Valid values -a|a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) +a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`). |Default value m|+++1.00GiB+++ |=== @@ -152,7 +150,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|The maximum number of entries in the raft log entry prefetch buffer. |Valid values -a|an integer +a|An integer. |Default value m|+++1024+++ |=== @@ -168,7 +166,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Largest batch processed by RAFT in bytes. |Valid values -a|a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) +a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`). |Default value m|+++8.00MiB+++ |=== @@ -184,7 +182,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Maximum number of bytes in the RAFT in-queue. |Valid values -a|a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) +a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`). |Default value m|+++2.00GiB+++ |=== @@ -192,7 +190,7 @@ m|+++2.00GiB+++ [[config_db.cluster.raft.leader_transfer.priority_group]] === `db.cluster.raft.leader_transfer.priority_group` -label:enterprise-edition[Enterprise Edition] +label:enterprise-edition[Enterprise Edition] label:deprecated[Deprecated in 5.4] .db.cluster.raft.leader_transfer.priority_group [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -200,7 +198,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|The name of a server_group whose members should be prioritized as leaders. This does not guarantee that members of this group will be leader at all times, but the cluster will attempt to transfer leadership to such a member when possible. If a database is specified using `db.cluster.raft.leader_transfer.priority_group`. the specified priority group will apply to that database only. If no database is specified that group will be the default and apply to all databases which have no priority group explicitly set. Using this setting will disable leadership balancing. |Valid values -a|a string identifying a Server Tag +a|A string identifying a server tag. |Default value m|++++++ |=== @@ -216,7 +214,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|The name of a server tag whose members should be prioritized as leaders. This does not guarantee that members with this group will be leader at all times, but the cluster will attempt to transfer leadership to such a member when possible. If a database is specified using `db.cluster.raft.leader_transfer.priority_tag`. the specified priority tag will apply to that database only. If no database is specified that tag will be the default and apply to all databases which have no priority tag explicitly set. Using this setting will disable leadership balancing. |Valid values -a|a string identifying a server tag +a|A string identifying a server tag. |Default value m|++++++ |=== @@ -232,7 +230,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|RAFT log pruning strategy that determines which logs are to be pruned. Neo4j only prunes log entries up to the last applied index, which guarantees that logs are only marked for pruning once the transactions within are safely copied over to the local transaction logs and safely committed by a majority of cluster members. Possible values are a byte size or a number of transactions (e.g., 200K txs). |Valid values -a|a string +a|A string. |Default value m|+++1g size+++ |=== @@ -248,7 +246,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|The maximum number of bytes in the in-flight cache. This parameter limits the amount of memory that can be consumed by cache. If the bytes limit is reached, cache size will be limited even if max_entries is not exceeded. |Valid values -a|a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) +a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`). |Default value m|+++1.00GiB+++ |=== @@ -264,7 +262,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|The maximum number of entries in the in-flight cache. Increasing size will require more memory but might improve performance in high load situations. |Valid values -a|an integer +a|An integer. |Default value m|+++1024+++ |=== @@ -280,7 +278,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|The catch up protocol times out if the given duration elapses with no network activity. Every message received by the client from the server extends the time out duration. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`). |Default value m|+++10m+++ |=== @@ -297,7 +295,7 @@ label:enterprise-edition[Enterprise Edition] a|A comma-separated list of endpoints which a server should contact in order to discover other cluster members. Typically, all members of the cluster, including the current server, should be specified in this list. |Valid values -a|a ',' separated list with elements of type 'a socket address in the format 'hostname:port', 'hostname' or ':port''. +a|A comma-separated list where each element is a socket address in the format of `hostname:port`, `hostname`, or `:port`. |Default value m| |=== @@ -313,7 +311,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|The level of middleware logging. |Valid values -a|one of [DEBUG, INFO, WARN, ERROR, NONE] +a|One of [DEBUG, INFO, WARN, ERROR, NONE]. |Default value m|+++WARN+++ |=== @@ -329,11 +327,30 @@ label:enterprise-edition[Enterprise Edition] |Description a|Configure the discovery resolver type used for cluster member resolution. |Valid values -a|one of [DNS, LIST, SRV, K8S] which may require different settings depending on the discovery type: `DNS requires [dbms.cluster.discovery.endpoints], LIST requires [], SRV requires [dbms.cluster.discovery.endpoints], K8S requires [dbms.kubernetes.label_selector, dbms.kubernetes.service_port_name]` +a|A string. |Default value m|+++LIST+++ |=== + +[[conifg_]] +=== `dbms.cluster.discovery.type` + +label:enterprise-edition[Enterprise Edition] label:deprecated[Deprecated in 5.7] + +.dbms.cluster.discovery.type +[frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] +|=== +|Description +a|This setting has been replaced by 'dbms.cluster.discovery.resolver_type' +|Valid values +a|One of [DNS, LIST, SRV, K8S]. +|Default value +m|+++LIST+++ +|=== + +[[config_dbms.cluster.discovery.verification_timeout]] + [[config_dbms.cluster.minimum_initial_system_primaries_count]] === `dbms.cluster.minimum_initial_system_primaries_count` @@ -345,7 +362,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Minimum number of machines initially required to form a clustered DBMS. The cluster is considered formed when at least this many members have discovered each other, bound together and bootstrapped a highly available system database. As a result, at least this many of the cluster's initial machines must have `<>` set to 'PRIMARY'.NOTE: If `<>` is set to 'LIST' and `<>` is empty then the user is assumed to be deploying a standalone DBMS, and the value of this setting is ignored. |Valid values -a|an integer which is minimum `2` +a|An integer that is minimum `2`. |Default value m|+++3+++ |=== @@ -361,7 +378,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Time out for protocol negotiation handshake. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`). |Default value m|+++20s+++ |=== @@ -377,7 +394,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Maximum chunk size allowable across network by clustering machinery. |Valid values -a|an integer which is in the range `4096` to `10485760` +a|An integer that is in the range `4096` to `10485760`. |Default value m|+++32768+++ |=== @@ -393,7 +410,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Network compression algorithms that this instance will allow in negotiation as a comma-separated list. Listed in descending order of preference for incoming connections. An empty list implies no compression. For outgoing connections this merely specifies the allowed set of algorithms and the preference of the remote peer will be used for making the decision. Allowable values: [Gzip, Snappy, Snappy_validating, LZ4, LZ4_high_compression, LZ_validating, LZ4_high_compression_validating] |Valid values -a|a ',' separated list with elements of type 'a string'. +a|A comma-separated list where each element is a string. |Default value m|++++++ |=== @@ -409,9 +426,9 @@ label:enterprise-edition[Enterprise Edition] |Description a|The time allowed for a database on a Neo4j server to either join a cluster or form a new cluster with the other Neo4j Servers provided by `<>`. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`). |Default value -m|+++24h+++ +m|+++1d+++ |=== [[config_dbms.cluster.raft.client.max_channels]] @@ -425,7 +442,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|The maximum number of TCP channels between two nodes to operate the raft protocol. Each database gets allocated one channel, but a single channel can be used by more than one database. |Valid values -a|an integer +a|An integer. |Default value m|+++8+++ |=== @@ -441,7 +458,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|The rate at which leader elections happen. Note that due to election conflicts it might take several attempts to find a leader. The window should be significantly larger than typical communication delays to make conflicts unlikely. |Valid values -a|a duration-range (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +a|A duration-range (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`). |Default value m|+++3s-6s+++ |=== @@ -457,7 +474,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|The time window within which the loss of the leader is detected and the first re-election attempt is held. The window should be significantly larger than typical communication delays to make conflicts unlikely. |Valid values -a|a duration-range (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +a|A duration-range (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`). |Default value m|+++20s-23s+++ |=== @@ -473,7 +490,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Which strategy to use when transferring database leaderships around a cluster. This can be one of `equal_balancing` or `no_balancing`. `equal_balancing` automatically ensures that each Core server holds the leader role for an equal number of databases.`no_balancing` prevents any automatic balancing of the leader role. Note that if a `leadership_priority_group` is specified for a given database, the value of this setting will be ignored for that database. |Valid values -a|one of [NO_BALANCING, EQUAL_BALANCING] +a|One of [NO_BALANCING, EQUAL_BALANCING]. |Default value m|+++EQUAL_BALANCING+++ |=== @@ -489,7 +506,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|RAFT log pruning frequency. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`). |Default value m|+++10m+++ |=== @@ -505,7 +522,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|RAFT log reader pool size. |Valid values -a|an integer +a|An integer. |Default value m|+++8+++ |=== @@ -521,7 +538,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|RAFT log rotation size. |Valid values -a|a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `1.00KiB` +a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) that is minimum `1.00KiB`. |Default value m|+++250.00MiB+++ |=== @@ -537,7 +554,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Maximum amount of lag accepted for a new follower to join the Raft group. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`). |Default value m|+++10s+++ |=== @@ -553,7 +570,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Time out for a new member to catch up. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`). |Default value m|+++10m+++ |=== @@ -569,7 +586,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Maximum retry time per request during store copy. Regular store files and indexes are downloaded in separate requests during store copy. This configures the maximum time failed requests are allowed to resend. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`). |Default value m|+++20m+++ |=== @@ -585,7 +602,7 @@ label:enterprise-edition[Enterprise Edition] label:new[Introduced in 5.10] |Description a|Automatically enable free servers. |Valid values -a|a boolean +a|A boolean. |Default value m|+++false+++ |=== @@ -601,7 +618,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Name of the initial database allocator. After the creation of the dbms it can be set with the 'dbms.setDatabaseAllocator' procedure. |Valid values -a|a string +a|A string. |Default value m|+++EQUAL_NUMBERS+++ |=== @@ -617,8 +634,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Initial default number of primary instances of user databases. If the user does not specify the number of primaries in 'CREATE DATABASE', this value will be used, unless it is overwritten with the 'dbms.setDefaultAllocationNumbers' procedure. |Valid values -a|an integer which is minimum `1` and is maximum `11`. -The same value applies to runtime max number. +a|An integer that is minimum `1` and is maximum `11`. |Default value m|+++1+++ |=== @@ -634,8 +650,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Initial default number of secondary instances of user databases. If the user does not specify the number of secondaries in 'CREATE DATABASE', this value will be used, unless it is overwritten with the 'dbms.setDefaultAllocationNumbers' procedure. |Valid values -a|an integer which is minimum `0` and is maximum `20`. -The same value applies to runtime max number. +a|An integer that is minimum `0` and is maximum `20`. |Default value m|+++0+++ |=== @@ -651,7 +666,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|The names of databases that are allowed on this server - all others are denied. Empty means all are allowed. Can be overridden when enabling the server, or altered at runtime, without changing this setting. Exclusive with 'server.initial_denied_databases' |Valid values -a|a ',' separated set with elements of type 'a string'. +a|A comma-separated set where each element is a string. |Default value m|++++++ |=== @@ -667,7 +682,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|The names of databases that are not allowed on this server. Empty means nothing is denied. Can be overridden when enabling the server, or altered at runtime, without changing this setting. Exclusive with 'server.initial_allowed_databases' |Valid values -a|a ',' separated set with elements of type 'a string'. +a|A comma-separated set where each element is a string. |Default value m|++++++ |=== @@ -683,7 +698,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|An instance can restrict itself to allow databases to be hosted only as primaries or secondaries. This setting is the default input for the `ENABLE SERVER` command - the user can overwrite it when executing the procedure. |Valid values -a|one of [PRIMARY, SECONDARY, NONE] +a|One of [PRIMARY, SECONDARY, NONE]. |Default value m|+++NONE+++ |=== @@ -699,7 +714,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|A list of tag names for the server used by database allocation and when configuring load balancing and replication policies. |Valid values -a|a ',' separated list with elements of type 'a string identifying a Server Tag'. +a|A comma-separated list where each element is a string identifying a server tag, which contains no duplicate items. |Default value m|++++++ |=== @@ -715,7 +730,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Advertised hostname/IP address and port for the transaction shipping server. |Valid values -a|a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address +a|A socket address in the format of `hostname:port`, `hostname`, or `:port` that is an accessible address. If missing, it is acquired from server.default_advertised_address. |Default value m|+++:6000+++ |=== @@ -723,7 +738,7 @@ m|+++:6000+++ [[config_server.cluster.catchup.connect_randomly_to_server_group]] === `server.cluster.catchup.connect_randomly_to_server_group` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] label:deprecated[Deprecated in 5.4] .server.cluster.catchup.connect_randomly_to_server_group [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -731,7 +746,7 @@ label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] |Description a|Comma separated list of groups to be used by the connect-randomly-to-server-group selection strategy. The connect-randomly-to-server-group strategy is used if the list of strategies (`<>`) includes the value `connect-randomly-to-server-group`. |Valid values -a|a ',' separated list with elements of type 'a string identifying a Server Tag'. +a|A comma-separated list where each element is a string identifying a server tag. |Default value m|++++++ |=== @@ -747,7 +762,7 @@ label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] |Description a|Comma separated list of groups to be used by the connect-randomly-to-server-with-tag selection strategy. The connect-randomly-to-server-with-tag strategy is used if the list of strategies (`<>`) includes the value `connect-randomly-to-server-with-tag`. |Valid values -a|a ',' separated list with elements of type 'a string identifying a Server Tag'. +a|A comma-separated list where each element is a string identifying a server tag. |Default value m|++++++ |=== @@ -763,7 +778,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|An ordered list in descending preference of the strategy which secondaries use to choose the upstream server from which to pull transactional updates. If none are valid or the list is empty, there is a default strategy of `typically-connect-to-random-secondary`. |Valid values -a|a ',' separated list with elements of type 'a string'. +a|A comma-separated list where each element is a string. |Default value m|++++++ |=== @@ -779,7 +794,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Configuration of a user-defined upstream selection strategy. The user-defined strategy is used if the list of strategies (`<>`) includes the value `user_defined`. |Valid values -a|a string +a|A string. |Default value m|++++++ |=== @@ -795,7 +810,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Network interface and port for the transaction shipping server to listen on. Please note that it is also possible to run the backup client against this port so always limit access to it via the firewall and configure an ssl policy. |Valid values -a|a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address +a|A socket address in the format of `hostname:port`, `hostname`, or `:port`. If missing, it is acquired from server.default_listen_address. |Default value m|+++:6000+++ |=== @@ -811,7 +826,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Use native transport if available. Epoll for Linux or Kqueue for MacOS/BSD. If this setting is set to false, or if native transport is not available, Nio transport will be used. |Valid values -a|a boolean +a|A boolean. |Default value m|+++true+++ |=== @@ -827,7 +842,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Advertised hostname/IP address and port for the RAFT server. |Valid values -a|a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address +a|A socket address in the format of `hostname:port`, `hostname`, or `:port` that is an accessible address. If missing, it is acquired from server.default_advertised_address. |Default value m|+++:7000+++ |=== @@ -843,7 +858,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Network interface and port for the RAFT server to listen on. |Valid values -a|a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address +a|A socket address in the format of `hostname:port`, `hostname`, or `:port`. If missing, it is acquired from server.default_listen_address. |Default value m|+++:7000+++ |=== @@ -859,7 +874,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Users must manually specify the mode for the system database on each instance. |Valid values -a|one of [PRIMARY, SECONDARY] +a|One of [PRIMARY, SECONDARY]. |Default value m|+++PRIMARY+++ |=== @@ -875,7 +890,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Host and port to bind the cluster member discovery management communication. |Valid values -a|a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address +a|A socket address in the format of `hostname:port`, `hostname`, or `:port`. If missing, it is acquired from server.default_listen_address. |Default value m|+++:5000+++ |=== @@ -883,7 +898,7 @@ m|+++:5000+++ [[config_server.groups]] === `server.groups` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] label:deprecated[Deprecated in 5.4] +label:enterprise-edition[Enterprise Edition] label:deprecated[Deprecated in 5.4] .server.groups [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -891,7 +906,7 @@ label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] label:deprec |Description a|A list of tag names for the server used when configuring load balancing and replication policies. |Valid values -a|a ',' separated list with elements of type 'a string identifying a Server Tag'. +a|A comma-separated list where each element is a string identifying a server tag. |Default value m|++++++ |Replaced by @@ -916,7 +931,7 @@ When configuring the HTTPS or xref:/performance/bolt-thread-pool-configuration.a |Description a|Advertised address for this connector. |Valid values -a|a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing, port or hostname, it is acquired from `server.default_advertised_address`. +a|A socket address in the format of `hostname:port`, `hostname`, or `:port` that is an accessible address. If missing, it is acquired from `server.default_advertised_address`. |Default value m|+++:7687+++ |=== @@ -930,9 +945,9 @@ m|+++:7687+++ |Description a|The maximum time to wait before sending a NOOP on connections waiting for responses from active ongoing queries.The minimum value is 1 millisecond. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) which is minimum `1ms` +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) that is minimum `1ms`. |Default value -m|1m +m|+++1m+++ |=== [[config_server.bolt.connection_keep_alive_for_requests]] @@ -944,9 +959,9 @@ m|1m |Description a|The type of messages to enable keep-alive messages for (ALL, STREAMING or OFF) |Valid values -a|one of [ALL, STREAMING, OFF] +a|One of [ALL, STREAMING, OFF]. |Default value -m|STREAMING +m|+++ALL+++ |=== [[config_server.bolt.connection_keep_alive_probes]] @@ -958,9 +973,9 @@ m|STREAMING |Description a|The total amount of probes to be missed before a connection is considered stale.The minimum for this value is 1. |Valid values -a|an integer which is minimum `1` +a|An integer that is minimum `1`. |Default value -m|2 +m|+++2+++ |=== [[config_server.bolt.connection_keep_alive_streaming_scheduling_interval]] @@ -972,9 +987,9 @@ m|2 |Description a|The interval between every scheduled keep-alive check on all connections with active queries. Zero duration turns off keep-alive service. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) which is minimum `0s` +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) that is minimum `0s`. |Default value -m|1m +m|+++1m+++ |=== [[config_server.bolt.enabled]] @@ -986,9 +1001,9 @@ m|1m |Description a|Enable the bolt connector. |Valid values -a|a boolean +a|A boolean. |Default value -m|true +m|+++true+++ |=== [[config_server.bolt.listen_address]] @@ -1000,7 +1015,7 @@ m|true |Description a|Address the connector should bind to. |Valid values -a|a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address +a|A socket address in the format of `hostname:port`, `hostname`, or `:port`. If missing, it is acquired from server.default_listen_address. |Default value m|+++:7687+++ |=== @@ -1014,11 +1029,29 @@ m|+++:7687+++ |Description a|Enable server OCSP stapling for bolt and http connectors. |Valid values -a|a boolean +a|A boolean. |Default value -m|false +m|+++false+++ +|=== + +[[config_server.bolt.telemetry.enabled]] +=== `server.bolt.telemetry.enabled` + +label:introduced[Introduced in 5.4] + +.server.bolt.telemetry.enabled +[frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] +|=== +|Description +a|Enable the collection of driver telemetry. +|Valid values +a|A boolean. +|Default value +m|+++false+++ |=== +[[config_server.bolt.thread_pool_keep_alive]] + [[config_server.bolt.thread_pool_keep_alive]] === `server.bolt.thread_pool_keep_alive` @@ -1028,7 +1061,7 @@ m|false |Description a|The maximum time an idle thread in the thread pool bound to this connector will wait for new tasks. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`). |Default value m|+++5m+++ |=== @@ -1042,7 +1075,7 @@ m|+++5m+++ |Description a|The maximum number of threads allowed in the thread pool bound to this connector. |Valid values -a|an integer +a|An integer. |Default value m|+++400+++ |=== @@ -1056,7 +1089,7 @@ m|+++400+++ |Description a|The number of threads to keep in the thread pool bound to this connector, even if they are idle. |Valid values -a|an integer +a|An integer. |Default value m|+++5+++ |=== @@ -1070,7 +1103,7 @@ m|+++5+++ |Description a|Encryption level to require this connector to use. |Valid values -a|one of [REQUIRED, OPTIONAL, DISABLED] +a|One of [REQUIRED, OPTIONAL, DISABLED]. |Default value m|+++DISABLED+++ |=== @@ -1084,7 +1117,7 @@ m|+++DISABLED+++ |Description a|Advertised address for this connector. |Valid values -a|a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address +a|A socket address in the format of `hostname:port`, `hostname`, or `:port` that is an accessible address. If missing, it is acquired from server.default_advertised_address. |Default value m|+++:7474+++ |=== @@ -1098,9 +1131,9 @@ m|+++:7474+++ |Description a|Enable the http connector. |Valid values -a|a boolean +a|A boolean. |Default value -m|true +m|+++true+++ |=== [[config_server.http.listen_address]] @@ -1112,7 +1145,7 @@ m|true |Description a|Address the connector should bind to. |Valid values -a|a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address +a|A socket address in the format of `hostname:port`, `hostname`, or `:port`. If missing, it is acquired from server.default_listen_address. |Default value m|+++:7474+++ |=== @@ -1126,7 +1159,7 @@ m|+++:7474+++ |Description a|Defines the set of modules loaded into the Neo4j web server. Options include TRANSACTIONAL_ENDPOINTS, BROWSER, UNMANAGED_EXTENSIONS and ENTERPRISE_MANAGEMENT_ENDPOINTS (if applicable). |Valid values -a|a ',' separated set with elements of type 'one of [TRANSACTIONAL_ENDPOINTS, UNMANAGED_EXTENSIONS, BROWSER, ENTERPRISE_MANAGEMENT_ENDPOINTS]'. +a|A comma-separated set where each element is one of [TRANSACTIONAL_ENDPOINTS, UNMANAGED_EXTENSIONS, BROWSER, ENTERPRISE_MANAGEMENT_ENDPOINTS]. |Default value m|+++TRANSACTIONAL_ENDPOINTS,UNMANAGED_EXTENSIONS,BROWSER,ENTERPRISE_MANAGEMENT_ENDPOINTS+++ |=== @@ -1140,7 +1173,7 @@ m|+++TRANSACTIONAL_ENDPOINTS,UNMANAGED_EXTENSIONS,BROWSER,ENTERPRISE_MANAGEMENT_ |Description a|Advertised address for this connector. |Valid values -a|a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address +a|A socket address in the format of `hostname:port`, `hostname`, or `:port` that is an accessible address. If missing, it is acquired from server.default_advertised_address. |Default value m|+++:7473+++ |=== @@ -1154,7 +1187,7 @@ m|+++:7473+++ |Description a|Enable the https connector. |Valid values -a|a boolean +a|A boolean. |Default value m|+++false+++ |=== @@ -1168,7 +1201,7 @@ m|+++false+++ |Description a|Address the connector should bind to. |Valid values -a|a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address +a|A socket address in the format of `hostname:port`, `hostname`, or `:port`. If missing, it is acquired from server.default_listen_address. |Default value m|+++:7473+++ |=== @@ -1182,7 +1215,7 @@ m|+++:7473+++ |Description a|Default hostname or IP address the server uses to advertise itself. |Valid values -a|a socket address in the format 'hostname:port', 'hostname' or ':port' which has no specified port and accessible address +a|A socket address in the format of `hostname:port`, `hostname`, or `:port` that has no specified port and is an accessible address. |Default value m|+++localhost+++ |=== @@ -1196,7 +1229,7 @@ m|+++localhost+++ |Description a|Default network interface to listen for incoming connections. To listen for connections on all interfaces, use "0.0.0.0". |Valid values -a|a socket address in the format 'hostname:port', 'hostname' or ':port' which has no specified port +a|A socket address in the format of `hostname:port`, `hostname`, or `:port` that has no specified port. |Default value m|+++localhost+++ |=== @@ -1212,7 +1245,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Advertised cluster member discovery management communication. |Valid values -a|a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address +a|A socket address in the format of `hostname:port`, `hostname`, or `:port` that is an accessible address. If missing, it is acquired from `server.default_advertised_address`. |Default value m|+++:5000+++ |=== @@ -1228,7 +1261,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|The advertised address for the intra-cluster routing connector. |Valid values -a|a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address +a|A socket address in the format of `hostname:port`, `hostname`, or `:port` that is an accessible address. If missing, it is acquired from `server.default_advertised_address`. |Default value m|+++:7688+++ |=== @@ -1242,7 +1275,7 @@ m|+++:7688+++ |Description a|The address the routing connector should bind to. |Valid values -a|a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address +a|A socket address in the format of `hostname:port`, `hostname`, or `:port`. If missing, it is acquired from server.default_listen_address. |Default value m|+++:7688+++ |=== @@ -1258,7 +1291,7 @@ label:dynamic[Dynamic] |Description a|Always use client side routing (regardless of the default router) for neo4j:// protocol connections to these domains. A comma separated list of domains. Wildcards (*) are supported. |Valid values -a|a ',' separated set with elements of type 'a string'. +a|A comma-separated set where each element is a string. |Default value m|++++++ |=== @@ -1275,7 +1308,7 @@ Default is `CLIENT`, using client-side routing, with server-side routing as a fa When set to `SERVER`, client-side routing is short-circuited, and requests will rely on server-side routing (which must be enabled for proper operation, i.e. `<>=true`). Can be overridden by `<>`. |Valid values -a|one of [SERVER, CLIENT] +a|One of [SERVER, CLIENT]. |Default value m|+++CLIENT+++ |=== @@ -1291,7 +1324,7 @@ a|Socket connection timeout. A timeout of zero is treated as an infinite timeout and will be bound by the timeout configured on the operating system level. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`). |Default value m|+++5s+++ |=== @@ -1309,7 +1342,7 @@ It is recommended to set maximum lifetime to a slightly smaller value than the o equipment (load balancer, proxy, firewall, etc. can also limit maximum connection lifetime). Zero and negative values result in lifetime not being checked. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`). |Default value m|+++1h+++ |=== @@ -1326,7 +1359,7 @@ This timeout only kicks in when all existing connections are being used and no n Error is raised when connection can't be acquired within configured time. Negative values are allowed and result in unlimited acquisition timeout. Value of 0 is allowed and results in no timeout and immediate failure when connection is unavailable. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`). |Default value m|+++1m+++ |=== @@ -1343,11 +1376,11 @@ If this option is set too low, an additional network call will be incurred when If this is set high, no longer live connections might be used which might lead to errors. Hence, this parameter tunes a balance between the likelihood of experiencing connection problems and performance Normally, this parameter should not need tuning. -Value 0 means connections will always be tested for validity. +Value 0 means connections will always be tested for validity. No connection liveliness check is done by default. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`). |Default value -m|No connection liveliness check is done by default. +m| |=== [[config_dbms.routing.driver.connection.pool.max_size]] @@ -1360,9 +1393,9 @@ m|No connection liveliness check is done by default. a|Maximum total number of connections to be managed by a connection pool. The limit is enforced for a combination of a host and user. Negative values are allowed and result in unlimited pool. Value of 0is not allowed. |Valid values -a|an integer +a|An integer. |Default value -m|Unlimited +m|+++-1+++ |=== [[config_dbms.routing.driver.logging.level]] @@ -1374,7 +1407,7 @@ m|Unlimited |Description a|Sets level for driver internal logging. |Valid values -a|one of [DEBUG, INFO, WARN, ERROR, NONE] +a|One of [DEBUG, INFO, WARN, ERROR, NONE]. |Default value m|+++INFO+++ |=== @@ -1389,7 +1422,7 @@ m|+++INFO+++ a|Enable server-side routing in clusters using an additional bolt connector. When configured, this allows requests to be forwarded from one cluster member to another, if the requests can't be satisfied by the first member (e.g. write requests received by a non-leader). |Valid values -a|a boolean +a|A boolean. |Default value m|+++true+++ |=== @@ -1405,7 +1438,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|The load balancing plugin to use. |Valid values -a|a string which specified load balancer plugin exist. +a|A string that specified load balancer plugin exist.. |Default value m|+++server_policies+++ |=== @@ -1421,7 +1454,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Vary the order of the entries in routing tables each time one is produced. This means that different clients should select a range of servers as their first contact, reducing the chance of all clients contacting the same server if alternatives are available. This makes the load across the servers more even. |Valid values -a|a boolean +a|A boolean. |Default value m|+++true+++ |=== @@ -1437,7 +1470,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Configure if the `dbms.routing.getRoutingTable()` procedure should include non-writer primaries as read endpoints or return only secondaries. Note: if there are no secondaries for the given database primaries are returned as read end points regardless the value of this setting. Defaults to true so that non-writer primaries are available for read-only queries in a typical heterogeneous setup. |Valid values -a|a boolean +a|A boolean. |Default value m|+++true+++ |=== @@ -1453,7 +1486,7 @@ label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] |Description a|Configure if the `dbms.routing.getRoutingTable()` procedure should include the writer as read endpoint or return only non-writers (non writer primaries and secondaries) Note: writer is returned as read endpoint if no other member is present all. |Valid values -a|a boolean +a|A boolean. |Default value m|+++false+++ |=== @@ -1467,7 +1500,7 @@ m|+++false+++ |Description a|How long callers should cache the response of the routing procedure `dbms.routing.getRoutingTable()` |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) which is minimum `1s` +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) that is minimum `1s`. |Default value m|+++5m+++ |=== @@ -1487,7 +1520,7 @@ For more information, see xref:/performance/statistics-execution-plans.adoc[Stat |Description a|This setting is associated with performance optimization. Set this to `true` in situations where it is preferable to have any queries using the 'shortestPath' function terminate as soon as possible with no answer, rather than potentially running for a long time attempting to find an answer (even if there is no path to be found). For most queries, the 'shortestPath' algorithm will return the correct answer very quickly. However there are some cases where it is possible that the fast bidirectional breadth-first search algorithm will find no results even if they exist. This can happen when the predicates in the `WHERE` clause applied to 'shortestPath' cannot be applied to each step of the traversal, and can only be applied to the entire path. When the query planner detects these special cases, it will plan to perform an exhaustive depth-first search if the fast algorithm finds no paths. However, the exhaustive search may be orders of magnitude slower than the fast algorithm. If it is critical that queries terminate as soon as possible, it is recommended that this option be set to `true`, which means that Neo4j will never consider using the exhaustive search for shortestPath queries. However, please note that if no paths are found, an error will be thrown at run time, which will need to be handled by the application. |Valid values -a|a boolean +a|A boolean. |Default value m|+++false+++ |=== @@ -1501,7 +1534,7 @@ m|+++false+++ |Description a|This setting is associated with performance optimization. The shortest path algorithm does not work when the start and end nodes are the same. With this setting set to `false` no path will be returned when that happens. The default value of `true` will instead throw an exception. This can happen if you perform a shortestPath search after a cartesian product that might have the same start and end nodes for some of the rows passed to shortestPath. If it is preferable to not experience this exception, and acceptable for results to be missing for those rows, then set this to `false`. If you cannot accept missing results, and really want the shortestPath between two common nodes, then re-write the query using a standard Cypher variable length pattern expression followed by ordering by path length and limiting to one result. |Valid values -a|a boolean +a|A boolean. |Default value m|+++true+++ |=== @@ -1515,7 +1548,7 @@ m|+++true+++ |Description a|Set this to specify the behavior when Cypher planner or runtime hints cannot be fulfilled. If true, then non-conformance will result in an error, otherwise only a warning is generated. |Valid values -a|a boolean +a|A boolean. |Default value m|+++false+++ |=== @@ -1529,7 +1562,7 @@ m|+++false+++ |Description a|Set this to change the behavior for Cypher create relationship when the start or end node is missing. By default this fails the query and stops execution, but by setting this flag the create operation is simply not performed and execution continues. |Valid values -a|a boolean +a|A boolean. |Default value m|+++false+++ |=== @@ -1543,7 +1576,7 @@ m|+++false+++ |Description a|The minimum time between possible Cypher query replanning events. After this time, the graph statistics will be evaluated, and if they have changed by more than the value set by <>, the query will be replanned. If the statistics have not changed sufficiently, the same interval will need to pass before the statistics will be evaluated again. Each time they are evaluated, the divergence threshold will be reduced slightly until it reaches 10% after 7h, so that even moderately changing databases will see query replanning after a sufficiently long time interval. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`). |Default value m|+++10s+++ |=== @@ -1557,7 +1590,7 @@ m|+++10s+++ |Description a|Set this to specify the default planner for the default language version. |Valid values -a|one of [DEFAULT, COST] +a|One of [DEFAULT, COST]. |Default value m|+++DEFAULT+++ |=== @@ -1573,9 +1606,9 @@ label:dynamic[Dynamic] |Description a|If set to `true` a textual representation of the plan description will be rendered on the server for all queries running with `EXPLAIN` or `PROFILE`. This allows clients such as the neo4j browser and Cypher shell to show a more detailed plan description. |Valid values -a|a boolean +a|A boolean. |Default value -m|+++false+++ +m|+++true+++ |=== [[config_dbms.cypher.statistics_divergence_threshold]] @@ -1593,7 +1626,7 @@ This means that a value of `0.75` requires the database to quadruple in size bef This interval is defined by `<>` and defaults to 10s. After this interval, the divergence threshold will slowly start to decline, reaching 10% after about 7h. This will ensure that long running databases will still get query replanning on even modest changes, while not replanning frequently unless the changes are very large. |Valid values -a|a double which is in the range `0.0` to `1.0` +a|A double that is in the range `0.0` to `1.0`. |Default value m|+++0.75+++ |=== @@ -1617,10 +1650,10 @@ If set to a negative number, the total number of logical processors available on For example, if the server has 16 available processors and you set `server.cypher.parallel.worker_limit` to `-1`, the parallel runtime will have 15 threads available. |Valid values -a| Integer +a| An integer. |Default value -m| 0 +m|+++0+++ |=== == Database settings @@ -1637,7 +1670,7 @@ They can be varied between each database but must be consistent across all confi |Description a|Allows the enabling or disabling of the file watcher service. This is an auxiliary service but should be left enabled in almost all cases. |Valid values -a|a boolean +a|A boolean. |Default value m|+++true+++ |=== @@ -1653,7 +1686,7 @@ label:dynamic[Dynamic] |Description a|Database format. This is the format that will be used for new databases. Valid values are `standard`, `aligned`, or `high_limit`.The `aligned` format is essentially the `standard` format with some minimal padding at the end of pages such that a single record will never cross a page boundary. The `high_limit` format is available for Enterprise Edition only. It is required if you have a graph that is larger than 34 billion nodes, 34 billion relationships, or 68 billion properties. |Valid values -a|a string +a|A string. |Default value m|+++aligned+++ |=== @@ -1667,7 +1700,7 @@ m|+++aligned+++ |Description a|Relationship count threshold for considering a node to be dense. |Valid values -a|an integer which is minimum `1` +a|An integer that is minimum `1`. |Default value m|+++50+++ |=== @@ -1681,7 +1714,7 @@ m|+++50+++ |Description a|Specify if Neo4j should try to preallocate store files as they grow. |Valid values -a|a boolean +a|A boolean. |Default value m|+++true+++ |=== @@ -1695,7 +1728,7 @@ m|+++true+++ |Description a|Database timezone for temporal functions. All Time and DateTime values that are created without an explicit timezone will use this configured default timezone. |Valid values -a|a string describing a timezone, either described by offset (e.g. `+02:00`) or by name (e.g. `Europe/Stockholm`) +a|A string describing a timezone, either described by offset (e.g. `+02:00`) or by name (e.g. `Europe/Stockholm`). |Default value m|+++Z+++ |=== @@ -1712,7 +1745,7 @@ label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] a|Enables or disables tracking of how much time a query spends actively executing on the CPU. Calling `SHOW TRANSACTIONS` will display the time, but not in the _query.log_. + If you want the CPU time to be logged in the _query.log_, set `db.track_query_cpu_time=true`. |Valid values -a|a boolean +a|A boolean. |Default value m|+++false+++ |=== @@ -1741,7 +1774,7 @@ Once it is created, the setting is not valid anymore. To set the default database, use the xref:/clustering/databases.adoc#cluster-default-database[`dbms.setDefaultDatabase()`] procedure instead. ==== |Valid values -a|A valid database name containing only alphabetic characters, numbers, dots and dashes with a length between 3 and 63 characters, starting with an alphabetic character but not with the name 'system' +a|A valid database name containing only alphabetic characters, numbers, dots, and dashes with a length between 3 and 63 characters, starting with an alphabetic character but not with the name system. |Default value m|+++neo4j+++ |=== @@ -1755,7 +1788,7 @@ m|+++neo4j+++ |Description a|Database timezone. Among other things, this setting influences the monitoring procedures. |Valid values -a|one of [UTC, SYSTEM] +a|One of [UTC, SYSTEM]. |Default value m|+++UTC+++ |=== @@ -1778,7 +1811,7 @@ If a seed source (URI scheme) is supported by multiple providers in the list, th If the list is set to empty, the seed from URI functionality is effectively disabled. See xref:/clustering/databases.adoc#cluster-seed-uri[Seed from URI] for more information. |Valid values -a|a `,` separated list with elements of type `a string`. +a|A comma-separated list where each element is a string. |Default value m|+++S3SeedProvider+++ |=== @@ -1794,7 +1827,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|The maximum number of databases. |Valid values -a|a long which is minimum `2` +a|A long that is minimum `2`. |Default value m|+++100+++ |=== @@ -1813,7 +1846,7 @@ The import settings control the size of the internal buffer used by `LOAD CSV` a |Description a|The size of the internal buffer in bytes used by `LOAD CSV`. If the csv file contains huge fields this value may have to be increased. |Valid values -a|a long which is minimum `1` +a|A long that is minimum `1`. |Default value m|+++2097152+++ |=== @@ -1827,7 +1860,7 @@ m|+++2097152+++ |Description a|Selects whether to conform to the standard https://tools.ietf.org/html/rfc4180 for interpreting escaped quotation characters in CSV files loaded using `LOAD CSV`. Setting this to `false` will use the standard, interpreting repeated quotes '""' as a single in-lined quote, while `true` will use the legacy convention originally supported in Neo4j 3.0 and 3.1, allowing a backslash to include quotes in-lined in fields. |Valid values -a|a boolean +a|A boolean. |Default value m|+++true+++ |=== @@ -1846,7 +1879,7 @@ For more information, see xref:/performance/index-configuration.adoc[Index confi |Description a|The name of the analyzer that the full-text indexes should use by default. |Valid values -a|a string +a|A string. |Default value m|+++standard-no-stop-words+++ |=== @@ -1860,7 +1893,7 @@ m|+++standard-no-stop-words+++ |Description a|Whether or not full-text indexes should be eventually consistent by default or not. |Valid values -a|a boolean +a|A boolean. |Default value m|+++false+++ |=== @@ -1874,7 +1907,7 @@ m|+++false+++ |Description a|The _eventually consistent_ mode of the full-text indexes works by queueing up index updates to be applied later in a background thread. This newBuilder sets an upper bound on how many index updates are allowed to be in this queue at any one point in time. When it is reached, the commit process will slow down and wait for the index update applier thread to make some more room in the queue. |Valid values -a|an integer which is in the range `1` to `50000000` +a|An integer that is in the range `1` to `50000000`. |Default value m|+++10000+++ |=== @@ -1888,7 +1921,7 @@ m|+++10000+++ |Description a|Enable or disable background index sampling. |Valid values -a|a boolean +a|A boolean. |Default value m|+++true+++ |=== @@ -1902,7 +1935,7 @@ m|+++true+++ |Description a|Index sampling chunk size limit. |Valid values -a|an integer which is in the range `1048576` to `2147483647` +a|An integer that is in the range `1048576` to `2147483647`. |Default value m|+++8388608+++ |=== @@ -1916,7 +1949,7 @@ m|+++8388608+++ |Description a|Percentage of index updates of total index size required before sampling of a given index is triggered. |Valid values -a|an integer which is minimum `0` +a|An integer that is minimum `0`. |Default value m|+++5+++ |=== @@ -1938,7 +1971,7 @@ label:new[Introduced in 5.8] label:dynamic[Dynamic] label:deprecated[Deprecated a|Log the annotation data as JSON strings instead of a Cypher map. This configuration has an effect only when the query log is in JSON format. From 5.9, if `true`, it collapses the nested JSON objects in the query logger. |Valid values -a|a boolean +a|A boolean. |Default value m|+++false+++ |Replaced by @@ -1962,7 +1995,7 @@ a|The format to use for the JSON annotation data. This only have effect when the query log is in JSON format. |Valid values -a|one of [CYPHER,JSON,FLAT_JSON] +a|One of [CYPHER, JSON, FLAT_JSON]. |Default value m|+++CYPHER+++ |=== @@ -1978,7 +2011,7 @@ label:dynamic[Dynamic] |Description a|Log query text and parameters without obfuscating passwords. This allows queries to be logged earlier before parsing starts. |Valid values -a|a boolean +a|A boolean. |Default value m|+++false+++ |=== @@ -2002,7 +2035,7 @@ Log entries are written to the query log. This feature is available in the Neo4j Enterprise Edition. |Valid values -a|one of [OFF, INFO, VERBOSE] +a|One of [OFF, INFO, VERBOSE]. |Default value m|+++VERBOSE+++ |=== @@ -2018,7 +2051,7 @@ label:dynamic[Dynamic] |Description a|Sets a maximum character length use for each parameter in the log. This only takes effect if `<> = true`. |Valid values -a|an integer +a|An integer. |Default value m|+++2147483647+++ |=== @@ -2034,7 +2067,7 @@ label:dynamic[Dynamic] |Description a|Obfuscates all literals of the query before writing to the log. Note that node labels, relationship types and map property keys are still shown. Changing the setting will not affect queries that are cached. So, if you want the switch to have an immediate effect, you must also call `CALL db.clearQueryCaches()`. |Valid values -a|a boolean +a|A boolean. |Default value m|+++false+++ |=== @@ -2050,7 +2083,7 @@ label:dynamic[Dynamic] |Description a|Log parameters for the executed queries being logged. |Valid values -a|a boolean +a|A boolean. |Default value m|+++true+++ |=== @@ -2066,7 +2099,7 @@ label:dynamic[Dynamic] |Description a|Log query plan description table, useful for debugging purposes. |Valid values -a|a boolean +a|A boolean. |Default value m|false |=== @@ -2082,7 +2115,7 @@ label:dynamic[Dynamic] |Description a|If the execution of a query takes more time than this threshold, the query is logged once completed - provided query logging is set to INFO. Defaults to 0 seconds, that is all queries are logged. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`). |Default value m|+++0s+++ |=== @@ -2102,7 +2135,7 @@ INFO: log the start and end of transactions that take longer than the configured VERBOSE: log the start and end of all transactions. Log entries are written to the query log. |Valid values -a|one of [OFF, INFO, VERBOSE] +a|One of [OFF, INFO, VERBOSE]. |Default value m|+++OFF+++ |=== @@ -2118,7 +2151,7 @@ label:dynamic[Dynamic] |Description a|If the transaction is open for more time than this threshold, the transaction is logged once completed - provided transaction logging (<>) is set to `INFO`. Defaults to 0 seconds (all transactions are logged). |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`). |Default value m|+++0s+++ |=== @@ -2132,7 +2165,7 @@ m|+++0s+++ |Description a|Enable HTTP request logging. |Valid values -a|a boolean +a|A boolean. |Default value m|+++false+++ |=== @@ -2146,7 +2179,7 @@ m|+++false+++ |Description a|Path to the logging configuration for debug, query, http and security logs. |Valid values -a|a path. If relative it is resolved from server.directories.neo4j_home +a|A path. If relative, it is resolved from server.directories.neo4j_home. |Default value m|+++conf/server-logs.xml+++ |=== @@ -2160,7 +2193,7 @@ m|+++conf/server-logs.xml+++ |Description a|Enable the debug log. |Valid values -a|a boolean +a|A boolean. |Default value m|+++true+++ |=== @@ -2174,7 +2207,7 @@ m|+++true+++ |Description a|Enable GC Logging. |Valid values -a|a boolean +a|A boolean. |Default value m|+++false+++ |=== @@ -2188,7 +2221,7 @@ m|+++false+++ |Description a|GC Logging Options. |Valid values -a|a string +a|A string. |Default value m|+++-Xlog:gc*,safepoint,age*=trace+++ |=== @@ -2202,7 +2235,7 @@ m|+++-Xlog:gc*,safepoint,age*=trace+++ |Description a|Number of GC logs to keep. |Valid values -a|an integer +a|An integer. |Default value m|+++5+++ |=== @@ -2216,7 +2249,7 @@ m|+++5+++ |Description a|Size of each GC log that is kept. |Valid values -a|a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) +a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`). |Default value m|+++20.00MiB+++ |=== @@ -2230,7 +2263,7 @@ m|+++20.00MiB+++ |Description a|Path to the logging configuration of user logs. |Valid values -a|a path. If relative it is resolved from `server.directories.neo4j_home` +a|A path. If relative, it is resolved from `server.directories.neo4j_home`. |Default value m|+++conf/user-logs.xml+++ |=== @@ -2251,7 +2284,7 @@ For more information on how to tune these settings, see xref:/performance/memory a|Page cache can be configured to perform usage sampling of loaded pages that can be used to construct active load profile. According to that profile pages can be reloaded on the restart, replication, etc. This setting allows disabling that behavior. This feature is available in Neo4j Enterprise Edition. |Valid values -a|a boolean +a|A boolean. |Default value m|+++true+++ |=== @@ -2265,7 +2298,7 @@ m|+++true+++ |Description a|Page cache warmup can be configured to prefetch files, preferably when cache size is bigger than store size. Files to be prefetched can be filtered by 'dbms.memory.pagecache.warmup.preload.allowlist'. Enabling this disables warmup by profile. |Valid values -a|a boolean +a|A boolean. |Default value m|+++false+++ |=== @@ -2279,9 +2312,9 @@ m|+++false+++ |Description a|Page cache warmup prefetch file allowlist regex. By default matches all files. |Valid values -a|a string +a|A string. |Default value -m|+++.*+++ +m|.* |=== [[config_db.memory.pagecache.warmup.profile.interval]] @@ -2295,7 +2328,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|The profiling frequency for the page cache. Accurate profiles allow the page cache to do an active warmup after a restart, reducing the mean time to performance. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`). |Default value m|+++1m+++ |=== @@ -2311,7 +2344,7 @@ label:dynamic[Dynamic] |Description a|Limit the amount of memory that a single transaction can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm', and gigabytes with 'g'). Zero means 'largest possible value'. |Valid values -a|a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `1.00MiB` or is `0B` +a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) that is minimum `1.00MiB` or is `0B`. |Default value m|+++0B+++ |=== @@ -2327,7 +2360,7 @@ label:dynamic[Dynamic] |Description a|Limit the amount of memory that all transactions in one database can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). Zero means 'unlimited'. |Valid values -a|a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `10.00MiB` or is `0B` +a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) that is minimum `10.00MiB` or is `0B`. |Default value m|+++0B+++ |=== @@ -2335,13 +2368,15 @@ m|+++0B+++ [[config_db.tx_state.memory_allocation]] === `db.tx_state.memory_allocation` +label:deprecated[Deprecated in 5.8] + .db.tx_state.memory_allocation [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] |=== |Description a|Defines whether memory for transaction state should be allocated on- or off-heap. Note that for small transactions you can gain up to 25% write speed by setting it to `ON_HEAP`. |Valid values -a|one of [ON_HEAP, OFF_HEAP] +a|One of [ON_HEAP, OFF_HEAP]. |Default value m|+++ON_HEAP+++ |=== @@ -2357,7 +2392,7 @@ label:deprecated[Deprecated in 5.7] |Description a|The number of cached Cypher query execution plans per database. The max number of query plans that can be kept in cache is the `number of databases` * ``server.db.query_cache_size``. With 10 databases and ``server.db.query_cache_size``=1000, the caches can keep 10000 plans in total on the instance, assuming that each DB receives queries that fill up its cache. |Valid values -a|an integer which is minimum `0` +a|An integer that is minimum `0`. |Default value m|+++1000+++ |Replaced by @@ -2373,7 +2408,7 @@ a|<> * `server.memory.off_heap.block_cache_size` |Valid values -a|an integer which is minimum `16` +a|An integer that is minimum `16`. |Default value m|+++128+++ |=== @@ -2445,7 +2480,7 @@ m|+++128+++ |Description a|Defines the maximum size of an off-heap memory block that can be cached to speed up allocations. The value must be a power of 2. |Valid values -a|a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `4.00KiB` and is power of 2 +a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) that is minimum `4.00KiB` and is power of 2. |Default value m|+++512.00KiB+++ |=== @@ -2453,13 +2488,15 @@ m|+++512.00KiB+++ [[config_server.memory.off_heap.transaction_max_size]] === `server.memory.off_heap.transaction_max_size` +label:deprecated[Deprecated in 5.8] + .server.memory.off_heap.transaction_max_size [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] |=== |Description a|The maximum amount of off-heap memory that can be used to store transaction state data; it's a total amount of memory shared across all active transactions. Zero means 'unlimited'. Used when <> is set to 'OFF_HEAP'. |Valid values -a|a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `0B` +a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) that is minimum `0B`. |Default value m|+++2.00GiB+++ |=== @@ -2473,7 +2510,7 @@ m|+++2.00GiB+++ |Description a|Use direct I/O for page cache. This setting is supported only on Linux and only for a subset of record formats that use platform-aligned page size. |Valid values -a|a boolean +a|A boolean. |Default value m|+++false+++ |=== @@ -2489,7 +2526,7 @@ label:dynamic[Dynamic] |Description a|Page cache can be configured to use a temporal buffer for flushing purposes. It is used to combine, if possible, sequence of several cache pages into one bigger buffer to minimize the number of individual IOPS performed and better utilization of available I/O resources, especially when those are restricted. |Valid values -a|a boolean +a|A boolean. |Default value m|+++false+++ |=== @@ -2505,7 +2542,7 @@ label:dynamic[Dynamic] |Description a|Page cache can be configured to use a temporal buffer for flushing purposes. It is used to combine, if possible, sequence of several cache pages into one bigger buffer to minimize the number of individual IOPS performed and better utilization of available I/O resources, especially when those are restricted. Use this setting to configure individual file flush the buffer size in pages (8KiB). To be able to utilize this buffer during page cache flushing, buffered flush should be enabled. |Valid values -a|an integer which is in the range `1` to `512` +a|An integer that is in the range `1` to `512`. |Default value m|+++128+++ |=== @@ -2519,7 +2556,7 @@ m|+++128+++ |Description a|The maximum number of worker threads to use for pre-fetching data when doing sequential scans. Set to '0' to disable pre-fetching for scans. |Valid values -a|an integer which is in the range `0` to `255` +a|An integer that is in the range `0` to `255`. |Default value m|+++4+++ |=== @@ -2531,11 +2568,11 @@ m|+++4+++ [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] |=== |Description -a|The amount of memory to use for mapping the store files. If Neo4j is running on a dedicated server, then it is generally recommended to leave about 2-4 gigabytes for the operating system, give the JVM enough heap to hold all your transaction state and query context, and then leave the rest for the page cache. If no page cache memory is configured, then a heuristic setting is computed based on available system resources. +a|The amount of memory to use for mapping the store files. If Neo4j is running on a dedicated server, then it is generally recommended to leave about 2-4 gigabytes for the operating system, give the JVM enough heap to hold all your transaction state and query context, and then leave the rest for the page cache. If no page cache memory is configured, then a heuristic setting is computed based on available system resources. By default the size of page cache will be 50% och available RAM minus the max heap size.The size of the page cache will also not be larger than 70x the max heap size (due to some overhead of the page cache in the heap. |Valid values -a|a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) +a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`). |Default value -m|By default the size of page cache will be 50% och available RAM minus the max heap size.The size of the page cache will also not be larger than 70x the max heap size (due to some overhead of the page cache in the heap. +m| |=== [[config_server.memory.query_cache.sharing_enabled]] @@ -2556,7 +2593,7 @@ In essence, databases may compete for cache space, but may not observe each othe When this option is turned on, the cache space available to all databases is configured with `server.memory.query_cache.shared_cache_num_entries`. With this option turned off, the cache space available to each individual database is configured with `server.memory.query_cache.per_db_cache_num_entries`. |Valid values -a|a boolean +a|A boolean. |Default value m|+++false+++ |=== @@ -2574,7 +2611,7 @@ a|The number of cached queries for all databases. The maximum number of queries that can be kept in a cache is exactly `server.memory.query_cache.shared_cache_num_entries`. This setting is only deciding cache size when `server.memory.query_cache.sharing_enabled` is set to `true`. |Valid values -a|a integer +a|An integer that is minimum `0`. |Default value m|+++1000+++ |=== @@ -2594,7 +2631,7 @@ The maximum number of queries that can be kept in a cache is `number of database With 10 databases and `server.memory.query_cache.per_db_cache_num_entries`=1000, the cache can keep 10000 plans in total. This setting is only deciding cache size when `server.memory.query_cache.sharing_enabled` is set to `false`. |Valid values -a|a integer +a|An integer that is minimum `0`. |Default value m|+++1000+++ |=== @@ -2616,7 +2653,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Set to `true` to enable exporting metrics to CSV files. |Valid values -a|a boolean +a|A boolean. |Default value m|+++true+++ |=== @@ -2632,7 +2669,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|The reporting interval for the CSV files. That is, how often new rows with numbers are appended to the CSV files. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) which is minimum `1ms` +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) that is minimum `1ms`. |Default value m|+++30s+++ |=== @@ -2648,7 +2685,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Decides what compression to use for the csv history files. |Valid values -a|one of [NONE, ZIP, GZ] +a|One of [NONE, ZIP, GZ]. |Default value m|+++NONE+++ |=== @@ -2664,7 +2701,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Maximum number of history files for the csv files. |Valid values -a|an integer which is minimum `1` +a|An integer that is minimum `1`. |Default value m|+++7+++ |=== @@ -2680,7 +2717,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|The file size in bytes at which the csv files will auto-rotate. If set to zero then no rotation will occur. Accepts a binary suffix `k`, `m` or `g`. |Valid values -a|a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is in the range `0B` to `8388608.00TiB` +a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) that is in the range `0B` to `8388608.00TiB`. |Default value m|+++10.00MiB+++ |=== @@ -2696,7 +2733,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Enable metrics. Setting this to `false` will to turn off all metrics. |Valid values -a|a boolean +a|A boolean. |Default value m|+++true+++ |=== @@ -2712,9 +2749,9 @@ label:enterprise-edition[Enterprise Edition] |Description a|Specifies which metrics should be enabled by using a comma separated list of globbing patterns. Only the metrics matching the filter will be enabled. For example `\*check_point*,neo4j.page_cache.evictions` will enable any checkpoint metrics and the pagecache eviction metric. |Valid values -a|a ',' separated list with elements of type 'A simple globbing pattern that can use `*` and `?`.'. +a|A comma-separated list where each element is A simple globbing pattern that can use `*` and `?`.. |Default value -m|+++*bolt.connections*,*bolt.messages_received*,*bolt.messages_started*,*dbms.pool.bolt.free,*dbms.pool.bolt.total_size,*dbms.pool.bolt.total_used,*dbms.pool.bolt.used_heap,*cluster.core.is_leader,*cluster.core.last_leader_message,*cluster.core.replication_attempt,*cluster.core.replication_fail,*cluster.core.last_applied,*cluster.core.last_appended,*check_point.duration,*check_point.total_time,*cypher.replan_events,*ids_in_use*,*pool.transaction.*.total_used,*pool.transaction.*.used_heap,*pool.transaction.*.used_native,*store.size*,*transaction.active_read,*transaction.active_write,*transaction.committed*,*transaction.last_committed_tx_id,*transaction.peak_concurrent,*transaction.rollbacks*,*page_cache.hit*,*page_cache.page_faults,*page_cache.usage_ratio,*vm.file.descriptors.count,*vm.gc.time.*,*vm.heap.used,*vm.memory.buffer.direct.used,*vm.memory.pool.g1_eden_space,*vm.memory.pool.g1_old_gen,*vm.pause_time,*vm.thread*,*db.query.execution*+++ +m|`*bolt.connections*,*bolt.messages_received*,*bolt.messages_started*,*dbms.pool.bolt.free,*dbms.pool.bolt.total_size,*dbms.pool.bolt.total_used,*dbms.pool.bolt.used_heap,*cluster.raft.is_leader,*cluster.raft.last_leader_message,*cluster.raft.replication_attempt,*cluster.raft.replication_fail,*cluster.raft.last_applied,*cluster.raft.last_appended,*cluster.raft.append_index,*cluster.raft.commit_index,*cluster.raft.applied_index,*check_point.*,*cypher.replan_events,*ids_in_use*,*pool.transaction.*.total_used,*pool.transaction.*.used_heap,*pool.transaction.*.used_native,*store.size*,*transaction.active_read,*transaction.active_write,*transaction.committed*,*transaction.last_committed_tx_id,*transaction.peak_concurrent,*transaction.rollbacks*,*page_cache.hit*,*page_cache.page_faults,*page_cache.usage_ratio,*vm.file.descriptors.count,*vm.gc.time.*,*vm.heap.used,*vm.memory.buffer.direct.used,*vm.memory.pool.g1_eden_space,*vm.memory.pool.g1_old_gen,*vm.pause_time,*vm.thread*,*db.query.execution*` |=== [[config_server.metrics.graphite.enabled]] @@ -2728,7 +2765,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Set to `true` to enable exporting metrics to Graphite. |Valid values -a|a boolean +a|A boolean. |Default value m|+++false+++ |=== @@ -2744,7 +2781,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|The reporting interval for Graphite. That is, how often to send updated metrics to Graphite. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`). |Default value m|+++30s+++ |=== @@ -2760,7 +2797,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|The hostname or IP address of the Graphite server. |Valid values -a|a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address +a|A socket address in the format of `hostname:port`, `hostname`, or `:port`. If missing, it is acquired from server.default_listen_address. |Default value m|+++:2003+++ |=== @@ -2776,7 +2813,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Set to `true` to enable the JMX metrics endpoint. |Valid values -a|a boolean +a|A boolean. |Default value m|+++true+++ |=== @@ -2792,7 +2829,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|A common prefix for the reported metrics field names. |Valid values -a|a string +a|A string. |Default value m|+++neo4j+++ |=== @@ -2808,7 +2845,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Set to `true` to enable the Prometheus endpoint. |Valid values -a|a boolean +a|A boolean. |Default value m|+++false+++ |=== @@ -2824,7 +2861,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|The hostname and port to use as Prometheus endpoint. |Valid values -a|a socket address in the format `hostname:port`, `hostname`, or `:port`. If missing, port and hostname are acquired from `server.default_listen_address`. +a|A socket address in the format of `hostname:port`, `hostname`, or `:port`. If missing, it is acquired from `server.default_listen_address`. |Default value m|+++localhost:2004+++ |=== @@ -2844,7 +2881,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Configure the policy for outgoing Neo4j Browser connections. |Valid values -a|a boolean +a|A boolean. |Default value m|+++true+++ |=== @@ -2860,7 +2897,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Configure the Neo4j Browser to time out logged in users after this idle period. Setting this to 0 indicates no limit. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +a|A duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s). |Default value m|+++0s+++ |=== @@ -2874,7 +2911,7 @@ m|+++0s+++ |Description a|Commands to be run when Neo4j Browser successfully connects to this server. Separate multiple commands with semi-colon. |Valid values -a|a string +a|A string. |Default value m|++++++ |=== @@ -2888,7 +2925,7 @@ m|++++++ |Description a|Whitelist of hosts for the Neo4j Browser to be allowed to fetch content from. |Valid values -a|a string +a|A string. |Default value m|+++guides.neo4j.com,localhost+++ |=== @@ -2904,7 +2941,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Configure the Neo4j Browser to store or not store user credentials. |Valid values -a|a boolean +a|A boolean. |Default value m|+++true+++ |=== @@ -2920,7 +2957,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Configure the Neo4j Browser to store or not store user editor history. |Valid values -a|a boolean +a|A boolean. |Default value m|+++true+++ |=== @@ -2934,7 +2971,7 @@ m|+++true+++ |Description a|Configure client applications such as Browser and Bloom to send Product Analytics data. |Valid values -a|a boolean +a|A boolean. |Default value m|+++true+++ |=== @@ -2957,7 +2994,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Address for Kubernetes API. |Valid values -a|a socket address in the format `hostname:port`, `hostname` or `:port` +a|A socket address in the format of `hostname:port`, `hostname`, or `:port`. |Default value m|+++kubernetes.default.svc:443+++ |=== @@ -2973,7 +3010,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|File location of CA certificate for Kubernetes API. |Valid values -a|a path +a|A path. |Default value m|+++/var/run/secrets/kubernetes.io/serviceaccount/ca.crt+++ |=== @@ -2989,7 +3026,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Kubernetes cluster domain. |Valid values -a|a string +a|A string. |Default value m|+++cluster.local+++ |=== @@ -3005,7 +3042,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|LabelSelector for Kubernetes API. |Valid values -a|a string +a|A string. |Default value m| |=== @@ -3021,7 +3058,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|File location of namespace for Kubernetes API. |Valid values -a|a path +a|A path. |Default value m|+++/var/run/secrets/kubernetes.io/serviceaccount/namespace+++ |=== @@ -3037,7 +3074,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Service port name for discovery for Kubernetes API. |Valid values -a|a string +a|A string. |Default value m| |=== @@ -3052,7 +3089,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|File location of token for Kubernetes API. |Valid values -a|a path +a|A path. |Default value m|+++/var/run/secrets/kubernetes.io/serviceaccount/token+++ |=== @@ -3071,7 +3108,7 @@ Refer to the xref:security/index.adoc[Security] section for thorough information |Description a|Determines if Cypher will allow using file URLs when loading data using `LOAD CSV`. Setting this value to `false` will cause Neo4j to fail `LOAD CSV` clauses that load data from the file system. |Valid values -a|a boolean +a|A boolean. |Default value m|+++true+++ |=== @@ -3087,7 +3124,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|The maximum capacity for authentication and authorization caches (respectively). |Valid values -a|an integer +a|An integer. |Default value m|+++10000+++ |=== @@ -3103,7 +3140,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|The time to live (TTL) for cached authentication and authorization info when using external auth providers (LDAP or plugin). Setting the TTL to 0 will disable auth caching. Disabling caching while using the LDAP auth provider requires the use of an LDAP system account for resolving authorization information. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`). |Default value m|+++10m+++ |=== @@ -3119,7 +3156,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Enable time-based eviction of the authentication and authorization info cache for external auth providers (LDAP or plugin). Disabling this setting will make the cache live forever and only be evicted when `<>` is exceeded. |Valid values -a|a boolean +a|A boolean. |Default value m|+++true+++ |=== @@ -3133,7 +3170,7 @@ m|+++true+++ |Description a|Enable auth requirement to access Neo4j. |Valid values -a|a boolean +a|A boolean. |Default value m|true |=== @@ -3149,7 +3186,7 @@ label:version-number[Neo4j 5.3] |Description a|The minimum number of characters required in a password. |Valid values -a|an integer +a|An integer that is minimum `1`. |Default value m|+++8+++ |=== @@ -3163,7 +3200,7 @@ m|+++8+++ |Description a|The amount of time user account should be locked after a configured number of unsuccessful authentication attempts. The locked out user will not be able to log in until the lock period expires, even if correct credentials are provided. Setting this configuration option to a low value is not recommended because it might make it easier for an attacker to brute force the password. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) which is minimum `0s` +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) that is minimum `0s`. |Default value m|+++5s+++ |=== @@ -3177,7 +3214,7 @@ m|+++5s+++ |Description a|The maximum number of unsuccessful authentication attempts before imposing a user lock for the configured amount of time, as defined by `<>`.The locked out user will not be able to log in until the lock period expires, even if correct credentials are provided. Setting this configuration option to values less than 3 is not recommended because it might make it easier for an attacker to brute force the password. |Valid values -a|an integer which is minimum `0` +a|An integer that is minimum `0`. |Default value m|+++3+++ |=== @@ -3193,7 +3230,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|A list of security authentication providers containing the users and roles. This can be any of the built-in `native` or `ldap` providers, or it can be an externally provided plugin, with a custom name prefixed by `plugin-`, i.e. `plugin-`. They will be queried in the given order when login is attempted. |Valid values -a|a ',' separated list with elements of type 'a string'. +a|A comma-separated list where each element is a string. |Default value m|+++native+++ |=== @@ -3209,7 +3246,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|A list of security authorization providers containing the users and roles. This can be any of the built-in `native` or `ldap` providers, or it can be an externally provided plugin, with a custom name prefixed by `plugin-`, i.e. `plugin-`. They will be queried in the given order when login is attempted. |Valid values -a|a ',' separated list with elements of type 'a string'. +a|A comma-separated list where each element is a string. |Default value m|+++native+++ |=== @@ -3225,7 +3262,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Require authorization for access to the Causal Clustering status endpoints. |Valid values -a|a boolean +a|A boolean. |Default value m|+++true+++ |=== @@ -3239,7 +3276,7 @@ m|+++true+++ |Description a|Value of the Access-Control-Allow-Origin header sent over any HTTP or HTTPS connector. This defaults to '*', which allows broadest compatibility. Note that any URI provided here limits HTTP/HTTPS access to that URI only. |Valid values -a|a string +a|A string. |Default value m|+++*+++ |=== @@ -3253,7 +3290,7 @@ m|+++*+++ |Description a|Defines an allowlist of http paths where Neo4j authentication is not required. |Valid values -a|a ',' separated list with elements of type 'a string'. +a|A comma-separated list where each element is a string. |Default value m|+++/,/browser.*+++ |=== @@ -3267,7 +3304,7 @@ m|+++/,/browser.*+++ |Description a|Value of the HTTP Strict-Transport-Security (HSTS) response header. This header tells browsers that a webpage should only be accessed using HTTPS instead of HTTP. It is attached to every HTTPS response. Setting is not set by default so 'Strict-Transport-Security' header is not sent. Value is expected to contain directives like 'max-age', 'includeSubDomains' and 'preload'. |Valid values -a|a string +a|A string. |Default value m| |=== @@ -3283,7 +3320,7 @@ label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] |Description a|Name of the 256 length AES encryption key, which is used for the symmetric encryption. |Valid values -a|a string +a|A string. |Default value m|+++aesKey+++ |=== @@ -3299,7 +3336,7 @@ label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] |Description a|Password for accessing the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption. |Valid values -a|a secure string +a|A secure string. |Default value m| |=== @@ -3315,7 +3352,7 @@ label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] |Description a|Location of the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption of secrets held in system database. |Valid values -a|a path +a|A path. |Default value m| |=== @@ -3332,7 +3369,7 @@ label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] a|The attribute to use when looking up users. Using this setting requires `<>` to be true and thus `<>` and `<>` to be configured. |Valid values -a|a string which matches the pattern `[A-Za-z0-9-]*` (has to be a valid LDAP attribute name, only containing letters [A-Za-z], digits [0-9] and hyphens [-].) +a|A string that matches the pattern `[A-Za-z0-9-]*` (has to be a valid LDAP attribute name, only containing letters [A-Za-z], digits [0-9] and hyphens [-].). |Default value m|+++samaccountname+++ |=== @@ -3347,9 +3384,9 @@ label:enterprise-edition[Enterprise Edition] |=== |Description a|Determines if the result of authentication via the LDAP server should be cached or not. Caching is used to limit the number of LDAP requests that have to be made over the network for users that have already been authenticated successfully. A user can be authenticated against an existing cache entry (instead of via an LDAP server) as long as it is alive (see `<>`). -An important consequence of setting this to `true` is that Neo4j then needs to cache a hashed version of the credentials in order to perform credentials matching. This hashing is done using a cryptographic hash function together with a random salt. Preferably a conscious decision should be made if this method is considered acceptable by the security standards of the organization in which this Neo4j instance is deployed. +An important consequence of setting this to `true` is that Neo4j then needs to cache a hashed version of the credentials in order to perform credentials matching. This hashing is done using a cryptographic hash function together with a random salt. Preferably a conscious decision should be made if this method is considered acceptable by the security standards of the organization in that this Neo4j instance is deployed. |Valid values -a|a boolean +a|A boolean. |Default value m|+++true+++ |=== @@ -3365,7 +3402,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|LDAP authentication mechanism. This is one of `simple` or a SASL mechanism supported by JNDI, for example `DIGEST-MD5`. `simple` is basic username and password authentication and SASL is used for more advanced mechanisms. See RFC 2251 LDAPv3 documentation for more details. |Valid values -a|a string +a|A string. |Default value m|+++simple+++ |=== @@ -3382,7 +3419,7 @@ label:enterprise-edition[Enterprise Edition] a|Perform authentication by searching for an unique attribute of a user. Using this setting requires `<>` and `<>` to be configured. |Valid values -a|a boolean +a|A boolean. |Default value m|+++false+++ |=== @@ -3398,7 +3435,7 @@ label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] |Description a|LDAP user DN template. An LDAP object is referenced by its distinguished name (DN), and a user DN is an LDAP fully-qualified unique user identifier. This setting is used to generate an LDAP DN that conforms with the LDAP directory's schema from the user principal that is submitted with the authentication token when logging in. The special token {0} is a placeholder where the user principal will be substituted into the DN string. |Valid values -a|a string which Must be a string containing '{0}' to understand where to insert the runtime authentication principal. +a|A string that Must be a string containing '{0}' to understand where to insert the runtime authentication principal.. |Default value m|+++uid={0},ou=users,dc=example,dc=com+++ |=== @@ -3415,7 +3452,7 @@ label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] |Description a|The LDAP group to which a user must belong to get any access to the system.Set this to restrict access to a subset of LDAP users belonging to a particular group. If this is not set, any user to successfully authenticate via LDAP will have access to the PUBLIC role and any other roles assigned to them via <>. |Valid values -a|a string +a|A string. |Default value m|++++++ |=== @@ -3431,7 +3468,7 @@ label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] |Description a|A list of attribute names on a user object that contains groups to be used for mapping to roles when LDAP authorization is enabled. This setting is ignored when `dbms.ldap_authorization_nested_groups_enabled` is `true`. |Valid values -a|a ',' separated list with elements of type 'a string'. which Can not be empty +a|A comma-separated list where each element is a string, which Can not be empty. |Default value m|+++memberOf+++ |=== @@ -3455,7 +3492,7 @@ You could also use whitespaces and quotes around group names to make this mappin "cn=Neo4j Administrator,cn=users,dc=example,dc=com" = admin ---- |Valid values -a|a string that must be semicolon-separated list of key-value pairs or empty +a|A string that must be a semicolon-separated list of key-value pairs or empty. |Default value m|++++++ |=== @@ -3471,7 +3508,7 @@ label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] |Description a|This setting determines whether multiple LDAP search results will be processed (as is required for the lookup of nested groups). If set to `true` then instead of using attributes on the user object to determine group membership (as specified by `<>`), the `user` object will only be used to determine the user's Distinguished Name, which will subsequently be used with `<>` in order to perform a nested group search. The Distinguished Names of the resultant group search results will be used to determine roles. |Valid values -a|a boolean +a|A boolean. |Default value m|+++false+++ |=== @@ -3487,7 +3524,7 @@ label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] |Description a|The search template which will be used to find the nested groups which the user is a member of. The filter should contain the placeholder token `{0}` which will be substituted with the user's Distinguished Name (which is found for the specified user principle using `<>`). The default value specifies Active Directory's LDAP_MATCHING_RULE_IN_CHAIN (aka 1.2.840.113556.1.4.1941) implementation which will walk the ancestry of group membership for the specified user. |Valid values -a|a string +a|A string. |Default value m|+++(&(objectclass=group)(member:1.2.840.113556.1.4.1941:={0}))+++ |=== @@ -3503,7 +3540,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|An LDAP system account password to use for authorization searches when `<>` is `true`. |Valid values -a|a secure string +a|A secure string. |Default value m| |=== @@ -3519,7 +3556,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|An LDAP system account username to use for authorization searches when `<>` is `true`. Note that the `<>` will not be applied to this username, so you may have to specify a full DN. |Valid values -a|a string +a|A string. |Default value m| |=== @@ -3537,7 +3574,7 @@ a|Perform LDAP search for authorization info using a system account instead of t If this is set to `false` (default), the search for group membership will be performed directly after authentication using the LDAP context bound with the user's own account. The mapped roles will be cached for the duration of `<>`, and then expire, requiring re-authentication. To avoid frequently having to re-authenticate sessions you may want to set a relatively long auth cache expiration time together with this option. NOTE: This option will only work if the users are permitted to search for their own group membership attributes in the directory. If this is set to `true`, the search will be performed using a special system account user with read access to all the users in the directory. You need to specify the username and password using the settings `<>` and `<>` with this option. Note that this account only needs read access to the relevant parts of the LDAP directory and does not need to have access rights to Neo4j, or any other systems. |Valid values -a|a boolean +a|A boolean. |Default value m|+++false+++ |=== @@ -3553,7 +3590,7 @@ label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] |Description a|The name of the base object or named context to search for user objects when LDAP authorization is enabled. A common case is that this matches the last part of `<>`. |Valid values -a|a string that cannot be empty +a|A string that Can not be empty. |Default value m|+++ou=users,dc=example,dc=com+++ |=== @@ -3569,7 +3606,7 @@ label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] |Description a|The LDAP search filter to search for a user principal when LDAP authorization is enabled. The filter should contain the placeholder token {0} which will be substituted for the user principal. |Valid values -a|a string +a|A string. |Default value m|+++(&(objectClass=*)(uid={0}))+++ |=== @@ -3585,7 +3622,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|The timeout for establishing an LDAP connection. If a connection with the LDAP server cannot be established within the given time the attempt is aborted. A value of 0 means to use the network protocol's (i.e., TCP's) timeout value. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`). |Default value m|+++30s+++ |=== @@ -3602,7 +3639,7 @@ label:enterprise-edition[Enterprise Edition] a|URL of LDAP server to use for authentication and authorization. The format of the setting is `://:`, where hostname is the only required field. The supported values for protocol are `ldap` (default) and `ldaps`. The default port for `ldap` is 389 and for `ldaps` 636. For example: `ldaps://ldap.example.com:10389`. You may want to consider using STARTTLS (`<>`) instead of LDAPS for secure connections, in which case the correct protocol is `ldap`. |Valid values -a|a string +a|A string. |Default value m|+++localhost+++ |=== @@ -3618,7 +3655,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|The timeout for an LDAP read request (i.e. search). If the LDAP server does not respond within the given time the request will be aborted. A value of 0 means wait for a response indefinitely. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`). |Default value m|+++30s+++ |=== @@ -3638,7 +3675,7 @@ a|The LDAP referral behavior when creating a connection. This is one of `follow` * `ignore` ignores any referrals * `throw` throws an exception, which will lead to authentication failure. |Valid values -a|a string +a|A string. |Default value m|+++follow+++ |=== @@ -3654,7 +3691,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Use secure communication with the LDAP server using opportunistic TLS. First an initial insecure connection will be made with the LDAP server, and a STARTTLS command will be issued to negotiate an upgrade of the connection to TLS before initiating authentication. |Valid values -a|a boolean +a|A boolean. |Default value m|+++false+++ |=== @@ -3670,7 +3707,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Set to log successful authentication events to the security log. If this is set to `false` only failed authentication events will be logged, which could be useful if you find that the successful events spam the logs too much, and you do not require full auditing capability. |Valid values -a|a boolean +a|A boolean. |Default value m|+++true+++ |=== @@ -3686,7 +3723,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|When set to `true`, will log the groups retrieved from the ldap server. This will only take effect when the security log level is set to `DEBUG`.WARNING: It is strongly advised that this is set to `false` when running in a production environment in order to prevent logging of sensitive information. |Valid values -a|a boolean +a|A boolean. |Default value m|+++false+++ |=== @@ -3702,7 +3739,7 @@ label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] |Description a|Expected values of the Audience (aud) claim in the id token. |Valid values -a|a ',' separated list with elements of type 'a string'. which Can not be empty +a|A comma-separated list where each element is a string, which Can not be empty. |=== [[config_dbms.security.oidc.-provider-.auth_endpoint]] @@ -3730,7 +3767,7 @@ label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] |Description a|The OIDC flow to use. This is exposed to clients via the discovery endpoint. Supported values are `pkce` and `implicit` |Valid values -a|one of [PKCE, IMPLICIT] +a|One of [PKCE, IMPLICIT]. |Default value m|+++PKCE+++ |=== @@ -3770,7 +3807,7 @@ dbms.security.oidc..authorization.group_to_role_mapping=\ "Neo4j Administrator" = admin ---- |Valid values -a|a string which must be semicolon separated list of key-value pairs or empty +a|A string that must be semicolon-separated list of key-value pairs or empty |=== [[config_dbms.security.oidc.-provider-.claims.groups]] @@ -3783,10 +3820,10 @@ label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] |=== |Description a|The claim to use as the list of groups in Neo4j. These could be Neo4J roles directly, or can be mapped using dbms.security.oidc..authorization.group_to_role_mapping. -From Neo4j 5.4, the JWT claim may also contain a single group returned as a string as well as a list of groups as was previously required. +From Neo4j 5.4, the JWT claim may also contain a single group returned as A string. as well as a list of groups as was previously required. |Valid values -a|a string +a|A string. |=== [[config_dbms.security.oidc.-provider-.claims.username]] @@ -3800,7 +3837,7 @@ label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] |Description a|The claim to use as the username in Neo4j. This would typically be sub, but in some situations it may be be desirable to use something else such as email. |Valid values -a|a string +a|A string. |Default value m|+++sub+++ |=== @@ -3816,7 +3853,7 @@ label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] |Description a|Client id needed if token contains multiple Audience (aud) claims. |Valid values -a|a string +a|A string. |=== [[config_dbms.security.oidc.-provider-.config]] @@ -3852,7 +3889,7 @@ m|+++{}+++ a|When set to `true`, it logs the claims from the JWT. This will only take effect when the security log level is set to `DEBUG`. + WARNING: It is strongly advised that this is set to `false` when running in a production environment in order to prevent logging of sensitive information. Also note that the contents of the JWT claims set can change over time because they are dependent entirely upon the ID provider. |Valid values -a|a boolean +a|A boolean. |Default value m|+++false+++ |=== @@ -3869,7 +3906,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|The user-facing name of the provider as provided by the discovery endpoint to clients (Bloom, Browser etc.). |Valid values -a|a string +a|A string. |=== [[config_dbms.security.oidc.-provider-.get_groups_from_user_info]] @@ -3883,7 +3920,7 @@ label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] |Description a|When turned on, Neo4j gets the groups from the provider user info endpoint. |Valid values -a|a boolean +a|A boolean. |Default value m|+++false+++ |=== @@ -3899,7 +3936,7 @@ label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] |Description a|When turned on, Neo4j gets the username from the provider user info endpoint. |Valid values -a|a boolean +a|A boolean. |Default value m|+++false+++ |=== @@ -3915,7 +3952,7 @@ label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] |Description a|The expected value of the iss claim in the id token. If this is not supplied Neo4j will attempt to discover it from the well_known_discovery_uri. |Valid values -a|a string +a|A string. |=== [[config_dbms.security.oidc.-provider-.jwks_uri]] @@ -4022,7 +4059,7 @@ a|a URI |Description a|A list of procedures (comma separated) that are to be loaded. The list may contain both fully-qualified procedure names, and partial names with the wildcard `*`. The default (`*`) loads all procedures. If no value is specified, no procedures will be loaded. |Valid values -a|a ',' separated list with elements of type 'a string'. +a|A comma-separated list where each element is a string. |Default value m|+++*+++ |=== @@ -4036,7 +4073,7 @@ m|+++*+++ |Description a|A list of procedures and user-defined functions (comma separated) that are allowed full access to the database. The list may contain both fully-qualified procedure names, and partial names with the wildcard `*`. Note that this enables these procedures to bypass security. Use with caution. |Valid values -a|a ',' separated list with elements of type 'a string'. +a|A comma-separated list where each element is a string. |Default value m|++++++ |=== @@ -4050,7 +4087,7 @@ m|++++++ |Description a|Netty SSL provider. |Valid values -a|one of [JDK, OPENSSL, OPENSSL_REFCNT] +a|One of [JDK, OPENSSL, OPENSSL_REFCNT]. |Default value m|+++JDK+++ |=== @@ -4071,7 +4108,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Directory to hold cluster state including Raft log. |Valid values -a|a path. If relative it is resolved from server.directories.data +a|A path. If relative, it is resolved from server.directories.data. |Default value m|+++cluster-state+++ |=== @@ -4085,7 +4122,7 @@ m|+++cluster-state+++ |Description a|Path of the data directory. You must not configure more than one Neo4j installation to use the same data directory. |Valid values -a|a path. If relative it is resolved from server.directories.neo4j_home +a|A path. If relative, it is resolved from server.directories.neo4j_home. |Default value m|+++data+++ |=== @@ -4099,7 +4136,7 @@ m|+++data+++ |Description a|Root location where Neo4j will store database dumps optionally produced when dropping said databases. |Valid values -a|a path. If relative it is resolved from server.directories.data +a|A path. If relative, it is resolved from server.directories.data. |Default value m|+++dumps+++ |=== @@ -4113,7 +4150,7 @@ m|+++dumps+++ |Description a|Sets the root directory for file URLs used with the Cypher `LOAD CSV` clause. This should be set to a directory relative to the Neo4j installation path, restricting access to only those files within that directory and its subdirectories. For example the value "import" will only enable access to files within the 'import' folder. Removing this setting will disable the security feature, allowing all files in the local system to be imported. Setting this to an empty field will allow access to all files within the Neo4j installation folder. |Valid values -a|a path. If relative it is resolved from server.directories.neo4j_home +a|A path. If relative, it is resolved from server.directories.neo4j_home. |Default value m| |=== @@ -4127,7 +4164,7 @@ m| |Description a|Path of the lib directory. |Valid values -a|a path. If relative it is resolved from server.directories.neo4j_home +a|A path. If relative, it is resolved from server.directories.neo4j_home. |Default value m|+++lib+++ |=== @@ -4141,7 +4178,7 @@ m|+++lib+++ |Description a|Path of the licenses directory. |Valid values -a|a path. If relative it is resolved from server.directories.neo4j_home +a|A path. If relative, it is resolved from server.directories.neo4j_home. |Default value m|+++licenses+++ |=== @@ -4155,7 +4192,7 @@ m|+++licenses+++ |Description a|Path of the logs directory. |Valid values -a|a path. If relative it is resolved from server.directories.neo4j_home +a|A path. If relative, it is resolved from server.directories.neo4j_home. |Default value m|+++logs+++ |=== @@ -4171,7 +4208,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|The target location of the CSV files: a path to a directory wherein a CSV file per reported field will be written. |Valid values -a|a path. If relative it is resolved from server.directories.neo4j_home +a|A path. If relative, it is resolved from server.directories.neo4j_home. |Default value m|+++metrics+++ |=== @@ -4183,11 +4220,11 @@ m|+++metrics+++ [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] |=== |Description -a|Root relative to which directory settings are resolved. Calculated and set by the server on startup. +a|Root relative to which directory settings are resolved. Calculated and set by the server on startup. Defaults to the current working directory. |Valid values -a| an absolute path +a|A path that is absolute. |Default value -m|Defaults to current working directory +m| |=== [[config_server.directories.plugins]] @@ -4199,7 +4236,7 @@ m|Defaults to current working directory |Description a|Location of the database plugin directory. Compiled Java JAR files that contain database procedures will be loaded if they are placed in this directory. |Valid values -a|a path. If relative it is resolved from server.directories.neo4j_home +a|A path. If relative, it is resolved from server.directories.neo4j_home. |Default value m|+++plugins+++ |=== @@ -4213,7 +4250,7 @@ m|+++plugins+++ |Description a|Path of the run directory. This directory holds Neo4j's runtime state, such as a pidfile when it is running in the background. The pidfile is created when starting neo4j and removed when stopping it. It may be placed on an in-memory filesystem such as tmpfs. |Valid values -a|a path. If relative it is resolved from server.directories.neo4j_home +a|A path. If relative, it is resolved from server.directories.neo4j_home. |Default value m|+++run+++ |=== @@ -4227,7 +4264,7 @@ m|+++run+++ |Description a|Root location where Neo4j will store scripts for configured databases. |Valid values -a|a path. If relative it is resolved from server.directories.data +a|A path. If relative, it is resolved from server.directories.data. |Default value m|+++scripts+++ |=== @@ -4241,7 +4278,7 @@ m|+++scripts+++ |Description a|Root location where Neo4j will store transaction logs for configured databases. |Valid values -a|a path. If relative it is resolved from server.directories.data +a|A path. If relative, it is resolved from server.directories.data. |Default value m|+++transactions+++ |=== @@ -4261,11 +4298,48 @@ label:enterprise-edition[Enterprise Edition] |Description a|Enable support for running online backups. |Valid values -a|a boolean +a|A boolean. |Default value m|+++true+++ |=== +[[config_server.backup.exec_connector.command]] +=== `server.backup.exec_connector.command` + +label:enterprise-edition[Enterprise Edition] + +.server.backup.exec_connector.command +[frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] +|=== +|Description +a|Command to execute for ExecDataConnector list +|Valid values +a|A string. +|Default value +m|++++++ +|=== + +[[config_server.backup.exec_connector.command_timeout]] + +[[config_server.backup.exec_connector.scheme]] +=== `server.backup.exec_connector.scheme` + +label:enterprise-edition[Enterprise Edition] + +.server.backup.exec_connector.scheme +[frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] +|=== +|Description +a|Schemes ExecDataConnector will match on +|Valid values +a|A comma-separated list where each element is a string. +|Default value +m| +|=== + +[[config_server.backup.exec_connector.tls_ca]] + + [[config_server.backup.listen_address]] === `server.backup.listen_address` @@ -4277,7 +4351,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Network interface and port for the backup server to listen on. |Valid values -a|a socket address in the format 'hostname:port', 'hostname' or ':port' +a|A socket address in the format of `hostname:port`, `hostname`, or `:port`. |Default value m|+++127.0.0.1:6362+++ |=== @@ -4293,7 +4367,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|Maximum retry time per request during store copy. Regular store files and indexes are downloaded in separate requests during store copy. This configures the maximum time failed requests are allowed to resend. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`). |Default value m|+++20m+++ |=== @@ -4307,7 +4381,7 @@ m|+++20m+++ |Description a|A strict configuration validation will prevent the database from starting up if unknown configuration options are specified in the neo4j settings namespace (such as dbms., cypher., etc) or if settings are declared multiple times. |Valid values -a|a boolean +a|A boolean. |Default value m|+++true+++ |=== @@ -4323,7 +4397,7 @@ label:dynamic[Dynamic] |Description a|Whether or not any database on this instance is read_only by default. If false, individual databases may be marked as read_only using server.database.read_only. If true, individual databases may be marked as writable using <>. |Valid values -a|a boolean +a|A boolean. |Default value m|+++false+++ |=== @@ -4339,7 +4413,7 @@ label:dynamic[Dynamic] |Description a|List of databases for which to prevent write queries. Databases not included in this list maybe read_only anyway depending upon the value of <>. |Valid values -a|a ',' separated set with elements of type 'A valid database name containing only alphabetic characters, numbers, dots and dashes with a length between 3 and 63 characters, starting with an alphabetic character but not with the name 'system''. which Value 'system' can't be included in read-only databases collection! +a| A comma-separated set where each element is a valid database name containing only alphabetic characters, numbers, dots, and dashes with a length between 3 and 63 characters, starting with an alphabetic character but not with the name system. |Default value m|++++++ |=== @@ -4355,7 +4429,7 @@ label:dynamic[Dynamic] |Description a|List of databases for which to allow write queries. Databases not included in this list will allow write queries anyway, unless <> is set to true. |Valid values -a|a ',' separated set with elements of type 'A valid database name containing only alphabetic characters, numbers, dots and dashes with a length between 3 and 63 characters, starting with an alphabetic character but not with the name 'system''. +a|A comma-separated set where each element is a valid database name containing only alphabetic characters, numbers, dots, and dashes with a length between 3 and 63 characters, starting with an alphabetic character but not with the name system. |Default value m|++++++ |=== @@ -4371,7 +4445,7 @@ label:enterprise-edition[Enterprise Edition] |Description a|A list of setting name patterns (comma separated) that are allowed to be dynamically changed. The list may contain both full setting names, and partial names with the wildcard `*`. If this setting is left empty all dynamic settings updates will be blocked. |Valid values -a|a ',' separated list with elements of type 'a string'. +a|A comma-separated list where each element is a string. |Default value m|+++*+++ |=== @@ -4385,7 +4459,7 @@ m|+++*+++ |Description a|Additional JVM arguments. Argument order can be significant. To use a Java commercial feature, the argument to unlock commercial features must precede the argument to enable the specific feature in the config value string. |Valid values -a|one or more jvm arguments +a|One or more jvm arguments. |Default value m| |=== @@ -4402,7 +4476,7 @@ label:enterprise-edition[Enterprise Edition] label:deprecated[Deprecated in 5.6] |Description a|The maximum number of databases. |Valid values -a|a long, which is a minimum `2` +a|A long that is minimum `2`. |Default value m|+++100+++ |Replaced by @@ -4419,11 +4493,11 @@ label:enterprise-edition[Enterprise Edition] [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] |=== |Description -a|If there is a Database Management System Panic (an irrecoverable error) should the neo4j process shut down or continue running. Following a DbMS panic it is likely that a significant amount of functionality will be lost. Recovering full functionality will require a Neo4j restart. +a|If there is a Database Management System Panic (an irrecoverable error) should the neo4j process shut down or continue running. Following a DbMS panic it is likely that a significant amount of functionality will be lost. Recovering full functionality will require a Neo4j restart. Default is `false` except for Neo4j Enterprise Edition deployments running on Kubernetes where it is `true`. |Valid values -a|a boolean +a|A boolean. |Default value -m|`false` except for Neo4j Enterprise Edition deployments running on Kubernetes where it is `true`. +m|false |=== [[config_server.threads.worker_count]] @@ -4433,11 +4507,11 @@ m|`false` except for Neo4j Enterprise Edition deployments running on Kubernetes [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] |=== |Description -a|Number of Neo4j worker threads. This setting is only valid for REST and does not influence bolt-server. It sets the number of worker threads for the Jetty server used by neo4j-server. This option can be tuned when you plan to execute multiple, concurrent REST requests, to get more throughput from the database. Your OS might enforce a lower limit than the maximum value specified here. +a|Number of Neo4j worker threads. This setting is only valid for REST and does not influence bolt-server. It sets the number of worker threads for the Jetty server used by neo4j-server. This option can be tuned when you plan to execute multiple, concurrent REST requests, to get more throughput from the database. Your OS might enforce a lower limit than the maximum value specified here. Number of available processors, or 500 for machines that have more than 500 processors. |Valid values -a|an integer, which is in the range `1` to `44738` +a|An integer that is in the range `1` to `44738`. |Default value -m|Number of available processors, or 500 for machines that have more than 500 processors. +m| |=== [[config_server.unmanaged_extension_classes]] @@ -4449,7 +4523,7 @@ m|Number of available processors, or 500 for machines that have more than 500 pr |Description a|Comma-separated list of = for unmanaged extensions. |Valid values -a|a ',' separated list with elements of type '= string'. +a|A comma-separated list where each element is `=` string. |Default value m|++++++ |=== @@ -4463,7 +4537,7 @@ m|++++++ |Description a|Name of the Windows Service managing Neo4j when installed using `neo4j install-service`. Only applicable on Windows OS. Note: This must be unique for each installation. |Valid values -a|a string +a|A string. |Default value m|+++neo4j+++ |=== @@ -4484,7 +4558,7 @@ label:dynamic[Dynamic] |Description a|The maximum time interval within which lock should be acquired. Zero (default) means the timeout is disabled. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`). |Default value m|+++0s+++ |=== @@ -4498,7 +4572,7 @@ m|+++0s+++ |Description a|The maximum amount of time to wait for running transactions to complete before allowing initiated database shutdown to continue. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`). |Default value m|+++10s+++ |=== @@ -4514,7 +4588,7 @@ label:dynamic[Dynamic] |Description a|The maximum amount of time to wait for the database state represented by the bookmark. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) which is minimum `1s` +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) that is minimum `1s`. |Default value m|+++30s+++ |=== @@ -4530,7 +4604,7 @@ label:dynamic[Dynamic] |Description a|The maximum number of concurrently running transactions. If set to 0, the limit is disabled. |Valid values -a|an integer +a|An integer. |Default value m|+++1000+++ |=== @@ -4544,7 +4618,7 @@ m|+++1000+++ |Description a|Configures the time interval between transaction monitor checks. Determines how often the monitor thread will check a transaction for timeout. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`). |Default value m|+++2s+++ |=== @@ -4560,7 +4634,7 @@ label:dynamic[Dynamic] |Description a|Transaction sampling percentage. |Valid values -a|an integer which is in the range `1` to `100` +a|An integer that is in the range `1` to `100`. |Default value m|+++5+++ |=== @@ -4576,7 +4650,7 @@ label:dynamic[Dynamic] |Description a|The maximum time interval of a transaction within which it should be completed. |Valid values -a|a duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`). |Default value m|+++0s+++ |=== @@ -4592,7 +4666,7 @@ label:dynamic[Dynamic] |Description a|Transaction creation tracing level. |Valid values -a|one of [DISABLED, SAMPLE, ALL] +a|One of [DISABLED, SAMPLE, ALL]. |Default value m|+++DISABLED+++ |=== @@ -4614,7 +4688,7 @@ See also <>. |Description a|If `true`, Neo4j will abort recovery if transaction log files are missing. Setting this to `false` will allow Neo4j to create new empty missing files for the already existing database, but the integrity of the database might be compromised. |Valid values -a|db.recovery.fail_on_missing_files, a boolean +a|A boolean. |Default value m|+++true+++ |=== @@ -4627,10 +4701,11 @@ m|+++true+++ |=== |Description a|On serialization of transaction logs, they will be temporary stored in the byte buffer that will be flushed at the end of the transaction or at any moment when the buffer will be full. +By default, the size of the byte buffer is based on the number of available CPU's with a minimal buffer size of 512KB. Every other 4 CPU's will add another 512KB into the buffer size. The maximal buffer size in this default scheme is 4MB taking into account that you can have one transaction log writer per database in multi-database env. For example, runtime with 4 CPUs will have the buffer size of 1MB; runtime with 8 CPUs will have the buffer size of 1MB 512KB; runtime with 12 CPUs will have the buffer size of 2MB. |Valid values -a|a long which is minimum `131072` +a|A long that is minimum `131072`. |Default value -m|By default, the size of the byte buffer is based on the number of available CPU's with a minimal buffer size of 512KB. Every other 4 CPU's will add another 512KB into the buffer size. The maximal buffer size in this default scheme is 4MB taking into account that you can have one transaction log writer per database in multi-database env. For example, runtime with 4 CPUs will have the buffer size of 1MB; runtime with 8 CPUs will have the buffer size of 1MB 512KB; runtime with 12 CPUs will have the buffer size of 2MB. +m| |=== [[config_db.tx_log.preallocate]] @@ -4645,7 +4720,7 @@ label:dynamic[Dynamic] a|Specify if Neo4j should try to preallocate the logical log file in advance. It optimizes file system by ensuring there is room to accommodate newly generated files and avoid file-level fragmentation. |Valid values -a|a boolean +a|A boolean. |Default value m|+++true+++ |=== @@ -4665,13 +4740,7 @@ Alternatively, `100k txs` keeps the 100k latest transactions from each database From Neo4j 5.9 onwards, you can optionally add a period-based restriction to the size of logs to keep. For example, `2 days 1G` prunes logical logs that only contain transactions older than 2 days or are larger than 1G. |Valid values -a|a string which matches the pattern, `^(true\|keep_all\|false\|keep_none\|(\\d+[KkMmGg]?( (files\|size\|txs\|entries\|hours( \\d+[KkMmGg]?)?\|days( \\d+[KkMmGg]?)?))))$` -Must be `true` or `keep_all`, `false` or `keep_none`, or of format ` `. -Valid units are `K`, `M`, and `G`. -Valid types are `files`, `size`, `txs`, `entries`, `hours`, and `days`. -Valid optional space restriction is a logical log space restriction like `1G`. -For example, `1G size` limits logical log space on the disk to 1G per database, `200K txs` limits the number of transactions kept to 200 000 per database, and `2 days 1G` limits the logical log space on the disk to 1G at most 2 days per database. + -Starting from Neo4j 5.13, the default value is changed from `2 days` to `2 days 2G`. +a| A string that matches the pattern `^(true\|keep_all\|false\|keep_none\|(\d+[KkMmGg]?( (files\|size\|txs\|entries\|hours( \d+[KkMmGg]?)?\|days( \d+[KkMmGg]?)?))))$` (Must be `true` or `keep_all`, `false` or `keep_none`, or of format ` `. Valid units are `K`, `M` and `G`. Valid types are `files`, `size`, `txs`, `entries`, `hours` and `days`. Valid optional space restriction is a logical log space restriction like 100M. For example, `100M size` will limit logical log space on disk to 100MiB per database, and `200K txs` will limit the number of transactions kept to 200 000 per database.). |Default value m|+++2 days 2G+++ |=== @@ -4687,7 +4756,7 @@ label:dynamic[Dynamic] |Description a|Specifies at which file size the logical log will auto-rotate. The minimum accepted value is 128 KiB. |Valid values -a|a byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) which is minimum `128.00KiB` +a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) that is minimum `128.00KiB`. |Default value m|+++256.00MiB+++ |=== From 647c21f3cca29b7daebb6a464d98101a8e25451f Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Tue, 23 Jan 2024 10:04:56 +0000 Subject: [PATCH 526/876] Fix a typo in server.memory.pagecache.size doc string (#1359) --- modules/ROOT/pages/configuration/configuration-settings.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/configuration/configuration-settings.adoc b/modules/ROOT/pages/configuration/configuration-settings.adoc index 821ca2464..5a3a24fd0 100644 --- a/modules/ROOT/pages/configuration/configuration-settings.adoc +++ b/modules/ROOT/pages/configuration/configuration-settings.adoc @@ -2568,7 +2568,7 @@ m|+++4+++ [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] |=== |Description -a|The amount of memory to use for mapping the store files. If Neo4j is running on a dedicated server, then it is generally recommended to leave about 2-4 gigabytes for the operating system, give the JVM enough heap to hold all your transaction state and query context, and then leave the rest for the page cache. If no page cache memory is configured, then a heuristic setting is computed based on available system resources. By default the size of page cache will be 50% och available RAM minus the max heap size.The size of the page cache will also not be larger than 70x the max heap size (due to some overhead of the page cache in the heap. +a|The amount of memory to use for mapping the store files. If Neo4j is running on a dedicated server, then it is generally recommended to leave about 2-4 gigabytes for the operating system, give the JVM enough heap to hold all your transaction state and query context, and then leave the rest for the page cache. If no page cache memory is configured, then a heuristic setting is computed based on available system resources. By default the size of page cache will be 50% of available RAM minus the max heap size. The size of the page cache will also not be larger than 70x the max heap size (due to some overhead of the page cache in the heap. |Valid values a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`). |Default value From 30c9c4f27d871d08930557cffeea57a196ca5c74 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Tue, 23 Jan 2024 13:11:02 +0000 Subject: [PATCH 527/876] Mix ID types when using neo4j-admin import (#1353) --- .../tools/neo4j-admin/neo4j-admin-import.adoc | 64 ++++++++++++++++--- 1 file changed, 55 insertions(+), 9 deletions(-) diff --git a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc index 2157f0dc8..54a759793 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc @@ -47,7 +47,7 @@ These are some things you need to keep in mind when creating your input files: * Multiple data sources can be used for both nodes and relationships. * A data source can optionally be provided using multiple files. * A separate file with a header that provides information on the data fields, must be the first specified file of each data source. -* Fields without corresponding information in the header will not be read. +* Fields without corresponding information in the header are not read. * UTF-8 encoding is used. * By default, the importer trims extra whitespace at the beginning and end of strings. Quote your data to preserve leading and trailing whitespaces. @@ -829,7 +829,11 @@ ID:: The unique ID is persisted in a property whose name is defined by the `` part of the field definition `:ID`. If no such property `name` is defined, the unique ID will be used for the import but not be available for reference later. If no ID is specified, the node will be imported, but it will not be connected to other nodes during the import. - When a property `name` is provided, that property type can only be configured globally via the `--id-type` option and cannot be specified by `` in the header field (as for <>). + + When a property `name` is provided, that property type can be configured globally via the `--id-type` option (as for <>). + + From Neo4j 5.1, you can specify a different value ID type to be stored for a node property in its group using the option `id-type` in the header, e.g: `id:ID(MyGroup){label:MyLabel, id-type: int}`. + This ID type overrides the global `--id-type` option. + For example, the global `id-type` can be a string, but the nodes will have their IDs stored as `int` type in their ID properties. + For more information, see <>. + From Neo4j 5.3, a node header can also contain multiple `ID` columns, where the relationship data references the composite value of all those columns. This also implies using `string` as `id-type`. For each `ID` column, you can specify to store its values as different node properties. @@ -839,7 +843,7 @@ LABEL:: Read one or more labels from this field. Like array values, multiple labels are separated by `;`, or by the character specified with `--array-delimiter`. -.Define nodes files +.Define node files ==== You define the headers for movies in the _movies_header.csv_ file. @@ -929,15 +933,12 @@ carrieanne,"Trinity",tt0242653,ACTED_IN [[import-tool-header-format-properties]] -== Properties +== Property data types For properties, the `` part of the field designates the property key, while the `` part assigns a data type. You can have properties in both node data files and relationship data files. -=== Data types - -Use one of `int`, `long`, `float`, `double`, `boolean`, `byte`, `short`, `char`, `string`, `point`, `date`, `localtime`, `time`, `localdatetime`, -`datetime`, and `duration` to designate the data type for properties. +Use one of `int`, `long`, `float`, `double`, `boolean`, `byte`, `short`, `char`, `string`, `point`, `date`, `localtime`, `time`, `localdatetime`, datetime`, and `duration` to designate the data type for properties. By default, types (except arrays) are converted to Cypher types. See link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/values-and-types/property-structural-constructed/#_property_types[Cypher Manual -> Property, structural, and constructed values]. @@ -1192,6 +1193,51 @@ aa11,WORKS_WITH,bb22 ---- ==== +[[import-tool-id-types-header]] +== Storing a different value type for IDs in a group + +From Neo4j 5.1, you can control the ID type of the node property that will be stored by defining the `id-type` option in the header, for example, `:ID{id-type:long}`. +The `id-type` option in the header overrides the global `--id-type` value provided to the command. +This way, you can have property values of different types for different groups of nodes. +For example, the global `id-type` can be a string, but some nodes can have their IDs stored as `long` type in their ID properties. + +.Import nodes with different ID value types +==== +.persons_header.csv +[source, csv] +---- +id:ID(GroupOne){id-type:long},name,:LABEL +---- + +.persons.csv +[source, csv] +---- +123,P1,Person +456,P2,Person +---- + +.games_header.csv +[source, csv] +---- +id:ID(GroupTwo),name,:LABEL +---- + +.games.csv +[source, csv] +---- +ABC,G1,Game +DEF,G2,Game +---- + +.Import the nodes +[source, shell, role=noplay] +---- +neo4j_home$ --nodes persons.csv --nodes games.csv --id-type string +---- + +The `id` property of the nodes in the `persons` group will be stored as `long` type, while the `id` property of the nodes in the `games` group will be stored as `string` type, as the global `id-type` is a string. +==== + [[import-tool-header-format-skip-columns]] == Skipping columns @@ -1222,7 +1268,7 @@ If all your superfluous data is placed in columns located to the right of all th [[import-tool-header-format-compressed-files]] -== Import compressed files +== Importing compressed files The import tool can handle files compressed with `zip` or `gzip`. Each compressed file must contain a single file. From 4c725053f56d90009f641bc7d0c57a4872957402 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 Jan 2024 13:15:07 +0000 Subject: [PATCH 528/876] Bump the dev-dependencies group with 1 update (#1355) Bumps the dev-dependencies group with 1 update: [nodemon](https://github.com/remy/nodemon). Updates `nodemon` from 3.0.2 to 3.0.3
Release notes

Sourced from nodemon's releases.

v3.0.3

3.0.3 (2024-01-16)

Bug Fixes

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=nodemon&package-manager=npm_and_yarn&previous-version=3.0.2&new-version=3.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 14 +++++++------- package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index c14f2e7d8..2167c5e96 100644 --- a/package-lock.json +++ b/package-lock.json @@ -21,7 +21,7 @@ }, "devDependencies": { "express": "^4.18.2", - "nodemon": "^3.0.2" + "nodemon": "^3.0.3" } }, "node_modules/@antora/asciidoc-loader": { @@ -1792,9 +1792,9 @@ "integrity": "sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==" }, "node_modules/nodemon": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/nodemon/-/nodemon-3.0.2.tgz", - "integrity": "sha512-9qIN2LNTrEzpOPBaWHTm4Asy1LxXLSickZStAQ4IZe7zsoIpD/A7LWxhZV3t4Zu352uBcqVnRsDXSMR2Sc3lTA==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/nodemon/-/nodemon-3.0.3.tgz", + "integrity": "sha512-7jH/NXbFPxVaMwmBCC2B9F/V6X1VkEdNgx3iu9jji8WxWcvhMWkmhNWhI5077zknOnZnBzba9hZP6bCPJLSReQ==", "dev": true, "dependencies": { "chokidar": "^3.5.2", @@ -4362,9 +4362,9 @@ "integrity": "sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==" }, "nodemon": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/nodemon/-/nodemon-3.0.2.tgz", - "integrity": "sha512-9qIN2LNTrEzpOPBaWHTm4Asy1LxXLSickZStAQ4IZe7zsoIpD/A7LWxhZV3t4Zu352uBcqVnRsDXSMR2Sc3lTA==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/nodemon/-/nodemon-3.0.3.tgz", + "integrity": "sha512-7jH/NXbFPxVaMwmBCC2B9F/V6X1VkEdNgx3iu9jji8WxWcvhMWkmhNWhI5077zknOnZnBzba9hZP6bCPJLSReQ==", "dev": true, "requires": { "chokidar": "^3.5.2", diff --git a/package.json b/package.json index 41a295311..ffa57372f 100644 --- a/package.json +++ b/package.json @@ -31,7 +31,7 @@ }, "devDependencies": { "express": "^4.18.2", - "nodemon": "^3.0.2" + "nodemon": "^3.0.3" }, "overrides": { "@antora/site-generator-default": { From 43eb2b4540f1e0a936c214d8b9d6c2b872219ac0 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Tue, 23 Jan 2024 13:16:34 +0000 Subject: [PATCH 529/876] update the backup and restore commands (#1354) --- .../ROOT/pages/backup-restore/aggregate.adoc | 7 ++++-- .../pages/backup-restore/online-backup.adoc | 22 ++++++++++++------- .../pages/backup-restore/restore-backup.adoc | 5 +++-- 3 files changed, 22 insertions(+), 12 deletions(-) diff --git a/modules/ROOT/pages/backup-restore/aggregate.adoc b/modules/ROOT/pages/backup-restore/aggregate.adoc index 6d2f01223..6ac8af696 100644 --- a/modules/ROOT/pages/backup-restore/aggregate.adoc +++ b/modules/ROOT/pages/backup-restore/aggregate.adoc @@ -31,6 +31,9 @@ neo4j-admin database aggregate-backup [-h] [--expand-commands] --from-path= [] ---- +=== Description + +Aggregates a chain of backup artifacts into a single artifact. [[aggregate-backup-command-parameters]] === Parameters @@ -57,7 +60,7 @@ neo4j-admin database aggregate-backup [-h] [--expand-commands] | Default |--additional-config= -|Configuration file with additional configuration or override the existing configuration settings in the _neo4j.conf_ file. +|Configuration file with additional configuration. | | --expand-commands @@ -65,7 +68,7 @@ neo4j-admin database aggregate-backup [-h] [--expand-commands] | |--from-path= -|Accepts either a path to a single artifact file or a folder containing backup artifacts. +|Accepts either a path to a single artifact file or, a folder containing backup artifacts. When a file is supplied, the __ parameter should be omitted. The option to supply a file is only available in Neo4j 5.2 and later. diff --git a/modules/ROOT/pages/backup-restore/online-backup.adoc b/modules/ROOT/pages/backup-restore/online-backup.adoc index ea28ee45d..125ee56ff 100644 --- a/modules/ROOT/pages/backup-restore/online-backup.adoc +++ b/modules/ROOT/pages/backup-restore/online-backup.adoc @@ -74,9 +74,14 @@ neo4j-admin database backup [-h] [--expand-commands] [--verbose] [--inspect-path=] [--pagecache=] [--to-path=] [--type=] [--from=[,...]]... - [] + [...] ---- +=== Description + +Perform an online backup from a running Neo4j enterprise server. +Neo4j's backup service must have been configured on the server beforehand. + [[backup-backup-command-parameters]] === Parameters @@ -87,8 +92,8 @@ neo4j-admin database backup [-h] [--expand-commands] [--verbose] | Description | Default -| -|Name of the remote database to backup. Supports globbing inside of double quotes, for example, "data*". ( is required unless `--inspect-path` is used). +|[] +|Name(s) of the remote database(s) to backup. Supports globbing inside of double quotes, for example, "data*". ( is required unless `--inspect-path` is used). |neo4j |=== @@ -108,11 +113,12 @@ If is "*", `neo4j-admin` will attempt to back up all databases of the | Default |--additional-config= -|Configuration file with additional configuration or override the existing configuration settings in the _neo4j.conf_ file. +|Configuration file with additional configuration. | |--compress[=true\|false] -|Request backup artifact to be compressed. If disabled, backup artifact creation is faster but the size of the produced artifact will be approximately equal to the size of backed-up database. +|Request backup artifact to be compressed. If disabled, backup artifact creation is faster but +the size of the produced artifact will be approximately equal to the size of backed-up database. |true | --expand-commands @@ -160,10 +166,10 @@ Note: this is an EXPERIMENTAL option. Consult Neo4j support before use. | |--type= -|Type of backup to perform. Possible values are: `full`, `diff`, and `auto`. +|Type of backup to perform. Possible values are: `FULL`, `DIFF`, `AUTO`. If none is specified, the type is automatically determined based on the existing backups. -If you want to force a full backup, use `full`. -|auto +If you want to force a full backup, use `FULL`. +|AUTO |--verbose |Enable verbose output. diff --git a/modules/ROOT/pages/backup-restore/restore-backup.adoc b/modules/ROOT/pages/backup-restore/restore-backup.adoc index 2c65c3d4f..689e6f367 100644 --- a/modules/ROOT/pages/backup-restore/restore-backup.adoc +++ b/modules/ROOT/pages/backup-restore/restore-backup.adoc @@ -61,7 +61,7 @@ neo4j-admin database restore [-h] [--expand-commands] | Default |--additional-config= -|Configuration file with additional configuration or override the existing configuration settings in the _neo4j.conf_ file. +|Configuration file with additional configuration. | |--expand-commands @@ -79,7 +79,8 @@ An artifact file can be 1) a full backup, in which case it is restored directly |--overwrite-destination[=true\|false] |If an existing database should be replaced. -This option is not safe on a cluster since clusters have additional state that would be inconsistent with restored database. +[NOTE] +This option is not safe on a cluster since clusters have an additional state that would be inconsistent with the restored database. In a cluster, restore to a new database to avoid this problem. |false From bc37fab0b1c0e252f07cc322336a807194169e54 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 24 Jan 2024 10:20:36 +0000 Subject: [PATCH 530/876] Add a link from configure retention to dynamic settings (#1366) --- modules/ROOT/pages/database-internals/transaction-logs.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/ROOT/pages/database-internals/transaction-logs.adoc b/modules/ROOT/pages/database-internals/transaction-logs.adoc index cf4c8993a..96c222897 100644 --- a/modules/ROOT/pages/database-internals/transaction-logs.adoc +++ b/modules/ROOT/pages/database-internals/transaction-logs.adoc @@ -58,6 +58,7 @@ Manually deleting transaction log files is not supported. You can control the number of transaction logs that Neo4j keeps to back up the database using the parameter xref:configuration/configuration-settings.adoc#config_db.tx_log.rotation.retention_policy[`db.tx_log.rotation.retention_policy`]. This configuration setting is dynamic and can be changed at runtime. +For more information about how to do it, see xref:configuration/dynamic-settings.adoc#dynamic-settings-procedure[Update dynamic settings]. Up to Neo4j 5.12, the default value is set to `2 days`, which means Neo4j keeps logical logs that contain any transaction committed within 2 days and prunes the ones that only contain transactions older than 2 days. From 53f872df1da6a889e608eea163a6ad747e332da9 Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Wed, 24 Jan 2024 14:54:23 +0100 Subject: [PATCH 531/876] Add a metric for block format (#1358) According to the [PR#22820](https://github.com/neo-technology/neo4j/pull/22820), we have to update information about metrics: add a new one and label deprecated metrics. A new metric is `.neo4j.count.relationship_types`. --- modules/ROOT/pages/monitoring/metrics/reference.adoc | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/modules/ROOT/pages/monitoring/metrics/reference.adoc b/modules/ROOT/pages/monitoring/metrics/reference.adoc index 1d42d10d2..35831a68d 100644 --- a/modules/ROOT/pages/monitoring/metrics/reference.adoc +++ b/modules/ROOT/pages/monitoring/metrics/reference.adoc @@ -133,6 +133,7 @@ By default, database metrics include: |Name |Description |.neo4j.count.relationship|The total number of relationships in the database. (gauge) |.neo4j.count.node|The total number of nodes in the database. A rough metric of how big your graph is. And if you are running a bulk insert operation you can see this tick up. (gauge) +|.neo4j.count.relationship_types|label:new[Introduced in 5.15] The total number of internally generated IDs for the different relationship types stored in the database. These IDs do not reflect changes in the actual data. Informational, not an indication of any issue. (gauge) |=== [[db-neo4j-pool-metrics]] @@ -180,10 +181,10 @@ By default, database metrics include: [options="header",cols="<3m,<4"] |=== |Name |Description -|.ids_in_use.relationship_type|The total number of internally generated IDs for the different relationship types stored in the database. These IDs do not reflect changes in the actual data. Informational, not an indication of any issue. (gauge) -|.ids_in_use.property|The total number of internally generated IDs for the different property names stored in the database. These IDs do not reflect changes in the actual data. Informational, not an indication of any issue. (gauge) -|.ids_in_use.relationship|The total number of internally generated reusable IDs for the relationships stored in the database. These IDs do not reflect changes in the actual data. If you want to have a rough metric of how big your graph is, use `.neo4j.count.relationship` instead. (gauge) -|.ids_in_use.node|The total number of internally generated reusable IDs for the nodes stored in the database. These IDs do not reflect changes in the actual data. If you want to have a rough metric of how big your graph is, use `.neo4j.count.node` instead. (gauge) +|.ids_in_use.relationship_type|label:deprecated[Deprecated in 5.15]The total number of internally generated IDs for the different relationship types stored in the database. These IDs do not reflect changes in the actual data. Informational, not an indication of any issue. (gauge) +|.ids_in_use.property|label:deprecated[Deprecated in 5.15]The total number of internally generated IDs for the different property names stored in the database. These IDs do not reflect changes in the actual data. Informational, not an indication of any issue. (gauge) +|.ids_in_use.relationship|label:deprecated[Deprecated in 5.15]The total number of internally generated reusable IDs for the relationships stored in the database. These IDs do not reflect changes in the actual data. If you want to have a rough metric of how big your graph is, use `.neo4j.count.relationship` instead. (gauge) +|.ids_in_use.node|label:deprecated[Deprecated in 5.15]The total number of internally generated reusable IDs for the nodes stored in the database. These IDs do not reflect changes in the actual data. If you want to have a rough metric of how big your graph is, use `.neo4j.count.node` instead. (gauge) |=== [[global-neo4j-pools-metrics]] From 0912131d0dad60d30a02e81dc1905bfb58abba61 Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Wed, 24 Jan 2024 16:21:50 +0100 Subject: [PATCH 532/876] Add new metrics to count page flushed by background evictor (#1365) Add two new metrics according to the https://github.com/neo-technology/neo4j/pull/23748 --- modules/ROOT/pages/monitoring/metrics/reference.adoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/ROOT/pages/monitoring/metrics/reference.adoc b/modules/ROOT/pages/monitoring/metrics/reference.adoc index 35831a68d..78795981c 100644 --- a/modules/ROOT/pages/monitoring/metrics/reference.adoc +++ b/modules/ROOT/pages/monitoring/metrics/reference.adoc @@ -213,6 +213,8 @@ By default, database metrics include: |.page_cache.pins|The total number of page pins executed by the page cache. (counter) |.page_cache.evictions|The total number of page evictions executed by the page cache. (counter) |.page_cache.evictions.cooperative|The total number of cooperative page evictions executed by the page cache due to low available pages. (counter) +|.page_cache.eviction.flushes|label:new[Introduced in 5.17]The total number of pages flushed by page eviction. (counter) +|.page_cache.eviction.cooperative.flushes|label:new[Introduced in 5.17]The total number of pages flushed by cooperative page eviction. (counter) |.page_cache.page_faults|The total number of page faults in the page cache. If this count keeps increasing over time, it may indicate that more page cache is required. However, note that when Neo4j Enterprise starts up, all page cache warmup activities result in page faults. Therefore, it is normal to observe a significant page fault count immediately after startup. (counter) |.page_cache.page_fault_failures|The total number of failed page faults happened in the page cache. (counter) |.page_cache.page_cancelled_faults|The total number of cancelled page faults happened in the page cache. (counter) From daf49036ef518ff17e31c82f886edc8be40ac911 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 25 Jan 2024 14:18:15 +0000 Subject: [PATCH 533/876] Remove duplication of JVM heap initial size config (#1371) --- modules/ROOT/pages/kubernetes/operations/scaling.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/kubernetes/operations/scaling.adoc b/modules/ROOT/pages/kubernetes/operations/scaling.adoc index c25f93b0f..c4e283313 100644 --- a/modules/ROOT/pages/kubernetes/operations/scaling.adoc +++ b/modules/ROOT/pages/kubernetes/operations/scaling.adoc @@ -27,7 +27,7 @@ neo4j: # Neo4j Configuration (yaml format) config: server.memory.heap.initial_size: "2G" - server.memory.heap.initial_size: "2G" + server.memory.heap.max_size: "2G" server.memory.pagecache.size: "500m" ---- @@ -46,7 +46,7 @@ neo4j: # Neo4j Configuration (yaml format) config: server.memory.heap.initial_size: "2G" - server.memory.heap.initial_size: "2G" + server.memory.heap.max_size: "2G" server.memory.pagecache.size: "1G" ---- + From 68c07988c6517dee3f999156fafcd25d01eab21b Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Thu, 25 Jan 2024 15:54:02 +0100 Subject: [PATCH 534/876] Fixing persisting 404 error (#1370) Apparently the lack of extension didn't allow the redirect to catch up. It could be that or the addition of a `/` in the end... --------- Co-authored-by: Reneta Popova --- modules/ROOT/pages/database-administration/index.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/database-administration/index.adoc b/modules/ROOT/pages/database-administration/index.adoc index 94c2a006a..ec8071bac 100644 --- a/modules/ROOT/pages/database-administration/index.adoc +++ b/modules/ROOT/pages/database-administration/index.adoc @@ -1,5 +1,5 @@ :description: This page gives an introduction to database administration using Neo4j. -:page-aliases: manage-databases/configuration, manage-databases/introduction +:page-aliases: manage-databases/index.adoc, manage-databases/introduction.adoc [database-administration] = Database administration From dab283add8ab8fd954b0ec71d37ceb98ff61d330 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Fri, 26 Jan 2024 10:36:12 +0000 Subject: [PATCH 535/876] add a page alias for deploy a cluster (#1374) --- modules/ROOT/pages/clustering/setup/deploy.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/ROOT/pages/clustering/setup/deploy.adoc b/modules/ROOT/pages/clustering/setup/deploy.adoc index 81b256017..93368dec1 100644 --- a/modules/ROOT/pages/clustering/setup/deploy.adoc +++ b/modules/ROOT/pages/clustering/setup/deploy.adoc @@ -1,4 +1,5 @@ :description: This section describes how to deploy a Neo4j cluster. +:page-aliases: clustering/deploy.adoc [role=enterprise-edition] [[clustering-deploy]] = Deploy a basic cluster From d7ac35ac70dea6c679be335ed961da391058be40 Mon Sep 17 00:00:00 2001 From: Christophe Willemsen Date: Fri, 26 Jan 2024 13:08:11 +0000 Subject: [PATCH 536/876] fix lxref instead of xref in immutable privileges tutorial (#1347) I was reading the immutable privileges tutorial at https://neo4j.com/docs/operations-manual/current/tutorial/tutorial-immutable-privileges/ and noticed two typos, `lxref` instead of `xref`, this PR fixes it. Screenshot 2024-01-21 at 09 57 50 --- .../ROOT/pages/tutorial/tutorial-immutable-privileges.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/tutorial/tutorial-immutable-privileges.adoc b/modules/ROOT/pages/tutorial/tutorial-immutable-privileges.adoc index c5f628efe..f6d4b2a09 100644 --- a/modules/ROOT/pages/tutorial/tutorial-immutable-privileges.adoc +++ b/modules/ROOT/pages/tutorial/tutorial-immutable-privileges.adoc @@ -4,9 +4,9 @@ :description: This tutorial describes methods for administering immutable privileges. This tutorial describes how to administer immutable privileges, which are useful assets for restricting the actions of users who themselves are able to administer privileges. -They offer a way to prevent such users from simply removing any restrictions by using their lxref:authentication-authorization/dbms-administration.adoc#access-control-dbms-administration-privilege-management[privilege management] privileges. +They offer a way to prevent such users from simply removing any restrictions by using their xref:authentication-authorization/dbms-administration.adoc#access-control-dbms-administration-privilege-management[privilege management] privileges. -In other words, having lxref:authentication-authorization/dbms-administration.adoc#access-control-dbms-administration-privilege-management[privilege management] privileges is not sufficient to add or remove immutable privileges. +In other words, having xref:authentication-authorization/dbms-administration.adoc#access-control-dbms-administration-privilege-management[privilege management] privileges is not sufficient to add or remove immutable privileges. The only way immutable privileges can be added or removed is when auth is disabled. [CAUTION] From 4643798ec84c8ca04b493e10c569dadbc0bb9cd3 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Fri, 26 Jan 2024 14:05:23 +0000 Subject: [PATCH 537/876] update the description of db.format to include block (#1378) --- modules/ROOT/pages/configuration/configuration-settings.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/configuration/configuration-settings.adoc b/modules/ROOT/pages/configuration/configuration-settings.adoc index 5a3a24fd0..80d6315e0 100644 --- a/modules/ROOT/pages/configuration/configuration-settings.adoc +++ b/modules/ROOT/pages/configuration/configuration-settings.adoc @@ -1684,7 +1684,7 @@ label:dynamic[Dynamic] [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] |=== |Description -a|Database format. This is the format that will be used for new databases. Valid values are `standard`, `aligned`, or `high_limit`.The `aligned` format is essentially the `standard` format with some minimal padding at the end of pages such that a single record will never cross a page boundary. The `high_limit` format is available for Enterprise Edition only. It is required if you have a graph that is larger than 34 billion nodes, 34 billion relationships, or 68 billion properties. +a|Database format. This is the format that will be used for new databases. Valid values are `standard`, `aligned`, `high_limit` or `block`. The `aligned` format is essentially the `standard` format with some minimal padding at the end of pages such that a single record will never cross a page boundary. The `high_limit` and `block` formats are available for Enterprise Edition only. Either `high_limit` or `block` is required if you have a graph that is larger than 34 billion nodes, 34 billion relationships, or 68 billion properties. |Valid values a|A string. |Default value From 9e609fab16114825bb043d1434e53e8de6596923 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Fri, 26 Jan 2024 14:11:49 +0000 Subject: [PATCH 538/876] Document dbms.cluster.network.connect_timeout (#1357) --- .../configuration/configuration-settings.adoc | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/modules/ROOT/pages/configuration/configuration-settings.adoc b/modules/ROOT/pages/configuration/configuration-settings.adoc index 80d6315e0..0034b607c 100644 --- a/modules/ROOT/pages/configuration/configuration-settings.adoc +++ b/modules/ROOT/pages/configuration/configuration-settings.adoc @@ -367,6 +367,22 @@ a|An integer that is minimum `2`. m|+++3+++ |=== +[[config_dbms.cluster.network.connect_timeout]] +=== `dbms.cluster.network.connect_timeout` + +label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] label:new[Introduced in 5.17] + +.dbms.cluster.network.connect_timeout +[frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] +|=== +|Description +a|The maximum amount of time to wait for a network connection to be established. +|Valid values +a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`). +|Default value +m|+++30s+++ +|=== + [[config_dbms.cluster.network.handshake_timeout]] === `dbms.cluster.network.handshake_timeout` From a0d7c5a45175002bc64e24938a68db1347356a0e Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Fri, 26 Jan 2024 14:36:52 +0000 Subject: [PATCH 539/876] Add block format to copy, migrate, and configs (#1349) Based on https://github.com/neo-technology/neo4j/pull/23111 --- modules/ROOT/pages/backup-restore/copy-database.adoc | 10 ++++++++-- .../pages/configuration/configuration-settings.adoc | 5 ++++- .../ROOT/pages/tools/neo4j-admin/migrate-database.adoc | 6 ++++++ 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/pages/backup-restore/copy-database.adoc b/modules/ROOT/pages/backup-restore/copy-database.adoc index 131f34c6e..94447d2d2 100644 --- a/modules/ROOT/pages/backup-restore/copy-database.adoc +++ b/modules/ROOT/pages/backup-restore/copy-database.adoc @@ -176,11 +176,11 @@ Cannot be combined with `--skip-properties` or `--copy-only-relationship-propert |--to-format= |Set the format for the new database. -Must be one of `same`, `standard`, `high_limit`, `aligned`. +Must be one of `same`, `standard`, `high_limit`, `aligned`, `block`. `same` will use the same format as the source. [WARNING] If you go from `high_limit` to `standard` or `aligned`, there is no validation that the data will actually fit. -|The format of the source database. +|same |--to-path-data= |Path to the databases directory, containing the database directory to target to. @@ -199,6 +199,12 @@ If you go from `high_limit` to `standard` or `aligned`, there is no validation t | |=== +[NOTE] +==== +The block format is introduced in Neo4j 5.14 and is only available in Neo4j Enterprise Edition. +For more information on the block format, see xref:database-internals/store-formats.adoc[Store formats]. +==== + [[copy-database-examples]] == Examples diff --git a/modules/ROOT/pages/configuration/configuration-settings.adoc b/modules/ROOT/pages/configuration/configuration-settings.adoc index 0034b607c..c5ff12217 100644 --- a/modules/ROOT/pages/configuration/configuration-settings.adoc +++ b/modules/ROOT/pages/configuration/configuration-settings.adoc @@ -1700,7 +1700,10 @@ label:dynamic[Dynamic] [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] |=== |Description -a|Database format. This is the format that will be used for new databases. Valid values are `standard`, `aligned`, `high_limit` or `block`. The `aligned` format is essentially the `standard` format with some minimal padding at the end of pages such that a single record will never cross a page boundary. The `high_limit` and `block` formats are available for Enterprise Edition only. Either `high_limit` or `block` is required if you have a graph that is larger than 34 billion nodes, 34 billion relationships, or 68 billion properties. +a|Database format. This is the format that will be used for new databases. Valid values are `standard`, `aligned`, `high_limit` or `block`. +The `aligned` format is essentially the `standard` format with some minimal padding at the end of pages such that a single record will never cross a page boundary. +The `high_limit` and `block` formats are available for Enterprise Edition only. +Either `high_limit` or `block` is required if you have a graph that is larger than 34 billion nodes, 34 billion relationships, or 68 billion properties. |Valid values a|A string. |Default value diff --git a/modules/ROOT/pages/tools/neo4j-admin/migrate-database.adoc b/modules/ROOT/pages/tools/neo4j-admin/migrate-database.adoc index e67c298a7..e82625530 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/migrate-database.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/migrate-database.adoc @@ -81,6 +81,12 @@ If not specified, the tool migrates the target database to the latest known comb |Enable verbose output. |=== +[NOTE] +==== +The block format is introduced in Neo4j 5.14 and is only available in Neo4j Enterprise Edition. +For more information on the block format, see xref:database-internals/store-formats.adoc[Store formats]. +==== + == Example The following example migrates the `movies` database to the latest known combination of `MAJOR` and `MINOR` versions of the `high_limit` format: From d813e95d36fb81face5e6beb1f32260977d7591f Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Mon, 29 Jan 2024 13:49:05 +0000 Subject: [PATCH 540/876] update the description of --from-path (#1380) Depends on https://github.com/neo-technology/neo4j/pull/24011 --- modules/ROOT/pages/tools/neo4j-admin/consistency-checker.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/tools/neo4j-admin/consistency-checker.adoc b/modules/ROOT/pages/tools/neo4j-admin/consistency-checker.adoc index f8e5bbdba..b1adabb80 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/consistency-checker.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/consistency-checker.adoc @@ -114,7 +114,7 @@ Value can be plain numbers, like `10000000` or e.g. `20G` for 20 gigabytes, or e | xref:configuration/configuration-settings.adoc#config_server.directories.transaction.logs.root[`server.directories.transaction.logs.root`] |--from-path= -|Path to directory containing dump/backup artifacts to check the consistency of. +|Path to the directory containing dump/backup artifacts that need to be checked for consistency. If the directory contains multiple backups, it will select the most recent backup chain, based on the transaction IDs found, to perform the consistency check. | |--temp-path= From 8f74ba059cd719b1b7f177973c0a92083126578e Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Tue, 30 Jan 2024 16:17:36 +0000 Subject: [PATCH 541/876] Fix a typo in k8s docs (#1387) --- modules/ROOT/pages/kubernetes/accessing-neo4j-ingress.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/kubernetes/accessing-neo4j-ingress.adoc b/modules/ROOT/pages/kubernetes/accessing-neo4j-ingress.adoc index 49ce61734..da2b75f4d 100644 --- a/modules/ROOT/pages/kubernetes/accessing-neo4j-ingress.adoc +++ b/modules/ROOT/pages/kubernetes/accessing-neo4j-ingress.adoc @@ -241,7 +241,7 @@ kubectl edit deployment ingress-nginx-controller -n ingress-nginx + [source, yaml] ---- -- --tcp-services-configmap=inress-nginx/tcp-services +- --tcp-services-configmap=ingress-nginx/tcp-services ---- .. Save the changes and exit the editor. .. Verify that the changes are applied by running `kubectl get all -n ingress-nginx`. From db7ba455db4d013e032777d3f5ecc232bd6ec1d8 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Tue, 30 Jan 2024 16:30:48 +0000 Subject: [PATCH 542/876] Fix the remote database alias configs (#1389) --- .../aliases/remote-database-alias-configuration.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/database-administration/aliases/remote-database-alias-configuration.adoc b/modules/ROOT/pages/database-administration/aliases/remote-database-alias-configuration.adoc index 332be16c7..657ab6d35 100644 --- a/modules/ROOT/pages/database-administration/aliases/remote-database-alias-configuration.adoc +++ b/modules/ROOT/pages/database-administration/aliases/remote-database-alias-configuration.adoc @@ -104,9 +104,9 @@ The following configuration is necessary for creating a remote database alias: [options="header" cols="m,a"] |=== | Configuration | Description -| xref:configuration/configuration-settings.adoc#config_dbms.security.keystore.path[`dbms.security.keystore-path`] +| xref:configuration/configuration-settings.adoc#config_dbms.security.keystore.path[`dbms.security.keystore.path`] | The absolute path to the keystore file, including the file name. -| xref:configuration/configuration-settings.adoc#config_dbms.security.keystore.password[`dbms.security.keystore-password`] | The password to the keystore file. Use xref:configuration/command-expansion.adoc[Command expansion] to set the password. +| xref:configuration/configuration-settings.adoc#config_dbms.security.keystore.password[`dbms.security.keystore.password`] | The password to the keystore file. Use xref:configuration/command-expansion.adoc[Command expansion] to set the password. | xref:configuration/configuration-settings.adoc#config_dbms.security.key.name[`dbms.security.key.name`] | The name of the secret key |=== From 3ac8f3a02fbfcd61bb4c1962258a05c9e2883b57 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Wed, 31 Jan 2024 10:10:09 +0000 Subject: [PATCH 543/876] Update manage-aliases-composite-databases.adoc Remove additional words --- .../aliases/manage-aliases-composite-databases.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/database-administration/aliases/manage-aliases-composite-databases.adoc b/modules/ROOT/pages/database-administration/aliases/manage-aliases-composite-databases.adoc index df4d4f902..08aa24763 100644 --- a/modules/ROOT/pages/database-administration/aliases/manage-aliases-composite-databases.adoc +++ b/modules/ROOT/pages/database-administration/aliases/manage-aliases-composite-databases.adoc @@ -22,7 +22,7 @@ CREATE DATABASE `perennial-flowers`; == List database aliases in composite databases Available database aliases in composite databases can be seen using `SHOW ALIASES FOR DATABASE`. -The name of the composite database a particular database alias is part of appears in the returned `composite` column. +The name of the composite database a particular database alias appears in the returned `composite` column. The required privileges are described in the xref:authentication-authorization/dbms-administration.adoc#access-control-dbms-administration-alias-management[The DBMS ALIAS MANAGEMENT privileges]. From 6cc910f87fb9fbf8038ff4367871972c2b7671e0 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 1 Feb 2024 10:21:48 +0000 Subject: [PATCH 544/876] update the descrption of dbms.cluster.discovery.resolver_type (#1386) Depends on https://github.com/neo-technology/neo4j/pull/24023 --- .../pages/configuration/configuration-settings.adoc | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/configuration/configuration-settings.adoc b/modules/ROOT/pages/configuration/configuration-settings.adoc index c5ff12217..3dffa2c75 100644 --- a/modules/ROOT/pages/configuration/configuration-settings.adoc +++ b/modules/ROOT/pages/configuration/configuration-settings.adoc @@ -325,7 +325,15 @@ label:enterprise-edition[Enterprise Edition] [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] |=== |Description -a|Configure the discovery resolver type used for cluster member resolution. +a|Configure the resolver type that the discovery service uses for determining who should be part of the cluster. +Valid values are `LIST`, `SRV`, `DNS`, and `K8S`: + +`LIST`:: + A static configuration where `dbms.cluster.discovery.endpoints` must contain a list of the addresses of the cluster members. +`SRV` and `DNS`:: + A dynamic configuration where `dbms.cluster.discovery.endpoints` must point to a DNS entry containing the cluster members' addresses. +`K8S`:: + At least `dbms.kubernetes.service_port_name` must be set. The addresses of the cluster members are queried dynamically from Kubernetes. |Valid values a|A string. |Default value From e6c6fab27af6fa23f05ffbffce36803ae9dfcab3 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 1 Feb 2024 11:18:56 +0000 Subject: [PATCH 545/876] change label not on aura for manage aliases for composite dbs (#1393) --- .../aliases/manage-aliases-composite-databases.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/database-administration/aliases/manage-aliases-composite-databases.adoc b/modules/ROOT/pages/database-administration/aliases/manage-aliases-composite-databases.adoc index 08aa24763..b6680cf89 100644 --- a/modules/ROOT/pages/database-administration/aliases/manage-aliases-composite-databases.adoc +++ b/modules/ROOT/pages/database-administration/aliases/manage-aliases-composite-databases.adoc @@ -1,5 +1,5 @@ :description: How to use Cypher to manage database aliases in composite databases in Neo4j. -[role=enterprise-edition aura-db-enterprise] +[role=enterprise-edition not-on-aura] [[manage-aliases-composite-databases]] = Managing database aliases in composite databases From 10525b453b6587c03322213f4f3810b49a613160 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Thu, 1 Feb 2024 12:45:28 +0100 Subject: [PATCH 546/876] Fixing page-aliases with more options to previous existing links (#1384) Related to this PR https://github.com/neo4j/docs-operations/pull/629 --------- Co-authored-by: Reneta Popova --- .../pages/authentication-authorization/built-in-roles.adoc | 4 ++-- modules/ROOT/pages/authentication-authorization/index.adoc | 2 +- .../password-and-user-recovery.adoc | 3 +-- modules/ROOT/pages/configuration/command-expansion.adoc | 1 - .../aliases/remote-database-alias-configuration.adoc | 1 + .../composite-databases/concepts.adoc | 3 ++- .../composite-databases/manage-composite-databases.adoc | 6 +++--- .../composite-databases/querying-composite-databases.adoc | 3 ++- .../composite-databases/sharding-with-copy.adoc | 1 + modules/ROOT/pages/database-administration/index.adoc | 2 +- .../standard-databases/configuration-parameters.adoc | 1 + .../database-administration/standard-databases/errors.adoc | 1 + .../standard-databases/manage-databases.adoc | 1 + .../pages/tools/neo4j-admin/neo4j-admin-store-info.adoc | 2 +- .../ROOT/pages/tutorial/tutorial-composite-database.adoc | 1 + 15 files changed, 19 insertions(+), 13 deletions(-) diff --git a/modules/ROOT/pages/authentication-authorization/built-in-roles.adoc b/modules/ROOT/pages/authentication-authorization/built-in-roles.adoc index a5360a6d1..2026b13f4 100644 --- a/modules/ROOT/pages/authentication-authorization/built-in-roles.adoc +++ b/modules/ROOT/pages/authentication-authorization/built-in-roles.adoc @@ -870,7 +870,7 @@ SHOW ROLE admin PRIVILEGES AS COMMANDS a|Rows: 14 |=== -If the built-in `admin` role has been altered or dropped and needs to be restored to its original state, see xref:configuration/password-and-user-recovery[Password and user recovery]. +If the built-in `admin` role has been altered or dropped and needs to be restored to its original state, see xref:authentication-authorization/password-and-user-recovery.adoc[Password and user recovery]. [[access-control-built-in-roles-admin-recreate]] === Recreating the `admin` role @@ -927,5 +927,5 @@ GRANT ALL ON DATABASE * TO admin The resulting `admin` role now has the same effective privileges as the original built-in `admin` role. -Additional information about restoring the `admin` role can be found in the xref:configuration/password-and-user-recovery#recover-admin-role[ Recover the admin role]. +Additional information about restoring the `admin` role can be found in the xref:authentication-authorization/password-and-user-recovery.adoc[ Recover the admin role]. diff --git a/modules/ROOT/pages/authentication-authorization/index.adoc b/modules/ROOT/pages/authentication-authorization/index.adoc index 7294ce0fe..a837f1b81 100644 --- a/modules/ROOT/pages/authentication-authorization/index.adoc +++ b/modules/ROOT/pages/authentication-authorization/index.adoc @@ -21,7 +21,7 @@ The following parameters control this provider: [NOTE] If you need to disable authentication, make sure you block all network connections during the recovery phase so users can connect to Neo4j only via _localhost_. This is necessary if, for example, you need to recover an `admin` user password or assign a user to the `admin` role. -For more information, see xref:configuration/password-and-user-recovery.adoc[Password and user recovery]. +For more information, see xref:authentication-authorization/password-and-user-recovery.adoc[Password and user recovery]. * xref:configuration/configuration-settings.adoc#config_dbms.security.auth_lock_time[`dbms.security.auth_lock_time`] (Default: `5s`) -- The amount of time a user account is locked after a configured number of unsuccessful authentication attempts. * xref:configuration/configuration-settings.adoc#config_dbms.security.auth_max_failed_attempts[`dbms.security.auth_max_failed_attempts`] (Default: `3`) -- The maximum number of unsuccessful authentication attempts before imposing a user lock for a configured amount of time. + diff --git a/modules/ROOT/pages/authentication-authorization/password-and-user-recovery.adoc b/modules/ROOT/pages/authentication-authorization/password-and-user-recovery.adoc index af16c3d27..e8897d3ba 100644 --- a/modules/ROOT/pages/authentication-authorization/password-and-user-recovery.adoc +++ b/modules/ROOT/pages/authentication-authorization/password-and-user-recovery.adoc @@ -1,5 +1,4 @@ :description: This page describes how to reset a password to recover a user's access when their password is lost. It specifically focuses on how to recover an admin user if all the admin users have been unassigned the admin role, and how to recreate the built-in admin role if it has been dropped. -:page-aliases: configuration/password-and-user-recovery.adoc [[password-and-user-recovery]] = Recover admin user and password @@ -251,7 +250,7 @@ $ bin/neo4j start $ bin/neo4j stop ---- + -. Enable the authentication and restore each cluster member to its original configuration (See xref:configuration/password-and-user-recovery.adoc#disable-authentication[Disable authentication]). +. Enable the authentication and restore each cluster member to its original configuration (See xref:authentication-authorization/password-and-user-recovery.adoc#disable-authentication[Disable authentication]). . Start the cluster (all cluster members): + [source, shell] diff --git a/modules/ROOT/pages/configuration/command-expansion.adoc b/modules/ROOT/pages/configuration/command-expansion.adoc index dcfbf0b82..f23f19ca0 100644 --- a/modules/ROOT/pages/configuration/command-expansion.adoc +++ b/modules/ROOT/pages/configuration/command-expansion.adoc @@ -1,7 +1,6 @@ [[neo4j-conf-expand-commands]] = Command expansion :description: Command expansion provides an additional capability to configure Neo4j by allowing you to specify scripts that set values sourced from external files. -:page-aliases: configuration/neo4j-conf.adoc#neo4j-conf-expand-commands Command expansion provides an additional capability to configure Neo4j by allowing you to specify scripts that set values sourced from external files. This is especially useful for: diff --git a/modules/ROOT/pages/database-administration/aliases/remote-database-alias-configuration.adoc b/modules/ROOT/pages/database-administration/aliases/remote-database-alias-configuration.adoc index 657ab6d35..8431007b3 100644 --- a/modules/ROOT/pages/database-administration/aliases/remote-database-alias-configuration.adoc +++ b/modules/ROOT/pages/database-administration/aliases/remote-database-alias-configuration.adoc @@ -1,4 +1,5 @@ :description: This section describes the steps required to guarantee a secure connection to a remote database. +:page-aliases: manage-databases/remote-alias.adoc [role=enterprise-edition] [[manage-remote-aliases]] = Configuring remote database aliases diff --git a/modules/ROOT/pages/database-administration/composite-databases/concepts.adoc b/modules/ROOT/pages/database-administration/composite-databases/concepts.adoc index 55f3b7563..ddb7519f5 100644 --- a/modules/ROOT/pages/database-administration/composite-databases/concepts.adoc +++ b/modules/ROOT/pages/database-administration/composite-databases/concepts.adoc @@ -1,4 +1,5 @@ :description: The concepts behind composite databases. +:page-aliases: fabric/introduction.adoc, fabric/index.adoc [role=enterprise-edition not-on-aura] [[composite-databases-concepts]] = Concepts @@ -6,7 +7,7 @@ A Composite database is a special type of database introduced in Neo4j 5. It supersedes the previous Fabric implementation in Neo4j 4.x. -In Neo4j 5, fabric has been expanded as a concept and now refers to the architectural design of a unified system that provides a single access point to local or distributed graph data. +In Neo4j 5, fabric has been expanded as a concept and now refers to the architectural design of a unified system that provides a single access point to local or distributed graph data. Composite databases are the means to access this partitioned data or graphs with a single Cypher query. diff --git a/modules/ROOT/pages/database-administration/composite-databases/manage-composite-databases.adoc b/modules/ROOT/pages/database-administration/composite-databases/manage-composite-databases.adoc index 08777ecc0..521d9b0ff 100644 --- a/modules/ROOT/pages/database-administration/composite-databases/manage-composite-databases.adoc +++ b/modules/ROOT/pages/database-administration/composite-databases/manage-composite-databases.adoc @@ -1,5 +1,5 @@ :description: This page describes how to manage composite databases. -:page-aliases: /composite-databases/ +:page-aliases: fabric/configuration.adoc [role=enterprise-edition not-on-aura] [[composite-databases]] = Managing composite databases @@ -8,14 +8,14 @@ Composite databases are managed using Cypher(R) administrative commands. Note that it is not possible to modify access options or database topologies for composite databases as these are inherited from the constituent databases. For information about modifying access options, see xref:database-administration/standard-databases/manage-databases.adoc#manage-databases-alter[Alter database access mode]. For information about about topologies for databases, see xref:clustering/setup/deploy.adoc#cluster-example-create-databases-on-cluster[Create databases in a cluster]. -// The above two links will have to be changed when server management and access control sections are migrated from Cypher Manual. +// The above two links will have to be changed when server management and access control sections are migrated from Cypher Manual. [[composite-databases-list]] == Listing composite databases //// [source, cypher, role=test-setup] ----- +---- CREATE COMPOSITE DATABASE `library`; CREATE DATABASE `sci-fi`; CREATE ALIAS `library`.`sci-fi` FOR DATABASE `sci-fi`; diff --git a/modules/ROOT/pages/database-administration/composite-databases/querying-composite-databases.adoc b/modules/ROOT/pages/database-administration/composite-databases/querying-composite-databases.adoc index 2cee7906a..6d015b3f8 100644 --- a/modules/ROOT/pages/database-administration/composite-databases/querying-composite-databases.adoc +++ b/modules/ROOT/pages/database-administration/composite-databases/querying-composite-databases.adoc @@ -1,5 +1,6 @@ :description: Example queries that show how to perform a range of different tasks on Composite databases. -[role=enterprise-edition not-on-aura] +:page-aliases: fabric/queries.adoc +[role=enterprise-edition not-on-aura] [[composite-databases-queries]] = Set up and query composite databases diff --git a/modules/ROOT/pages/database-administration/composite-databases/sharding-with-copy.adoc b/modules/ROOT/pages/database-administration/composite-databases/sharding-with-copy.adoc index 3c524117f..8595e14cc 100644 --- a/modules/ROOT/pages/database-administration/composite-databases/sharding-with-copy.adoc +++ b/modules/ROOT/pages/database-administration/composite-databases/sharding-with-copy.adoc @@ -1,4 +1,5 @@ :description: An example of how to use `neo4j-admin database copy` to filter out data for creating shards. +:page-aliases: fabric/sharding-with-copy.adoc [role=enterprise-edition not-on-aura] [[sharding-with-copy]] = Sharding data with the `copy` command diff --git a/modules/ROOT/pages/database-administration/index.adoc b/modules/ROOT/pages/database-administration/index.adoc index ec8071bac..952d6ed4a 100644 --- a/modules/ROOT/pages/database-administration/index.adoc +++ b/modules/ROOT/pages/database-administration/index.adoc @@ -1,5 +1,5 @@ :description: This page gives an introduction to database administration using Neo4j. -:page-aliases: manage-databases/index.adoc, manage-databases/introduction.adoc +:page-aliases: manage-databases/introduction.adoc, manage-databases/index.adoc [database-administration] = Database administration diff --git a/modules/ROOT/pages/database-administration/standard-databases/configuration-parameters.adoc b/modules/ROOT/pages/database-administration/standard-databases/configuration-parameters.adoc index 4375f11cb..bfb675e65 100644 --- a/modules/ROOT/pages/database-administration/standard-databases/configuration-parameters.adoc +++ b/modules/ROOT/pages/database-administration/standard-databases/configuration-parameters.adoc @@ -1,4 +1,5 @@ :description: This page describes the relevant configuration parameters for managing databases with Neo4j. +:page-aliases: manage-databases/configuration.adoc [[manage-databases-parameters]] = Configuration parameters diff --git a/modules/ROOT/pages/database-administration/standard-databases/errors.adoc b/modules/ROOT/pages/database-administration/standard-databases/errors.adoc index 87424c45e..82fbc930d 100644 --- a/modules/ROOT/pages/database-administration/standard-databases/errors.adoc +++ b/modules/ROOT/pages/database-administration/standard-databases/errors.adoc @@ -1,4 +1,5 @@ :description: This section describes how to manage errors that you may encounter while managing databases. +:page-aliases: manage-databases/errors.adoc [[manage-database-errors]] = Error handling diff --git a/modules/ROOT/pages/database-administration/standard-databases/manage-databases.adoc b/modules/ROOT/pages/database-administration/standard-databases/manage-databases.adoc index 0c89e6b76..d9b8654b8 100644 --- a/modules/ROOT/pages/database-administration/standard-databases/manage-databases.adoc +++ b/modules/ROOT/pages/database-administration/standard-databases/manage-databases.adoc @@ -1,4 +1,5 @@ :description: This page describes how to manage multiple active databases. +:page-aliases: manage-databases/queries.adoc [[manage-databases]] = Managing databases diff --git a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-store-info.adoc b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-store-info.adoc index 6380059c8..9495a0dbe 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-store-info.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-store-info.adoc @@ -1,5 +1,5 @@ :description: This chapter describes the `neo4j-admin database info` command. -:page-aliases: tools/neo4j-admin/neo4j-admin-store-info.adoc#store-formats-entity-limits + [[neo4j-admin-store-info]] = Display store information diff --git a/modules/ROOT/pages/tutorial/tutorial-composite-database.adoc b/modules/ROOT/pages/tutorial/tutorial-composite-database.adoc index 94159d61a..8e421304f 100644 --- a/modules/ROOT/pages/tutorial/tutorial-composite-database.adoc +++ b/modules/ROOT/pages/tutorial/tutorial-composite-database.adoc @@ -2,6 +2,7 @@ [[tutorial-composite-database]] = Set up and use a Composite database :description: This tutorial walks through the basics of setting up and using a Composite database. +:page-aliases: fabric-tutorial.adoc Composite databases allow queries that access multiple graphs at once. This is a function that enables: From 72f4e4dcbc07928439abe9eb95b77c1db21b6c61 Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Thu, 1 Feb 2024 13:06:27 +0100 Subject: [PATCH 547/876] Restructure the table of file def locations (#1330) Split the original table into several pieces depending on the file type --- .../pages/configuration/file-locations.adoc | 391 ++++++++++++------ 1 file changed, 254 insertions(+), 137 deletions(-) diff --git a/modules/ROOT/pages/configuration/file-locations.adoc b/modules/ROOT/pages/configuration/file-locations.adoc index 6d8b38676..96e00ff64 100644 --- a/modules/ROOT/pages/configuration/file-locations.adoc +++ b/modules/ROOT/pages/configuration/file-locations.adoc @@ -1,118 +1,267 @@ :description: An overview of where files are stored in the different Neo4j distributions, and the necessary file permissions for running Neo4j. + [[file-locations]] = Default file locations -The following table lists the default location of the Neo4j files, per type, and distribution. - -[[table-file-locations]] -.Default file locations -[cols="6", options="header"] -|=== -| File type -| Description -| Linux / macOS / Docker -| Windows -| Debian / RPM -| Neo4j Desktop footnote:[Applicable to all operating systems where Neo4j Desktop is supported.] - -| Bin -| The Neo4j running script and built-in tools, such as Cypher Shell and Neo4j Admin. -| _/bin_ -| _\bin_ -| _/usr/bin_ -| From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd bin`. - -| Certificates -| The Neo4j TLS certificates. -| _/certificates_ -| _\certificates_ -| _/var/lib/neo4j/certificates_ -| From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd certificates`. - - -| Configuration footnote:[For details about _neo4j.conf_, see xref:configuration/neo4j-conf.adoc[The neo4j.conf file].] -| The Neo4j configuration settings, Log4j configuration settings, and the JMX access credentials. -| _/conf/neo4j.conf_ + +[[neo4j-directories]] +== Neo4j directories + +The page describes the Neo4j directories, specifying their default locations per distribution and minimal file permissions. + +Instructions provided for Neo4j Desktop are applicable across all operating systems where Neo4j Desktop is supported. + +[NOTE] +==== +If _tmp_ is set to `noexec`, it is recommended to set `dbms.jvm.additional=-Djava.io.tmpdir=/home/neo4j` in _conf/neo4j.conf_. +Additionally, replace _/home/neo4j_ with a path that has `exec` permissions. + +For _/bin/cypher-shell_, set this via an environment variable: `export JAVA_OPTS=-Djava.io.tmpdir=/home/neo4j` and replace `/home/neo4j` with a path that has `exec` permissions. +==== + +[[neo4j-bin]] +=== Bin + +Description:: The Neo4j running script and built-in tools, such as xref:tools/cypher-shell.adoc[Cypher Shell] and xref:tools/neo4j-admin/index.adoc[Neo4j Admin]. + +File permissions:: Read only and execute. + +[cols="1,4", options="header"] +|=== +| Neo4j distribution +| Default file location + +| Linux / macOS / Docker | _/bin_ +| Windows | _\bin_ +| Debian / RPM | _/usr/bin_ +| Neo4j Desktop | From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_ and run `cd bin`. +|=== + +[[neo4j-certificates]] +=== Certificates + +Description:: The Neo4j TLS certificates. + +File permissions:: Read only. + +[cols="1,4", options="header"] +|=== +| Neo4j distribution +| Default file location + +| Linux / macOS / Docker | _/certificates_ +| Windows | _\certificates_ +| Debian / RPM | _/var/lib/neo4j/certificates_ +| Neo4j Desktop| From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_ and run `cd certificates`. +|=== + +[[neo4j-config]] +=== Configuration + +Description:: The Neo4j configuration settings, Log4j configuration settings, and the JMX access credentials. +For details about _neo4j.conf_, see xref:configuration/neo4j-conf.adoc[The neo4j.conf file]. + +File permissions:: Read only + +[cols="1,4", options="header"] +|=== +| Neo4j distribution +| Default file location + +| Linux / macOS / Docker | _/conf/neo4j.conf_ + _/conf/server-logs.xml_ + _/conf/user-log.xml_ -| _\conf\neo4j.conf_ +| Windows | _\conf\neo4j.conf_ + _\conf\server-logs.xml_ + _\conf\user-log.xml_ -| _/etc/neo4j/neo4j.conf_ +| Debian / RPM | _/etc/neo4j/neo4j.conf_ + _/etc/neo4j/server-logs.xml_ + _/etc/neo4j/user-log.xml_ -| From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd conf`. - -| Data footnote:[The data directory is internal to Neo4j and its structure is subject to change between versions without notice.] -| All data-related content, such as databases, transactions, cluster-state (if applicable), dumps, and the _cypher.script_ files (from the `neo4j-admin database restore` command). -| _/data_ -| _\data_ -| _/var/lib/neo4j/data_ -| From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd data`. - -| Import -| All CSV files that the command `LOAD CSV` uses as sources to import data in Neo4j. -| _/import_ -| _\import_ -| _/var/lib/neo4j/import_ -| From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd import`. - -| Labs footnote:[For more information, see https://neo4j.com/labs/apoc/{neo4j-version}/installation/[APOC User Guide -> Installation].] -| Contains APOC Core. -| _/labs_ -| _\labs_ -| _/var/lib/neo4j/labs_ -| From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd labs`. - -| Lib -| All Neo4j dependencies. -| _/lib_ -| _\lib_ -| _/usr/share/neo4j/lib_ -| From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd lib`. - -| Licenses -| For storing license files from Neo4j. -| _/licenses_ -| _\licenses_ -| _/var/lib/neo4j/licenses_ -| From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd licences`. - -| Logs -| The Neo4j log files. -| _/logs_ footnote:[To view _neo4j.log_ in Docker, use xref:docker/mounting-volumes.adoc#docker-volumes-logs[`docker logs `].] -| _\logs_ -| _/var/log/neo4j/_ footnote:[To view the neo4j.log for Debian and RPM, use `journalctl --unit=neo4j`.] -| From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd logs`. - -| Metrics -| The Neo4j built-in metrics for monitoring the Neo4j DBMS and each individual database. -| _/metrics_ -| _\metrics_ -| _/var/lib/neo4j/metrics_ -| From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd metrics`. - -| Plugins -| Custom code that extends Neo4j, for example, user-defined procedures, functions, and security plugins. -| _/plugins_ -| _\plugins_ -| _/var/lib/neo4j/plugins_ -| From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd plugins`. - -| Products -| The jar files of the Neo4j products: Graph Data Science Library and Bloom. The folder also contains a _README.txt_ file with information on enabling them. -| _/products_ -| _\products_ -| _/var/lib/neo4j/products_ -| From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd products`. - -| Run -| The processes IDs. -| _/run_ -| _\run_ -| _/var/lib/neo4j/run_ -| From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd run`. +| Neo4j Desktop | From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_ and run `cd conf`. +|=== + +[[data]] +=== Data + +Description:: All data-related content, such as databases, transactions, cluster-state (if applicable), dumps, and the _cypher.script_ files (from the `neo4j-admin database restore` command). +The data directory is internal to Neo4j and its structure is subject to change between versions without notice. + +File permissions:: Read and write. + +[cols="1,4", options="header"] |=== +| Neo4j distribution +| Default file location + +| Linux / macOS / Docker | _/data_ +| Windows | _\data_ +| Debian / RPM | _/var/lib/neo4j/data_ +| Neo4j Desktop | From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd data`. +|=== + +[[neo4j-import]] +=== Import + +Description:: All CSV files that the command `LOAD CSV` uses as sources to import data in Neo4j. + +File permissions:: Read only + +[cols="1,4", options="header"] +|=== +| Neo4j distribution +| Default file location + +| Linux / macOS / Docker | _/import_ +| Windows | _\import_ +| Debian / RPM | _/var/lib/neo4j/import_ +| Neo4j Desktop | From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd import`. +|=== + +[[neo4j-labs]] +=== Labs + +Description:: Contains APOC Core. +For more information, see https://neo4j.com/docs/apoc/current/installation/[APOC User Guide -> Installation]. + +File permissions:: Read only. + +[cols="1,4", options="header"] +|=== +| Neo4j distribution +| Default file location + +| Linux / macOS / Docker | _/labs_ +| Windows | _\labs_ +| Debian / RPM | _/var/lib/neo4j/labs_ +| Neo4j Desktop | From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd labs`. +|=== + +[[neo4j-lib]] +=== Lib + +Description:: All Neo4j dependencies. + +File permissions:: Read only. + +[cols="1,4", options="header"] +|=== +| Neo4j distribution +| Default file location + +| Linux / macOS / Docker | _/lib_ +| Windows | _\lib_ +| Debian / RPM | _/usr/share/neo4j/lib_ +| Neo4j Desktop | From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd lib`. +|=== + +[[neo4j-licenses]] +=== Licenses + +Description:: For storing license files from Neo4j. + +File permissions:: Read only. + +[cols="1,4", options="header"] +|=== +| Neo4j distribution +| Default file location + +| Linux / macOS / Docker | _/licenses_ +| Windows | _\licenses_ +| Debian / RPM | _/var/lib/neo4j/licenses_ +| Neo4j Desktop | From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd licences`. +|=== + +[[neo4j-logs]] +=== Logs + +Description:: The Neo4j log files. + +File permissions:: Read and write. + +[cols="1,4", options="header"] +|=== +| Neo4j distribution +| Default file location + +| Linux / macOS / Docker | _/logs_ footnote:[To view _neo4j.log_ in Docker, use xref:docker/mounting-volumes.adoc#docker-volumes-logs[`docker logs `].] +| Windows | _\logs_ +| Debian / RPM | _/var/log/neo4j/_ footnote:[To view the neo4j.log for Debian and RPM, use `journalctl --unit=neo4j`.] +| Neo4j Desktop | From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd logs`. +|=== + +[[neo4j-metrics]] +=== Metrics + +Description:: The Neo4j built-in metrics for monitoring the Neo4j DBMS and each individual database. + +File permissions:: Read and write. + +[cols="1,4", options="header"] +|=== +| Neo4j distribution +| Default file location + +| Linux / macOS / Docker | _/metrics_ +| Windows | _\metrics_ +| Debian / RPM | _/var/lib/neo4j/metrics_ +| Neo4j Desktop | From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd metrics`. +|=== + +[[neo4j-plugins]] +=== Plugins + +Description:: Custom code that extends Neo4j, for example, user-defined procedures, functions, and security plugins. + +File permissions:: Read only. + +[cols="1,4", options="header"] +|=== +| Neo4j distribution +| Default file location + +| Linux / macOS / Docker | _/plugins_ +| Windows | _\plugins_ +| Debian / RPM | _/var/lib/neo4j/plugins_ +| Neo4j Desktop | From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd plugins`. +|=== + +[[neo4j-products]] +=== Products + +Description:: The JAR files of the Neo4j products: link:https://neo4j.com/docs/graph-data-science/current/[Graph Data Science Library] and link:https://neo4j.com/docs/bloom-user-guide/current/[Neo4j Bloom]. +The folder also contains a _README.txt_ file with information on enabling them. + +File permissions:: Read only. + +[cols="1,4", options="header"] +|=== +| Neo4j distribution +| Default file location + +| Linux / macOS / Docker | _/products_ +| Windows | _\products_ +| Debian / RPM | _/var/lib/neo4j/products_ +| Neo4j Desktop | From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd products`. +|=== + +[[neo4j-run]] +=== Run + +Description:: The processes IDs. + +File permissions:: Read and write. + +[cols="1,4", options="header"] +|=== +| Neo4j distribution +| Default file location + +| Linux / macOS / Docker | _/run_ +| Windows | _\run_ +| Debian / RPM | _/var/lib/neo4j/run_ +| Neo4j Desktop | From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd run`. +|=== + [[file-locations-file-locations]] == Customize your file locations @@ -140,6 +289,7 @@ The locations of __ and _conf_ can be configured using environment v | Must be set explicitly if it is not a subdirectory of __. |=== + The rest of the locations can be configured by uncommenting the respective setting in the _conf/neo4j.conf_ file and changing the default value. [source, shell] @@ -156,36 +306,3 @@ The rest of the locations can be configured by uncommenting the respective setti #server.directories.import=import ---- - -[[file-locations-permissions]] -== File permissions - -The operating system user that Neo4j server runs as must have the following minimal permissions: - -Read only:: - * _bin_ - * _certificates_ - * _conf_ - * _import_ - * _labs_ - * _lib_ - * _licenses_ - * _plugins_ - * _products_ - -Read and write:: - * _data_ - * _logs_ - * _metrics_ - * _run_ - -Execute:: - * all files in _bin_ and _tmp_ - -[NOTE] -==== -If _tmp_ is set to `noexec`, it is recommended to set `dbms.jvm.additional=-Djava.io.tmpdir=/home/neo4j` in _conf/neo4j.conf_. -Additionally, replace _/home/neo4j_ with a path that has `exec` permissions. - -For _/bin/cypher-shell_, set this via an environment variable: `export JAVA_OPTS=-Djava.io.tmpdir=/home/neo4j` and replace `/home/neo4j` with a path that has `exec` permissions. -==== \ No newline at end of file From 5a609fe54d22f9781436f684f1656a4767ee1fea Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Thu, 1 Feb 2024 13:29:55 +0100 Subject: [PATCH 548/876] Bring metric class names in line with those in the code (#1361) --- modules/ROOT/pages/monitoring/metrics/reference.adoc | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/ROOT/pages/monitoring/metrics/reference.adoc b/modules/ROOT/pages/monitoring/metrics/reference.adoc index 78795981c..7522c78e1 100644 --- a/modules/ROOT/pages/monitoring/metrics/reference.adoc +++ b/modules/ROOT/pages/monitoring/metrics/reference.adoc @@ -356,7 +356,7 @@ The total number of queries executed remotely to a member of a different cluster == Metrics specific to clustering [[catchup-metrics]] -.Catchup metrics +.CatchUp metrics [options="header",cols="<3m,<4"] |=== @@ -364,8 +364,8 @@ The total number of queries executed remotely to a member of a different cluster |.cluster.catchup.tx_pull_requests_received|TX pull requests received from other cluster members. (counter) |=== -[[discovery-db-primary-metrics]] -.Discovery database primary metrics +[[discovery-metrics]] +.Discovery metrics [options="header",cols="<3m,<4"] |=== @@ -378,8 +378,8 @@ The total number of queries executed remotely to a member of a different cluster |.cluster.discovery.restart.failed_count|Discovery restart failed count. (gauge) |=== -[[raft-db-primary-metrics]] -.Raft database primary metrics +[[raft-metrics]] +.Raft metrics [options="header",cols="<3m,<4"] |=== @@ -459,7 +459,7 @@ You can limit this memory using JVM settings, but there is never any good reason |=== [[jvm-heap-metrics]] -.JVM heap metrics +.JVM Heap metrics [options="header",cols="<3m,<4"] |=== From eb17b04405880ec70bb5cdf9964096c270203c17 Mon Sep 17 00:00:00 2001 From: Lidia Zuin <102308961+lidiazuin@users.noreply.github.com> Date: Thu, 1 Feb 2024 13:33:30 +0100 Subject: [PATCH 549/876] Remaining page aliases (#1396) --- modules/ROOT/pages/clustering/clustering-advanced/index.adoc | 1 + modules/ROOT/pages/database-internals/transaction-logs.adoc | 1 + 2 files changed, 2 insertions(+) diff --git a/modules/ROOT/pages/clustering/clustering-advanced/index.adoc b/modules/ROOT/pages/clustering/clustering-advanced/index.adoc index 0770cce36..01ca8ded4 100644 --- a/modules/ROOT/pages/clustering/clustering-advanced/index.adoc +++ b/modules/ROOT/pages/clustering/clustering-advanced/index.adoc @@ -1,4 +1,5 @@ [role=enterprise-edition] +:page-aliases: clustering-advanced/index.adoc [[clustering-advanced]] = Advanced Clustering :description: This appendix describes advanced features of a Neo4j Cluster. diff --git a/modules/ROOT/pages/database-internals/transaction-logs.adoc b/modules/ROOT/pages/database-internals/transaction-logs.adoc index 96c222897..a959deb6b 100644 --- a/modules/ROOT/pages/database-internals/transaction-logs.adoc +++ b/modules/ROOT/pages/database-internals/transaction-logs.adoc @@ -1,4 +1,5 @@ [[transaction-logging]] +:page-aliases: configuration/transaction-logs.adoc = Transaction logging :description: Transaction logs, checkpointing, and log pruning. The retention and rotation policies for the Neo4j transaction logs, and how to configure them. From ae0cf0768715dc2c7612c9044b3790c8a386f46c Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Thu, 1 Feb 2024 14:09:39 +0100 Subject: [PATCH 550/876] Label db state metrics with 5.7 (#1381) As it was decided to tag all new additions with the corresponding labels in the 5.x series, we have to label `database state metrics` with `Introduced in 5.7`. See PR #636 --- modules/ROOT/pages/monitoring/metrics/reference.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/monitoring/metrics/reference.adoc b/modules/ROOT/pages/monitoring/metrics/reference.adoc index 7522c78e1..205cd33e2 100644 --- a/modules/ROOT/pages/monitoring/metrics/reference.adoc +++ b/modules/ROOT/pages/monitoring/metrics/reference.adoc @@ -165,7 +165,7 @@ By default, database metrics include: |=== [[db-state-count-metrics]] -.Database state count metrics +.Database state count metrics label:new[Introduced in 5.7] [options="header",cols="<3m,<4"] |=== From 51c19e1b6c45633a76d559152c496f65885884a7 Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Thu, 1 Feb 2024 14:35:29 +0100 Subject: [PATCH 551/876] Fix names of the Bolt driver metrics (#1385) Separate Bolt driver metrics from the Bolt metrics. Fix names of the Bolt driver metrics according to the codebase. For details, see https://github.com/neo-technology/neo4j/pull/22339. These metrics were added as a new metric class. --------- Co-authored-by: Reneta Popova --- .../ROOT/pages/monitoring/metrics/reference.adoc | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/modules/ROOT/pages/monitoring/metrics/reference.adoc b/modules/ROOT/pages/monitoring/metrics/reference.adoc index 205cd33e2..6875d7062 100644 --- a/modules/ROOT/pages/monitoring/metrics/reference.adoc +++ b/modules/ROOT/pages/monitoring/metrics/reference.adoc @@ -92,10 +92,18 @@ By default, database metrics include: |.bolt.response_success|(unsupported feature) When `internal.server.bolt.response_metrics` is enabled, number of `encounteredsuccess` responses. (counter) |.bolt.response_ignored|(unsupported feature) When `internal.server.bolt.response_metrics` is enabled, number of `encounteredignored` responses (counter) |.bolt.response_failed|(unsupported feature) When `internal.server.bolt.response_metrics` is enabled, number of `encounteredinstances` of a given error code. (counter) -|.bolt_driver.managed_transaction_function_calls|The total number of managed transaction function calls. (counter) -|.bolt_driver.unmanaged_transaction_calls|The total number of un-managed transaction function calls. (counter) -|.bolt_driver.implicit_transaction_calls|The total number of implicit transaction function calls. (counter) -|.bolt_driver.execute_calls|The total number of driver-level execute function calls. (counter) +|=== + +[[bolt-driver-metrics]] +.Bolt Driver metrics label:new[Introduced in 5.13] + +[options="header",cols="<3m,<4"] +|=== +|Name |Description +|.dbms.bolt_driver.api.managed_transaction_function_calls|The total number of managed transaction function calls. (counter) +|.dbms.bolt_driver.api.unmanaged_transaction_calls|The total number of unmanaged transaction function calls. (counter) +|.dbms.bolt_driver.api.implicit_transaction_calls|The total number of implicit transaction function calls. (counter) +|.dbms.bolt_driver.api.execute_calls|The total number of driver-level execute function calls. (counter) |=== [[checkpointing-metrics]] From cd0affbab2b8f5bb948599636fa5955ddcbad4b3 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Fri, 2 Feb 2024 12:40:29 +0000 Subject: [PATCH 552/876] Add vector indexes to the available features table (#1402) --- modules/ROOT/pages/introduction.adoc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/ROOT/pages/introduction.adoc b/modules/ROOT/pages/introduction.adoc index 373d99e4e..2d02178f5 100644 --- a/modules/ROOT/pages/introduction.adoc +++ b/modules/ROOT/pages/introduction.adoc @@ -145,6 +145,9 @@ a| APOC 450+ link:https://neo4j.com/docs/apoc/5/[Core Procedures and Functions] | Full-text node & relationship indexes | {check-mark} | {check-mark} +| Vector indexes label:new[Introduced in Neo4j 5.13] +| {check-mark} +| {check-mark} | Property uniqueness constraints | {check-mark} | {check-mark} From c3fc1b65bc3bcb5423dcca25a3417b1a58b61790 Mon Sep 17 00:00:00 2001 From: Jenny Owen Date: Mon, 5 Feb 2024 11:14:02 +0000 Subject: [PATCH 553/876] updated mentions of ubi8 docker images to ubi9 (#1403) In 5.17.0 we will start deprecating ubi8 images in favour of ubi9 ones. This updates the documentation so that we aren't telling users to start the deprecated images. This should only be merged into the public documentation after the 5.17 release though, otherwise the docker commands won't work. I'm not sure what needs doing to ensure it doesn't get published early? --- modules/ROOT/pages/docker/introduction.adoc | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/modules/ROOT/pages/docker/introduction.adoc b/modules/ROOT/pages/docker/introduction.adoc index 04944b52a..45513f764 100644 --- a/modules/ROOT/pages/docker/introduction.adoc +++ b/modules/ROOT/pages/docker/introduction.adoc @@ -35,7 +35,7 @@ ____ === Base operating system -The Neo4j image is available with either `debian:bullseye-slim` or `redhat/ubi8-minimal:latest` as the base image. +The Neo4j image is available with either `debian:bullseye-slim` or `redhat/ubi9-minimal:latest` as the base image. The default is `debian:bullseye-slim`. [TIP] @@ -44,7 +44,7 @@ If you are unsure which base image to use or have no preference, just use the de ==== -To specify which base image to use, the image tags optionally have a `-bullseye` or `-ubi8` suffix. +To specify which base image to use, the image tags optionally have a `-bullseye` or `-ubi9` suffix. For example: @@ -52,8 +52,8 @@ For example: ---- neo4j:{neo4j-version-exact}-bullseye # debian 11 community neo4j:{neo4j-version-exact}-enterprise-bullseye # debian 11 enterprise -neo4j:{neo4j-version-exact}-ubi8 # redhat UBI8 community -neo4j:{neo4j-version-exact}-enterprise-ubi8 # redhat UBI8 enterprise +neo4j:{neo4j-version-exact}-ubi9 # redhat UBI9 community +neo4j:{neo4j-version-exact}-enterprise-ubi9 # redhat UBI9 enterprise neo4j:{neo4j-version-exact} # debian 11 community neo4j:{neo4j-version-exact}-enterprise # debian 11 enterprise ---- @@ -68,8 +68,8 @@ neo4j:{neo4j-version-exact}-enterprise # debian 11 enterprise | `-bullseye` | `debian:bullseye-slim` -| `-ubi8` -| `redhat/ubi8-minimal:latest` +| `-ubi9` +| `redhat/ubi9-minimal:latest` | _unspecified_ | `debian:bullseye-slim` @@ -78,7 +78,7 @@ neo4j:{neo4j-version-exact}-enterprise # debian 11 enterprise [NOTE] ==== -The Red Hat variant images are only available from 5.10.0 and onwards. +The Red Hat UBI9 variant images are only available from 5.17.0 and onwards. For earlier Neo4j versions, do not specify a base image. ==== From 09fc692d49ae1a3029ab1eb37cf31d57ee46f627 Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Mon, 5 Feb 2024 15:36:31 +0100 Subject: [PATCH 554/876] Fix the Bolt metrics names by adding `dbms` (#1406) --- .../pages/monitoring/metrics/reference.adoc | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/modules/ROOT/pages/monitoring/metrics/reference.adoc b/modules/ROOT/pages/monitoring/metrics/reference.adoc index 6875d7062..b9cfa3210 100644 --- a/modules/ROOT/pages/monitoring/metrics/reference.adoc +++ b/modules/ROOT/pages/monitoring/metrics/reference.adoc @@ -79,19 +79,19 @@ By default, database metrics include: [options="header",cols="<3m,<4"] |=== |Name |Description -|.bolt.connections_opened|The total number of Bolt connections opened since startup. This includes both succeeded and failed connections. Useful for monitoring load via the Bolt drivers in combination with other metrics. (counter) -|.bolt.connections_closed|The total number of Bolt connections closed since startup. This includes both properly and abnormally ended connections. Useful for monitoring load via Bolt drivers in combination with other metrics. (counter) -|.bolt.connections_running|The total number of Bolt connections that are currently executing Cypher and returning results. Useful to track the overall load on Bolt connections. This is limited to the number of Bolt worker threads that have been configured via `dbms.connector.bolt.thread_pool_max_size`. Reaching this maximum indicated the server is running at capacity. (gauge) -|.bolt.connections_idle|The total number of Bolt connections that are not currently executing Cypher or returning results. (gauge) -|.bolt.messages_received|The total number of messages received via Bolt since startup. Useful to track general message activity in combination with other metrics. (counter) -|.bolt.messages_started|The total number of messages that have started processing since being received. A received message may have begun processing until a Bolt worker thread becomes available. A large gap observed between `bolt.messages_received` and `bolt.messages_started` could indicate the server is running at capacity. (counter) -|.bolt.messages_done|The total number of Bolt messages that have completed processing whether successfully or unsuccessfully. Useful for tracking overall load. (counter) -|.bolt.messages_failed|The total number of messages that have failed while processing. A high number of failures may indicate an issue with the server and further investigation of the logs is recommended. (counter) -|.bolt.accumulated_queue_time|(unsupported feature) When `internal.server.bolt.thread_pool_queue_size` is enabled, the total time in milliseconds that a Bolt message waits in the processing queue before a Bolt worker thread becomes available to process it. Sharp increases in this value indicate that the server is running at capacity. If `internal.server.bolt.thread_pool_queue_size` is disabled, the value should be `0`, meaning that messages are directly handed off to worker threads. (counter) -|.bolt.accumulated_processing_time|The total amount of time in milliseconds that worker threads have been processing messages. Useful for monitoring load via Bolt drivers in combination with other metrics. (counter) -|.bolt.response_success|(unsupported feature) When `internal.server.bolt.response_metrics` is enabled, number of `encounteredsuccess` responses. (counter) -|.bolt.response_ignored|(unsupported feature) When `internal.server.bolt.response_metrics` is enabled, number of `encounteredignored` responses (counter) -|.bolt.response_failed|(unsupported feature) When `internal.server.bolt.response_metrics` is enabled, number of `encounteredinstances` of a given error code. (counter) +|.dbms.bolt.connections_opened|The total number of Bolt connections opened since startup. This includes both succeeded and failed connections. Useful for monitoring load via the Bolt drivers in combination with other metrics. (counter) +|.dbms.bolt.connections_closed|The total number of Bolt connections closed since startup. This includes both properly and abnormally ended connections. Useful for monitoring load via Bolt drivers in combination with other metrics. (counter) +|.dbms.bolt.connections_running|The total number of Bolt connections that are currently executing Cypher and returning results. Useful to track the overall load on Bolt connections. This is limited to the number of Bolt worker threads that have been configured via `dbms.connector.bolt.thread_pool_max_size`. Reaching this maximum indicated the server is running at capacity. (gauge) +|.dbms.bolt.connections_idle|The total number of Bolt connections that are not currently executing Cypher or returning results. (gauge) +|.dbms.bolt.messages_received|The total number of messages received via Bolt since startup. Useful to track general message activity in combination with other metrics. (counter) +|.dbms.bolt.messages_started|The total number of messages that have started processing since being received. A received message may have begun processing until a Bolt worker thread becomes available. A large gap observed between `bolt.messages_received` and `bolt.messages_started` could indicate the server is running at capacity. (counter) +|.dbms.bolt.messages_done|The total number of Bolt messages that have completed processing whether successfully or unsuccessfully. Useful for tracking overall load. (counter) +|.dbms.bolt.messages_failed|The total number of messages that have failed while processing. A high number of failures may indicate an issue with the server and further investigation of the logs is recommended. (counter) +|.dbms.bolt.accumulated_queue_time|(unsupported feature) When `internal.server.bolt.thread_pool_queue_size` is enabled, the total time in milliseconds that a Bolt message waits in the processing queue before a Bolt worker thread becomes available to process it. Sharp increases in this value indicate that the server is running at capacity. If `internal.server.bolt.thread_pool_queue_size` is disabled, the value should be `0`, meaning that messages are directly handed off to worker threads. (counter) +|.dbms.bolt.accumulated_processing_time|The total amount of time in milliseconds that worker threads have been processing messages. Useful for monitoring load via Bolt drivers in combination with other metrics. (counter) +|.dbms.bolt.response_success|(unsupported feature) When `internal.server.bolt.response_metrics` is enabled, number of `encounteredsuccess` responses. (counter) +|.dbms.bolt.response_ignored|(unsupported feature) When `internal.server.bolt.response_metrics` is enabled, number of `encounteredignored` responses (counter) +|.dbms.bolt.response_failed|(unsupported feature) When `internal.server.bolt.response_metrics` is enabled, number of `encounteredinstances` of a given error code. (counter) |=== [[bolt-driver-metrics]] From 7a2d6fe9c760e52a458ecc0a19cbdab6b33b8e0f Mon Sep 17 00:00:00 2001 From: Love Kristofer Leifland Date: Mon, 5 Feb 2024 16:56:01 +0100 Subject: [PATCH 555/876] Update cypher-shell.adoc (#1383) Co-authored-by: Reneta Popova --- modules/ROOT/pages/tools/cypher-shell.adoc | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/tools/cypher-shell.adoc b/modules/ROOT/pages/tools/cypher-shell.adoc index d46267af5..ad13db52c 100644 --- a/modules/ROOT/pages/tools/cypher-shell.adoc +++ b/modules/ROOT/pages/tools/cypher-shell.adoc @@ -25,7 +25,9 @@ The Cypher Shell CLI is located in the `bin` directory if installed as part of t [-P PARAM] [--non-interactive] [--sample-rows SAMPLE-ROWS] [--wrap {true,false}] [-v] [--driver-version] [-f FILE] [--change-password] [--log [LOG-FILE]] - [--fail-fast | --fail-at-end] [cypher] + [--history HISTORY-BEHAVIOUR] + [--notifications] [--fail-fast | --fail-at-end] + [cypher] ---- == Options @@ -99,6 +101,16 @@ Displays the results in tabular format if you use the shell interactively and wi |--log [LOG-FILE] |Enable logging to the specified file, or standard error if the file is omitted. | + +|--history [HISTORY-BEHAVIOUR] +|File path of query and command history file or `in-memory` for in memory history. +Defaults to `/.neo4j/.cypher_shell_history`. +It can also be set using the environmental variable `NEO4J_CYPHER_SHELL_HISTORY`. +| + +|--notifications +|Enable query notifications in interactive mode. +|off |=== .Connection arguments From 072d3e2444517435126a5dd1dfe3a20a421e82f4 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Tue, 6 Feb 2024 15:58:11 +0000 Subject: [PATCH 556/876] Remove beta label from Block format (#1410) --- modules/ROOT/pages/database-internals/store-formats.adoc | 8 ++++---- modules/ROOT/pages/introduction.adoc | 3 --- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/modules/ROOT/pages/database-internals/store-formats.adoc b/modules/ROOT/pages/database-internals/store-formats.adoc index 24017a82d..99088310f 100644 --- a/modules/ROOT/pages/database-internals/store-formats.adoc +++ b/modules/ROOT/pages/database-internals/store-formats.adoc @@ -7,7 +7,7 @@ The available formats are: * `aligned` label:default[Default] * `standard` * `high_limit` label:enterprise-edition[] -* `block` label:enterprise-edition[] label:beta[Beta] label:version-number[Introduced in Neo4j 5.14] +* `block` label:enterprise-edition[] label:version-number[GA in Neo4j 5.16] Neo4j's newest store format is `block`. It has the best performance and supports the highest limits. @@ -267,12 +267,12 @@ The following tables show the format and Neo4j version compatibility and the lim .Block format and Neo4j version compatibility [options="header"] |=== -| Name | Store format version | Introduced in | Unsupported from +| Name | Store format version | Introduced in | GA from -| `BLOCK_V1` label:beta[Beta] +| `BLOCK_V1` | `block-block-1.1` | `5.14.0` -| +| `5.16.0` |=== diff --git a/modules/ROOT/pages/introduction.adoc b/modules/ROOT/pages/introduction.adoc index 2d02178f5..6d292722c 100644 --- a/modules/ROOT/pages/introduction.adoc +++ b/modules/ROOT/pages/introduction.adoc @@ -82,9 +82,6 @@ a| High_limit (xref:database-internals/store-formats.adoc#high-format-limits[1 Q a| Block format (xref:database-internals/store-formats.adoc#block-format-limits[New format]) | | {check-mark} -a| Block format (xref:database-internals/store-formats.adoc[New format]) -| -| {check-mark} | ACID-compliant transactions | {check-mark} | {check-mark} From 4c710ef998fbcdef46f84d28cfa0991f6b85b494 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 7 Feb 2024 15:20:43 +0000 Subject: [PATCH 557/876] Update the Windows installation steps (#1413) --- modules/ROOT/pages/installation/windows.adoc | 63 +++++++++++--------- 1 file changed, 36 insertions(+), 27 deletions(-) diff --git a/modules/ROOT/pages/installation/windows.adoc b/modules/ROOT/pages/installation/windows.adoc index cae57ceb0..ff56fd812 100644 --- a/modules/ROOT/pages/installation/windows.adoc +++ b/modules/ROOT/pages/installation/windows.adoc @@ -12,13 +12,13 @@ Before you install Neo4j on Windows, check xref:installation/requirements.adoc[S . Download the latest release from {neo4j-download-center-uri}[Neo4j Download Center]. + Select the appropriate ZIP distribution. -. Make sure to download Neo4j from {neo4j-download-center-uri}[Neo4j Download Center] and always check that the SHA hash of the downloaded file is correct: -.. To find the correct SHA hash, go to Neo4j Download Center and click on `SHA-256` which will be located below your downloaded file. +. Check that the SHA hash of the downloaded file is correct: +.. To find the correct SHA hash, go to Neo4j Download Center and click `SHA-256`, which is located below your downloaded file. .. Using the appropriate commands for your platform, display the `SHA-256` hash for the file that you downloaded. .. Ensure that the two are identical. -. Right-click the downloaded file and click Extract All. -. Place the extracted files in a permanent home on your server, for example, `D:\neo4j\`. -The top-level directory is referred to as NEO4J_HOME. +. Right-click the downloaded file and click *Extract All*. +. Place the extracted files in a permanent home on your server, for example, _D:\neo4j\_. +The top-level directory is referred to as _NEO4J_HOME_. . From Neo4j 5.4 onwards, you are required to accept either the commercial or the evaluation license agreement before running the Neo4j Enterprise Edition. If you are using Community Edition, you can skip this step. * Use one of the following options to accept the commercial license agreement. @@ -44,6 +44,9 @@ You will then be prompted to change the password. == Windows service Neo4j can also be run as a Windows service. + +=== Install the Windows service + Install the service with `bin\neo4j windows-service install`, and start it with `bin\neo4j start`. The available commands for `bin\neo4j` are: `version`, `help`, `console`, `start`, `stop`, `restart`, `status`, and `windows-service`. @@ -54,17 +57,18 @@ When installing a new release of Neo4j, you must first run `bin\neo4j windows-se ==== [[windows-update-service]] -=== Java options +=== Change the Windows service configuration -When Neo4j is installed as a service, Java options are stored in the service configuration. -Changes to these options after the service is installed will not take effect until the service configuration is updated. -For example, changing the setting `server.memory.heap.initial_size` in xref:configuration/file-locations.adoc[_neo4j.conf_] will not take effect until the service is updated and restarted. +When Neo4j is installed as a service, the Java options are stored in the service configuration file. +If you want to change any of these options or environment variables after the service is installed, you must update and restart the service for the changes to take effect. +For example, updating the value of `server.memory.heap.initial_size` in the default xref:configuration/file-locations.adoc[_neo4j.conf_] file or by using the `NEO4J_CONF` environment variable will not automatically apply the changes. +The service needs to be updated and restarted to pick them up. To update the service, run `bin\neo4j windows-service update`. Then restart the service to run it with the new configuration. The same applies to the path to where Java is installed on the system. If the path changes, for example when upgrading to a new version of Java, it is necessary to run the `update-service` command and restart the service. -Then the new Java location will be used by the service. +Then, the new Java location will be used by the service. .Update service example ==== @@ -99,7 +103,7 @@ bin\neo4j restart The Neo4j PowerShell module allows administrators to: -* Install, start and stop Neo4j Windows® Services. +* Install, start, and stop Neo4j Windows® Services. * Start tools, such as `Neo4j Admin` and `Cypher Shell`. The PowerShell module is installed as part of the https://neo4j.com/download/other-releases/#releases[ZIP file] distributions of Neo4j. @@ -109,54 +113,59 @@ The PowerShell module is installed as part of the https://neo4j.com/download/oth === System requirements * Requires PowerShell v2.0 or above. -* Supported on either 32 or 64 bit operating systems. +* Supported on either 32 or 64-bit operating systems. [[powershell-windows]] -=== Managing Neo4j on Windows +=== Manage Neo4j on Windows On Windows, it is sometimes necessary to _Unblock_ a downloaded ZIP file before you can import its contents as a module. -If you right-click on the ZIP file and choose "Properties" you will get a dialog which includes an "Unblock" button, which will enable you to import the module. +. Right-click on the ZIP file and choose *Properties*. + +A dialog appears with an *Unblock* button. +. Click the *Unblock* button to enable the import of the module. ++ Running scripts has to be enabled on the system. This can, for example, be achieved by executing the following from an elevated PowerShell prompt: - ++ [source,powershell] ---- Set-ExecutionPolicy -ExecutionPolicy RemoteSigned ---- ++ For more information, see https://technet.microsoft.com/en-us/library/hh847748.aspx[About execution policies]. -The PowerShell module will display a warning if it detects that you do not have administrative rights. +The PowerShell module displays a warning if it detects that you do not have administrative rights. [[powershell-module-import]] -=== How do I import the module? +=== Import the module file -The module file is located in the _bin_ directory of your Neo4j installation, i.e. where you unzipped the downloaded file. -For example, if Neo4j was installed in _C:\Neo4j_ then the module would be imported like this: +The module file is located in the _bin_ directory of your Neo4j installation. +. Assuming that Neo4j is installed in _C:\Neo4j_, run the following command to import the module: ++ [source,powershell] ---- Import-Module C:\Neo4j\bin\Neo4j-Management.psd1 ---- ++ +This adds the module to the current session. -This will add the module to the current session. - -Once the module has been imported you can start an interactive console version of a Neo4j Server like this: - +. Once the module is imported, you can start an interactive console version of a Neo4j Server: ++ [source,powershell] ---- Invoke-Neo4j console ---- -To stop the server, issue `Ctrl-C` in the console window that was created by the command. +To stop the server, use `Ctrl-C` in the console window, created by the command. [[powershell-help]] -=== How do I get help about the module? +=== Inspect the module -Once the module is imported you can query the available commands like this: +You can get all available commands in the module by running the following command: [source,powershell] ---- @@ -176,7 +185,7 @@ Function Invoke-Neo4jImport {neo4j-version-exact} N Function Invoke-Neo4jShell {neo4j-version-exact} Neo4j-Management ---- -The module also supports the standard PowerShell help commands. +The module also supports the standard PowerShell help commands [source,powershell] ---- From 2b5caf29ba4200f2c25162244ea48f18d183f966 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 8 Feb 2024 12:19:36 +0000 Subject: [PATCH 558/876] Add genai.vector.encodeBatch to the list of procedures (#1412) --- modules/ROOT/pages/reference/procedures.adoc | 40 ++++++++++++++++---- 1 file changed, 32 insertions(+), 8 deletions(-) diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index f374fef92..5c98ace7e 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -426,6 +426,12 @@ Replaced by: xref:reference/procedures.adoc#procedure_dbms_cluster_secondaryrepl | label:yes[] | label:admin-only[] label:deprecated[Deprecated in 5.9] +// New in 5.16 but only on Aura +| xref:reference/procedures.adoc#procedure_genai_vector_encodeBatch[`genai.vector.encodeBatch()`] +| label:no[] +| label:no[] +| label:aura-only[Available only on Aura] + | xref:reference/procedures.adoc#procedure_tx_getmetadata[`tx.getMetaData()`] | label:yes[] | label:yes[] @@ -957,12 +963,12 @@ m|READ |=== | Description a| -Query the given full-text index. +Query the given full-text index. Returns the matching nodes and their Lucene query score, ordered by score. -Valid _key: value_ pairs for the `options` map are: +Valid _key: value_ pairs for the `options` map are: -* `skip: ` -- to skip the top N results. -* `limit: ` -- to limit the number of results returned. +* `skip: ` -- to skip the top N results. +* `limit: ` -- to limit the number of results returned. * `analyzer: ` -- to use the specified analyzer as a search analyzer for this query. The `options` map and any of the keys are optional. @@ -982,12 +988,12 @@ m|READ |=== | Description a| -Query the given full-text index. +Query the given full-text index. Returns the matching relationships and their Lucene query score, ordered by score. -Valid _key: value_ pairs for the `options` map are: +Valid _key: value_ pairs for the `options` map are: -* `skip: ` -- to skip the top N results. -* `limit: ` -- to limit the number of results returned. +* `skip: ` -- to skip the top N results. +* `limit: ` -- to limit the number of results returned. * `analyzer: ` -- to use the specified analyzer as a search analyzer for this query. The `options` map and any of the keys are optional. @@ -2034,6 +2040,24 @@ It is therefore not supported by the parallel runtime (introduced in Neo4j 5.13) For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/planning-and-tuning/runtimes/concepts#runtimes-parallel-runtime[Cypher Manual -> Parallel runtime]. ==== +[[procedure_genai_vector_encodeBatch]] +.genai.vector.encodeBatch() label:aura-only[Available only on Aura] +[cols="<15s,<85"] +|=== +| Description +a| +Encode a given batch of resources as vectors using the named provider. +For each element in the given resource LIST this returns: + +* the corresponding 'index' within that LIST, +* the original 'resource' element itself, +* and the encoded 'vector' +| Signature +m|genai.vector.encodeBatch(resources :: LIST, provider :: STRING, configuration :: MAP = {}) :: (index :: INTEGER, resource :: STRING, vector :: LIST) +|=== + +For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/genai-integrations/#multiple-embeddings[Cypher Manual -> Generating a batch of embeddings]. + [[procedure_tx_getmetadata]] .tx.getMetaData() [cols="<15s,<85"] From 08c2affd3bb23d839beb64dca5ea7f6d0485ebda Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 8 Feb 2024 16:37:23 +0000 Subject: [PATCH 559/876] Helm Chart installs Community Edition by default (#1417) --- modules/ROOT/pages/kubernetes/configuration.adoc | 2 +- .../kubernetes/quickstart-cluster/create-value-file.adoc | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/modules/ROOT/pages/kubernetes/configuration.adoc b/modules/ROOT/pages/kubernetes/configuration.adoc index 4924f85ca..4282b13ed 100644 --- a/modules/ROOT/pages/kubernetes/configuration.adoc +++ b/modules/ROOT/pages/kubernetes/configuration.adoc @@ -129,7 +129,7 @@ Once you change the password in Neo4j, the password stored in _Kubernetes Secret === `neo4j.edition` and `neo4j.acceptLicenseAgreement` -By default, the standalone Helm chart installs Neo4j Community Edition. +By default, the Helm chart installs Neo4j Community Edition. If you want to install Neo4j Enterprise Edition, set the configuration parameters `edition: "enterprise"` and acknowledge license compliance by setting `neo4j.acceptLicenseAgreement` to `"yes"`. === `volumes.data` diff --git a/modules/ROOT/pages/kubernetes/quickstart-cluster/create-value-file.adoc b/modules/ROOT/pages/kubernetes/quickstart-cluster/create-value-file.adoc index 9c00065ef..f72d6cba0 100644 --- a/modules/ROOT/pages/kubernetes/quickstart-cluster/create-value-file.adoc +++ b/modules/ROOT/pages/kubernetes/quickstart-cluster/create-value-file.adoc @@ -9,6 +9,8 @@ You create a Helm deployment YAML file for each Neo4j cluster member with all th == Important configuration parameters `neo4j.name`:: +Starting from Neo4j 5.0.0, standalone servers and cluster servers have no distinction. +This means a standalone server can be upgraded to a cluster by adding more servers. All Neo4j cluster servers are linked together by the value of the parameter `neo4j.name`. When installed via the Neo4j Helm chart, they will join the cluster identified by `neo4j.name`. + `neo4j.name` is different from the Helm _release name_, which is used to reference a cluster server elsewhere in Kubernetes. + @@ -55,9 +57,8 @@ You cannot use `neo4j` as the initial password as this is the default password. ==== `neo4j.edition` and `neo4j.acceptLicenseAgreement`:: -By default, the Neo4j Helm chart installs Neo4j Enterprise Edition since clusters are not available in Community Edition. -This means that you do not have to explicitly set the configuration parameter `edition:` to `"enterprise"`, as you would do for a standalone server of Neo4j Enterprise Edition. -However, you must acknowledge license compliance by setting `neo4j.acceptLicenseAgreement` to `"yes"`. +By default, the Helm chart installs Neo4j Community Edition. +If you want to install Neo4j Enterprise Edition, set the configuration parameters `edition: "enterprise"` and acknowledge license compliance by setting `neo4j.acceptLicenseAgreement` to `"yes"`. For more information on how to obtain a valid license for Neo4j Enterprise Edition, see https://neo4j.com/licensing/ or use the form https://neo4j.com/contact-us[Contact Neo4j]. `volumes.data`:: @@ -91,6 +92,7 @@ neo4j: cpu: "0.5" memory: "2Gi" password: "my-password" + edition: "enterprise" acceptLicenseAgreement: "yes" volumes: From 4ff0b890f7a1f4d01401c4f2f7deec42061e0955 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 8 Feb 2024 16:54:10 +0000 Subject: [PATCH 560/876] Add support for backing up a database to on-prem storage (#1418) --- .../kubernetes/operations/backup-restore.adoc | 60 +++++++++++++++++-- 1 file changed, 54 insertions(+), 6 deletions(-) diff --git a/modules/ROOT/pages/kubernetes/operations/backup-restore.adoc b/modules/ROOT/pages/kubernetes/operations/backup-restore.adoc index c09c826c6..cb9fb394b 100644 --- a/modules/ROOT/pages/kubernetes/operations/backup-restore.adoc +++ b/modules/ROOT/pages/kubernetes/operations/backup-restore.adoc @@ -9,7 +9,7 @@ For more information, see xref:kubernetes/accessing-neo4j.adoc[Accessing Neo4j]. ==== [[kubernetes-neo4j-backup-cloud]] -== Back up a database(s) to a cloud provider (AWS, GCP, and Azure) bucket +== Prepare to back up a database(s) to a cloud provider (AWS, GCP, and Azure) bucket You can perform a backup of a Neo4j database(s) to any cloud provider (AWS, GCP, and Azure) bucket using the _neo4j/neo4j-admin_ Helm chart. From Neo4j 5.10, the _neo4j/neo4j-admin_ Helm chart also supports performing a backup of multiple databases. @@ -323,9 +323,48 @@ consistencyCheck: enabled: true ---- +[[kubernetes-neo4j-backup-on-prem]] +== Prepare to back up a database(s) to on-premises storage + +_This feature is available from Neo4j 5.16._ + +You can perform a backup of a Neo4j database(s) to on-premises storage using the _neo4j/neo4j-admin_ Helm chart. +When configuring the _backup-values.yaml_ file, keep the “cloudProvider” field empty and provide a persistent volume in the `tempVolume` section to ensure the backup files are persistent if the pod is deleted. + +[NOTE] +==== +You need to create the persistent volume and persistent volume claim before installing the _neo4j-admin_ Helm chart. +For more information, see xref:kubernetes/persistent-volumes.adoc[Volume mounts and persistent volumes]. +==== + +For example: + +[source, yaml, role='noheader'] +---- +neo4j: + image: "neo4j/helm-charts-backup" + imageTag: "5.16.0" + jobSchedule: "* * * * *" + successfulJobsHistoryLimit: 3 + failedJobsHistoryLimit: 1 + backoffLimit: 3 + +backup: + bucketName: "my-bucket" + databaseAdminServiceName: "standalone-admin" + database: "neo4j,system" + cloudProvider: + +consistencyCheck: + enabled: true + +tempVolume: + persistentVolumeClaim: + claimName: backup-pvc +---- [[kubernetes-neo4j-backup-parameters]] -=== Backup parameters +== Backup parameters To see what options are configurable on the Helm chart use `helm show values` and the Helm chart _neo4j/neo4j-admin_. + From Neo4j 5.10, the _neo4j/neo4j-admin_ Helm chart also supports assigning your Neo4j pods to specific nodes using `nodeSelector` labels, and from Neo4j 5.11, using affinity/anti-affinity rules or tolerations. @@ -351,7 +390,7 @@ disableLookups: false neo4j: image: "neo4j/helm-charts-backup" - imageTag: "5.13.0" + imageTag: "5.16.0" podLabels: {} # app: "demo" # acac: "dcdddc" @@ -395,7 +434,6 @@ backup: databaseBackupPort: "" #default value is cluster.local databaseClusterDomain: "" - # specify minio endpoint ex: http://demo.minio.svc.cluster.local:9000 # please ensure this endpoint is the s3 api endpoint or else the backup helm chart will fail # as of now it works only with non tls endpoints @@ -406,8 +444,12 @@ backup: # In case of comma separated databases failure of any single database will lead to failure of complete operation database: "" # cloudProvider can be either gcp, aws, or azure + # if cloudProvider is empty then the backup will be done to the /backups mount. + # the /backups mount can point to a persitentVolume based on the definition set in tempVolume cloudProvider: "" + + # name of the kubernetes secret containing the respective cloud provider credentials # Ensure you have read,write access to the mentioned bucket # For AWS : @@ -490,8 +532,12 @@ securityContext: resources: requests: ephemeralStorage: "4Gi" + cpu: "" + memory: "" limits: ephemeralStorage: "5Gi" + cpu: "" + memory: "" # nodeSelector labels # please ensure the respective labels are present on one of nodes or else helm charts will throw an error @@ -534,7 +580,9 @@ tolerations: [] # effect: "NoSchedule" ---- -=== Install the _neo4j-admin_ Helm chart +== Back up your database(s) + +To back up your database(s), you install the _neo4j-admin_ Helm chart using the configured _backup-values.yaml_ file. . Install _neo4j-admin_ Helm chart using the _backup-values.yaml_ file: + @@ -547,7 +595,7 @@ The _neo4j/neo4j-admin_ Helm chart installs a cronjob that launches a pod based This pod performs a backup of one or multiple databases, a consistency check of the backup file(s), and uploads them to the cloud provider bucket. . Monitor the backup pod logs using `kubectl logs pod/` to check the progress of the backup. -. Check that the backup files and the consistency check reports have been uploaded to the cloud provider bucket. +. Check that the backup files and the consistency check reports have been uploaded to the cloud provider bucket or on-premises storage. [[kubernetes-neo4j-restore]] == Restore a single database From 35ae2c678891064ff2fc520b2074d2290a95b218 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Mon, 12 Feb 2024 13:14:49 +0000 Subject: [PATCH 561/876] Fix missing quote in admin-import property types section (#1422) (#1424) Cherry-picked from #1422 Co-authored-by: Florent Biville <445792+fbiville@users.noreply.github.com> --- modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc index 54a759793..a53b58fd3 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc @@ -938,7 +938,7 @@ carrieanne,"Trinity",tt0242653,ACTED_IN For properties, the `` part of the field designates the property key, while the `` part assigns a data type. You can have properties in both node data files and relationship data files. -Use one of `int`, `long`, `float`, `double`, `boolean`, `byte`, `short`, `char`, `string`, `point`, `date`, `localtime`, `time`, `localdatetime`, datetime`, and `duration` to designate the data type for properties. +Use one of `int`, `long`, `float`, `double`, `boolean`, `byte`, `short`, `char`, `string`, `point`, `date`, `localtime`, `time`, `localdatetime`, `datetime`, and `duration` to designate the data type for properties. By default, types (except arrays) are converted to Cypher types. See link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/values-and-types/property-structural-constructed/#_property_types[Cypher Manual -> Property, structural, and constructed values]. From 993991db0df087c9bd366cd477711ef71dbaff74 Mon Sep 17 00:00:00 2001 From: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> Date: Tue, 13 Feb 2024 10:12:49 +0100 Subject: [PATCH 562/876] add deprecated causal clustering metrics (#1423) --- .../pages/monitoring/metrics/reference.adoc | 154 ++++++++++++++++-- 1 file changed, 140 insertions(+), 14 deletions(-) diff --git a/modules/ROOT/pages/monitoring/metrics/reference.adoc b/modules/ROOT/pages/monitoring/metrics/reference.adoc index b9cfa3210..f219e2c08 100644 --- a/modules/ROOT/pages/monitoring/metrics/reference.adoc +++ b/modules/ROOT/pages/monitoring/metrics/reference.adoc @@ -184,15 +184,24 @@ By default, database metrics include: |=== [[db-data-metrics]] -.Database data metrics +.Database data metrics label:deprecated[Deprecated in 5.15] [options="header",cols="<3m,<4"] |=== -|Name |Description -|.ids_in_use.relationship_type|label:deprecated[Deprecated in 5.15]The total number of internally generated IDs for the different relationship types stored in the database. These IDs do not reflect changes in the actual data. Informational, not an indication of any issue. (gauge) -|.ids_in_use.property|label:deprecated[Deprecated in 5.15]The total number of internally generated IDs for the different property names stored in the database. These IDs do not reflect changes in the actual data. Informational, not an indication of any issue. (gauge) -|.ids_in_use.relationship|label:deprecated[Deprecated in 5.15]The total number of internally generated reusable IDs for the relationships stored in the database. These IDs do not reflect changes in the actual data. If you want to have a rough metric of how big your graph is, use `.neo4j.count.relationship` instead. (gauge) -|.ids_in_use.node|label:deprecated[Deprecated in 5.15]The total number of internally generated reusable IDs for the nodes stored in the database. These IDs do not reflect changes in the actual data. If you want to have a rough metric of how big your graph is, use `.neo4j.count.node` instead. (gauge) +|Name +|Description + +|.ids_in_use.relationship_type +|The total number of internally generated IDs for the different relationship types stored in the database. These IDs do not reflect changes in the actual data. Informational, not an indication of any issue. (gauge) + +|.ids_in_use.property +|The total number of internally generated IDs for the different property names stored in the database. These IDs do not reflect changes in the actual data. Informational, not an indication of any issue. (gauge) + +|.ids_in_use.relationship +|The total number of internally generated reusable IDs for the relationships stored in the database. These IDs do not reflect changes in the actual data. If you want to have a rough metric of how big your graph is, use `.neo4j.count.relationship` instead. (gauge) + +|.ids_in_use.node +|The total number of internally generated reusable IDs for the nodes stored in the database. These IDs do not reflect changes in the actual data. If you want to have a rough metric of how big your graph is, use `.neo4j.count.node` instead. (gauge) |=== [[global-neo4j-pools-metrics]] @@ -261,17 +270,21 @@ By default, database metrics include: |=== [[query-routing-metrics]] -.Query routing metrics +.Query routing metrics label:new[Introduced in 5.10] [options="header",cols="<3m,<4"] |=== -|Name |Description -|.dbms.routing.query.count.local|label:new[Introduced in 5.10] -The total number of queries executed locally. (counter) -|.dbms.routing.query.count.remote_internal|label:new[Introduced in 5.10] -The total number of queries executed remotely to a member of the same cluster. (counter) -|.dbms.routing.query.count.remote_external|label:new[Introduced in 5.10] -The total number of queries executed remotely to a member of a different cluster. (counter) +|Name +|Description + +|.dbms.routing.query.count.local +|The total number of queries executed locally. (counter) + +|.dbms.routing.query.count.remote_internal +|The total number of queries executed remotely to a member of the same cluster. (counter) + +|.dbms.routing.query.count.remote_external +|The total number of queries executed remotely to a member of a different cluster. (counter) |=== [[db-store-size-metrics]] @@ -386,6 +399,95 @@ The total number of queries executed remotely to a member of a different cluster |.cluster.discovery.restart.failed_count|Discovery restart failed count. (gauge) |=== +[[raft-core-metrics]] +.Raft core metrics label:deprecated[Deprecated in 5.0] +[options="header",cols="<3m,<4"] +|=== +|Name +|Description + +|.causal_clustering.core.append_index +|The append index of the Raft log. Each index represents a write transaction (possibly internal) proposed for commitment. The values mostly increase, but sometimes they can decrease as a consequence of leader changes. The append index should always be bigger than or equal to the commit index. (gauge) + +|.causal_clustering.core.commit_index +|The commit index of the Raft log. Represents the commitment of previously appended entries. Its value increases monotonically if you do not unbind the cluster state. The commit index should always be less than or equal to the append index and bigger than or equal to the applied index. (gauge) + +|.causal_clustering.core.applied_index +|The applied index of the Raft log. Represents the application of the committed Raft log entries to the database and internal state. The applied index should always be less than or equal to the commit index. The difference between this and the commit index can be used to monitor how up-to-date the follower database is. (gauge) + +|.causal_clustering.core.term +|The Raft Term of this server. It increases monotonically if you do not unbind the cluster state. (gauge) + +|.causal_clustering.core.tx_retries +|Transaction retries. (counter) + +|.causal_clustering.core.is_leader +|Is this server the leader? Track this for each Core cluster member. It will report 0 if it is not the leader and 1 if it is the leader. The sum of all of these should always be 1. However, there will be transient periods in which the sum can be more than 1 because more than one member thinks it is the leader. Action may be needed if the metric shows 0 for more than 30 seconds. (gauge) + +|.causal_clustering.core.in_flight_cache.total_bytes +|In-flight cache total bytes. (gauge) + +|.causal_clustering.core.in_flight_cache.max_bytes +|In-flight cache max bytes. (gauge) + +|.causal_clustering.core.in_flight_cache.element_count +|In-flight cache element count. (gauge) + +|.causal_clustering.core.in_flight_cache.max_elements +|In-flight cache maximum elements. (gauge) + +|.causal_clustering.core.in_flight_cache.hits +|In-flight cache hits. (counter) + +|.causal_clustering.core.in_flight_cache.misses +|In-flight cache misses. (counter) + +|.causal_clustering.core.raft_log_entry_prefetch_buffer.lag +|Raft Log Entry Prefetch Lag. (gauge) + +|.causal_clustering.core.raft_log_entry_prefetch_buffer.bytes +|Raft Log Entry Prefetch total bytes. (gauge) + +|.causal_clustering.core.raft_log_entry_prefetch_buffer.size +|Raft Log Entry Prefetch buffer size. (gauge) + +|.causal_clustering.core.raft_log_entry_prefetch_buffer.async_put +|Raft Log Entry Prefetch buffer async puts. (gauge) + +|.causal_clustering.core.raft_log_entry_prefetch_buffer.sync_put +|Raft Log Entry Prefetch buffer sync puts. (gauge) + +|.causal_clustering.core.message_processing_delay +|Delay between Raft message receive and process. (gauge) + +|.causal_clustering.core.message_processing_timer +|Timer for Raft message processing. (counter, histogram) + +|.causal_clustering.core.replication_new +|The total number of Raft replication requests. It increases with write transactions (possibly internal) activity. (counter) + +|.causal_clustering.core.replication_attempt +|The total number of Raft replication requests attempts. It is bigger or equal than the replication requests. (counter) + +|.causal_clustering.core.replication_fail +|The total number of Raft replication attempts that have failed. (counter) + +|.causal_clustering.core.replication_maybe +|Raft Replication maybe count. (counter) + +|.causal_clustering.core.replication_success +|The total number of Raft replication requests that have succeeded. (counter) + +|.causal_clustering.core.last_leader_message +|The time elapsed since the last message from a leader in milliseconds. Should reset periodically. (gauge) +|=== + +[IMPORTANT] +==== +Metrics specific to _Causal Clustering_ are deprecated, as the previous table shows. +The deprecated Raft core metrics are replaced accordingly by the Raft metrics in the following table. +==== + [[raft-metrics]] .Raft metrics @@ -420,6 +522,30 @@ The total number of queries executed remotely to a member of a different cluster |.cluster.raft.last_leader_message|The time elapsed since the last message from a leader in milliseconds. Should reset periodically. (gauge) |=== + +[[read-replica-metrics]] +.Read Replica metrics label:deprecated[Deprecated in 5.0] +[options="header",cols="<3m,<4"] +|=== +|Name +|Description + +|.causal_clustering.read_replica.pull_updates +|The total number of pull requests made by this instance. (counter) + +|.causal_clustering.read_replica.pull_update_highest_tx_id_requested +|The highest transaction id requested in a pull update by this instance. (counter) + +|.causal_clustering.read_replica.pull_update_highest_tx_id_received +|The highest transaction id that has been pulled in the last pull updates by this instance. (counter) +|=== + +[IMPORTANT] +==== +Metrics specific to _Causal Clustering_ are deprecated, as the previous table shows. +The deprecated Read Replica metrics are replaced accordingly by the Story copy metrics in the following table. +==== + [[store-copy-metrics]] .Store copy metrics From abc05ae4f8db430c44c7cfe3b50a75423e3896b5 Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Thu, 15 Feb 2024 09:16:08 +0100 Subject: [PATCH 563/876] Add CDC to the feature table (#1428) --- modules/ROOT/pages/introduction.adoc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/ROOT/pages/introduction.adoc b/modules/ROOT/pages/introduction.adoc index 6d292722c..076219f29 100644 --- a/modules/ROOT/pages/introduction.adoc +++ b/modules/ROOT/pages/introduction.adoc @@ -82,6 +82,9 @@ a| High_limit (xref:database-internals/store-formats.adoc#high-format-limits[1 Q a| Block format (xref:database-internals/store-formats.adoc#block-format-limits[New format]) | | {check-mark} +a| Change Data Capture (CDC) label:new[Introduced in 5.13] label:beta[] +| +| {check-mark} | ACID-compliant transactions | {check-mark} | {check-mark} From 888784ebeb36c066d778ef525f776a569e683a44 Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Thu, 15 Feb 2024 11:55:15 +0100 Subject: [PATCH 564/876] Add new CDC procedures (#1426) --- modules/ROOT/pages/reference/procedures.adoc | 147 ++++++++++++++----- 1 file changed, 112 insertions(+), 35 deletions(-) diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index 5c98ace7e..ce31f6666 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -42,20 +42,21 @@ For more information, see xref:authentication-authorization/dbms-administration. | Enterprise Edition | Comment -| xref:reference/procedures.adoc#procedure_cdc_current[`cdc.current()`] +| xref:reference/procedures.adoc#procedure_db_cdc_current[`db.cdc.current()`] | label:no[] | label:yes[] -| label:new[Introduced in 5.13] label:beta[] +| label:new[Introduced in 5.17] label:beta[] -| xref:reference/procedures.adoc#procedure_cdc_earliest[`cdc.earliest()`] +| xref:reference/procedures.adoc#procedure_db_cdc_earliest[`db.cdc.earliest()`] | label:no[] | label:yes[] -| label:new[Introduced in 5.13] label:beta[] +| label:new[Introduced in 5.17] label:beta[] -| xref:reference/procedures.adoc#procedure_cdc_query[`cdc.query()`] +| xref:reference/procedures.adoc#procedure_db_cdc_query[`db.cdc.query()`] | label:no[] | label:yes[] -| label:new[Introduced in 5.13] label:beta[] label:admin-only[] +| label:new[Introduced in 5.17] label:beta[] label:admin-only[] + | xref:reference/procedures.adoc#procedure_db_awaitindex[`db.awaitIndex()`] | label:yes[] @@ -83,11 +84,6 @@ For more information, see xref:authentication-authorization/dbms-administration. | label:yes[] | label:new[Introduced in 5.13] label:beta[] -| xref:reference/procedures.adoc#procedure_db_create_setVectorProperty[`db.create.setVectorProperty()`] -| label:yes[] -| label:yes[] -| label:new[Introduced in 5.11] label:beta[] label:deprecated[Deprecated in 5.13] Replaced by: xref:reference/procedures.adoc#procedure_db_create_setNodeVectorProperty[`db.create.setNodeVectorProperty()`] - | xref:reference/procedures.adoc#procedure_db_createlabel[`db.createLabel()`] | label:yes[] | label:yes[] @@ -271,15 +267,6 @@ In 4.2, signature changed to `db.listLocks() :: (mode :: STRING, resourceType :: | label:yes[] | -// New in 4.2 -// com.neo4j.causaulclustering.discovery.procedures.ReadReplicaToggleProcedure -label:deprecated[Deprecated in 5.6] -| xref:reference/procedures.adoc#procedure_dbms_cluster_readreplicatoggle[`dbms.cluster.readReplicaToggle()`] -| label:no[] -| label:yes[] -| label:admin-only[] label:deprecated[Deprecated in 5.6]. + -Replaced by: xref:reference/procedures.adoc#procedure_dbms_cluster_secondaryreplicationdisable[`dbms.cluster.secondaryReplicationDisable()`]. - | xref:reference/procedures.adoc#procedure_dbms_cluster_secondaryreplicationdisable[`dbms.cluster.secondaryReplicationDisable()`] | label:no[] | label:yes[] @@ -414,18 +401,6 @@ Replaced by: xref:reference/procedures.adoc#procedure_dbms_cluster_secondaryrepl | label:yes[] | label:admin-only[] -// New in 4.1 -| xref:reference/procedures.adoc#procedure_dbms_upgrade[`dbms.upgrade()`] -| label:yes[] -| label:yes[] -| label:admin-only[] label:deprecated[Deprecated in 5.9] - -// New in 4.1 -| xref:reference/procedures.adoc#procedure_dbms_upgradestatus[`dbms.upgradeStatus()`] -| label:yes[] -| label:yes[] -| label:admin-only[] label:deprecated[Deprecated in 5.9] - // New in 5.16 but only on Aura | xref:reference/procedures.adoc#procedure_genai_vector_encodeBatch[`genai.vector.encodeBatch()`] | label:no[] @@ -445,6 +420,63 @@ Replaced by: xref:reference/procedures.adoc#procedure_dbms_cluster_secondaryrepl |=== +== List of deprecated procedures + +.Deprecated Neo4j procedures +[options=header, cols="3m,1,1,3"] +|=== +| Name +| Community Edition +| Enterprise Edition +| Comment + +| xref:reference/procedures.adoc#procedure_cdc_current[`cdc.current()`] +| label:no[] +| label:yes[] +| label:new[Introduced in 5.13] label:beta[] label:deprecated[Deprecated in 5.17] +Replaced by: xref:reference/procedures.adoc#procedure_db_cdc_current[`db.cdc.current()`] + +| xref:reference/procedures.adoc#procedure_cdc_earliest[`cdc.earliest()`] +| label:no[] +| label:yes[] +| label:new[Introduced in 5.13] label:beta[] label:deprecated[Deprecated in 5.17] +Replaced by: xref:reference/procedures.adoc#procedure_db_cdc_earliest[`db.cdc.earliest()`] + +| xref:reference/procedures.adoc#procedure_cdc_query[`cdc.query()`] +| label:no[] +| label:yes[] +| label:new[Introduced in 5.13] label:beta[] label:deprecated[Deprecated in 5.17] label:admin-only[] +Replaced by: xref:reference/procedures.adoc#procedure_db_cdc_query[`db.cdc.query()`] + +| xref:reference/procedures.adoc#procedure_db_create_setVectorProperty[`db.create.setVectorProperty()`] +| label:yes[] +| label:yes[] +| label:new[Introduced in 5.11] label:beta[] label:deprecated[Deprecated in 5.13] Replaced by: xref:reference/procedures.adoc#procedure_db_create_setNodeVectorProperty[`db.create.setNodeVectorProperty()`] + +// New in 4.2 +// com.neo4j.causaulclustering.discovery.procedures.ReadReplicaToggleProcedure +| xref:reference/procedures.adoc#procedure_dbms_cluster_readreplicatoggle[`dbms.cluster.readReplicaToggle()`] +| label:no[] +| label:yes[] +| label:admin-only[] label:deprecated[Deprecated in 5.6]. + +Replaced by: xref:reference/procedures.adoc#procedure_dbms_cluster_secondaryreplicationdisable[`dbms.cluster.secondaryReplicationDisable()`]. + +// New in 4.1 +| xref:reference/procedures.adoc#procedure_dbms_upgrade[`dbms.upgrade()`] +| label:yes[] +| label:yes[] +| label:admin-only[] label:deprecated[Deprecated in 5.9] + +// New in 4.1 +| xref:reference/procedures.adoc#procedure_dbms_upgradestatus[`dbms.upgradeStatus()`] +| label:yes[] +| label:yes[] +| label:admin-only[] label:deprecated[Deprecated in 5.9] + +|=== + + + == List of removed procedures @@ -455,6 +487,7 @@ Replaced by: xref:reference/procedures.adoc#procedure_dbms_cluster_secondaryrepl | Community Edition | Enterprise Edition | Comment + | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_db_constraints[`db.constraints()`] | label:yes[] | label:yes[] @@ -725,7 +758,7 @@ Replaced by: `ALTER USER`. == Procedure descriptions [[procedure_cdc_current]] -.cdc.current() label:new[Introduced in 5.13] label:beta[] +.cdc.current() label:new[Introduced in 5.13] label:beta[] label:deprecated[Deprecated in 5.17] [cols="<15s,<85"] |=== | Description @@ -735,10 +768,12 @@ Returns the current change identifier that can be used to stream changes from. m|cdc.current() :: (id :: STRING) | Mode m|READ +| Replaced by +a|xref:reference/procedures.adoc#procedure_db_cdc_current[`db.cdc.current()`] |=== [[procedure_cdc_earliest]] -.cdc.earliest() label:new[Introduced in 5.13] label:beta[] +.cdc.earliest() label:new[Introduced in 5.13] label:beta[] label:deprecated[Deprecated in 5.17] [cols="<15s,<85"] |=== | Description @@ -748,10 +783,12 @@ Returns the earliest change identifier that can be used to stream changes from. m|cdc.earliest() :: (id :: STRING) | Mode m|READ +| Replaced by +a|xref:reference/procedures.adoc#procedure_db_cdc_earliest[`db.cdc.earliest()`] |=== [[procedure_cdc_query]] -.cdc.query() label:new[Introduced in 5.13] label:beta[] label:admin-only[] +.cdc.query() label:new[Introduced in 5.13] label:beta[] label:deprecated[Deprecated in 5.17] label:admin-only[] [cols="<15s,<85"] |=== | Description @@ -761,9 +798,49 @@ Query changes happened from the provided change identifier. m|cdc.query(from = :: STRING, selectors = [] :: LIST) :: (id :: STRING, txId :: INTEGER, seq :: INTEGER, metadata :: MAP, event :: MAP) | Mode m|READ +| Replaced by +a|xref:reference/procedures.adoc#procedure_db_cdc_query[`db.cdc.query()`] +|=== +[[procedure_db_cdc_current]] +.db.cdc.current() label:new[Introduced in 5.17] label:beta[] +[cols="<15s,<85"] |=== +| Description +a| +Returns the current change identifier that can be used to stream changes from. +| Signature +m|cdc.current() :: (id :: STRING) +| Mode +m|READ +|=== + +[[procedure_db_cdc_earliest]] +.db.cdc.earliest() label:new[Introduced in 5.17] label:beta[] +[cols="<15s,<85"] +|=== +| Description +a| +Returns the earliest change identifier that can be used to stream changes from. +| Signature +m|cdc.earliest() :: (id :: STRING) +| Mode +m|READ +|=== + +[[procedure_db_cdc_query]] +.db.cdc.query() label:new[Introduced in 5.17] label:beta[] label:admin-only[] +[cols="<15s,<85"] +|=== +| Description +a| +Query changes happened from the provided change identifier. +| Signature +m|cdc.query(from = :: STRING, selectors = [] :: LIST) :: (id :: STRING, txId :: INTEGER, seq :: INTEGER, metadata :: MAP, event :: MAP) +| Mode +m|READ +|=== [[procedure_db_awaitindex]] .db.awaitIndex() From 2b28fc3281b722558a78224d00a46ae8a1ff4db6 Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Thu, 15 Feb 2024 15:23:39 +0100 Subject: [PATCH 565/876] Improve descriptions of the query routing metrics (#1409) --- modules/ROOT/pages/monitoring/metrics/reference.adoc | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/modules/ROOT/pages/monitoring/metrics/reference.adoc b/modules/ROOT/pages/monitoring/metrics/reference.adoc index f219e2c08..7049f44eb 100644 --- a/modules/ROOT/pages/monitoring/metrics/reference.adoc +++ b/modules/ROOT/pages/monitoring/metrics/reference.adoc @@ -274,17 +274,13 @@ By default, database metrics include: [options="header",cols="<3m,<4"] |=== -|Name -|Description +|Name |Description -|.dbms.routing.query.count.local -|The total number of queries executed locally. (counter) +|.dbms.routing.query.count.local|The total number of queries executed locally. (counter) -|.dbms.routing.query.count.remote_internal -|The total number of queries executed remotely to a member of the same cluster. (counter) +|.dbms.routing.query.count.remote_internal|The total number of queries routed over to another member of the same cluster. (counter) -|.dbms.routing.query.count.remote_external -|The total number of queries executed remotely to a member of a different cluster. (counter) +|.dbms.routing.query.count.remote_external|The total number of queries routed over to a server outside the cluster. (counter) |=== [[db-store-size-metrics]] From 2103aec505759c755b26ca4fae9927e1ee535ffd Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Mon, 19 Feb 2024 10:07:41 +0000 Subject: [PATCH 566/876] Update the store format page (#1421) --- .../database-internals/store-formats.adoc | 72 +++++++++++++++++-- .../tools/neo4j-admin/neo4j-admin-import.adoc | 2 +- 2 files changed, 67 insertions(+), 7 deletions(-) diff --git a/modules/ROOT/pages/database-internals/store-formats.adoc b/modules/ROOT/pages/database-internals/store-formats.adoc index 99088310f..77fc4e001 100644 --- a/modules/ROOT/pages/database-internals/store-formats.adoc +++ b/modules/ROOT/pages/database-internals/store-formats.adoc @@ -11,8 +11,9 @@ The available formats are: Neo4j's newest store format is `block`. It has the best performance and supports the highest limits. -`block` format is intended to replace all the older formats. -The `block` format uses a range of different data structures and inlining techniques to achieve data locality and store related data together on disk. + +The `block` format is intended to replace all the older formats. +It uses a range of different data structures and inlining techniques to achieve data locality and store related data together on disk. This allows more related data to be fetched by fewer read operations, resulting in better resource utilization. The older store formats are based on the original `standard` format, each with different features and limitations. @@ -27,12 +28,47 @@ You can either set the store format when creating a new database or change the s === Creating new databases -The default store format of new databases is controlled by the xref:configuration/configuration-settings.adoc#config_db.format[`db.format`] configuration setting in the _neo4j.conf_ file. -Or the store format can be passed as an argument to the tool creating the database, e.g. xref:tools/neo4j-admin/neo4j-admin-import.adoc#import-tool-full[`neo4j-admin database import`] or xref:backup-restore/copy-database.adoc[`neo4j-admin database copy`] commands. +The default store format for all new databases is `aligned`. +If you want to change it, you can set a new value for the xref:configuration/configuration-settings.adoc#config_db.format[`db.format`] configuration in the _neo4j.conf_ file. + +You can also create a new database on a specific store format by passing the new format as an argument to the command creating the database, for example, xref:tools/neo4j-admin/neo4j-admin-import.adoc#import-tool-full[`neo4j-admin database import full`] or xref:backup-restore/copy-database.adoc[`neo4j-admin database copy`] commands. + +For example: + +[source,shell] +---- +neo4j-admin database import full ... --format=block blockdb +---- + +//There are several ways to create a new database in a specific store format: -=== Changing an existing database +// * Specify the store format when creating a new database using the `CREATE DATABASE` Cypher statement. +// For example: +// + +// [source,cypher] +// ---- +// CREATE DATABASE blockdb OPTIONS {storeFormat: 'block'} +// ---- -Changing the store format is possible by re-writing all data in the new format using the xref:tools/neo4j-admin/migrate-database.adoc[`neo4j-admin database migrate`] or xref:backup-restore/copy-database.adoc[`neo4j-admin database copy`] commands. +=== Changing the format of existing databases + +Changing the store format is possible by re-writing all data in the new format using one of the following options: + +* Migrate an existing database using xref:tools/neo4j-admin/migrate-database.adoc[`neo4j-admin database migrate`] command. +For example: ++ +[source,shell] +---- +neo4j-admin database migrate --to-format="block" mydb +---- + +* Pass the new store format as an argument when using the xref:backup-restore/copy-database.adoc[`neo4j-admin database copy`] command to create a copy of an existing database. +For example: ++ +[source,shell] +---- +neo4j-admin database copy --to-format="block" mydb blockdb +---- Changing the store format requires that: @@ -42,6 +78,30 @@ Changing the store format requires that: Changing store format can be a time-consuming operation, depending on the size and complexity of the data in the database. Performance heavily depends on the speed of the disk and the amount of available memory. +=== Verify the store format + +You can verify the store format of a database using the following Cypher: + +[source,cypher] +---- +SHOW DATABASES YIELD name, store +---- + +.Result +[role="queryresult"] +---- ++----------------------------------+ +| name | store | ++----------------------------------+ +| "blockdb" | "block-block-1.1" | +| "neo4j" | "record-aligned-1.1" | +| "system" | "record-aligned-1.1" | ++----------------------------------+ +---- + +Additionally, you can use the `neo4j-admin database info` command to get detailed information about the store format of a database. +For details, see xref:tools/neo4j-admin/neo4j-admin-store-info.adoc[Display store information]. + === Effects of store format choice The store format is responsible for how data is written to disk and how to read it. diff --git a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc index a53b58fd3..8626c8a9b 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc @@ -409,7 +409,7 @@ label:enterprise-only[] [WARNING] ==== -Incremental import is not supported for `block` format yet. +Incremental import does not support `block` format. ==== Incremental import allows you to incorporate large amounts of data in batches into the graph. From b3ebe7a42b69b3b6f18c3f8fda33035020b4d116 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Mon, 19 Feb 2024 13:41:12 +0000 Subject: [PATCH 567/876] Add genAI plugin and update the labels (#1429) Linked to https://github.com/neo4j/docs-cypher/pull/889 --- .../pages/configuration/file-locations.adoc | 2 +- modules/ROOT/pages/configuration/plugins.adoc | 5 ++++ modules/ROOT/pages/reference/procedures.adoc | 23 +++++++++++++++---- 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/modules/ROOT/pages/configuration/file-locations.adoc b/modules/ROOT/pages/configuration/file-locations.adoc index 96e00ff64..7b8b8e483 100644 --- a/modules/ROOT/pages/configuration/file-locations.adoc +++ b/modules/ROOT/pages/configuration/file-locations.adoc @@ -228,7 +228,7 @@ File permissions:: Read only. [[neo4j-products]] === Products -Description:: The JAR files of the Neo4j products: link:https://neo4j.com/docs/graph-data-science/current/[Graph Data Science Library] and link:https://neo4j.com/docs/bloom-user-guide/current/[Neo4j Bloom]. +Description:: The JAR files of the Neo4j products: link:https://neo4j.com/docs/graph-data-science/current/[Graph Data Science Library], link:https://neo4j.com/docs/bloom-user-guide/current/[Neo4j Bloom], and link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/genai-integrations/[GenAI plugin]. The folder also contains a _README.txt_ file with information on enabling them. File permissions:: Read only. diff --git a/modules/ROOT/pages/configuration/plugins.adoc b/modules/ROOT/pages/configuration/plugins.adoc index a422685a5..32955ffa8 100644 --- a/modules/ROOT/pages/configuration/plugins.adoc +++ b/modules/ROOT/pages/configuration/plugins.adoc @@ -36,6 +36,11 @@ The following plugins are supported: | {check-mark} | link:{neo4j-docs-base-uri}/bloom-user-guide[Neo4j Bloom] +| GenAI +| `genai` +| {cross-mark} +| link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/genai-integrations/[Cypher Manual -> GenAI integrations]. + | GraphQL | `graphql` | {cross-mark} diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index ce31f6666..4191243a0 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -401,11 +401,23 @@ In 4.2, signature changed to `db.listLocks() :: (mode :: STRING, resourceType :: | label:yes[] | label:admin-only[] -// New in 5.16 but only on Aura +// New in 4.1 +| xref:reference/procedures.adoc#procedure_dbms_upgrade[`dbms.upgrade()`] +| label:yes[] +| label:yes[] +| label:admin-only[] label:deprecated[Deprecated in 5.9] + +// New in 4.1 +| xref:reference/procedures.adoc#procedure_dbms_upgradestatus[`dbms.upgradeStatus()`] +| label:yes[] +| label:yes[] +| label:admin-only[] label:deprecated[Deprecated in 5.9] + +// New in 5.16 on Aura, from Neo4j 5.17 also on-prem | xref:reference/procedures.adoc#procedure_genai_vector_encodeBatch[`genai.vector.encodeBatch()`] -| label:no[] -| label:no[] -| label:aura-only[Available only on Aura] +| label:yes[] +| label:yes[] +| label:new[Available in Aura] label:new[Introduced in 5.17] | xref:reference/procedures.adoc#procedure_tx_getmetadata[`tx.getMetaData()`] | label:yes[] @@ -2118,7 +2130,8 @@ For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-ver ==== [[procedure_genai_vector_encodeBatch]] -.genai.vector.encodeBatch() label:aura-only[Available only on Aura] +.genai.vector.encodeBatch() label:new[Available in Aura] label:new[Introduced in 5.17] + [cols="<15s,<85"] |=== | Description From 7e75e71a5f5beb6aa69acd9c7a2628ccadc8afff Mon Sep 17 00:00:00 2001 From: Stefano Ottolenghi Date: Mon, 19 Feb 2024 14:57:45 +0100 Subject: [PATCH 568/876] Add `dbms.cluster.network.connect_timeout` to dynamic settings list. (#1433) Was missed when added to main list https://github.com/neo4j/docs-operations/commit/9e609fab16114825bb043d1434e53e8de6596923 --- modules/ROOT/pages/configuration/dynamic-settings.adoc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/configuration/dynamic-settings.adoc b/modules/ROOT/pages/configuration/dynamic-settings.adoc index 20402d530..1116ae0c8 100644 --- a/modules/ROOT/pages/configuration/dynamic-settings.adoc +++ b/modules/ROOT/pages/configuration/dynamic-settings.adoc @@ -60,6 +60,7 @@ RETURN name | "db.tx_log.preallocate" | | "db.tx_log.rotation.retention_policy" | | "db.tx_log.rotation.size" | +| "dbms.cluster.network.connect_timeout" | | "dbms.cypher.render_plan_description" | | "dbms.memory.transaction.total.max" | | "dbms.routing.client_side.enforce_for_domains" | @@ -87,7 +88,7 @@ RETURN name | "server.memory.query_cache.shared_cache_num_entries" | +----------------------------------------------------------------+ -50 rows +51 rows ---- ==== From 5b7dad5c75d971ec064b6ec8a022caf2ce696944 Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Fri, 23 Feb 2024 11:34:01 +0100 Subject: [PATCH 569/876] Add third-level titles to the Metrics ref page (#1435) Make metric classes more visible. --- .../pages/monitoring/metrics/reference.adoc | 112 ++++++++++++------ 1 file changed, 78 insertions(+), 34 deletions(-) diff --git a/modules/ROOT/pages/monitoring/metrics/reference.adoc b/modules/ROOT/pages/monitoring/metrics/reference.adoc index 7049f44eb..1a5cb75f1 100644 --- a/modules/ROOT/pages/monitoring/metrics/reference.adoc +++ b/modules/ROOT/pages/monitoring/metrics/reference.adoc @@ -1,4 +1,6 @@ :description: This section includes metrics that are primarily to allow Neo4j experts to fine-tune specific issues. +:page-styles: hide-table-captions + [role=enterprise-edition] [[metrics-reference]] = Metrics reference @@ -74,8 +76,9 @@ By default, database metrics include: == General-purpose metrics [[bolt-metrics]] -.Bolt metrics +=== Bolt metrics +.Bolt metrics [options="header",cols="<3m,<4"] |=== |Name |Description @@ -95,8 +98,11 @@ By default, database metrics include: |=== [[bolt-driver-metrics]] -.Bolt Driver metrics label:new[Introduced in 5.13] +=== Bolt Driver metrics + +label:new[Introduced in 5.13] +.Bolt Driver metrics [options="header",cols="<3m,<4"] |=== |Name |Description @@ -107,8 +113,9 @@ By default, database metrics include: |=== [[checkpointing-metrics]] -.Database checkpointing metrics +=== Database checkpointing metrics +.Database checkpointing metrics [options="header",cols="<3m,<4"] |=== |Name |Description @@ -124,8 +131,9 @@ By default, database metrics include: |=== [[cypher-metrics]] -.Cypher metrics +=== Cypher metrics +.Cypher metrics [options="header",cols="<3m,<4"] |=== |Name |Description @@ -134,8 +142,9 @@ By default, database metrics include: |=== [[db-data-count-metrics]] -.Database data count metrics +=== Database data count metrics +.Database data count metrics [options="header",cols="<3m,<4"] |=== |Name |Description @@ -145,8 +154,9 @@ By default, database metrics include: |=== [[db-neo4j-pool-metrics]] -.Database neo4j pools metrics +=== Database neo4j pools metrics +.Database neo4j pools metrics [options="header",cols="<3m,<4"] |=== |Name |Description @@ -159,8 +169,9 @@ By default, database metrics include: [[db-operation-count-metrics]] -.Database operation count metrics +=== Database operation count metrics +.Database operation count metrics [options="header",cols="<3m,<4"] |=== |Name |Description @@ -173,8 +184,11 @@ By default, database metrics include: |=== [[db-state-count-metrics]] -.Database state count metrics label:new[Introduced in 5.7] +=== Database state count metrics +label:new[Introduced in 5.7] + +.Database state count metrics [options="header",cols="<3m,<4"] |=== |Name |Description @@ -184,8 +198,11 @@ By default, database metrics include: |=== [[db-data-metrics]] -.Database data metrics label:deprecated[Deprecated in 5.15] +=== Database data metrics + +label:deprecated[Deprecated in 5.15] +.Database data metrics [options="header",cols="<3m,<4"] |=== |Name @@ -205,8 +222,9 @@ By default, database metrics include: |=== [[global-neo4j-pools-metrics]] -.Global neo4j pools metrics +=== Global neo4j pools metrics +.Global neo4j pools metrics [options="header",cols="<3m,<4"] |=== |Name |Description @@ -218,8 +236,9 @@ By default, database metrics include: |=== [[db-page-cache-metrics]] -.Database page cache metrics +=== Database page cache metrics +.Database page cache metrics [options="header",cols="<3m,<4"] |=== |Name |Description @@ -250,8 +269,9 @@ By default, database metrics include: |=== [[query-execution-metrics]] -.Query execution metrics +=== Query execution metrics +.Query execution metrics [options="header",cols="<3m,<4"] |=== |Name |Description @@ -270,8 +290,11 @@ By default, database metrics include: |=== [[query-routing-metrics]] -.Query routing metrics label:new[Introduced in 5.10] +=== Query routing metrics +label:new[Introduced in 5.10] + +.Query routing metrics [options="header",cols="<3m,<4"] |=== |Name |Description @@ -284,8 +307,9 @@ By default, database metrics include: |=== [[db-store-size-metrics]] -.Database store size metrics +=== Database store size metrics +.Database store size metrics [options="header",cols="<3m,<4"] |=== |Name |Description @@ -294,8 +318,9 @@ By default, database metrics include: |=== [[db-tx-log-metrics]] -.Database transaction log metrics +=== Database transaction log metrics +.Database transaction log metrics [options="header",cols="<3m,<4"] |=== |Name |Description @@ -308,8 +333,9 @@ By default, database metrics include: |=== [[db-tx-metrics]] -.Database transaction metrics +=== Database transaction metrics +.Database transaction metrics [options="header",cols="<3m,<4"] |=== |Name |Description @@ -334,8 +360,9 @@ By default, database metrics include: |=== [[db-index-metrics]] -.Database index metrics +=== Database index metrics +.Database index metrics [options="header",cols="<3m,<4"] |=== |Name |Description @@ -359,8 +386,9 @@ By default, database metrics include: |=== [[server-metrics]] -.Server metrics +=== Server metrics +.Server metrics [options="header",cols="<3m,<4"] |=== |Name |Description @@ -373,8 +401,9 @@ By default, database metrics include: == Metrics specific to clustering [[catchup-metrics]] -.CatchUp metrics +=== CatchUp metrics +.CatchUp metrics [options="header",cols="<3m,<4"] |=== |Name |Description @@ -382,8 +411,9 @@ By default, database metrics include: |=== [[discovery-metrics]] -.Discovery metrics +=== Discovery metrics +.Discovery metrics [options="header",cols="<3m,<4"] |=== |Name |Description @@ -396,7 +426,11 @@ By default, database metrics include: |=== [[raft-core-metrics]] -.Raft core metrics label:deprecated[Deprecated in 5.0] +=== Raft core metrics + +label:deprecated[Deprecated in 5.0] + +.Raft core metrics [options="header",cols="<3m,<4"] |=== |Name @@ -485,8 +519,9 @@ The deprecated Raft core metrics are replaced accordingly by the Raft metrics in ==== [[raft-metrics]] -.Raft metrics +=== Raft metrics +.Raft metrics [options="header",cols="<3m,<4"] |=== |Name |Description @@ -520,7 +555,11 @@ The deprecated Raft core metrics are replaced accordingly by the Raft metrics in [[read-replica-metrics]] -.Read Replica metrics label:deprecated[Deprecated in 5.0] +=== Read Replica metrics + +label:deprecated[Deprecated in 5.0] + +.Read Replica metrics [options="header",cols="<3m,<4"] |=== |Name @@ -543,8 +582,9 @@ The deprecated Read Replica metrics are replaced accordingly by the Story copy m ==== [[store-copy-metrics]] -.Store copy metrics +=== Store copy metrics +.Store copy metrics [options="header",cols="<3m,<4"] |=== |Name |Description @@ -554,8 +594,6 @@ The deprecated Read Replica metrics are replaced accordingly by the Story copy m |=== - - [[jvm-metrics]] == Java Virtual Machine Metrics @@ -569,8 +607,9 @@ Neo4j allocates buffers in those pools as it needs them. You can limit this memory using JVM settings, but there is never any good reason for you to set them. [[jvm-file-descriptor-metrics]] -.JVM file descriptor metrics +=== JVM file descriptor metrics +.JVM file descriptor metrics [options="header",cols="<3m,<4"] |=== |Name |Description @@ -579,8 +618,9 @@ You can limit this memory using JVM settings, but there is never any good reason |=== [[gc-metrics]] -.GC metrics +=== GC metrics +.GC metrics [options="header",cols="<3m,<4"] |=== |Name |Description @@ -589,8 +629,9 @@ You can limit this memory using JVM settings, but there is never any good reason |=== [[jvm-heap-metrics]] -.JVM Heap metrics +=== JVM Heap metrics +.JVM Heap metrics [options="header",cols="<3m,<4"] |=== |Name |Description @@ -600,8 +641,9 @@ You can limit this memory using JVM settings, but there is never any good reason |=== [[jvm-memory-buffers-metrics]] -.JVM memory buffers metrics +=== JVM memory buffers metrics +.JVM memory buffers metrics [options="header",cols="<3m,<4"] |=== |Name |Description @@ -611,8 +653,9 @@ You can limit this memory using JVM settings, but there is never any good reason |=== [[jvm-memory-pools-metrics]] -.JVM memory pools metrics +=== JVM memory pools metrics +.JVM memory pools metrics [options="header",cols="<3m,<4"] |=== |Name |Description @@ -620,8 +663,9 @@ You can limit this memory using JVM settings, but there is never any good reason |=== [[jvm-pause-time-metrics]] -.JVM pause time metrics +=== JVM pause time metrics +.JVM pause time metrics [options="header",cols="<3m,<4"] |=== |Name |Description @@ -629,12 +673,12 @@ You can limit this memory using JVM settings, but there is never any good reason |=== [[jvm-threads-metrics]] -.JVM threads metrics +=== JVM threads metrics +.JVM threads metrics [options="header",cols="<3m,<4"] |=== |Name |Description |.vm.threads|The total number of live threads including daemon and non-daemon threads. (gauge) |=== - From dbbb2e7844fbc9c7fa05bff3647404bead028459 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Fri, 23 Feb 2024 15:31:28 +0000 Subject: [PATCH 570/876] update the version to 5.18 (#1437) --- antora.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/antora.yml b/antora.yml index eba1e58cb..930578744 100644 --- a/antora.yml +++ b/antora.yml @@ -7,7 +7,7 @@ nav: asciidoc: attributes: neo4j-version: '5' - neo4j-version-minor: '5.17' - neo4j-version-exact: '5.17.0' - neo4j-buildnumber: '5.17' - neo4j-debian-package-version: '1:5.15.0@' + neo4j-version-minor: '5.18' + neo4j-version-exact: '5.18.0' + neo4j-buildnumber: '5.18' + neo4j-debian-package-version: '1:5.18.0@' From db80806cbba1e43720f6bf67237b453188aa9926 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Mon, 26 Feb 2024 12:50:59 +0000 Subject: [PATCH 571/876] Add support for providing args in a file (#1441) --- modules/ROOT/pages/tools/neo4j-admin/index.adoc | 7 +++++-- .../tools/neo4j-admin/neo4j-admin-import.adoc | 14 ++++++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/tools/neo4j-admin/index.adoc b/modules/ROOT/pages/tools/neo4j-admin/index.adoc index ad6daa6fd..0ecaf0254 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/index.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/index.adoc @@ -9,8 +9,11 @@ Both are installed as part of the product and can be executed with a number of commands. The `neo4j` commands are equivalent to the most important commands in the `neo4j-admin` server category. -`help` and `version` are special commands and can be invoked with both `neo4j-admin` and `neo4j`. -They are described in more detail in the <<_version_command>> and <<_help_command>> sections. +Both `neo4j-admin` and `neo4j` commands support the <> option, which prints the command's usage and options, and the <> option, which prints the version of the command. +All admin command options can also be provided in a file and passed to the command using the `@` prefix. +This is useful when the command line becomes too long to manage. +For example, `neo4j-admin database import full @/path/to/your/ mydb`. +For more information, see link:https://picocli.info/#AtFiles[Picocli -> AtFiles] official documentation. [NOTE] ==== diff --git a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc index 8626c8a9b..97e196d8e 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc @@ -343,6 +343,20 @@ neo4j-admin database import full --format=high_limit The `high_limit` format is available for Enterprise Edition only. ==== +[NOTE] +.Providing arguments in a file +==== +All options can be provided in a file and passed to the command using the `@` prefix. +This is useful when the command line becomes too long to manage. +For example, the following command: + +[source, shell] +---- +neo4j-admin database import full @/path/to/your/ mydb +---- +For more information, see link:https://picocli.info/#AtFiles[Picocli -> AtFiles] official documentation. +==== + [[import-tool-examples]] === Examples From 5388f3f5830b1d45a3aaedfba231d1e7880aafb1 Mon Sep 17 00:00:00 2001 From: Hannes Sandberg Date: Mon, 26 Feb 2024 14:11:05 +0100 Subject: [PATCH 572/876] add a note in restore a database backup to consider CDC implications --- modules/ROOT/pages/backup-restore/restore-backup.adoc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/ROOT/pages/backup-restore/restore-backup.adoc b/modules/ROOT/pages/backup-restore/restore-backup.adoc index 689e6f367..fab9b65e9 100644 --- a/modules/ROOT/pages/backup-restore/restore-backup.adoc +++ b/modules/ROOT/pages/backup-restore/restore-backup.adoc @@ -17,6 +17,11 @@ You must create the database (using `CREATE DATABASE` against the `system` datab `neo4j-admin database restore` must be invoked as the `neo4j` user to ensure the appropriate file permissions. For more information, see xref:database-administration/standard-databases/manage-databases.adoc[Manage databases]. +[NOTE] +==== +If you are using CDC, make sure to create this new database with the same `txLogEnrichment` value and in your CDC application handle the potential loss or corruption of CDC data, see xref:getting-started/key-considerations.adoc#restore-from-backup[restore from backup] +==== + [NOTE] ==== When restoring a backup chain, the transaction log contained in the differential backup artifacts must first be replayed. From 1ec9ebf92ec90e69116aa448e6e1df34914bbe0b Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Tue, 27 Feb 2024 14:08:24 +0100 Subject: [PATCH 573/876] Add config `server.http_enabled_transports` related to HTTP/2 support (#1446) --- .../configuration/configuration-settings.adoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/modules/ROOT/pages/configuration/configuration-settings.adoc b/modules/ROOT/pages/configuration/configuration-settings.adoc index 3dffa2c75..b2db7829a 100644 --- a/modules/ROOT/pages/configuration/configuration-settings.adoc +++ b/modules/ROOT/pages/configuration/configuration-settings.adoc @@ -1188,6 +1188,23 @@ a|A comma-separated set where each element is one of [TRANSACTIONAL_ENDPOINTS, U m|+++TRANSACTIONAL_ENDPOINTS,UNMANAGED_EXTENSIONS,BROWSER,ENTERPRISE_MANAGEMENT_ENDPOINTS+++ |=== +[[config_server.http_enabled_transports]] +=== `server.http_enabled_transports` + +label:new[Introduced in 5.17] + +.server.http_enabled_transports +[frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] +|=== +|Description +a|Defines the set of transports available on the HTTP server +|Valid values +a|A comma-separated set where each element is one of [HTTP1_1, HTTP2]. +|Default value +m|+++ENABLED+++ +|=== + + [[config_server.https.advertised_address]] === `server.https.advertised_address` From d4d8a473d47c1dea1ee2dfafd44c0c4d7d76a254 Mon Sep 17 00:00:00 2001 From: Bruno Caricchio Buss Date: Tue, 27 Feb 2024 10:26:09 +0000 Subject: [PATCH 574/876] Update configuration-settings.adoc Fix the description of `dbms.memory.transaction.total.max`, where a "Defaults to" was missing compared to the in-code version. --- modules/ROOT/pages/configuration/configuration-settings.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/configuration/configuration-settings.adoc b/modules/ROOT/pages/configuration/configuration-settings.adoc index b2db7829a..71e5863fd 100644 --- a/modules/ROOT/pages/configuration/configuration-settings.adoc +++ b/modules/ROOT/pages/configuration/configuration-settings.adoc @@ -2466,7 +2466,7 @@ label:dynamic[Dynamic] label:changed[Value changed in 5.2] [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] |=== |Description -a|Limit the amount of memory that all of the running transactions can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). Zero means 'unlimited'. 70% of the heap size limit. +a|Limit the amount of memory that all of the running transactions can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). Zero means 'unlimited'. Defaults to 70% of the heap size limit. |Valid values a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) that is minimum `10.00MiB` or is `0B`. |Default value From 244a28448c3b5a6343fc43965440c8269468dd68 Mon Sep 17 00:00:00 2001 From: Phil Wright <95368282+phil198@users.noreply.github.com> Date: Tue, 27 Feb 2024 14:06:15 +0000 Subject: [PATCH 575/876] Adding clarification that sub-admin roles should not be able to change their own privileges (#1440) This was noticed in a recent internal pentest of RBAC. We need to clarify that it is necessary to explicitly deny the ability to change your own privileges if you copy the admin role (otherwise the new role is essentially unconstrained). --- modules/ROOT/pages/tutorial/access-control.adoc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/ROOT/pages/tutorial/access-control.adoc b/modules/ROOT/pages/tutorial/access-control.adoc index 525538a3c..9410ce85b 100644 --- a/modules/ROOT/pages/tutorial/access-control.adoc +++ b/modules/ROOT/pages/tutorial/access-control.adoc @@ -224,10 +224,14 @@ Then you need to *deny* the two specific actions this role is not supposed to pe * Read any patients' social security number (`SSN`). * Submit medical diagnoses. +As well as the ability for the `itadmin` to amend their own privileges. + [source, cypher, role=systemcmd] ---- DENY READ {ssn} ON GRAPH healthcare NODES Patient TO itadmin; DENY CREATE ON GRAPH healthcare RELATIONSHIPS DIAGNOSIS TO itadmin; +DENY ROLE MANAGEMENT ON DBMS TO itadmin; +DENY PRIVILEGE MANAGEMENT ON DBMS TO itadmin; ---- The complete set of privileges available to users assigned the `itadmin` role can be viewed using the following command: @@ -254,6 +258,8 @@ SHOW ROLE itadmin PRIVILEGES AS COMMANDS; | "GRANT LOAD ON ALL DATA TO `itadmin`" | | "DENY READ {ssn} ON GRAPH `healthcare` NODE Patient TO `itadmin`" | | "DENY CREATE ON GRAPH `healthcare` RELATIONSHIP DIAGNOSIS TO `itadmin`" | +| "DENY ROLE MANAGEMENT ON DBMS TO `itadmin`" | +| "DENY PRIVILEGE MANAGEMENT ON DBMS TO `itadmin`" | +-------------------------------------------------------------------------+ ---- From 7b00044ff5e04f5652529359abd75a8d961ac662 Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Tue, 27 Feb 2024 15:15:44 +0100 Subject: [PATCH 576/876] Fix default value of `server.http_enabled_transports` (#1449) --- modules/ROOT/pages/configuration/configuration-settings.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/configuration/configuration-settings.adoc b/modules/ROOT/pages/configuration/configuration-settings.adoc index 71e5863fd..920eb9126 100644 --- a/modules/ROOT/pages/configuration/configuration-settings.adoc +++ b/modules/ROOT/pages/configuration/configuration-settings.adoc @@ -1201,7 +1201,7 @@ a|Defines the set of transports available on the HTTP server |Valid values a|A comma-separated set where each element is one of [HTTP1_1, HTTP2]. |Default value -m|+++ENABLED+++ +m|+++HTTP1_1,HTTP2+++ |=== From 2fe733b0075a01ad61cabb7dfc4e4c0f22e05ca8 Mon Sep 17 00:00:00 2001 From: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> Date: Thu, 29 Feb 2024 11:11:19 +0100 Subject: [PATCH 577/876] fixed link (#1455) --- .../pages/authentication-authorization/dbms-administration.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/authentication-authorization/dbms-administration.adoc b/modules/ROOT/pages/authentication-authorization/dbms-administration.adoc index 74d5d837f..f02c9c0d3 100644 --- a/modules/ROOT/pages/authentication-authorization/dbms-administration.adoc +++ b/modules/ROOT/pages/authentication-authorization/dbms-administration.adoc @@ -93,7 +93,7 @@ For more details, see the following sections: * <> * <> * <> -* <> +* xref:/database-internals/transaction-management.adoc[Transaction management] * <> * xref:authentication-authorization/load-privileges.adoc[Load privileges] From c4d558e9fafb23c2c016c2eec46e90cbeb46b69c Mon Sep 17 00:00:00 2001 From: Hannes Sandberg Date: Thu, 29 Feb 2024 11:13:04 +0100 Subject: [PATCH 578/876] Update modules/ROOT/pages/backup-restore/restore-backup.adoc Co-authored-by: Reneta Popova --- modules/ROOT/pages/backup-restore/restore-backup.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/backup-restore/restore-backup.adoc b/modules/ROOT/pages/backup-restore/restore-backup.adoc index fab9b65e9..eb9ea8722 100644 --- a/modules/ROOT/pages/backup-restore/restore-backup.adoc +++ b/modules/ROOT/pages/backup-restore/restore-backup.adoc @@ -19,7 +19,7 @@ For more information, see xref:database-administration/standard-databases/manage [NOTE] ==== -If you are using CDC, make sure to create this new database with the same `txLogEnrichment` value and in your CDC application handle the potential loss or corruption of CDC data, see xref:getting-started/key-considerations.adoc#restore-from-backup[restore from backup] +If you are using CDC, make sure to create this new database with the same `txLogEnrichment` value and in your CDC application, handle the potential loss or corruption of CDC data, see link:{neo4j-docs-base-uri}/cdc/{page-version}/getting-started/key-considerations/#restore-from-backup[Change Data Capture Manual -> Backup and restore operations]. ==== [NOTE] From 6de92a73ef1e91f7b64175f010dbf1dece64dce5 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 29 Feb 2024 12:30:11 +0000 Subject: [PATCH 579/876] remove the note about dropping the database (#1454) I removed the note but left the step 4. Do you think I should add the same step to the section **Restore a database backup**? --- .../pages/backup-restore/restore-backup.adoc | 69 +++++++------------ 1 file changed, 25 insertions(+), 44 deletions(-) diff --git a/modules/ROOT/pages/backup-restore/restore-backup.adoc b/modules/ROOT/pages/backup-restore/restore-backup.adoc index 689e6f367..48956e363 100644 --- a/modules/ROOT/pages/backup-restore/restore-backup.adoc +++ b/modules/ROOT/pages/backup-restore/restore-backup.adoc @@ -20,7 +20,7 @@ For more information, see xref:database-administration/standard-databases/manage [NOTE] ==== When restoring a backup chain, the transaction log contained in the differential backup artifacts must first be replayed. -This recovery operation is resource intensive and can be decoupled from the restore operation by using the xref:backup-restore/aggregate.adoc[aggregate] command. +This recovery operation is resource-intensive and can be decoupled from the restore operation by using the xref:backup-restore/aggregate.adoc[aggregate] command. ==== [[restore-backup-syntax]] @@ -143,8 +143,10 @@ That means, if you restore `neo4j-2023-06-29T14-50-45.backup`, your database wil === Restore a database backup -. Restore a database backup by running the following command. -If you want to replace an existing database, add the option `--overwrite-destination=true` to the restore command. +This example assumes that you want to restore your data in a new database, called `mydatabase`. +If you want to replace an existing database, you need to stop it first, and add the option `--overwrite-destination=true` to the restore command. + +. Restore a database backup by running the following command: + [source, shell,role=nocopy noplay] ---- @@ -152,9 +154,13 @@ bin/neo4j-admin database restore --from-path=/path/to/backups/neo4j-2023-05-05T1 ---- + The `--from-path=` argument must contain the path to the last backup of a chain, in this case, `neo4j-2023-06-29T14-51-33.backup`. -If you want to restore several databases at once, you can specify a comma-separated list of paths to backup artifacts. - -. Unless you are replacing an existing database, create the new database using `CREATE DATABASE` against the `system` database. ++ +[TIP] +==== +If you want to restore several databases at once, you must stop them first and then you can alter the command by specifying a comma-separated list of paths to backup artifacts, and remove the `` parameter. +You should also skip the `CREATE DATABASE` step afterward if you are replacing an existing database. +==== +. Create the new database using `CREATE DATABASE` against the `system` database. + [source, cypher, role=nocopy noplay] ---- @@ -163,62 +169,37 @@ CREATE DATABASE mydatabase === Restore data up to a specific date -To restore data up to a specific date, you need to pass the backup artifact that contains the data up to that date. - -[NOTE] -==== -Restoring data up to a specific date is only possible after you drop the existing database. -==== - -. Log in to the Neo4j using `cypher-shell`: -+ -[source, shell,role=nocopy noplay] ----- -bin/cypher-shell -u neo4j -p password ----- -. Change the active database to `system`: -+ -[source, shell,role=nocopy noplay] ----- -:use system; ----- -. Stop the database that requires the restore: -+ -[source, cypher, role=nocopy noplay] ----- -STOP DATABASE databasename; ----- -. Drop the database that requires the restore: -+ -[source, cypher, role=nocopy noplay] ----- -DROP DATABASE databasename; ----- -+ -Do not exit the `cypher-shell` session. +To restore data up to a specific date, you need to pass the backup artifact that contains the data up to that date. + +This example assumes that you want to restore your data in a new database, called `mydatabase`. +If you want to replace an existing database, you need to stop it first, and add the option `--overwrite-destination=true` to the restore command. -. In a different `shell` terminal, restore from the backup that contains the data up to the desired date. +. Restore from the backup that contains the data up to the desired date. + [source, shell,role=nocopy noplay] ---- -bin/neo4j-admin database restore --from-path=/path/to/mybackups/neo4j-2023-06-29T14-50-45.backup --restore-until="2023-06-29 13:50:45" +bin/neo4j-admin database restore --from-path=/path/to/mybackups/neo4j-2023-06-29T14-50-45.backup --restore-until="2023-06-29 13:50:45" mydatabase ---- + The `--from-path=` argument must contain the path to either a full or a differential backup artifact. -If you want to restore several databases at once, you can specify a comma-separated list of paths to backup artifacts. The `--restore-until=` argument must contain a UTC date and time. The restore recovers all transactions that were committed before the provided date and time. + +[TIP] +==== +If you want to restore several databases at once, you must stop them first and then you can alter the command by specifying a comma-separated list of paths to backup artifacts, and remove the `` parameter. +You should also skip the `CREATE DATABASE` step afterward if you are replacing an existing database. +==== ++ [NOTE] ==== If you know the transaction ID of the last transaction that was committed before the date you want to restore to, you can use the `--restore-until=` argument with the transaction ID instead of the date. For example, `--restore-until=123`. ==== -. Using `cypher-shell`, recreate the database that you dropped using `CREATE DATABASE` against the `system` database, for example: +. Create the new database using `CREATE DATABASE` against the `system` database: + [source, cypher, role=nocopy noplay] ---- -CREATE DATABASE databasename; +CREATE DATABASE mydatabase; ---- === Restore a database backup in a cluster From 5ee828677d7ac0493e36d5bb0ef0cec4f1b0d418 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 29 Feb 2024 16:43:36 +0000 Subject: [PATCH 580/876] Remove legacy-backup and legacy-restore (#1461) --- modules/ROOT/pages/backup-restore/online-backup.adoc | 4 ++-- modules/ROOT/pages/index.adoc | 4 ---- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/modules/ROOT/pages/backup-restore/online-backup.adoc b/modules/ROOT/pages/backup-restore/online-backup.adoc index 125ee56ff..2b3694e48 100644 --- a/modules/ROOT/pages/backup-restore/online-backup.adoc +++ b/modules/ROOT/pages/backup-restore/online-backup.adoc @@ -5,7 +5,7 @@ [CAUTION] ==== -Remember to xref:backup-restore/planning.adoc[plan your backup] carefully and to back up each of your databases, including the `system` database. +Remember to xref:backup-restore/planning.adoc[plan your backup] carefully and back up each of your databases, including the `system` database. ==== [[online-backup-command]] @@ -27,7 +27,7 @@ Neo4j 5 introduces a new version of the backup command which produces immutable [[backup-artifact]] === Backup artifact The `neo4j-admin database backup` command produces one backup artifact file per database each time it is run. -A backup artifact file is an immutable file containing the backup data of a given database along with some metadata like the database name and id, the backup time, the lowest/highest transaction ID, etc. +A backup artifact file is an immutable file containing the backup data of a given database along with some metadata like the database name and ID, the backup time, the lowest/highest transaction ID, etc. Backup artifacts can be of two types: diff --git a/modules/ROOT/pages/index.adoc b/modules/ROOT/pages/index.adoc index 9b6696e5d..cdfb2b714 100644 --- a/modules/ROOT/pages/index.adoc +++ b/modules/ROOT/pages/index.adoc @@ -51,10 +51,6 @@ The new backup subsystem provides: ** Differential backup reduces storage requirements and provides point-in-time restore on timestamps or transaction IDs. ** A new backup API for backup management and operability and target multiple URIs in a single backup command to support Autonomous Clusters. -+ -The Backup subsystem from Neo4j 4.x is available as `neo4j-admin database legacy-backup` and `legacy-restore`. + -See xref:backup-restore/index.adoc[Backup and restore section] for detailed descriptions and instructions. - * Incremental offline import. + The `neo4j-admin import` command can now add more data to existing databases. + From 3093d46f711ca0b6e2ed6d30453dcb6b124013a2 Mon Sep 17 00:00:00 2001 From: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com> Date: Thu, 29 Feb 2024 17:57:22 +0100 Subject: [PATCH 581/876] add link to cdc regarding unrecorded data changes (#1463) --- modules/ROOT/pages/backup-restore/restore-dump.adoc | 6 ++++++ .../ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/modules/ROOT/pages/backup-restore/restore-dump.adoc b/modules/ROOT/pages/backup-restore/restore-dump.adoc index e4a9a3a33..818d01214 100644 --- a/modules/ROOT/pages/backup-restore/restore-dump.adoc +++ b/modules/ROOT/pages/backup-restore/restore-dump.adoc @@ -4,6 +4,12 @@ A database dump can be loaded to a Neo4j instance using the `load` command of `neo4j-admin`. +[NOTE] +==== +Change Data Capture does **not** capture any data changes resulting from the use of `neo4j-admin database load`. +See link:{neo4j-docs-base-uri}/cdc/current/getting-started/key-considerations/#non-tx-log-changes[Change Data Capture -> Key considerations] for more information. +==== + [[restore-dump-command]] == Command diff --git a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc index 97e196d8e..4cd520153 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc @@ -19,6 +19,12 @@ Other methods of importing data into Neo4j might be better suited to non-admin u See link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/clauses/load-csv/[Cypher Manual -> `LOAD CSV`]. * Graphical Tools - link:{neo4j-docs-base-uri}/aura/auradb/importing/importing-data/#_load_csv[Neo4j AuraDB -> Importing data]. +[NOTE] +==== +Change Data Capture does **not** capture any data changes resulting from the use of `neo4j-admin database import`. +See link:{neo4j-docs-base-uri}/cdc/current/getting-started/key-considerations/#non-tx-log-changes[Change Data Capture -> Key considerations] for more information. +==== + == Overview The `neo4j-admin database import` command has two modes both used for initial data import: From 70ad4a714642e985a808c7d6f8c8dc3e99d662ef Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 29 Feb 2024 17:02:07 +0000 Subject: [PATCH 582/876] Add a step to decouple the conf and data folders from the binaries (#1457) Co-authored-by: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> --- modules/ROOT/pages/installation/linux/tarball.adoc | 2 ++ modules/ROOT/pages/installation/osx.adoc | 2 ++ modules/ROOT/pages/installation/windows.adoc | 2 ++ 3 files changed, 6 insertions(+) diff --git a/modules/ROOT/pages/installation/linux/tarball.adoc b/modules/ROOT/pages/installation/linux/tarball.adoc index 3b5ee70a3..ceb1d0e44 100644 --- a/modules/ROOT/pages/installation/linux/tarball.adoc +++ b/modules/ROOT/pages/installation/linux/tarball.adoc @@ -53,6 +53,8 @@ See the link:https://neo4j.com/terms/licensing/[Neo4j licensing] page for detail + ** Set the environment variable `NEO4J_ACCEPT_LICENSE_AGREEMENT=eval`. ** Run `/bin/neo4j-admin server license --accept-evaluation`. +. (Optional) Decouple the data and configuration directories from the binary files by setting the environment variable `NEO4J_CONF` and `server.directories.data` to point to the desired locations. +Storing your data and configuration on a separate disk or partition can simplify the upgrade process later. . Start Neo4j: * To run Neo4j as a console application, use: `/bin/neo4j console`. * To run Neo4j in a background process, use: `/bin/neo4j start`. diff --git a/modules/ROOT/pages/installation/osx.adoc b/modules/ROOT/pages/installation/osx.adoc index 9ed488999..cfbcd5921 100644 --- a/modules/ROOT/pages/installation/osx.adoc +++ b/modules/ROOT/pages/installation/osx.adoc @@ -31,6 +31,8 @@ See the link:https://neo4j.com/terms/licensing/[Neo4j licensing] page for detail + ** Set the environment variable `NEO4J_ACCEPT_LICENSE_AGREEMENT=eval`. ** Run `/bin/neo4j-admin server license --accept-evaluation`. +. (Optional) Decouple the data and configuration directories from the binary files by setting the environment variable `NEO4J_CONF` and `server.directories.data` to point to the desired locations. +Storing your data and configuration on a separate disk or partition can simplify the upgrade process later. . Start Neo4j: * To run Neo4j as a console application, use: `/bin/neo4j console`. * To run Neo4j in a background process, use: `/bin/neo4j start`. diff --git a/modules/ROOT/pages/installation/windows.adoc b/modules/ROOT/pages/installation/windows.adoc index ff56fd812..d75d6fa8c 100644 --- a/modules/ROOT/pages/installation/windows.adoc +++ b/modules/ROOT/pages/installation/windows.adoc @@ -30,6 +30,8 @@ See the link:https://neo4j.com/terms/licensing/[Neo4j licensing] page for detail + ** Set it as an environment variable using `set NEO4J_ACCEPT_LICENSE_AGREEMENT=eval`. ** Run `\bin\neo4j-admin server license --accept-evaluation`. +. (Optional) Decouple the data and configuration directories from the binary files by setting the environment variable `NEO4J_CONF` and `server.directories.data` to point to the desired locations. +Storing your data and configuration on a separate disk or partition can simplify the upgrade process later. . Start Neo4j: * To run Neo4j as a console application, use: `\bin\neo4j console`. * To install Neo4j as a service use: `\bin\neo4j windows-service install`. From 8452fc0bc6efd2f858a3bb9380e33eaf931f0d9b Mon Sep 17 00:00:00 2001 From: Neil Dewhurst Date: Fri, 1 Mar 2024 16:52:28 +0000 Subject: [PATCH 583/876] Create CODEOWNERS --- .github/CODEOWNERS | 1 + 1 file changed, 1 insertion(+) create mode 100644 .github/CODEOWNERS diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 000000000..4aa6ecc05 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1 @@ +./.github/ @recrwplay From f92190f0d05994da3a5930ace5edd2877608cf75 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 6 Mar 2024 17:29:29 +0000 Subject: [PATCH 584/876] Reorganize the upgrade on k8s page and change the title (#1460) --- modules/ROOT/pages/kubernetes/index.adoc | 3 +-- .../pages/kubernetes/operations/index.adoc | 3 +-- .../pages/kubernetes/operations/upgrade.adoc | 19 ++++++++++++------- 3 files changed, 14 insertions(+), 11 deletions(-) diff --git a/modules/ROOT/pages/kubernetes/index.adoc b/modules/ROOT/pages/kubernetes/index.adoc index 2dce05a8e..e0056f359 100644 --- a/modules/ROOT/pages/kubernetes/index.adoc +++ b/modules/ROOT/pages/kubernetes/index.adoc @@ -30,8 +30,7 @@ This chapter describes the following: ** xref:kubernetes/operations/reset-password.adoc[Reset the neo4j user password] ** xref:kubernetes/operations/dump-load.adoc[Dump and load databases (offline)] ** xref:kubernetes/operations/backup-restore.adoc[Back up and restore a single database (online)] -** xref:kubernetes/operations/upgrade.adoc[Upgrade Neo4j Community to Enterprise edition -] +** xref:kubernetes/operations/upgrade.adoc[Upgrade Neo4j on Kubernetes] ** xref:kubernetes/operations/migrate-from-labs.adoc[Migrate Neo4j from the Labs Helm charts to the Neo4j Helm charts (offline)] ** xref:kubernetes/operations/scaling.adoc[Scale a Neo4j deployment] ** xref:kubernetes/operations/image-pull-secret.adoc[Use custom images from private registries] diff --git a/modules/ROOT/pages/kubernetes/operations/index.adoc b/modules/ROOT/pages/kubernetes/operations/index.adoc index 80e0e634a..fc8c004d4 100644 --- a/modules/ROOT/pages/kubernetes/operations/index.adoc +++ b/modules/ROOT/pages/kubernetes/operations/index.adoc @@ -10,8 +10,7 @@ It covers the following topics: * xref:kubernetes/operations/reset-password.adoc[Reset the neo4j user password] * xref:kubernetes/operations/dump-load.adoc[Dump and load databases (offline)] * xref:kubernetes/operations/backup-restore.adoc[Back up and restore a single database (online)] -* xref:kubernetes/operations/upgrade.adoc[Upgrade Neo4j Community to Enterprise edition -] +* xref:kubernetes/operations/upgrade.adoc[Upgrade Neo4j on Kubernetes] * xref:kubernetes/operations/migrate-from-labs.adoc[Migrate Neo4j from the Labs Helm charts to the Neo4j Helm charts (offline)] * xref:kubernetes/operations/scaling.adoc[Scale a Neo4j deployment] * xref:kubernetes/operations/image-pull-secret.adoc[Use custom images from private registries] diff --git a/modules/ROOT/pages/kubernetes/operations/upgrade.adoc b/modules/ROOT/pages/kubernetes/operations/upgrade.adoc index e690f7154..440d5cf53 100644 --- a/modules/ROOT/pages/kubernetes/operations/upgrade.adoc +++ b/modules/ROOT/pages/kubernetes/operations/upgrade.adoc @@ -1,14 +1,10 @@ [[kubernetes-upgrading]] -= Upgrade Neo4j Community to Enterprise edition += Upgrade Neo4j on Kubernetes -To upgrade from Neo4j Community to Enterprise edition, run: -[source, shell] ----- -helm upgrade neo4j/neo4j --reuse-values --set neo4j.edition=enterprise --set neo4j.acceptLicenseAgreement=yes ----- +== Upgrade to a new minor version -To upgrade to the next patch release of Neo4j, update your Neo4j _values.yaml_ file and upgrade the helm release. +To upgrade to the next release of Neo4j, update your Neo4j _values.yaml_ file and upgrade the helm release. . Open the _values.yaml_ file, using the code editor of your choice, and add the following line to the `image` object: + @@ -23,4 +19,13 @@ image: [source, shell] ---- helm upgrade neo4j/neo4j -f values.yaml +---- + +== Upgrade from Community to Enterprise + +To upgrade from Neo4j Community to Enterprise edition, run: + +[source, shell] +---- +helm upgrade neo4j/neo4j --reuse-values --set neo4j.edition=enterprise --set neo4j.acceptLicenseAgreement=yes ---- \ No newline at end of file From be38e7ffef038c29fb8971849f9697fd9abcd31e Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 6 Mar 2024 17:33:53 +0000 Subject: [PATCH 585/876] update the reverse-proxy yaml to support privilege and access control settings for a Container (#1459) --- .../kubernetes/accessing-neo4j-ingress.adoc | 25 +++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/kubernetes/accessing-neo4j-ingress.adoc b/modules/ROOT/pages/kubernetes/accessing-neo4j-ingress.adoc index da2b75f4d..48d099694 100644 --- a/modules/ROOT/pages/kubernetes/accessing-neo4j-ingress.adoc +++ b/modules/ROOT/pages/kubernetes/accessing-neo4j-ingress.adoc @@ -16,6 +16,9 @@ image::reverse-proxy.svg[title="Reverse proxy flow diagram"] The Reverse proxy Helm chart creates an HTTP server, which routes requests to either the Bolt reverse proxy or HTTP reverse proxy based on the request headers. Upon receiving a response, the Bolt reverse proxy updates the response to replace the Bolt port with either `:80` or `:443`. +From version 5.17.0, the Reverse proxy Helm chart supports defining privilege and access control settings for a Container. +Make sure that you do not run Neo4j as a root user. + == Configuration options To see all configurable options, run the following command: @@ -36,8 +39,7 @@ fullnameOverride: "" # Parameters for reverse proxy reverseProxy: - image: "neo4j/helm-charts-reverse-proxy:5.12.0" - + image: "neo4j/helm-charts-reverse-proxy:5.17.0" # Name of the kubernetes service. This service should have the ports 7474 and 7687 open. # This could be the admin service ex: "standalone-admin" or the loadbalancer service ex: "standalone" created via the neo4j helm chart # serviceName , namespace , domain together will form the complete k8s service url. Ex: standalone-admin.default.svc.cluster.local @@ -47,6 +49,24 @@ reverseProxy: # default is set to cluster.local domain: "cluster.local" + # securityContext defines privilege and access control settings for a Container. Making sure that we dont run Neo4j as root user. + containerSecurityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true + runAsUser: 7474 + runAsGroup: 7474 + capabilities: + drop: + - all + + podSecurityContext: + runAsNonRoot: true + runAsUser: 7474 + runAsGroup: 7474 + fsGroup: 7474 + fsGroupChangePolicy: "Always" + + # This assumes ingress-nginx controller or haproxy-ingress-controller is already installed in your kubernetes cluster. # You can install ingress-nginx by following instructions on this link https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/index.md#quick-start # You can install haproxy-ingress by following instructions on this link https://haproxy-ingress.github.io/docs/getting-started/ @@ -57,6 +77,7 @@ reverseProxy: annotations: {} # "demo": "value" # "demo2": "value2" + host: "" tls: enabled: false config: [] From 9ac43169edd89cc8bd1ad485f05fb99e2653aed8 Mon Sep 17 00:00:00 2001 From: Therese Magnusson Date: Wed, 6 Mar 2024 18:36:28 +0100 Subject: [PATCH 586/876] Add section on limitations around privileges and missing labels (#1453) as well as notes on the relevant privileges linking to it --------- Co-authored-by: Reneta Popova --- .../limitations.adoc | 55 +++++++++++++++++++ .../privileges-reads.adoc | 18 ++++++ .../privileges-writes.adoc | 36 ++++++++++++ 3 files changed, 109 insertions(+) diff --git a/modules/ROOT/pages/authentication-authorization/limitations.adoc b/modules/ROOT/pages/authentication-authorization/limitations.adoc index fd1c7e38c..1ecf06fd4 100644 --- a/modules/ROOT/pages/authentication-authorization/limitations.adoc +++ b/modules/ROOT/pages/authentication-authorization/limitations.adoc @@ -277,6 +277,61 @@ CALL db.labels() will only return label `:A`, because that is the only label for which traversal was granted. +[[access-control-limitations-non-existing-labels]] +=== Privileges for non-existing labels, relationship types, and property names + +Privileges for non-existent labels, relationship types, and property names have an effect only once the latter are created. +In other words, when authorizing a user, only privileges for existing labels, relationship types, and property names are applied. +This is because the graph elements must be resolved internally to be able to check against the privileges when users try to use them later. +If a label, relationship type, or property name does not yet exist, it will not resolve, and therefore, the privileges will not apply. + +A way around this is to create the label, relationship type, or property name using the `db.createLabel()`, `db.createRelationshipType()`, and `db.createProperty()` procedures on the relevant database when creating the privileges. + +Labels, relationship types, and property names are considered non-existent in a database if: + +* There has never been a node with that label, a relationship with that relationship type, or a property with that name. +* There has been no attempt to add a node with that label, a relationship with that relationship type, or a property with that name. + +The attempted creation adds it to the known labels, relationship types, and property names even if the creation itself fails (unless it fails on missing or denied privileges to create new labels, relationship types, or property names). +* They have not been created using any of the `db.createLabel()`, `db.createRelationshipType()`, or `db.createProperty()` procedures. + +There is currently no way to remove a label, relationship type, or property name from the database. +Once existent in the database, they cannot return to non-existent. + +For example, let's assume that you have a new, freshly-created empty database, called `testing`, and a user named `Alice` with a `custom` role. +[NOTE] +===== +The example focuses only on nodes and their labels, though the same principle applies to relationships and their relationship type, and properties (on both nodes and relationships) and their names. +===== + +Using the following command, you define some privileges to the `custom` role: +[source, cypher] +---- +GRANT MATCH {*} ON GRAPH testing NODES * TO custom +GRANT CREATE ON GRAPH testing NODES `A` TO custom +GRANT SET LABEL `A` ON GRAPH testing TO custom +GRANT CREATE NEW NODE LABEL ON DATABASE testing TO custom +---- + +This means that when `Alice` executes: + +[source, cypher] +---- +CREATE (:`A`) +---- + +She will get the following exception even though she is allowed to create new labels: +[source] +---- +Create node with labels 'A' on database 'testing' is not allowed for user 'Alice' with roles [PUBLIC, custom]. +---- + +However, rerunning the same query will create the node. +This is because the failed creation still creates the label, making it no longer non-existent when the query is run a second time. + +To ensure success on the first attempt, when setting up the privileges for the `custom` role, the administrator should run the `db.createLabel()` procedure on the affected databases for all non-existing labels that get assigned privileges. +In this example, when creating the custom role, connect to `testing` and run `CALL db.createLabel('A')` to ensure Alice creates the node successfully on her first attempt. + + [[access-control-limitations-db-operations]] == Security and count store operations diff --git a/modules/ROOT/pages/authentication-authorization/privileges-reads.adoc b/modules/ROOT/pages/authentication-authorization/privileges-reads.adoc index 62f9ba1c6..d442db400 100644 --- a/modules/ROOT/pages/authentication-authorization/privileges-reads.adoc +++ b/modules/ROOT/pages/authentication-authorization/privileges-reads.adoc @@ -67,6 +67,12 @@ For example, we can disable users with the role `regularUsers` from finding all DENY TRAVERSE ON HOME GRAPH NODES Payments TO regularUsers ---- +[NOTE] +==== +If a label or a relationship type does not exist in the database, the user cannot use the corresponding privilege until it is created. +See xref:authentication-authorization/limitations.adoc#access-control-limitations-non-existing-labels[Privileges for non-existing labels, relationship types, and property names] for more information. +==== + [[access-control-privileges-reads-read]] == The `READ` privilege @@ -122,6 +128,12 @@ The following example shows how to do that: DENY READ { secret } ON GRAPH neo4j NODES Post TO regularUsers ---- +[NOTE] +==== +If a label, a relationship type, or a property name does not exist in the database, the user cannot use the corresponding privilege until it is created. +See xref:authentication-authorization/limitations.adoc#access-control-limitations-non-existing-labels[Privileges for non-existing labels, relationship types, and property names] for more information. +==== + [[access-control-privileges-reads-match]] == The `MATCH` privilege @@ -182,3 +194,9 @@ The following query exemplifies how it would look if you wanted to deny both rea ---- DENY MATCH { * } ON GRAPH neo4j NODES Account TO regularUsers ---- + +[NOTE] +==== +If a label, a relationship type, or a property name does not exist in the database, the user cannot use the corresponding privilege until it is created. +See xref:authentication-authorization/limitations.adoc#access-control-limitations-non-existing-labels[Privileges for non-existing labels, relationship types, and property names] for more information. +==== diff --git a/modules/ROOT/pages/authentication-authorization/privileges-writes.adoc b/modules/ROOT/pages/authentication-authorization/privileges-writes.adoc index bb6d1085f..81f2948ee 100644 --- a/modules/ROOT/pages/authentication-authorization/privileges-writes.adoc +++ b/modules/ROOT/pages/authentication-authorization/privileges-writes.adoc @@ -82,6 +82,12 @@ If the user attempts to create nodes with a label that does not already exist on The same applies to new relationships: the xref:authentication-authorization/database-administration.adoc#access-control-database-administration-tokens[`CREATE NEW RELATIONSHIP TYPE`] privilege is required. ==== +[NOTE] +==== +If a label or a relationship type does not exist in the database, the user cannot use the corresponding privilege until it is created. +See xref:authentication-authorization/limitations.adoc#access-control-limitations-non-existing-labels[Privileges for non-existing labels, relationship types, and property names] for more information. +==== + [[access-control-privileges-writes-delete]] == The `DELETE` privilege @@ -135,6 +141,12 @@ Users with `DELETE` privilege, but restricted `TRAVERSE` privileges, will not be See href:tutorial/access-control.adoc#detach-delete-restricted-user[delete restricted user] for more info. ==== +[NOTE] +==== +If a label or a relationship type does not exist in the database, the user cannot use the corresponding privilege until it is created. +See xref:authentication-authorization/limitations.adoc#access-control-limitations-non-existing-labels[Privileges for non-existing labels, relationship types, and property names] for more information. +==== + [[access-control-privileges-writes-set-label]] == The `SET LABEL` privilege @@ -181,6 +193,12 @@ DENY SET LABEL foo ON GRAPH * TO regularUsers If no instances of this label exist on the database, then the xref:authentication-authorization/database-administration.adoc#access-control-database-administration-tokens[`CREATE NEW LABEL`] privilege is also required. ==== +[NOTE] +==== +If a label does not exist in the database, the user cannot use the corresponding privilege until it is created. +See xref:authentication-authorization/limitations.adoc#access-control-limitations-non-existing-labels[Privileges for non-existing labels, relationship types, and property names] for more information. +==== + [[access-control-privileges-writes-remove-label]] == The `REMOVE LABEL` privilege @@ -222,6 +240,12 @@ For example, denying the role `regularUsers` the ability to remove the label `fo DENY REMOVE LABEL foo ON GRAPH * TO regularUsers ---- +[NOTE] +==== +If a label does not exist in the database, the user cannot use the corresponding privilege until it is created. +See xref:authentication-authorization/limitations.adoc#access-control-limitations-non-existing-labels[Privileges for non-existing labels, relationship types, and property names] for more information. +==== + [[access-control-privileges-writes-set-property]] == The `SET PROPERTY` privilege @@ -273,6 +297,12 @@ DENY SET PROPERTY { foo } ON GRAPH * NODES bar TO regularUsers If the user attempts to set a property with a property name that does not already exist on the database, the user must also possess the xref:authentication-authorization/database-administration.adoc#access-control-database-administration-tokens[`CREATE NEW PROPERTY NAME`] privilege. ==== +[NOTE] +==== +If a label, a relationship type, or a property name does not exist in the database, the user cannot use the corresponding privilege until it is created. +See xref:authentication-authorization/limitations.adoc#access-control-limitations-non-existing-labels[Privileges for non-existing labels, relationship types, and property names] for more information. +==== + [[access-control-privileges-writes-merge]] == The `MERGE` privilege @@ -311,6 +341,12 @@ xref:authentication-authorization/database-administration.adoc#access-control-da xref:authentication-authorization/database-administration.adoc#access-control-database-administration-tokens[`CREATE NEW PROPERTY NAME`] privileges are required. ==== +[NOTE] +==== +If a label, a relationship type, or a property name does not exist in the database, the user cannot use the corresponding privilege until it is created. +See xref:authentication-authorization/limitations.adoc#access-control-limitations-non-existing-labels[Privileges for non-existing labels, relationship types, and property names] for more information. +==== + [[access-control-privileges-writes-write]] == The `WRITE` privilege From 3bdfc8966c38f476001d90ebe80cc396d8a9318c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 6 Mar 2024 17:42:36 +0000 Subject: [PATCH 587/876] Bump the dev-dependencies group with 2 updates (#1466) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the dev-dependencies group with 2 updates: [express](https://github.com/expressjs/express) and [nodemon](https://github.com/remy/nodemon). Updates `express` from 4.18.2 to 4.18.3
Release notes

Sourced from express's releases.

4.18.3

Main Changes

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@2.5.2

Other Changes

New Contributors

Full Changelog: https://github.com/expressjs/express/compare/4.18.2...4.18.3

Changelog

Sourced from express's changelog.

4.18.3 / 2024-02-26

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@2.5.2
Commits
  • 1b51eda 4.18.3
  • b625132 build: pin Node 21.x to minor
  • e3eca80 build: pin Node 21.x to minor
  • 23b44b3 build: support Node.js 21.6.2
  • b9fea12 build: support Node.js 21.x in appveyor
  • c259c34 build: support Node.js 21.x
  • fdeb1d3 build: support Node.js 20.x in appveyor
  • 734b281 build: support Node.js 20.x
  • 0e3ab6e examples: improve view count in cookie-sessions
  • 59af63a build: Node.js@18.19
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for express since your current version.


Updates `nodemon` from 3.0.3 to 3.1.0
Release notes

Sourced from nodemon's releases.

v3.1.0

3.1.0 (2024-02-22)

Features

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 224 +++++++++++++++++++++++++++++----------------- package.json | 4 +- 2 files changed, 142 insertions(+), 86 deletions(-) diff --git a/package-lock.json b/package-lock.json index 2167c5e96..da8591cce 100644 --- a/package-lock.json +++ b/package-lock.json @@ -20,8 +20,8 @@ "@neo4j-documentation/remote-include": "^1.0.0" }, "devDependencies": { - "express": "^4.18.2", - "nodemon": "^3.0.3" + "express": "^4.18.3", + "nodemon": "^3.1.0" } }, "node_modules/@antora/asciidoc-loader": { @@ -475,13 +475,13 @@ } }, "node_modules/body-parser": { - "version": "1.20.1", - "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.1.tgz", - "integrity": "sha512-jWi7abTbYwajOytWCQc37VulmWiRae5RyTpaCyDcS5/lMdtwSz5lOpDE67srw/HYe35f1z3fDQw+3txg7gNtWw==", + "version": "1.20.2", + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz", + "integrity": "sha512-ml9pReCu3M61kGlqoTm2umSXTlRTuGTx0bfYj+uIUKKYycG5NtSbeetV3faSU6R7ajOPw0g/J1PvK4qNy7s5bA==", "dev": true, "dependencies": { "bytes": "3.1.2", - "content-type": "~1.0.4", + "content-type": "~1.0.5", "debug": "2.6.9", "depd": "2.0.0", "destroy": "1.2.0", @@ -489,7 +489,7 @@ "iconv-lite": "0.4.24", "on-finished": "2.4.1", "qs": "6.11.0", - "raw-body": "2.5.1", + "raw-body": "2.5.2", "type-is": "~1.6.18", "unpipe": "1.0.0" }, @@ -581,13 +581,18 @@ } }, "node_modules/call-bind": { - "version": "1.0.5", - "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.5.tgz", - "integrity": "sha512-C3nQxfFZxFRVoJoGKKI8y3MOEo129NQ+FgQ08iye+Mk4zNZZGdjfs06bVTr+DBSlA66Q2VEcMki/cUCP4SercQ==", + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.7.tgz", + "integrity": "sha512-GHTSNSYICQ7scH7sZ+M2rFopRoLh8t2bLSW6BbgrtLsahOIB5iyAVJf9GjWK3cYTDaMj4XdBpM1cA6pIS0Kv2w==", "dependencies": { + "es-define-property": "^1.0.0", + "es-errors": "^1.3.0", "function-bind": "^1.1.2", - "get-intrinsic": "^1.2.1", - "set-function-length": "^1.1.1" + "get-intrinsic": "^1.2.4", + "set-function-length": "^1.2.1" + }, + "engines": { + "node": ">= 0.4" }, "funding": { "url": "https://github.com/sponsors/ljharb" @@ -814,16 +819,19 @@ } }, "node_modules/define-data-property": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.1.tgz", - "integrity": "sha512-E7uGkTzkk1d0ByLeSc6ZsFS79Axg+m1P/VsgYsxHgiuc3tFSj+MjMIwe90FC4lOAZzNBdY7kkO2P2wKdsQ1vgQ==", + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz", + "integrity": "sha512-rBMvIzlpA8v6E+SJZoo++HAYqsLrkg7MSfIinMPFhmkorw7X+dOXVJQs+QT69zGkzMyfDnIMN2Wid1+NbL3T+A==", "dependencies": { - "get-intrinsic": "^1.2.1", - "gopd": "^1.0.1", - "has-property-descriptors": "^1.0.0" + "es-define-property": "^1.0.0", + "es-errors": "^1.3.0", + "gopd": "^1.0.1" }, "engines": { "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" } }, "node_modules/define-properties": { @@ -900,6 +908,25 @@ "once": "^1.4.0" } }, + "node_modules/es-define-property": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.0.tgz", + "integrity": "sha512-jxayLKShrEqqzJ0eumQbVhTYQM27CfT1T35+gCgDFoL82JLsXqTJ76zv6A0YLOgEnLUMvLzsDsGIrl8NFpT2gQ==", + "dependencies": { + "get-intrinsic": "^1.2.4" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-errors": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", + "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==", + "engines": { + "node": ">= 0.4" + } + }, "node_modules/escape-html": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", @@ -932,14 +959,14 @@ } }, "node_modules/express": { - "version": "4.18.2", - "resolved": "https://registry.npmjs.org/express/-/express-4.18.2.tgz", - "integrity": "sha512-5/PsL6iGPdfQ/lKM1UuielYgv3BUoJfz1aUwU9vHZ+J7gyvwdQXFEBIEIaxeGf0GIcreATNyBExtalisDbuMqQ==", + "version": "4.18.3", + "resolved": "https://registry.npmjs.org/express/-/express-4.18.3.tgz", + "integrity": "sha512-6VyCijWQ+9O7WuVMTRBTl+cjNNIzD5cY5mQ1WM8r/LEkI2u8EYpOotESNwzNlyCn3g+dmjKYI6BmNneSr/FSRw==", "dev": true, "dependencies": { "accepts": "~1.3.8", "array-flatten": "1.1.1", - "body-parser": "1.20.1", + "body-parser": "1.20.2", "content-disposition": "0.5.4", "content-type": "~1.0.4", "cookie": "0.5.0", @@ -1127,15 +1154,19 @@ } }, "node_modules/get-intrinsic": { - "version": "1.2.2", - "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.2.tgz", - "integrity": "sha512-0gSo4ml/0j98Y3lngkFEot/zhiCeWsbYIlZ+uZOVgzLyLaUw7wxUL+nCTP0XJvJg1AXulJRI3UJi8GsbDuxdGA==", + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.4.tgz", + "integrity": "sha512-5uYhsJH8VJBTv7oslg4BznJYhDoRI6waYCxMmCdnTrcCrHA/fCFKoTFz2JKKE0HdDFUF7/oQuhzumXJK7paBRQ==", "dependencies": { + "es-errors": "^1.3.0", "function-bind": "^1.1.2", "has-proto": "^1.0.1", "has-symbols": "^1.0.3", "hasown": "^2.0.0" }, + "engines": { + "node": ">= 0.4" + }, "funding": { "url": "https://github.com/sponsors/ljharb" } @@ -1792,9 +1823,9 @@ "integrity": "sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==" }, "node_modules/nodemon": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/nodemon/-/nodemon-3.0.3.tgz", - "integrity": "sha512-7jH/NXbFPxVaMwmBCC2B9F/V6X1VkEdNgx3iu9jji8WxWcvhMWkmhNWhI5077zknOnZnBzba9hZP6bCPJLSReQ==", + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/nodemon/-/nodemon-3.1.0.tgz", + "integrity": "sha512-xqlktYlDMCepBJd43ZQhjWwMw2obW/JRvkrLxq5RCNcuDDX1DbcPT+qT1IlIIdf+DhnWs90JpTMe+Y5KxOchvA==", "dev": true, "dependencies": { "chokidar": "^3.5.2", @@ -2217,9 +2248,9 @@ } }, "node_modules/raw-body": { - "version": "2.5.1", - "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz", - "integrity": "sha512-qqJBtEyVgS0ZmPGdCFPWJ3FreoqvG4MVQln/kCgF7Olq95IbOp0/BWyMwbdtn4VTvkM8Y7khCQ2Xgk/tcrCXig==", + "version": "2.5.2", + "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz", + "integrity": "sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA==", "dev": true, "dependencies": { "bytes": "3.1.2", @@ -2420,14 +2451,16 @@ } }, "node_modules/set-function-length": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.1.1.tgz", - "integrity": "sha512-VoaqjbBJKiWtg4yRcKBQ7g7wnGnLV3M8oLvVWwOk2PdYY6PEFegR1vezXR0tw6fZGF9csVakIRjrJiy2veSBFQ==", + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.1.tgz", + "integrity": "sha512-j4t6ccc+VsKwYHso+kElc5neZpjtq9EnRICFZtWyBsLojhmeF/ZBd/elqm22WJh/BziDe/SBiOeAt0m2mfLD0g==", "dependencies": { - "define-data-property": "^1.1.1", - "get-intrinsic": "^1.2.1", + "define-data-property": "^1.1.2", + "es-errors": "^1.3.0", + "function-bind": "^1.1.2", + "get-intrinsic": "^1.2.3", "gopd": "^1.0.1", - "has-property-descriptors": "^1.0.0" + "has-property-descriptors": "^1.0.1" }, "engines": { "node": ">= 0.4" @@ -2457,14 +2490,18 @@ "integrity": "sha512-RPQhIndEIVUCjkfkQ6rs6sOR6pkxJWCNdxtfG5pP0RVgUYbK5911kLTF0TNcCC0G3YCGd492rMollFT2aTd9iQ==" }, "node_modules/side-channel": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.4.tgz", - "integrity": "sha512-q5XPytqFEIKHkGdiMIrY10mvLRvnQh42/+GoBlFW3b2LXLE2xxJpZFdm94we0BaoV3RwJyGqg5wS7epxTv0Zvw==", + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.6.tgz", + "integrity": "sha512-fDW/EZ6Q9RiO8eFG8Hj+7u/oW+XrPTIChwCOM2+th2A6OblDtYYIpve9m+KvI9Z4C9qSEXlaGR6bTEYHReuglA==", "dev": true, "dependencies": { - "call-bind": "^1.0.0", - "get-intrinsic": "^1.0.2", - "object-inspect": "^1.9.0" + "call-bind": "^1.0.7", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.4", + "object-inspect": "^1.13.1" + }, + "engines": { + "node": ">= 0.4" }, "funding": { "url": "https://github.com/sponsors/ljharb" @@ -3361,13 +3398,13 @@ "dev": true }, "body-parser": { - "version": "1.20.1", - "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.1.tgz", - "integrity": "sha512-jWi7abTbYwajOytWCQc37VulmWiRae5RyTpaCyDcS5/lMdtwSz5lOpDE67srw/HYe35f1z3fDQw+3txg7gNtWw==", + "version": "1.20.2", + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz", + "integrity": "sha512-ml9pReCu3M61kGlqoTm2umSXTlRTuGTx0bfYj+uIUKKYycG5NtSbeetV3faSU6R7ajOPw0g/J1PvK4qNy7s5bA==", "dev": true, "requires": { "bytes": "3.1.2", - "content-type": "~1.0.4", + "content-type": "~1.0.5", "debug": "2.6.9", "depd": "2.0.0", "destroy": "1.2.0", @@ -3375,7 +3412,7 @@ "iconv-lite": "0.4.24", "on-finished": "2.4.1", "qs": "6.11.0", - "raw-body": "2.5.1", + "raw-body": "2.5.2", "type-is": "~1.6.18", "unpipe": "1.0.0" } @@ -3431,13 +3468,15 @@ } }, "call-bind": { - "version": "1.0.5", - "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.5.tgz", - "integrity": "sha512-C3nQxfFZxFRVoJoGKKI8y3MOEo129NQ+FgQ08iye+Mk4zNZZGdjfs06bVTr+DBSlA66Q2VEcMki/cUCP4SercQ==", + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.7.tgz", + "integrity": "sha512-GHTSNSYICQ7scH7sZ+M2rFopRoLh8t2bLSW6BbgrtLsahOIB5iyAVJf9GjWK3cYTDaMj4XdBpM1cA6pIS0Kv2w==", "requires": { + "es-define-property": "^1.0.0", + "es-errors": "^1.3.0", "function-bind": "^1.1.2", - "get-intrinsic": "^1.2.1", - "set-function-length": "^1.1.1" + "get-intrinsic": "^1.2.4", + "set-function-length": "^1.2.1" } }, "chokidar": { @@ -3615,13 +3654,13 @@ } }, "define-data-property": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.1.tgz", - "integrity": "sha512-E7uGkTzkk1d0ByLeSc6ZsFS79Axg+m1P/VsgYsxHgiuc3tFSj+MjMIwe90FC4lOAZzNBdY7kkO2P2wKdsQ1vgQ==", + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz", + "integrity": "sha512-rBMvIzlpA8v6E+SJZoo++HAYqsLrkg7MSfIinMPFhmkorw7X+dOXVJQs+QT69zGkzMyfDnIMN2Wid1+NbL3T+A==", "requires": { - "get-intrinsic": "^1.2.1", - "gopd": "^1.0.1", - "has-property-descriptors": "^1.0.0" + "es-define-property": "^1.0.0", + "es-errors": "^1.3.0", + "gopd": "^1.0.1" } }, "define-properties": { @@ -3682,6 +3721,19 @@ "once": "^1.4.0" } }, + "es-define-property": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.0.tgz", + "integrity": "sha512-jxayLKShrEqqzJ0eumQbVhTYQM27CfT1T35+gCgDFoL82JLsXqTJ76zv6A0YLOgEnLUMvLzsDsGIrl8NFpT2gQ==", + "requires": { + "get-intrinsic": "^1.2.4" + } + }, + "es-errors": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", + "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==" + }, "escape-html": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", @@ -3705,14 +3757,14 @@ "integrity": "sha512-mQw+2fkQbALzQ7V0MY0IqdnXNOeTtP4r0lN9z7AAawCXgqea7bDii20AYrIBrFd/Hx0M2Ocz6S111CaFkUcb0Q==" }, "express": { - "version": "4.18.2", - "resolved": "https://registry.npmjs.org/express/-/express-4.18.2.tgz", - "integrity": "sha512-5/PsL6iGPdfQ/lKM1UuielYgv3BUoJfz1aUwU9vHZ+J7gyvwdQXFEBIEIaxeGf0GIcreATNyBExtalisDbuMqQ==", + "version": "4.18.3", + "resolved": "https://registry.npmjs.org/express/-/express-4.18.3.tgz", + "integrity": "sha512-6VyCijWQ+9O7WuVMTRBTl+cjNNIzD5cY5mQ1WM8r/LEkI2u8EYpOotESNwzNlyCn3g+dmjKYI6BmNneSr/FSRw==", "dev": true, "requires": { "accepts": "~1.3.8", "array-flatten": "1.1.1", - "body-parser": "1.20.1", + "body-parser": "1.20.2", "content-disposition": "0.5.4", "content-type": "~1.0.4", "cookie": "0.5.0", @@ -3871,10 +3923,11 @@ "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==" }, "get-intrinsic": { - "version": "1.2.2", - "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.2.tgz", - "integrity": "sha512-0gSo4ml/0j98Y3lngkFEot/zhiCeWsbYIlZ+uZOVgzLyLaUw7wxUL+nCTP0XJvJg1AXulJRI3UJi8GsbDuxdGA==", + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.4.tgz", + "integrity": "sha512-5uYhsJH8VJBTv7oslg4BznJYhDoRI6waYCxMmCdnTrcCrHA/fCFKoTFz2JKKE0HdDFUF7/oQuhzumXJK7paBRQ==", "requires": { + "es-errors": "^1.3.0", "function-bind": "^1.1.2", "has-proto": "^1.0.1", "has-symbols": "^1.0.3", @@ -4362,9 +4415,9 @@ "integrity": "sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==" }, "nodemon": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/nodemon/-/nodemon-3.0.3.tgz", - "integrity": "sha512-7jH/NXbFPxVaMwmBCC2B9F/V6X1VkEdNgx3iu9jji8WxWcvhMWkmhNWhI5077zknOnZnBzba9hZP6bCPJLSReQ==", + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/nodemon/-/nodemon-3.1.0.tgz", + "integrity": "sha512-xqlktYlDMCepBJd43ZQhjWwMw2obW/JRvkrLxq5RCNcuDDX1DbcPT+qT1IlIIdf+DhnWs90JpTMe+Y5KxOchvA==", "dev": true, "requires": { "chokidar": "^3.5.2", @@ -4702,9 +4755,9 @@ "dev": true }, "raw-body": { - "version": "2.5.1", - "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz", - "integrity": "sha512-qqJBtEyVgS0ZmPGdCFPWJ3FreoqvG4MVQln/kCgF7Olq95IbOp0/BWyMwbdtn4VTvkM8Y7khCQ2Xgk/tcrCXig==", + "version": "2.5.2", + "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz", + "integrity": "sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA==", "dev": true, "requires": { "bytes": "3.1.2", @@ -4851,14 +4904,16 @@ } }, "set-function-length": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.1.1.tgz", - "integrity": "sha512-VoaqjbBJKiWtg4yRcKBQ7g7wnGnLV3M8oLvVWwOk2PdYY6PEFegR1vezXR0tw6fZGF9csVakIRjrJiy2veSBFQ==", + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.1.tgz", + "integrity": "sha512-j4t6ccc+VsKwYHso+kElc5neZpjtq9EnRICFZtWyBsLojhmeF/ZBd/elqm22WJh/BziDe/SBiOeAt0m2mfLD0g==", "requires": { - "define-data-property": "^1.1.1", - "get-intrinsic": "^1.2.1", + "define-data-property": "^1.1.2", + "es-errors": "^1.3.0", + "function-bind": "^1.1.2", + "get-intrinsic": "^1.2.3", "gopd": "^1.0.1", - "has-property-descriptors": "^1.0.0" + "has-property-descriptors": "^1.0.1" } }, "setprototypeof": { @@ -4882,14 +4937,15 @@ "integrity": "sha512-RPQhIndEIVUCjkfkQ6rs6sOR6pkxJWCNdxtfG5pP0RVgUYbK5911kLTF0TNcCC0G3YCGd492rMollFT2aTd9iQ==" }, "side-channel": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.4.tgz", - "integrity": "sha512-q5XPytqFEIKHkGdiMIrY10mvLRvnQh42/+GoBlFW3b2LXLE2xxJpZFdm94we0BaoV3RwJyGqg5wS7epxTv0Zvw==", + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.6.tgz", + "integrity": "sha512-fDW/EZ6Q9RiO8eFG8Hj+7u/oW+XrPTIChwCOM2+th2A6OblDtYYIpve9m+KvI9Z4C9qSEXlaGR6bTEYHReuglA==", "dev": true, "requires": { - "call-bind": "^1.0.0", - "get-intrinsic": "^1.0.2", - "object-inspect": "^1.9.0" + "call-bind": "^1.0.7", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.4", + "object-inspect": "^1.13.1" } }, "simple-concat": { diff --git a/package.json b/package.json index ffa57372f..be31f0220 100644 --- a/package.json +++ b/package.json @@ -30,8 +30,8 @@ "@neo4j-documentation/remote-include": "^1.0.0" }, "devDependencies": { - "express": "^4.18.2", - "nodemon": "^3.0.3" + "express": "^4.18.3", + "nodemon": "^3.1.0" }, "overrides": { "@antora/site-generator-default": { From ac8e4a7b3d5c4a68ef564f33580c791b334eb1f7 Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Thu, 7 Mar 2024 09:59:23 +0100 Subject: [PATCH 588/876] Update the link to the Transaction management section (#1467) --- .../pages/authentication-authorization/dbms-administration.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/authentication-authorization/dbms-administration.adoc b/modules/ROOT/pages/authentication-authorization/dbms-administration.adoc index f02c9c0d3..97a6f25d9 100644 --- a/modules/ROOT/pages/authentication-authorization/dbms-administration.adoc +++ b/modules/ROOT/pages/authentication-authorization/dbms-administration.adoc @@ -93,7 +93,7 @@ For more details, see the following sections: * <> * <> * <> -* xref:/database-internals/transaction-management.adoc[Transaction management] +* xref:authentication-authorization/database-administration.adoc#access-control-database-administration-transaction[Transaction management] * <> * xref:authentication-authorization/load-privileges.adoc[Load privileges] From 80de0b09f2757e53041d15da0ee09e03472cc392 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 7 Mar 2024 12:12:02 +0000 Subject: [PATCH 589/876] Update plugins.adoc (#1472) Copied from #1438 --- modules/ROOT/pages/kubernetes/plugins.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/kubernetes/plugins.adoc b/modules/ROOT/pages/kubernetes/plugins.adoc index 4279d5eeb..85f0e6478 100644 --- a/modules/ROOT/pages/kubernetes/plugins.adoc +++ b/modules/ROOT/pages/kubernetes/plugins.adoc @@ -94,7 +94,7 @@ Building a Docker container image that is based on the official Neo4j Docker ima [source, Dockerfile, subs=attributes] ---- ARG NEO4J_VERSION -FROM neo4j:\{NEO4J_VERSION} +FROM neo4j:$\{NEO4J_VERSION} # copy my-plugins into the Docker image COPY my-plugins/ /var/lib/neo4j/plugins From 6b659d41e074268ddf121cbe05c1c061ee6df1aa Mon Sep 17 00:00:00 2001 From: Neil Dewhurst Date: Fri, 8 Mar 2024 16:56:18 +0000 Subject: [PATCH 590/876] Replace labels with roles (#1473) Using the new `role=label--` notation for roles/labels on headings and block elements. --- .../dbms-administration.adoc | 3 +- .../manage-privileges.adoc | 4 +- .../manage-users.adoc | 22 +- .../password-and-user-recovery.adoc | 11 +- .../pages/cloud-deployments/neo4j-aws.adoc | 6 +- .../pages/cloud-deployments/neo4j-azure.adoc | 5 +- .../pages/cloud-deployments/neo4j-gcp.adoc | 5 +- modules/ROOT/pages/clustering/servers.adoc | 3 +- .../configuration/configuration-settings.adoc | 887 ++++++++++++++---- .../configuration/set-initial-password.adoc | 12 +- .../manage-aliases-composite-databases.adoc | 4 +- .../database-internals/checkpointing.adoc | 10 +- .../database-internals/transaction-logs.adoc | 4 +- .../transaction-management.adoc | 2 +- modules/ROOT/pages/docker/introduction.adoc | 5 +- .../authentication-authorization.adoc | 3 +- .../pages/kubernetes/persistent-volumes.adoc | 8 +- .../pages/monitoring/metrics/reference.adoc | 12 +- modules/ROOT/pages/reference/procedures.adoc | 177 +++- .../tools/neo4j-admin/neo4j-admin-import.adoc | 6 +- .../tools/neo4j-admin/validate-config.adoc | 6 +- 21 files changed, 906 insertions(+), 289 deletions(-) diff --git a/modules/ROOT/pages/authentication-authorization/dbms-administration.adoc b/modules/ROOT/pages/authentication-authorization/dbms-administration.adoc index 97a6f25d9..1b7ef3ba9 100644 --- a/modules/ROOT/pages/authentication-authorization/dbms-administration.adoc +++ b/modules/ROOT/pages/authentication-authorization/dbms-administration.adoc @@ -1913,11 +1913,10 @@ a|Rows: 2 ====== +[role=label--new-5.6] [[access-control-dbms-administration-setting]] == The DBMS `SETTING` privileges -_This feature was introduced in Neo4j 5.6._ - The ability to show configuration settings can be granted via the `SHOW SETTING` privilege. A role with this privilege is allowed to query the configuration settings matched by the <>. diff --git a/modules/ROOT/pages/authentication-authorization/manage-privileges.adoc b/modules/ROOT/pages/authentication-authorization/manage-privileges.adoc index dbce0ec0a..1b7a900eb 100644 --- a/modules/ROOT/pages/authentication-authorization/manage-privileges.adoc +++ b/modules/ROOT/pages/authentication-authorization/manage-privileges.adoc @@ -195,11 +195,11 @@ The following image shows the hierarchy between different graph privileges: image::privileges_hierarchy.svg[title="Graph privileges hierarchy"] + +[role=label--new-5.9] [[access-control-list-supported-privileges]] == Listing supported privileges -_This feature was introduced in Neo4j 5.9._ - Supported privileges can be displayed using the `SHOW SUPPORTED PRIVILEGES` command. This lists the privileges that are possible to grant or deny on a server, together with the structure of the privilege. diff --git a/modules/ROOT/pages/authentication-authorization/manage-users.adoc b/modules/ROOT/pages/authentication-authorization/manage-users.adoc index ebe791dcb..028734333 100644 --- a/modules/ROOT/pages/authentication-authorization/manage-users.adoc +++ b/modules/ROOT/pages/authentication-authorization/manage-users.adoc @@ -10,13 +10,15 @@ When connected to the DBMS over `bolt`, administration commands are automaticall There are two types of user states in the `system` database: -* `ACTIVE` state (default for new users): +`ACTIVE` state:: (default for new users) Users can log into Neo4j and perform queries according to their privileges. -* `SUSPENDED` state label:enterprise-edition[]: -** Native users who authenticate and authorize against the system graph cannot log into Neo4j. +// [role=label--enterprise-edition] +`SUSPENDED` state label:enterprise-edition[]:: + +* Native users who authenticate and authorize against the system graph cannot log into Neo4j. If suspended while using Neo4j, they lose all assigned roles with their privileges, including the `PUBLIC` role, until reactivated. -** Users who authenticate and authorize against an external ID provider (e.g., LDAP) can still log in. +* Users who authenticate and authorize against an external ID provider (e.g., LDAP) can still log in. If suspended while using Neo4j, they retain the roles and the privileges assigned by the external provider, including the `PUBLIC` role. To prevent any of these, you need to use the mechanisms of their identity provider. @@ -341,9 +343,9 @@ GRANT DROP USER |=== -[NOTE] +[NOTE,role=label--enterprise-edition] ==== -The `SHOW USER[S] PRIVILEGES` command is only available in Neo4j Enterprise Edition. label:enterprise-edition[] +The `SHOW USER[S] PRIVILEGES` command is only available in Neo4j Enterprise Edition. ==== @@ -622,9 +624,9 @@ SET STATUS ACTIVE ====== -[NOTE] +[NOTE, role=label--enterprise-edition] ==== -The `SET STATUS {ACTIVE | SUSPENDED}` and `SET HOME DATABASE` parts of the commands are only available in Neo4j Enterprise Edition. label:enterprise-edition[] +The `SET STATUS {ACTIVE | SUSPENDED}` and `SET HOME DATABASE` parts of the commands are only available in Neo4j Enterprise Edition. ==== The `CREATE USER` command is optionally idempotent, with the default behavior to throw an exception if the user already exists. @@ -775,9 +777,9 @@ When altering a user, it is only necessary to specify the changes required. For example, leaving out the `CHANGE [NOT] REQUIRED` part of the query will leave that unchanged. ==== -[NOTE] +[NOTE, role=label--enterprise-edition] ==== -The `SET STATUS {ACTIVE | SUSPENDED}`, `SET HOME DATABASE`, and `REMOVE HOME DATABASE` parts of the command are only available in Neo4j Enterprise Edition. label:enterprise-edition[] +The `SET STATUS {ACTIVE | SUSPENDED}`, `SET HOME DATABASE`, and `REMOVE HOME DATABASE` parts of the command are only available in Neo4j Enterprise Edition. ==== The changes to the user will appear on the list provided by `SHOW USERS`: diff --git a/modules/ROOT/pages/authentication-authorization/password-and-user-recovery.adoc b/modules/ROOT/pages/authentication-authorization/password-and-user-recovery.adoc index e8897d3ba..3842a19d7 100644 --- a/modules/ROOT/pages/authentication-authorization/password-and-user-recovery.adoc +++ b/modules/ROOT/pages/authentication-authorization/password-and-user-recovery.adoc @@ -109,9 +109,9 @@ Alternatively, log into Neo4j Browser. $ bin/cypher-shell -d system ---- + -[NOTE] +[NOTE, role=label--cluster] ==== -label:Cluster[] If you have specified a non-default port for your `bolt` connector, add `-a neo4j://:` to the `cypher-shell` command to be able to connect to your cluster member. +If you have specified a non-default port for your `bolt` connector, add `-a neo4j://:` to the `cypher-shell` command to be able to connect to your cluster member. ==== . Set a new password for the admin user. In this example, the admin user is named `neo4j`. @@ -147,9 +147,9 @@ Alternatively, log into Neo4j Browser. $ bin/cypher-shell -d system ---- + -[NOTE] +[NOTE, role=label--cluster] ==== -label:Cluster[] If you have specified a non-default port for your `bolt` connector, add `-a neo4j://:` to the `cypher-shell` command to be able to connect to your cluster member. +If you have specified a non-default port for your `bolt` connector, add `-a neo4j://:` to the `cypher-shell` command to be able to connect to your cluster member. ==== . Grant the admin user role to an existing user. In this example, the user is named `neo4j`. @@ -185,9 +185,10 @@ Alternatively, log into Neo4j Browser. $ bin/cypher-shell -d system ---- + +[role=label--cluster] [NOTE] ==== -label:Cluster[] If you have specified a non-default port for your `bolt` connector, add `-a neo4j://:` to the `cypher-shell` command to be able to connect to your cluster member. +If you have specified a non-default port for your `bolt` connector, add `-a neo4j://:` to the `cypher-shell` command to be able to connect to your cluster member. ==== . Recreate the admin role with its original capabilities. + diff --git a/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc b/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc index 7a7152292..52364a616 100644 --- a/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc +++ b/modules/ROOT/pages/cloud-deployments/neo4j-aws.adoc @@ -126,13 +126,17 @@ After the installation finishes successfully, the CloudFormation template provid |=== + == Cluster version consistency When the CloudFormation template creates a new Neo4j cluster, an Auto Scaling group (ASG) is created and tagged with the minor version of the installed Neo4j database. If you add more EC2 instances to your ASG, they will be installed with the same minor version, ensuring that all Neo4j cluster servers are installed with the same version, regardless of when the EC2 instances were created. + +[role=label--enterprise-edition] == Licensing -label:Enterprise[] + +// label:Enterprise[] Installing and starting Neo4j from the AWS marketplace constitutes an acceptance of the Neo4j license agreement. When deploying Neo4j, users are required to confirm that they either have an enterprise license or accept the terms of the Neo4j evaluation license. diff --git a/modules/ROOT/pages/cloud-deployments/neo4j-azure.adoc b/modules/ROOT/pages/cloud-deployments/neo4j-azure.adoc index 780695143..66efda28c 100644 --- a/modules/ROOT/pages/cloud-deployments/neo4j-azure.adoc +++ b/modules/ROOT/pages/cloud-deployments/neo4j-azure.adoc @@ -125,8 +125,11 @@ If the validation fails, it might be because you have chosen VMs that are too la When the ARM template creates a new Neo4j cluster, a Virtual Machine Scale Set (VMSS) is created and tagged with the minor version of the installed Neo4j database. If you add more VM instances to your VMSS, they will be installed using the same minor version, ensuring that all Neo4j cluster servers are installed with the same version, regardless of when the VM instances were created. + +[role=label--enterprise-edition] == Licensing -label:Enterprise[] + +// label:Enterprise[] Installing and starting Neo4j from the Azure marketplace constitutes an acceptance of the Neo4j license agreement. When deploying Neo4j, users are required to confirm that they either have an enterprise license. diff --git a/modules/ROOT/pages/cloud-deployments/neo4j-gcp.adoc b/modules/ROOT/pages/cloud-deployments/neo4j-gcp.adoc index 4571f4cc2..2b1a2d540 100644 --- a/modules/ROOT/pages/cloud-deployments/neo4j-gcp.adoc +++ b/modules/ROOT/pages/cloud-deployments/neo4j-gcp.adoc @@ -118,8 +118,11 @@ After the installation finishes successfully, the Deployment Manager template pr The Neo4j Browser can be easily launched in a new window by clicking the button entitled *Log into the Neo4j Browser*. ==== + +[role=label--enterprise-edition] == Licensing -label:Enterprise[] + +// label:Enterprise[] Installing and starting Neo4j from the GCP marketplace constitutes an acceptance of the Neo4j license agreement. When deploying Neo4j, you are required to confirm that you either have an Enterprise license or accept the terms of the Neo4j evaluation license. diff --git a/modules/ROOT/pages/clustering/servers.adoc b/modules/ROOT/pages/clustering/servers.adoc index 558ed1801..204180b97 100644 --- a/modules/ROOT/pages/clustering/servers.adoc +++ b/modules/ROOT/pages/clustering/servers.adoc @@ -85,7 +85,8 @@ When a server is no longer needed, it cannot be removed from the cluster while i The command `DEALLOCATE DATABASE[S] FROM SERVER[S] _server_[,...]` is used to transition servers to the _Deallocating_ state, reallocating all their hosted databases to other servers in the cluster. Additionally, servers which are deallocating will not have any further databases allocated to them. -=== Deallocated state label:new[Introduced in 5.15] +[role=label--new-5.15] +=== Deallocated state When a server is in the deallocated state it no longer hosts any databases any databases besides system and can be removed from the cluster. Additionally, deallocated servers cannot have any further databases allocated to them. diff --git a/modules/ROOT/pages/configuration/configuration-settings.adoc b/modules/ROOT/pages/configuration/configuration-settings.adoc index 920eb9126..615e0d3ee 100644 --- a/modules/ROOT/pages/configuration/configuration-settings.adoc +++ b/modules/ROOT/pages/configuration/configuration-settings.adoc @@ -6,8 +6,12 @@ This page provides a complete reference to the Neo4j configuration settings, which can be set in xref::/configuration/file-locations.adoc#file-locations[_neo4j.conf_]. Refer to xref:configuration/neo4j-conf.adoc#_configuration_settings[The neo4j.conf file] for details on how to use configuration settings. -Some of the settings are labeled *_Dynamic_*, which means that they can be changed at runtime, without restarting the service. -For more information on how to update dynamic configuration settings, see xref:configuration/dynamic-settings.adoc[Update dynamic settings]. + +== Dynamic configuration settings + +Dynamic settings can be changed at runtime, without restarting the service. + +Dynamic settings are labeled label:dynamic[]. [NOTE] ==== @@ -21,6 +25,9 @@ Each member of the cluster has its own _neo4j.conf_ file. It is recommended that the settings for a database are the same across all members of the cluster. ==== +For more information on how to update dynamic configuration settings, see xref:configuration/dynamic-settings.adoc[Update dynamic settings]. + + == Checkpoint settings Checkpointing is the process of flushing all pending page updates from the page cache to the store files. @@ -43,6 +50,7 @@ a|One of [PERIODIC, CONTINUOUS, VOLUME, VOLUMETRIC]. m|+++PERIODIC+++ |=== + [[config_db.checkpoint.interval.time]] === `db.checkpoint.interval.time` @@ -57,6 +65,7 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++15m+++ |=== + [[config_db.checkpoint.interval.tx]] === `db.checkpoint.interval.tx` @@ -71,6 +80,7 @@ a|An integer that is minimum `1`. m|+++100000+++ |=== + [[config_db.checkpoint.interval.volume]] === `db.checkpoint.interval.volume` @@ -85,10 +95,12 @@ a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `Mi m|+++250.00MiB+++ |=== + +[role=label--dynamic] [[config_db.checkpoint.iops.limit]] === `db.checkpoint.iops.limit` -label:dynamic[Dynamic] +// label:dynamic[Dynamic] .db.checkpoint.iops.limit [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -107,10 +119,12 @@ m|+++600+++ The cluster settings are used to configure the behavior of a Neo4j cluster. For more information, see also xref:clustering/settings.adoc[Clustering settings]. + +[role=label--enterprise-edition] [[config_db.cluster.catchup.pull_interval]] === `db.cluster.catchup.pull_interval` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .db.cluster.catchup.pull_interval [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -123,10 +137,12 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++1s+++ |=== + +[role=label--enterprise-edition] [[config_db.cluster.raft.apply.buffer.max_bytes]] === `db.cluster.raft.apply.buffer.max_bytes` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .db.cluster.raft.apply.buffer.max_bytes [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -139,10 +155,12 @@ a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `Mi m|+++1.00GiB+++ |=== + +[role=label--enterprise-edition] [[config_db.cluster.raft.apply.buffer.max_entries]] === `db.cluster.raft.apply.buffer.max_entries` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .db.cluster.raft.apply.buffer.max_entries [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -155,10 +173,12 @@ a|An integer. m|+++1024+++ |=== + +[role=label--enterprise-edition] [[config_db.cluster.raft.in_queue.batch.max_bytes]] === `db.cluster.raft.in_queue.batch.max_bytes` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .db.cluster.raft.in_queue.batch.max_bytes [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -171,10 +191,12 @@ a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `Mi m|+++8.00MiB+++ |=== + +[role=label--enterprise-edition] [[config_db.cluster.raft.in_queue.max_bytes]] === `db.cluster.raft.in_queue.max_bytes` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .db.cluster.raft.in_queue.max_bytes [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -187,10 +209,12 @@ a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `Mi m|+++2.00GiB+++ |=== + +[role="label--enterprise-edition label--deprecated-5.4"] [[config_db.cluster.raft.leader_transfer.priority_group]] === `db.cluster.raft.leader_transfer.priority_group` -label:enterprise-edition[Enterprise Edition] label:deprecated[Deprecated in 5.4] +// label:enterprise-edition[Enterprise Edition] label:deprecated[Deprecated in 5.4] .db.cluster.raft.leader_transfer.priority_group [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -203,10 +227,12 @@ a|A string identifying a server tag. m|++++++ |=== + +[role=label--enterprise-edition] [[config_db.cluster.raft.leader_transfer.priority_tag]] === `db.cluster.raft.leader_transfer.priority_tag` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .db.cluster.raft.leader_transfer.priority_tag [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -219,10 +245,12 @@ a|A string identifying a server tag. m|++++++ |=== + +[role=label--enterprise-edition] [[config_db.cluster.raft.log.prune_strategy]] === `db.cluster.raft.log.prune_strategy` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .db.cluster.raft.log.prune_strategy [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -235,10 +263,12 @@ a|A string. m|+++1g size+++ |=== + +[role=label--enterprise-edition] [[config_db.cluster.raft.log_shipping.buffer.max_bytes]] === `db.cluster.raft.log_shipping.buffer.max_bytes` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .db.cluster.raft.log_shipping.buffer.max_bytes [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -251,10 +281,12 @@ a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `Mi m|+++1.00GiB+++ |=== + +[role=label--enterprise-edition] [[config_db.cluster.raft.log_shipping.buffer.max_entries]] === `db.cluster.raft.log_shipping.buffer.max_entries` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .db.cluster.raft.log_shipping.buffer.max_entries [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -267,10 +299,12 @@ a|An integer. m|+++1024+++ |=== + +[role=label--enterprise-edition] [[config_dbms.cluster.catchup.client_inactivity_timeout]] === `dbms.cluster.catchup.client_inactivity_timeout` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.cluster.catchup.client_inactivity_timeout [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -283,10 +317,12 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++10m+++ |=== + +[role=label--enterprise-edition] [[config_dbms.cluster.discovery.endpoints]] === `dbms.cluster.discovery.endpoints` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.cluster.discovery.endpoints [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -300,10 +336,12 @@ a|A comma-separated list where each element is a socket address in the format of m| |=== + +[role=label--enterprise-edition] [[config_dbms.cluster.discovery.log_level]] === `dbms.cluster.discovery.log_level` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.cluster.discovery.log_level [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -316,10 +354,12 @@ a|One of [DEBUG, INFO, WARN, ERROR, NONE]. m|+++WARN+++ |=== + +[role=label--enterprise-edition] [[config_dbms.cluster.discovery.resolver_type]] === `dbms.cluster.discovery.resolver_type` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.cluster.discovery.resolver_type [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -341,10 +381,11 @@ m|+++LIST+++ |=== +[role="label--enterprise-edition deprecated-5.7"] [[conifg_]] === `dbms.cluster.discovery.type` -label:enterprise-edition[Enterprise Edition] label:deprecated[Deprecated in 5.7] +// label:enterprise-edition[Enterprise Edition] label:deprecated[Deprecated in 5.7] .dbms.cluster.discovery.type [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -357,12 +398,15 @@ a|One of [DNS, LIST, SRV, K8S]. m|+++LIST+++ |=== + [[config_dbms.cluster.discovery.verification_timeout]] + +[role=label--enterprise-edition] [[config_dbms.cluster.minimum_initial_system_primaries_count]] === `dbms.cluster.minimum_initial_system_primaries_count` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.cluster.minimum_initial_system_primaries_count [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -375,10 +419,12 @@ a|An integer that is minimum `2`. m|+++3+++ |=== + +[role=label--enterprise-edition label--dynamic label--new-5.17] [[config_dbms.cluster.network.connect_timeout]] === `dbms.cluster.network.connect_timeout` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] label:new[Introduced in 5.17] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] label:new[Introduced in 5.17] .dbms.cluster.network.connect_timeout [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -391,10 +437,12 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++30s+++ |=== + +[role=label--enterprise-edition] [[config_dbms.cluster.network.handshake_timeout]] === `dbms.cluster.network.handshake_timeout` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.cluster.network.handshake_timeout [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -407,10 +455,12 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++20s+++ |=== + +[role=label--enterprise-edition] [[config_dbms.cluster.network.max_chunk_size]] === `dbms.cluster.network.max_chunk_size` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.cluster.network.max_chunk_size [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -423,10 +473,12 @@ a|An integer that is in the range `4096` to `10485760`. m|+++32768+++ |=== + +[role=label--enterprise-edition] [[config_dbms.cluster.network.supported_compression_algos]] === `dbms.cluster.network.supported_compression_algos` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.cluster.network.supported_compression_algos [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -439,10 +491,12 @@ a|A comma-separated list where each element is a string. m|++++++ |=== + +[role=label--enterprise-edition] [[config_dbms.cluster.raft.binding_timeout]] === `dbms.cluster.raft.binding_timeout` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.cluster.raft.binding_timeout [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -455,10 +509,12 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++1d+++ |=== + +[role=label--enterprise-edition] [[config_dbms.cluster.raft.client.max_channels]] === `dbms.cluster.raft.client.max_channels` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.cluster.raft.client.max_channels [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -471,10 +527,12 @@ a|An integer. m|+++8+++ |=== + +[role=label--enterprise-edition] [[config_dbms.cluster.raft.election_failure_detection_window]] === `dbms.cluster.raft.election_failure_detection_window` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.cluster.raft.election_failure_detection_window [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -487,10 +545,12 @@ a|A duration-range (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` m|+++3s-6s+++ |=== + +[role=label--enterprise-edition] [[config_dbms.cluster.raft.leader_failure_detection_window]] === `dbms.cluster.raft.leader_failure_detection_window` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.cluster.raft.leader_failure_detection_window [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -503,10 +563,12 @@ a|A duration-range (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` m|+++20s-23s+++ |=== + +[role=label--enterprise-edition] [[config_dbms.cluster.raft.leader_transfer.balancing_strategy]] === `dbms.cluster.raft.leader_transfer.balancing_strategy` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.cluster.raft.leader_transfer.balancing_strategy [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -519,10 +581,12 @@ a|One of [NO_BALANCING, EQUAL_BALANCING]. m|+++EQUAL_BALANCING+++ |=== + +[role=label--enterprise-edition] [[config_dbms.cluster.raft.log.pruning_frequency]] === `dbms.cluster.raft.log.pruning_frequency` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.cluster.raft.log.pruning_frequency [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -535,10 +599,12 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++10m+++ |=== + +[role=label--enterprise-edition] [[config_dbms.cluster.raft.log.reader_pool_size]] === `dbms.cluster.raft.log.reader_pool_size` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.cluster.raft.log.reader_pool_size [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -551,10 +617,12 @@ a|An integer. m|+++8+++ |=== + +[role=label--enterprise-edition] [[config_dbms.cluster.raft.log.rotation_size]] === `dbms.cluster.raft.log.rotation_size` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.cluster.raft.log.rotation_size [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -567,10 +635,12 @@ a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `Mi m|+++250.00MiB+++ |=== + +[role=label--enterprise-edition] [[config_dbms.cluster.raft.membership.join_max_lag]] === `dbms.cluster.raft.membership.join_max_lag` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.cluster.raft.membership.join_max_lag [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -583,10 +653,12 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++10s+++ |=== + +[role=label--enterprise-edition] [[config_dbms.cluster.raft.membership.join_timeout]] === `dbms.cluster.raft.membership.join_timeout` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.cluster.raft.membership.join_timeout [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -599,10 +671,12 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++10m+++ |=== + +[role=label--enterprise-edition] [[config_dbms.cluster.store_copy.max_retry_time_per_request]] === `dbms.cluster.store_copy.max_retry_time_per_request` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.cluster.store_copy.max_retry_time_per_request [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -615,10 +689,12 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++20m+++ |=== + +[role=label--enterprise-edition label--new-5.10] [[config_initial.dbms.automatically_enable_free_servers]] === `initial.dbms.automatically_enable_free_servers` -label:enterprise-edition[Enterprise Edition] label:new[Introduced in 5.10] +// label:enterprise-edition[Enterprise Edition] label:new[Introduced in 5.10] .initial.dbms.automatically_enable_free_servers [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -631,10 +707,12 @@ a|A boolean. m|+++false+++ |=== + +[role=label--enterprise-edition] [[config_initial.dbms.database_allocator]] === `initial.dbms.database_allocator` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .initial.dbms.database_allocator [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -647,10 +725,12 @@ a|A string. m|+++EQUAL_NUMBERS+++ |=== + +[role=label--enterprise-edition] [[config_initial.dbms.default_primaries_count]] === `initial.dbms.default_primaries_count` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .initial.dbms.default_primaries_count [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -663,10 +743,12 @@ a|An integer that is minimum `1` and is maximum `11`. m|+++1+++ |=== + +[role=label--enterprise-edition] [[config_initial.dbms.default_secondaries_count]] === `initial.dbms.default_secondaries_count` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .initial.dbms.default_secondaries_count [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -679,10 +761,12 @@ a|An integer that is minimum `0` and is maximum `20`. m|+++0+++ |=== + +[role=label--enterprise-edition] [[config_initial.server.allowed_databases]] === `initial.server.allowed_databases` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .initial.server.allowed_databases [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -695,10 +779,12 @@ a|A comma-separated set where each element is a string. m|++++++ |=== + +[role=label--enterprise-edition] [[config_initial.server.denied_databases]] === `initial.server.denied_databases` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .initial.server.denied_databases [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -711,10 +797,12 @@ a|A comma-separated set where each element is a string. m|++++++ |=== + +[role=label--enterprise-edition] [[config_initial.server.mode_constraint]] === `initial.server.mode_constraint` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .initial.server.mode_constraint [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -727,10 +815,12 @@ a|One of [PRIMARY, SECONDARY, NONE]. m|+++NONE+++ |=== + +[role=label--enterprise-edition] [[config_server.tags]] === `initial.server.tags` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .initial.server.tags [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -743,10 +833,12 @@ a|A comma-separated list where each element is a string identifying a server tag m|++++++ |=== + +[role=label--enterprise-edition] [[config_server.cluster.advertised_address]] === `server.cluster.advertised_address` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.cluster.advertised_address [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -759,10 +851,12 @@ a|A socket address in the format of `hostname:port`, `hostname`, or `:port` that m|+++:6000+++ |=== + +[role=label--enterprise-edition label--dynamic label--deprecated-5.4] [[config_server.cluster.catchup.connect_randomly_to_server_group]] === `server.cluster.catchup.connect_randomly_to_server_group` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] label:deprecated[Deprecated in 5.4] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] label:deprecated[Deprecated in 5.4] .server.cluster.catchup.connect_randomly_to_server_group [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -775,10 +869,12 @@ a|A comma-separated list where each element is a string identifying a server tag m|++++++ |=== + +[role=label--enterprise-edition label--dynamic] [[config_server.cluster.catchup.connect_randomly_to_server_tags]] === `server.cluster.catchup.connect_randomly_to_server_tags` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .server.cluster.catchup.connect_randomly_to_server_tags [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -791,10 +887,12 @@ a|A comma-separated list where each element is a string identifying a server tag m|++++++ |=== + +[role=label--enterprise-edition] [[config_server.cluster.catchup.upstream_strategy]] === `server.cluster.catchup.upstream_strategy` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.cluster.catchup.upstream_strategy [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -807,10 +905,12 @@ a|A comma-separated list where each element is a string. m|++++++ |=== + +[role=label--enterprise-edition] [[config_server.cluster.catchup.user_defined_upstream_strategy]] === `server.cluster.catchup.user_defined_upstream_strategy` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.cluster.catchup.user_defined_upstream_strategy [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -823,10 +923,12 @@ a|A string. m|++++++ |=== + +[role=label--enterprise-edition] [[config_server.cluster.listen_address]] === `server.cluster.listen_address` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.cluster.listen_address [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -839,10 +941,12 @@ a|A socket address in the format of `hostname:port`, `hostname`, or `:port`. If m|+++:6000+++ |=== + +[role=label--enterprise-edition] [[config_server.cluster.network.native_transport_enabled]] === `server.cluster.network.native_transport_enabled` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.cluster.network.native_transport_enabled [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -855,10 +959,12 @@ a|A boolean. m|+++true+++ |=== + +[role=label--enterprise-edition] [[config_server.cluster.raft.advertised_address]] === `server.cluster.raft.advertised_address` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.cluster.raft.advertised_address [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -871,10 +977,12 @@ a|A socket address in the format of `hostname:port`, `hostname`, or `:port` that m|+++:7000+++ |=== + +[role=label--enterprise-edition] [[config_server.cluster.raft.listen_address]] === `server.cluster.raft.listen_address` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.cluster.raft.listen_address [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -887,10 +995,12 @@ a|A socket address in the format of `hostname:port`, `hostname`, or `:port`. If m|+++:7000+++ |=== + +[role=label--enterprise-edition] [[config_server.cluster.system_database_mode]] === `server.cluster.system_database_mode` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.cluster.system_database_mode [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -903,10 +1013,12 @@ a|One of [PRIMARY, SECONDARY]. m|+++PRIMARY+++ |=== + +[role=label--enterprise-edition] [[config_server.discovery.listen_address]] === `server.discovery.listen_address` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.discovery.listen_address [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -919,10 +1031,12 @@ a|A socket address in the format of `hostname:port`, `hostname`, or `:port`. If m|+++:5000+++ |=== + +[role=label--enterprise-edition label--deprecated-5.4] [[config_server.groups]] === `server.groups` -label:enterprise-edition[Enterprise Edition] label:deprecated[Deprecated in 5.4] +// label:enterprise-edition[Enterprise Edition] label:deprecated[Deprecated in 5.4] .server.groups [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -960,6 +1074,7 @@ a|A socket address in the format of `hostname:port`, `hostname`, or `:port` that m|+++:7687+++ |=== + [[config_server.bolt.connection_keep_alive]] === `server.bolt.connection_keep_alive` @@ -974,6 +1089,7 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++1m+++ |=== + [[config_server.bolt.connection_keep_alive_for_requests]] === `server.bolt.connection_keep_alive_for_requests` @@ -988,6 +1104,7 @@ a|One of [ALL, STREAMING, OFF]. m|+++ALL+++ |=== + [[config_server.bolt.connection_keep_alive_probes]] === `server.bolt.connection_keep_alive_probes` @@ -1002,6 +1119,7 @@ a|An integer that is minimum `1`. m|+++2+++ |=== + [[config_server.bolt.connection_keep_alive_streaming_scheduling_interval]] === `server.bolt.connection_keep_alive_streaming_scheduling_interval` @@ -1016,6 +1134,7 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++1m+++ |=== + [[config_server.bolt.enabled]] === `server.bolt.enabled` @@ -1030,6 +1149,7 @@ a|A boolean. m|+++true+++ |=== + [[config_server.bolt.listen_address]] === `server.bolt.listen_address` @@ -1044,6 +1164,7 @@ a|A socket address in the format of `hostname:port`, `hostname`, or `:port`. If m|+++:7687+++ |=== + [[config_server.bolt.ocsp_stapling_enabled]] === `server.bolt.ocsp_stapling_enabled` @@ -1058,10 +1179,12 @@ a|A boolean. m|+++false+++ |=== + +[role=label--new-5.4] [[config_server.bolt.telemetry.enabled]] === `server.bolt.telemetry.enabled` -label:introduced[Introduced in 5.4] +// label:introduced[Introduced in 5.4] .server.bolt.telemetry.enabled [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -1074,8 +1197,10 @@ a|A boolean. m|+++false+++ |=== + [[config_server.bolt.thread_pool_keep_alive]] + [[config_server.bolt.thread_pool_keep_alive]] === `server.bolt.thread_pool_keep_alive` @@ -1090,6 +1215,7 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++5m+++ |=== + [[config_server.bolt.thread_pool_max_size]] === `server.bolt.thread_pool_max_size` @@ -1104,6 +1230,7 @@ a|An integer. m|+++400+++ |=== + [[config_server.bolt.thread_pool_min_size]] === `server.bolt.thread_pool_min_size` @@ -1118,6 +1245,7 @@ a|An integer. m|+++5+++ |=== + [[config_server.bolt.tls_level]] === `server.bolt.tls_level` @@ -1132,6 +1260,7 @@ a|One of [REQUIRED, OPTIONAL, DISABLED]. m|+++DISABLED+++ |=== + [[config_server.http.advertised_address]] === `server.http.advertised_address` @@ -1146,6 +1275,7 @@ a|A socket address in the format of `hostname:port`, `hostname`, or `:port` that m|+++:7474+++ |=== + [[config_server.http.enabled]] === `server.http.enabled` @@ -1160,6 +1290,7 @@ a|A boolean. m|+++true+++ |=== + [[config_server.http.listen_address]] === `server.http.listen_address` @@ -1174,6 +1305,7 @@ a|A socket address in the format of `hostname:port`, `hostname`, or `:port`. If m|+++:7474+++ |=== + [[config_server.http_enabled_modules]] === `server.http_enabled_modules` @@ -1188,10 +1320,12 @@ a|A comma-separated set where each element is one of [TRANSACTIONAL_ENDPOINTS, U m|+++TRANSACTIONAL_ENDPOINTS,UNMANAGED_EXTENSIONS,BROWSER,ENTERPRISE_MANAGEMENT_ENDPOINTS+++ |=== + +[role=label--new-5.17] [[config_server.http_enabled_transports]] === `server.http_enabled_transports` -label:new[Introduced in 5.17] +// label:new[Introduced in 5.17] .server.http_enabled_transports [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -1219,6 +1353,7 @@ a|A socket address in the format of `hostname:port`, `hostname`, or `:port` that m|+++:7473+++ |=== + [[config_server.https.enabled]] === `server.https.enabled` @@ -1233,6 +1368,7 @@ a|A boolean. m|+++false+++ |=== + [[config_server.https.listen_address]] === `server.https.listen_address` @@ -1247,6 +1383,7 @@ a|A socket address in the format of `hostname:port`, `hostname`, or `:port`. If m|+++:7473+++ |=== + [[config_server.default_advertised_address]] === `server.default_advertised_address` @@ -1261,6 +1398,7 @@ a|A socket address in the format of `hostname:port`, `hostname`, or `:port` that m|+++localhost+++ |=== + [[config_server.default_listen_address]] === `server.default_listen_address` @@ -1275,10 +1413,12 @@ a|A socket address in the format of `hostname:port`, `hostname`, or `:port` that m|+++localhost+++ |=== + +[role=label--enterprise-edition] [[config_server.discovery.advertised_address]] === `server.discovery.advertised_address` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.discovery.advertised_address [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -1291,10 +1431,12 @@ a|A socket address in the format of `hostname:port`, `hostname`, or `:port` that m|+++:5000+++ |=== + +[role=label--enterprise-edition] [[config_server.routing.advertised_address]] === `server.routing.advertised_address` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.routing.advertised_address [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -1307,6 +1449,7 @@ a|A socket address in the format of `hostname:port`, `hostname`, or `:port` that m|+++:7688+++ |=== + [[config_server.routing.listen_address]] === `server.routing.listen_address` @@ -1321,10 +1464,12 @@ a|A socket address in the format of `hostname:port`, `hostname`, or `:port`. If m|+++:7688+++ |=== + +[role=label--dynamic] [[config_dbms.routing.client_side.enforce_for_domains]] === `dbms.routing.client_side.enforce_for_domains` -label:dynamic[Dynamic] +// label:dynamic[Dynamic] .dbms.routing.client_side.enforce_for_domains [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -1337,6 +1482,7 @@ a|A comma-separated set where each element is a string. m|++++++ |=== + [[config_dbms.routing.default_router]] === `dbms.routing.default_router` @@ -1354,6 +1500,7 @@ a|One of [SERVER, CLIENT]. m|+++CLIENT+++ |=== + [[config_dbms.routing.driver.connection.connect_timeout]] === `dbms.routing.driver.connection.connect_timeout` @@ -1370,6 +1517,7 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++5s+++ |=== + [[config_dbms.routing.driver.connection.max_lifetime]] === `dbms.routing.driver.connection.max_lifetime` @@ -1388,6 +1536,7 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++1h+++ |=== + [[config_dbms.routing.driver.connection.pool.acquisition_timeout]] === `dbms.routing.driver.connection.pool.acquisition_timeout` @@ -1405,6 +1554,7 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++1m+++ |=== + [[config_dbms.routing.driver.connection.pool.idle_test]] === `dbms.routing.driver.connection.pool.idle_test` @@ -1424,6 +1574,7 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m| |=== + [[config_dbms.routing.driver.connection.pool.max_size]] === `dbms.routing.driver.connection.pool.max_size` @@ -1439,6 +1590,7 @@ a|An integer. m|+++-1+++ |=== + [[config_dbms.routing.driver.logging.level]] === `dbms.routing.driver.logging.level` @@ -1453,6 +1605,7 @@ a|One of [DEBUG, INFO, WARN, ERROR, NONE]. m|+++INFO+++ |=== + [[config_dbms.routing.enabled]] === `dbms.routing.enabled` @@ -1468,10 +1621,12 @@ a|A boolean. m|+++true+++ |=== + +[role=label--enterprise-edition] [[config_dbms.routing.load_balancing.plugin]] === `dbms.routing.load_balancing.plugin` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.routing.load_balancing.plugin [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -1484,10 +1639,12 @@ a|A string that specified load balancer plugin exist.. m|+++server_policies+++ |=== + +[role=label--enterprise-edition] [[config_dbms.routing.load_balancing.shuffle_enabled]] === `dbms.routing.load_balancing.shuffle_enabled` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.routing.load_balancing.shuffle_enabled [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -1500,10 +1657,12 @@ a|A boolean. m|+++true+++ |=== + +[role=label--enterprise-edition] [[config_dbms.routing.reads_on_primaries_enabled]] === `dbms.routing.reads_on_primaries_enabled` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.routing.reads_on_primaries_enabled [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -1516,10 +1675,12 @@ a|A boolean. m|+++true+++ |=== + +[role=label--enterprise-edition label--dynamic] [[config_dbms.routing.reads_on_writers_enabled]] === `dbms.routing.reads_on_writers_enabled` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .dbms.routing.reads_on_writers_enabled [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -1532,6 +1693,7 @@ a|A boolean. m|+++false+++ |=== + [[config_dbms.routing_ttl]] === `dbms.routing_ttl` @@ -1546,12 +1708,14 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++5m+++ |=== + == Cypher settings The Cypher settings affect the behavior of Cypher queries. They can be used to tune the performance of Cypher queries or to restrict the kinds of queries that can be executed. For more information, see xref:/performance/statistics-execution-plans.adoc[Statistics and execution plans]. + [[config_dbms.cypher.forbid_exhaustive_shortestpath]] === `dbms.cypher.forbid_exhaustive_shortestpath` @@ -1566,6 +1730,7 @@ a|A boolean. m|+++false+++ |=== + [[config_dbms.cypher.forbid_shortestpath_common_nodes]] === `dbms.cypher.forbid_shortestpath_common_nodes` @@ -1580,6 +1745,7 @@ a|A boolean. m|+++true+++ |=== + [[config_dbms.cypher.hints_error]] === `dbms.cypher.hints_error` @@ -1594,6 +1760,7 @@ a|A boolean. m|+++false+++ |=== + [[config_dbms.cypher.lenient_create_relationship]] === `dbms.cypher.lenient_create_relationship` @@ -1608,6 +1775,7 @@ a|A boolean. m|+++false+++ |=== + [[config_dbms.cypher.min_replan_interval]] === `dbms.cypher.min_replan_interval` @@ -1622,6 +1790,7 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++10s+++ |=== + [[config_dbms.cypher.planner]] === `dbms.cypher.planner` @@ -1636,10 +1805,12 @@ a|One of [DEFAULT, COST]. m|+++DEFAULT+++ |=== + +[role=label--dynamic] [[config_dbms.cypher.render_plan_description]] === `dbms.cypher.render_plan_description` -label:dynamic[Dynamic] +// label:dynamic[Dynamic] .dbms.cypher.render_plan_description [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -1652,6 +1823,7 @@ a|A boolean. m|+++true+++ |=== + [[config_dbms.cypher.statistics_divergence_threshold]] === `dbms.cypher.statistics_divergence_threshold` @@ -1673,11 +1845,11 @@ m|+++0.75+++ |=== +[role=label--enterprise-edition label--new-5.13] [[config_server.cypher.parallel.worker_limit]] === `server.cypher.parallel.worker_limit` -label:enterprise-edition[Enterprise Edition] -label:new[Introduced in 5.13] +// label:enterprise-edition[Enterprise Edition] label:new[Introduced in 5.13] .server.cypher.parallel.worker_limit [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -1697,6 +1869,7 @@ a| An integer. m|+++0+++ |=== + == Database settings Database settings affect the behavior of a Neo4j database, for example, the file watcher service, the database format, the database store files, and the database timezone. @@ -1716,10 +1889,12 @@ a|A boolean. m|+++true+++ |=== + +[role=label--dynamic] [[config_db.format]] === `db.format` -label:dynamic[Dynamic] +// label:dynamic[Dynamic] .db.format [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -1735,6 +1910,7 @@ a|A string. m|+++aligned+++ |=== + [[config_db.relationship_grouping_threshold]] === `db.relationship_grouping_threshold` @@ -1749,6 +1925,7 @@ a|An integer that is minimum `1`. m|+++50+++ |=== + [[config_db.store.files.preallocate]] === `db.store.files.preallocate` @@ -1763,6 +1940,7 @@ a|A boolean. m|+++true+++ |=== + [[config_db.temporal.timezone]] === `db.temporal.timezone` @@ -1777,10 +1955,12 @@ a|A string describing a timezone, either described by offset (e.g. `+02:00`) or m|+++Z+++ |=== + +[role=label--enterprise-edition label--dynamic] [[config_db.track_query_cpu_time]] === `db.track_query_cpu_time` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .db.track_query_cpu_time [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -1794,12 +1974,14 @@ a|A boolean. m|+++false+++ |=== + == DBMS settings The DBMS settings affect the Neo4j DBMS as a whole. You can use them to set the default database, the DBMS timezone, a list of seed providers, and the maximum number of databases. The DBMS settings must be consistent across all configuration files in a cluster/DBMS. + [[config_initial.dbms.default_database]] === `initial.dbms.default_database` @@ -1823,6 +2005,7 @@ a|A valid database name containing only alphabetic characters, numbers, dots, an m|+++neo4j+++ |=== + [[config_dbms.db.timezone]] === `dbms.db.timezone` @@ -1837,10 +2020,12 @@ a|One of [UTC, SYSTEM]. m|+++UTC+++ |=== + +[role=label--enterprise-edition] [[config_dbms.databases.seed_from_uri_providers]] === `dbms.databases.seed_from_uri_providers` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.databases.seed_from_uri_providers [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -1860,10 +2045,12 @@ a|A comma-separated list where each element is a string. m|+++S3SeedProvider+++ |=== + +[role=label--enterprise-edition] [[config_dbms.max_databases]] === `dbms.max_databases` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.max_databases [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -1881,6 +2068,7 @@ m|+++100+++ The import settings control the size of the internal buffer used by `LOAD CSV` and the escaping of quotes in CSV files. + [[config_db.import.csv.buffer_size]] === `db.import.csv.buffer_size` @@ -1895,6 +2083,7 @@ a|A long that is minimum `1`. m|+++2097152+++ |=== + [[config_db.import.csv.legacy_quote_escaping]] === `db.import.csv.legacy_quote_escaping` @@ -1909,11 +2098,13 @@ a|A boolean. m|+++true+++ |=== + == Index settings The index settings control the fulltext index and the background index sampling (chunk size limit and sample size). For more information, see xref:/performance/index-configuration.adoc[Index configuration]. + [[config_db.index.fulltext.default_analyzer]] === `db.index.fulltext.default_analyzer` @@ -1928,6 +2119,7 @@ a|A string. m|+++standard-no-stop-words+++ |=== + [[config_db.index.fulltext.eventually_consistent]] === `db.index.fulltext.eventually_consistent` @@ -1942,6 +2134,7 @@ a|A boolean. m|+++false+++ |=== + [[config_db.index.fulltext.eventually_consistent_index_update_queue_max_length]] === `db.index.fulltext.eventually_consistent_index_update_queue_max_length` @@ -1956,6 +2149,7 @@ a|An integer that is in the range `1` to `50000000`. m|+++10000+++ |=== + [[config_db.index_sampling.background_enabled]] === `db.index_sampling.background_enabled` @@ -1970,6 +2164,7 @@ a|A boolean. m|+++true+++ |=== + [[config_db.index_sampling.sample_size_limit]] === `db.index_sampling.sample_size_limit` @@ -1984,6 +2179,7 @@ a|An integer that is in the range `1048576` to `2147483647`. m|+++8388608+++ |=== + [[config_db.index_sampling.update_percentage]] === `db.index_sampling.update_percentage` @@ -1998,15 +2194,18 @@ a|An integer that is minimum `0`. m|+++5+++ |=== + == Logging settings Neo4j has two different configuration files for logging, one for the _neo4j.log_, which contains general information about Neo4j, and one configuration file for all other types of logging via Log4j 2 (except _gc.log_ which is handled by the Java Virtual Machine(JVM). For more information, see xref:/monitoring/logging.adoc[Logging]. + +[role=label--new-5.18 label--deprecated-5.12 label--dynamic] [[config_db.logs.query.annotation_data_as_json_enabled]] === `db.logs.query.annotation_data_as_json_enabled` -label:new[Introduced in 5.8] label:dynamic[Dynamic] label:deprecated[Deprecated in 5.12] +// label:new[Introduced in 5.8] label:dynamic[Dynamic] label:deprecated[Deprecated in 5.12] .db.logs.query.annotation_data_as_json_enabled [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2022,10 +2221,12 @@ m|+++false+++ a|<> |=== + +[role=label--new-5.12 label--dynamic] [[config_db.logs.query.annotation_data_format]] === `db.logs.query.annotation_data_format` -label:new[Introduced in 5.12] label:dynamic[Dynamic] +// label:new[Introduced in 5.12] label:dynamic[Dynamic] .db.logs.query.annotation_data_format [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2044,10 +2245,12 @@ a|One of [CYPHER, JSON, FLAT_JSON]. m|+++CYPHER+++ |=== + +[role=label--dynamic] [[config_db.logs.query.early_raw_logging_enabled]] === `db.logs.query.early_raw_logging_enabled` -label:dynamic[Dynamic] +// label:dynamic[Dynamic] .db.logs.query.early_raw_logging_enabled [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2060,10 +2263,12 @@ a|A boolean. m|+++false+++ |=== + +[role=label--dynamic] [[config_db.logs.query.enabled]] === `db.logs.query.enabled` -label:dynamic[Dynamic] +// label:dynamic[Dynamic] .db.logs.query.enabled [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2084,10 +2289,12 @@ a|One of [OFF, INFO, VERBOSE]. m|+++VERBOSE+++ |=== + +[role=label--dynamic] [[config_db.logs.query.max_parameter_length]] === `db.logs.query.max_parameter_length` -label:dynamic[Dynamic] +// label:dynamic[Dynamic] .db.logs.query.max_parameter_length [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2100,10 +2307,12 @@ a|An integer. m|+++2147483647+++ |=== + +[role=label--dynamic] [[config_db.logs.query.obfuscate_literals]] === `db.logs.query.obfuscate_literals` -label:dynamic[Dynamic] +// label:dynamic[Dynamic] .db.logs.query.obfuscate_literals [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2116,10 +2325,12 @@ a|A boolean. m|+++false+++ |=== + +[role=label--dynamic] [[config_db.logs.query.parameter_logging_enabled]] === `db.logs.query.parameter_logging_enabled` -label:dynamic[Dynamic] +// label:dynamic[Dynamic] .db.logs.query.parameter_logging_enabled [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2132,10 +2343,12 @@ a|A boolean. m|+++true+++ |=== + +[role=label--dynamic] [[config_db.logs.query.plan_description_enabled]] === `db.logs.query.plan_description_enabled` -label:dynamic[Dynamic] +// label:dynamic[Dynamic] .db.logs.query.plan_description_enabled [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2148,10 +2361,12 @@ a|A boolean. m|false |=== + +[role=label--dynamic] [[config_db.logs.query.threshold]] === `db.logs.query.threshold` -label:dynamic[Dynamic] +// label:dynamic[Dynamic] .db.logs.query.threshold [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2164,10 +2379,12 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++0s+++ |=== + +[role=label--dynamic label--enterprise-edition] [[config_db.logs.query.transaction.enabled]] === `db.logs.query.transaction.enabled` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .db.logs.query.transaction.enabled [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2184,10 +2401,12 @@ a|One of [OFF, INFO, VERBOSE]. m|+++OFF+++ |=== + +[role=label--dynamic] [[config_db.logs.query.transaction.threshold]] === `db.logs.query.transaction.threshold` -label:dynamic[Dynamic] +// label:dynamic[Dynamic] .db.logs.query.transaction.threshold [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2200,6 +2419,7 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++0s+++ |=== + [[config_dbms.logs.http.enabled]] === `dbms.logs.http.enabled` @@ -2214,6 +2434,7 @@ a|A boolean. m|+++false+++ |=== + [[config_server.logs.config]] === `server.logs.config` @@ -2228,6 +2449,7 @@ a|A path. If relative, it is resolved from server.directories.neo4j_home. m|+++conf/server-logs.xml+++ |=== + [[config_server.logs.debug.enabled]] === `server.logs.debug.enabled` @@ -2242,6 +2464,7 @@ a|A boolean. m|+++true+++ |=== + [[config_server.logs.gc.enabled]] === `server.logs.gc.enabled` @@ -2256,6 +2479,7 @@ a|A boolean. m|+++false+++ |=== + [[config_server.logs.gc.options]] === `server.logs.gc.options` @@ -2270,6 +2494,7 @@ a|A string. m|+++-Xlog:gc*,safepoint,age*=trace+++ |=== + [[config_server.logs.gc.rotation.keep_number]] === `server.logs.gc.rotation.keep_number` @@ -2284,6 +2509,7 @@ a|An integer. m|+++5+++ |=== + [[config_server.logs.gc.rotation.size]] === `server.logs.gc.rotation.size` @@ -2298,6 +2524,7 @@ a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `Mi m|+++20.00MiB+++ |=== + [[config_server.logs.user.config]] === `server.logs.user.config` @@ -2312,12 +2539,14 @@ a|A path. If relative, it is resolved from `server.directories.neo4j_home`. m|+++conf/user-logs.xml+++ |=== + == Memory settings Memory settings control how much memory is allocated to Neo4j and how it is used. It is recommended to perform a certain amount of testing and tuning of these settings to figure out the optimal division of the available memory. For more information on how to tune these settings, see xref:/performance/memory-configuration.adoc[Memory configuration], xref:/performance/disks-ram-and-other-tips.adoc[Disks, RAM and other tips], and xref:performance/gc-tuning.adoc[Tuning of the garbage collector]. + [[config_db.memory.pagecache.warmup.enable]] === `db.memory.pagecache.warmup.enable` @@ -2333,6 +2562,7 @@ a|A boolean. m|+++true+++ |=== + [[config_db.memory.pagecache.warmup.preload]] === `db.memory.pagecache.warmup.preload` @@ -2347,6 +2577,7 @@ a|A boolean. m|+++false+++ |=== + [[config_db.memory.pagecache.warmup.preload.allowlist]] === `db.memory.pagecache.warmup.preload.allowlist` @@ -2361,10 +2592,12 @@ a|A string. m|.* |=== + +[role=label--enterprise-edition] [[config_db.memory.pagecache.warmup.profile.interval]] === `db.memory.pagecache.warmup.profile.interval` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .db.memory.pagecache.warmup.profile.interval [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2377,10 +2610,12 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++1m+++ |=== + +[role=label--dynamic] [[config_db.memory.transaction.max]] === `db.memory.transaction.max` -label:dynamic[Dynamic] +// label:dynamic[Dynamic] .db.memory.transaction.max [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2393,10 +2628,12 @@ a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `Mi m|+++0B+++ |=== + +[role=label--dynamic] [[config_db.memory.transaction.total.max]] === `db.memory.transaction.total.max` -label:dynamic[Dynamic] +// label:dynamic[Dynamic] .db.memory.transaction.total.max [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2409,10 +2646,12 @@ a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `Mi m|+++0B+++ |=== + +[role=label--deprecated-5.8] [[config_db.tx_state.memory_allocation]] === `db.tx_state.memory_allocation` -label:deprecated[Deprecated in 5.8] +// label:deprecated[Deprecated in 5.8] .db.tx_state.memory_allocation [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2425,10 +2664,12 @@ a|One of [ON_HEAP, OFF_HEAP]. m|+++ON_HEAP+++ |=== + +[role=label--deprecated-5.7] [[config_server.db.query_cache_size]] === `server.db.query_cache_size` -label:deprecated[Deprecated in 5.7] +// label:deprecated[Deprecated in 5.7] .server.db.query_cache_size [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2443,6 +2684,7 @@ m|+++1000+++ a|<> |=== + [[config_dbms.memory.tracking.enable]] === `dbms.memory.tracking.enable` @@ -2457,10 +2699,12 @@ a|A boolean. m|+++true+++ |=== + +[role=label--changed-5.2 label--dynamic] [[config_dbms.memory.transaction.total.max]] === `dbms.memory.transaction.total.max` -label:dynamic[Dynamic] label:changed[Value changed in 5.2] +// label:dynamic[Dynamic] label:changed[Value changed in 5.2] .dbms.memory.transaction.total.max [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2473,6 +2717,7 @@ a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `Mi m| |=== + [[config_server.memory.heap.initial_size]] === `server.memory.heap.initial_size` @@ -2487,6 +2732,7 @@ a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `Mi m| |=== + [[config_server.memory.heap.max_size]] === `server.memory.heap.max_size` @@ -2501,6 +2747,7 @@ a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `Mi m| |=== + [[config_server.memory.off_heap.block_cache_size]] === `server.memory.off_heap.block_cache_size` @@ -2515,6 +2762,7 @@ a|An integer that is minimum `16`. m|+++128+++ |=== + [[config_server.memory.off_heap.max_cacheable_block_size]] === `server.memory.off_heap.max_cacheable_block_size` @@ -2529,10 +2777,12 @@ a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `Mi m|+++512.00KiB+++ |=== + +[role=label--deprecated-5.8] [[config_server.memory.off_heap.transaction_max_size]] === `server.memory.off_heap.transaction_max_size` -label:deprecated[Deprecated in 5.8] +// label:deprecated[Deprecated in 5.8] .server.memory.off_heap.transaction_max_size [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2545,6 +2795,7 @@ a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `Mi m|+++2.00GiB+++ |=== + [[config_server.memory.pagecache.directio]] === `server.memory.pagecache.directio` @@ -2559,10 +2810,12 @@ a|A boolean. m|+++false+++ |=== + +[role=label--dynamic] [[config_server.memory.pagecache.flush.buffer.enabled]] === `server.memory.pagecache.flush.buffer.enabled` -label:dynamic[Dynamic] +// label:dynamic[Dynamic] .server.memory.pagecache.flush.buffer.enabled [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2575,10 +2828,12 @@ a|A boolean. m|+++false+++ |=== + +[role=label--dynamic] [[config_server.memory.pagecache.flush.buffer.size_in_pages]] === `server.memory.pagecache.flush.buffer.size_in_pages` -label:dynamic[Dynamic] +// label:dynamic[Dynamic] .server.memory.pagecache.flush.buffer.size_in_pages [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2591,6 +2846,7 @@ a|An integer that is in the range `1` to `512`. m|+++128+++ |=== + [[config_server.memory.pagecache.scan.prefetchers]] === `server.memory.pagecache.scan.prefetchers` @@ -2605,6 +2861,7 @@ a|An integer that is in the range `0` to `255`. m|+++4+++ |=== + [[config_server.memory.pagecache.size]] === `server.memory.pagecache.size` @@ -2619,10 +2876,12 @@ a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `Mi m| |=== + +[role=label--new-5.8 label--enterprise-edition] [[config_server.memory.query_cache.sharing_enabled]] === `server.memory.query_cache.sharing_enabled` -label:enterprise-edition[Enterprise Edition] label:new[Introduced in 5.7] +// label:enterprise-edition[Enterprise Edition] label:new[Introduced in 5.7] .server.memory.query_cache.sharing_enabled [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2642,10 +2901,13 @@ a|A boolean. m|+++false+++ |=== + +[role=label--new-5.7 label--dynamic-5.10 label--enterprise-edition] [[config_server.memory.query_cache.shared_cache_num_entries]] === `server.memory.query_cache.shared_cache_num_entries` -label:enterprise-edition[Enterprise Edition] label:new[Introduced in 5.7] label:dynamic[Dynamic since 5.10] +// label:enterprise-edition[Enterprise Edition] label:new[Introduced in 5.7] label:dynamic[Dynamic since 5.10] +// label:dynamic[Dynamic since 5.10] .server.memory.query_cache.shared_cache_num_entries [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2661,10 +2923,11 @@ m|+++1000+++ |=== +[role=label--dynamic-5.10] [[config_server.memory.query_cache.per_db_cache_num_entries]] === `server.memory.query_cache.per_db_cache_num_entries` -label:dynamic[Dynamic since 5.10] +// label:dynamic[Dynamic since 5.10] .server.memory.query_cache.per_db_cache_num_entries [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2680,16 +2943,18 @@ a|An integer that is minimum `0`. m|+++1000+++ |=== + == Metrics settings The metrics settings control whether Neo4j will log metrics, what metrics to log, how to log them, and how to expose them. For better understanding of the metrics settings and how to configure them, see xref:monitoring/metrics/index.adoc[Metrics]. +[role=label--enterprise-edition] [[config_server.metrics.csv.enabled]] === `server.metrics.csv.enabled` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.metrics.csv.enabled [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2702,10 +2967,12 @@ a|A boolean. m|+++true+++ |=== + +[role=label--enterprise-edition] [[config_server.metrics.csv.interval]] === `server.metrics.csv.interval` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.metrics.csv.interval [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2718,10 +2985,12 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++30s+++ |=== + +[role=label--enterprise-edition] [[config_server.metrics.csv.rotation.compression]] === `server.metrics.csv.rotation.compression` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.metrics.csv.rotation.compression [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2734,10 +3003,12 @@ a|One of [NONE, ZIP, GZ]. m|+++NONE+++ |=== + +[role=label--enterprise-edition] [[config_server.metrics.csv.rotation.keep_number]] === `server.metrics.csv.rotation.keep_number` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.metrics.csv.rotation.keep_number [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2750,10 +3021,12 @@ a|An integer that is minimum `1`. m|+++7+++ |=== + +[role=label--enterprise-edition] [[config_server.metrics.csv.rotation.size]] === `server.metrics.csv.rotation.size` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.metrics.csv.rotation.size [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2766,10 +3039,12 @@ a|A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `Mi m|+++10.00MiB+++ |=== + +[role=label--enterprise-edition] [[config_server.metrics.enabled]] === `server.metrics.enabled` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.metrics.enabled [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2782,10 +3057,12 @@ a|A boolean. m|+++true+++ |=== + +[role=label--enterprise-edition] [[config_server.metrics.filter]] === `server.metrics.filter` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.metrics.filter [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2798,10 +3075,12 @@ a|A comma-separated list where each element is A simple globbing pattern that ca m|`*bolt.connections*,*bolt.messages_received*,*bolt.messages_started*,*dbms.pool.bolt.free,*dbms.pool.bolt.total_size,*dbms.pool.bolt.total_used,*dbms.pool.bolt.used_heap,*cluster.raft.is_leader,*cluster.raft.last_leader_message,*cluster.raft.replication_attempt,*cluster.raft.replication_fail,*cluster.raft.last_applied,*cluster.raft.last_appended,*cluster.raft.append_index,*cluster.raft.commit_index,*cluster.raft.applied_index,*check_point.*,*cypher.replan_events,*ids_in_use*,*pool.transaction.*.total_used,*pool.transaction.*.used_heap,*pool.transaction.*.used_native,*store.size*,*transaction.active_read,*transaction.active_write,*transaction.committed*,*transaction.last_committed_tx_id,*transaction.peak_concurrent,*transaction.rollbacks*,*page_cache.hit*,*page_cache.page_faults,*page_cache.usage_ratio,*vm.file.descriptors.count,*vm.gc.time.*,*vm.heap.used,*vm.memory.buffer.direct.used,*vm.memory.pool.g1_eden_space,*vm.memory.pool.g1_old_gen,*vm.pause_time,*vm.thread*,*db.query.execution*` |=== + +[role=label--enterprise-edition] [[config_server.metrics.graphite.enabled]] === `server.metrics.graphite.enabled` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.metrics.graphite.enabled [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2814,10 +3093,12 @@ a|A boolean. m|+++false+++ |=== + +[role=label--enterprise-edition] [[config_server.metrics.graphite.interval]] === `server.metrics.graphite.interval` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.metrics.graphite.interval [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2830,10 +3111,12 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++30s+++ |=== + +[role=label--enterprise-edition] [[config_server.metrics.graphite.server]] === `server.metrics.graphite.server` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.metrics.graphite.server [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2846,10 +3129,12 @@ a|A socket address in the format of `hostname:port`, `hostname`, or `:port`. If m|+++:2003+++ |=== + +[role=label--enterprise-edition] [[config_server.metrics.jmx.enabled]] === `server.metrics.jmx.enabled` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.metrics.jmx.enabled [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2862,10 +3147,12 @@ a|A boolean. m|+++true+++ |=== + +[role=label--enterprise-edition] [[config_server.metrics.prefix]] === `server.metrics.prefix` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.metrics.prefix [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2878,10 +3165,12 @@ a|A string. m|+++neo4j+++ |=== + +[role=label--enterprise-edition] [[config_server.metrics.prometheus.enabled]] === `server.metrics.prometheus.enabled` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.metrics.prometheus.enabled [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2894,10 +3183,12 @@ a|A boolean. m|+++false+++ |=== + +[role=label--enterprise-edition] [[config_server.metrics.prometheus.endpoint]] === `server.metrics.prometheus.endpoint` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.metrics.prometheus.endpoint [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2910,14 +3201,17 @@ a|A socket address in the format of `hostname:port`, `hostname`, or `:port`. If m|+++localhost:2004+++ |=== + == Neo4j Browser and client settings Neo4j Browser and client settings apply only to Neo4j Browser and the client. + +[role=label--enterprise-edition] [[config_browser.allow_outgoing_connections]] === `browser.allow_outgoing_connections` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .browser.allow_outgoing_connections [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2930,10 +3224,12 @@ a|A boolean. m|+++true+++ |=== + +[role=label--enterprise-edition] [[config_browser.credential_timeout]] === `browser.credential_timeout` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .browser.credential_timeout [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2946,6 +3242,7 @@ a|A duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s). m|+++0s+++ |=== + [[config_browser.post_connect_cmd]] === `browser.post_connect_cmd` @@ -2960,6 +3257,7 @@ a|A string. m|++++++ |=== + [[config_browser.remote_content_hostname_whitelist]] === `browser.remote_content_hostname_whitelist` @@ -2974,10 +3272,12 @@ a|A string. m|+++guides.neo4j.com,localhost+++ |=== + +[role=label--enterprise-edition] [[config_browser.retain_connection_credentials]] === `browser.retain_connection_credentials` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .browser.retain_connection_credentials [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -2990,10 +3290,12 @@ a|A boolean. m|+++true+++ |=== + +[role=label--enterprise-edition] [[config_browser.retain_editor_history]] === `browser.retain_editor_history` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .browser.retain_editor_history [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3006,6 +3308,7 @@ a|A boolean. m|+++true+++ |=== + [[config_client.allow_telemetry]] === `client.allow_telemetry` @@ -3020,17 +3323,20 @@ a|A boolean. m|+++true+++ |=== + == Kubernetes settings The Kubernetes settings are used to configure a cluster running on https://kubernetes.io/[Kubernetes^], where each server is running as a Kubernetes service. The addresses of the other servers can be obtained using the List Service API, as described in the https://kubernetes.io/docs/reference/kubernetes-api/[Kubernetes API documentation^]. For more information, see xref:clustering/setup/discovery.adoc#clustering-discovery-k8s[Discovery in Kubernetes]. + .Kubernetes settings +[role=label--enterprise-edition] [[config_dbms.kubernetes.address]] === `dbms.kubernetes.address` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.kubernetes.address [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3043,10 +3349,12 @@ a|A socket address in the format of `hostname:port`, `hostname`, or `:port`. m|+++kubernetes.default.svc:443+++ |=== + +[role=label--enterprise-edition] [[config_dbms.kubernetes.ca_crt]] === `dbms.kubernetes.ca_crt` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.kubernetes.ca_crt [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3059,10 +3367,12 @@ a|A path. m|+++/var/run/secrets/kubernetes.io/serviceaccount/ca.crt+++ |=== + +[role=label--enterprise-edition] [[config_dbms.kubernetes.cluster_domain]] === `dbms.kubernetes.cluster_domain` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.kubernetes.cluster_domain [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3075,10 +3385,12 @@ a|A string. m|+++cluster.local+++ |=== + +[role=label--enterprise-edition] [[config_dbms.kubernetes.label_selector]] === `dbms.kubernetes.label_selector` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.kubernetes.label_selector [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3091,10 +3403,12 @@ a|A string. m| |=== + +[role=label--enterprise-edition] [[config_dbms.kubernetes.namespace]] === `dbms.kubernetes.namespace` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.kubernetes.namespace [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3107,10 +3421,12 @@ a|A path. m|+++/var/run/secrets/kubernetes.io/serviceaccount/namespace+++ |=== + +[role=label--enterprise-edition] [[config_dbms.kubernetes.service_port_name]] === `dbms.kubernetes.service_port_name` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.kubernetes.service_port_name [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3123,9 +3439,12 @@ a|A string. m| |=== + +[role=label--enterprise-edition] [[config_dbms.kubernetes.token]] === `dbms.kubernetes.token` -label:enterprise-edition[Enterprise Edition] + +// label:enterprise-edition[Enterprise Edition] .dbms.kubernetes.token [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3138,14 +3457,17 @@ a|A path. m|+++/var/run/secrets/kubernetes.io/serviceaccount/token+++ |=== + == Security settings The security settings are used to configure the security of your Neo4j deployment. Refer to the xref:security/index.adoc[Security] section for thorough information on security in Neo4j. + [[config_dbms.security.allow_csv_import_from_file_urls]] === `dbms.security.allow_csv_import_from_file_urls` + .dbms.security.allow_csv_import_from_file_urls [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] |=== @@ -3157,10 +3479,12 @@ a|A boolean. m|+++true+++ |=== + +[role=label--enterprise-edition] [[config_dbms.security.auth_cache_max_capacity]] === `dbms.security.auth_cache_max_capacity` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.security.auth_cache_max_capacity [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3173,10 +3497,12 @@ a|An integer. m|+++10000+++ |=== + +[role=label--enterprise-edition] [[config_dbms.security.auth_cache_ttl]] === `dbms.security.auth_cache_ttl` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.security.auth_cache_ttl [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3189,10 +3515,12 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++10m+++ |=== + +[role=label--enterprise-edition] [[config_dbms.security.auth_cache_use_ttl]] === `dbms.security.auth_cache_use_ttl` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.security.auth_cache_use_ttl [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3205,6 +3533,7 @@ a|A boolean. m|+++true+++ |=== + [[config_dbms.security.auth_enabled]] === `dbms.security.auth_enabled` @@ -3219,10 +3548,12 @@ a|A boolean. m|true |=== + +[role=label--new-5.3] [[config_config_dbms.security.auth_minimum_password_length]] === `dbms.security.auth_minimum_password_length` -label:version-number[Neo4j 5.3] +// label:version-number[Neo4j 5.3] .dbms.security.auth_minimum_password_length [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3235,6 +3566,7 @@ a|An integer that is minimum `1`. m|+++8+++ |=== + [[config_dbms.security.auth_lock_time]] === `dbms.security.auth_lock_time` @@ -3249,6 +3581,7 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++5s+++ |=== + [[config_dbms.security.auth_max_failed_attempts]] === `dbms.security.auth_max_failed_attempts` @@ -3263,10 +3596,12 @@ a|An integer that is minimum `0`. m|+++3+++ |=== + +[role=label--enterprise-edition] [[config_dbms.security.authentication_providers]] === `dbms.security.authentication_providers` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.security.authentication_providers [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3279,10 +3614,12 @@ a|A comma-separated list where each element is a string. m|+++native+++ |=== + +[role=label--enterprise-edition] [[config_dbms.security.authorization_providers]] === `dbms.security.authorization_providers` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.security.authorization_providers [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3295,10 +3632,12 @@ a|A comma-separated list where each element is a string. m|+++native+++ |=== + +[role=label--enterprise-edition] [[config_dbms.security.cluster_status_auth_enabled]] === `dbms.security.cluster_status_auth_enabled` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.security.cluster_status_auth_enabled [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3311,6 +3650,7 @@ a|A boolean. m|+++true+++ |=== + [[config_dbms.security.http_access_control_allow_origin]] === `dbms.security.http_access_control_allow_origin` @@ -3325,6 +3665,7 @@ a|A string. m|+++*+++ |=== + [[config_dbms.security.http_auth_allowlist]] === `dbms.security.http_auth_allowlist` @@ -3339,6 +3680,7 @@ a|A comma-separated list where each element is a string. m|+++/,/browser.*+++ |=== + [[config_dbms.security.http_strict_transport_security]] === `dbms.security.http_strict_transport_security` @@ -3353,10 +3695,12 @@ a|A string. m| |=== + +[role=label--enterprise-edition label--dynamic] [[config_dbms.security.key.name]] === `dbms.security.key.name` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .dbms.security.key.name [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3369,10 +3713,12 @@ a|A string. m|+++aesKey+++ |=== + +[role=label--enterprise-edition label--dynamic] [[config_dbms.security.keystore.password]] === `dbms.security.keystore.password` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .dbms.security.keystore.password [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3385,10 +3731,12 @@ a|A secure string. m| |=== + +[role=label--enterprise-edition label--dynamic] [[config_dbms.security.keystore.path]] === `dbms.security.keystore.path` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .dbms.security.keystore.path [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3401,10 +3749,12 @@ a|A path. m| |=== + +[role=label--enterprise-edition label--dynamic] [[config_dbms.security.ldap.authentication.attribute]] === `dbms.security.ldap.authentication.attribute` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .dbms.security.ldap.authentication.attribute [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3418,10 +3768,12 @@ a|A string that matches the pattern `[A-Za-z0-9-]*` (has to be a valid LDAP attr m|+++samaccountname+++ |=== + +[role=label--enterprise-edition] [[config_dbms.security.ldap.authentication.cache_enabled]] === `dbms.security.ldap.authentication.cache_enabled` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.security.ldap.authentication.cache_enabled [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3435,10 +3787,12 @@ a|A boolean. m|+++true+++ |=== + +[role=label--enterprise-edition] [[config_dbms.security.ldap.authentication.mechanism]] === `dbms.security.ldap.authentication.mechanism` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.security.ldap.authentication.mechanism [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3451,10 +3805,12 @@ a|A string. m|+++simple+++ |=== + +[role=label--enterprise-edition] [[config_dbms.security.ldap.authentication.search_for_attribute]] === `dbms.security.ldap.authentication.search_for_attribute` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.security.ldap.authentication.search_for_attribute [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3468,10 +3824,12 @@ a|A boolean. m|+++false+++ |=== + +[role=label--enterprise-edition label--dynamic] [[config_dbms.security.ldap.authentication.user_dn_template]] === `dbms.security.ldap.authentication.user_dn_template` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .dbms.security.ldap.authentication.user_dn_template [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3484,11 +3842,12 @@ a|A string that Must be a string containing '{0}' to understand where to insert m|+++uid={0},ou=users,dc=example,dc=com+++ |=== + +[role=label--enterprise-edition label--dynamic] [[config_dbms.security.ldap.authorization.access_permitted_group]] === `dbms.security.ldap.authorization.access_permitted_group` - -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .dbms.security.ldap.authorization.access_permitted_group [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3501,10 +3860,12 @@ a|A string. m|++++++ |=== + +[role=label--enterprise-edition label--dynamic] [[config_dbms.security.ldap.authorization.group_membership_attributes]] === `dbms.security.ldap.authorization.group_membership_attributes` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .dbms.security.ldap.authorization.group_membership_attributes [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3517,10 +3878,12 @@ a|A comma-separated list where each element is a string, which Can not be empty. m|+++memberOf+++ |=== + +[role=label--enterprise-edition label--dynamic] [[config_dbms.security.ldap.authorization.group_to_role_mapping]] === `dbms.security.ldap.authorization.group_to_role_mapping` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .dbms.security.ldap.authorization.group_to_role_mapping [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3541,10 +3904,12 @@ a|A string that must be a semicolon-separated list of key-value pairs or empty. m|++++++ |=== + +[role=label--enterprise-edition label--dynamic] [[config_dbms.security.ldap.authorization.nested_groups_enabled]] === `dbms.security.ldap.authorization.nested_groups_enabled` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .dbms.security.ldap.authorization.nested_groups_enabled [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3557,10 +3922,12 @@ a|A boolean. m|+++false+++ |=== + +[role=label--enterprise-edition label--dynamic] [[config_dbms.security.ldap.authorization.nested_groups_search_filter]] === `dbms.security.ldap.authorization.nested_groups_search_filter` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .dbms.security.ldap.authorization.nested_groups_search_filter [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3573,10 +3940,12 @@ a|A string. m|+++(&(objectclass=group)(member:1.2.840.113556.1.4.1941:={0}))+++ |=== + +[role=label--enterprise-edition] [[config_dbms.security.ldap.authorization.system_password]] === `dbms.security.ldap.authorization.system_password` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.security.ldap.authorization.system_password [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3589,10 +3958,12 @@ a|A secure string. m| |=== + +[role=label--enterprise-edition] [[config_dbms.security.ldap.authorization.system_username]] === `dbms.security.ldap.authorization.system_username` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.security.ldap.authorization.system_username [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3605,10 +3976,12 @@ a|A string. m| |=== + +[role=label--enterprise-edition] [[config_dbms.security.ldap.authorization.use_system_account]] === `dbms.security.ldap.authorization.use_system_account` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.security.ldap.authorization.use_system_account [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3623,10 +3996,12 @@ a|A boolean. m|+++false+++ |=== + +[role=label--enterprise-edition label--dynamic] [[config_dbms.security.ldap.authorization.user_search_base]] === `dbms.security.ldap.authorization.user_search_base` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .dbms.security.ldap.authorization.user_search_base [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3639,10 +4014,12 @@ a|A string that Can not be empty. m|+++ou=users,dc=example,dc=com+++ |=== + +[role=label--enterprise-edition label--dynamic] [[config_dbms.security.ldap.authorization.user_search_filter]] === `dbms.security.ldap.authorization.user_search_filter` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .dbms.security.ldap.authorization.user_search_filter [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3655,10 +4032,12 @@ a|A string. m|+++(&(objectClass=*)(uid={0}))+++ |=== + +[role=label--enterprise-edition] [[config_dbms.security.ldap.connection_timeout]] === `dbms.security.ldap.connection_timeout` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.security.ldap.connection_timeout [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3671,10 +4050,12 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++30s+++ |=== + +[role=label--enterprise-edition] [[config_dbms.security.ldap.host]] === `dbms.security.ldap.host` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.security.ldap.host [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3688,10 +4069,12 @@ a|A string. m|+++localhost+++ |=== + +[role=label--enterprise-edition] [[config_dbms.security.ldap.read_timeout]] === `dbms.security.ldap.read_timeout` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.security.ldap.read_timeout [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3704,10 +4087,12 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++30s+++ |=== + +[role=label--enterprise-edition] [[config_dbms.security.ldap.referral]] === `dbms.security.ldap.referral` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.security.ldap.referral [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3724,10 +4109,12 @@ a|A string. m|+++follow+++ |=== + +[role=label--enterprise-edition] [[config_dbms.security.ldap.use_starttls]] === `dbms.security.ldap.use_starttls` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.security.ldap.use_starttls [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3740,10 +4127,12 @@ a|A boolean. m|+++false+++ |=== + +[role=label--enterprise-edition] [[config_dbms.security.log_successful_authentication]] === `dbms.security.log_successful_authentication` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.security.log_successful_authentication [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3756,10 +4145,12 @@ a|A boolean. m|+++true+++ |=== + +[role=label--enterprise-edition] [[config_dbms.security.logs.ldap.groups_at_debug_level_enabled]] === `dbms.security.logs.ldap.groups_at_debug_level_enabled` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.security.logs.ldap.groups_at_debug_level_enabled [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3772,10 +4163,12 @@ a|A boolean. m|+++false+++ |=== + +[role=label--enterprise-edition label--dynamic] [[config_dbms.security.oidc.-provider-.audience]] === `dbms.security.oidc..audience` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .dbms.security.oidc..audience [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3786,10 +4179,12 @@ a|Expected values of the Audience (aud) claim in the id token. a|A comma-separated list where each element is a string, which Can not be empty. |=== + +[role=label--enterprise-edition label--dynamic] [[config_dbms.security.oidc.-provider-.auth_endpoint]] === `dbms.security.oidc..auth_endpoint` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .dbms.security.oidc..auth_endpoint [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3800,10 +4195,12 @@ a|The OIDC authorization endpoint. If this is not supplied Neo4j will attempt to a|a URI |=== + +[role=label--enterprise-edition label--dynamic] [[config_dbms.security.oidc.-provider-.auth_flow]] === `dbms.security.oidc..auth_flow` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .dbms.security.oidc..auth_flow [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3816,10 +4213,12 @@ a|One of [PKCE, IMPLICIT]. m|+++PKCE+++ |=== + +[role=label--enterprise-edition label--dynamic label--deprecated] [[config_dbms.security.oidc.-provider-.auth_params]] === `dbms.security.oidc..auth_params` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] label:deprecated[Deprecated] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] label:deprecated[Deprecated] .dbms.security.oidc..auth_params [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3832,10 +4231,12 @@ a|A simple key value map pattern `k1=v1;k2=v2`. m|+++{}+++ |=== + +[role=label--enterprise-edition label--dynamic] [[config_dbms.security.oidc.-provider-.authorization.group_to_role_mapping]] === `dbms.security.oidc..authorization.group_to_role_mapping` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .dbms.security.oidc..authorization.group_to_role_mapping [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3854,10 +4255,12 @@ dbms.security.oidc..authorization.group_to_role_mapping=\ a|A string that must be semicolon-separated list of key-value pairs or empty |=== + +[role=label--enterprise-edition label--dynamic] [[config_dbms.security.oidc.-provider-.claims.groups]] === `dbms.security.oidc..claims.groups` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .dbms.security.oidc..claims.groups [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3870,10 +4273,12 @@ From Neo4j 5.4, the JWT claim may also contain a single group returned as A stri a|A string. |=== + +[role=label--enterprise-edition label--dynamic] [[config_dbms.security.oidc.-provider-.claims.username]] === `dbms.security.oidc..claims.username` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .dbms.security.oidc..claims.username [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3886,10 +4291,12 @@ a|A string. m|+++sub+++ |=== + +[role=label--enterprise-edition label--dynamic] [[config_dbms.security.oidc.-provider-.client_id]] === `dbms.security.oidc..client_id` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .dbms.security.oidc..client_id [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3900,10 +4307,12 @@ a|Client id needed if token contains multiple Audience (aud) claims. a|A string. |=== + +[role=label--enterprise-edition label--dynamic] [[config_dbms.security.oidc.-provider-.config]] === `dbms.security.oidc..config` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .dbms.security.oidc..config [cols="<1s,<4a"] @@ -3923,6 +4332,7 @@ a|A simple key-value map pattern `k1=v1;k2=v2`. Valid key options are: `[implici m|+++{}+++ |=== + [[config_dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled]] === `dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled` @@ -3931,7 +4341,10 @@ m|+++{}+++ |=== |Description a|When set to `true`, it logs the claims from the JWT. This will only take effect when the security log level is set to `DEBUG`. + -WARNING: It is strongly advised that this is set to `false` when running in a production environment in order to prevent logging of sensitive information. Also note that the contents of the JWT claims set can change over time because they are dependent entirely upon the ID provider. +[WARNING] +==== +It is strongly advised that this is set to `false` when running in a production environment in order to prevent logging of sensitive information. Also note that the contents of the JWT claims set can change over time because they are dependent entirely upon the ID provider. +==== |Valid values a|A boolean. |Default value @@ -3939,10 +4352,11 @@ m|+++false+++ |=== +[role=label--enterprise-edition] [[config_dbms.security.oidc.-provider-.display_name]] === `dbms.security.oidc..display_name` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .dbms.security.oidc..display_name [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3953,10 +4367,12 @@ a|The user-facing name of the provider as provided by the discovery endpoint to a|A string. |=== + +[role=label--enterprise-edition label--dynamic] [[config_dbms.security.oidc.-provider-.get_groups_from_user_info]] === `dbms.security.oidc..get_groups_from_user_info` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .dbms.security.oidc..get_groups_from_user_info [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3969,10 +4385,12 @@ a|A boolean. m|+++false+++ |=== + +[role=label--enterprise-edition label--dynamic] [[config_dbms.security.oidc.-provider-.get_username_from_user_info]] === `dbms.security.oidc..get_username_from_user_info` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .dbms.security.oidc..get_username_from_user_info [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3985,10 +4403,12 @@ a|A boolean. m|+++false+++ |=== + +[role=label--enterprise-edition label--dynamic] [[config_dbms.security.oidc.-provider-.issuer]] === `dbms.security.oidc..issuer` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .dbms.security.oidc..issuer [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -3999,10 +4419,12 @@ a|The expected value of the iss claim in the id token. If this is not supplied N a|A string. |=== + +[role=label--enterprise-edition label--dynamic] [[config_dbms.security.oidc.-provider-.jwks_uri]] === `dbms.security.oidc..jwks_uri` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .dbms.security.oidc..jwks_uri [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -4013,10 +4435,12 @@ a|The location of the JWK public key set for the identity provider. If this is n a|a URI |=== + +[role=label--enterprise-edition label--dynamic] [[config_dbms.security.oidc.-provider-.params]] === `dbms.security.oidc..params` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .dbms.security.oidc..params [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -4036,10 +4460,12 @@ a|A simple key-value map pattern `k1=v1;k2=v2`. Required key options are: `[scop m|+++{}+++ |=== + +[role=label--enterprise-edition label--dynamic] [[config_dbms.security.oidc.-provider-.token_endpoint]] === `dbms.security.oidc..token_endpoint` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .dbms.security.oidc..token_endpoint [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -4050,10 +4476,12 @@ a|The OIDC token endpoint. If this is not supplied Neo4j will attempt to discove a|a URI |=== + +[role=label--enterprise-edition label--dynamic] [[config_dbms.security.oidc.-provider-.token_params]] === `dbms.security.oidc..token_params` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .dbms.security.oidc..token_params [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -4066,10 +4494,12 @@ a|A simple key value map pattern `k1=v1;k2=v2`. m|+++{}+++ |=== + +[role=label--enterprise-edition label--dynamic] [[config_dbms.security.oidc.-provider-.user_info_uri]] === `dbms.security.oidc..user_info_uri` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .dbms.security.oidc..user_info_uri [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -4080,10 +4510,12 @@ a|The identity providers user info uri. a|a URI |=== + +[role=label--enterprise-edition label--dynamic] [[config_dbms.security.oidc.-provider-.well_known_discovery_uri]] === `dbms.security.oidc..well_known_discovery_uri` -label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] .dbms.security.oidc..well_known_discovery_uri [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -4094,6 +4526,7 @@ a|OpenID Connect Discovery endpoint used to fetch identity provider settings. If a|a URI |=== + [[config_dbms.security.procedures.allowlist]] === `dbms.security.procedures.allowlist` @@ -4108,6 +4541,7 @@ a|A comma-separated list where each element is a string. m|+++*+++ |=== + [[config_dbms.security.procedures.unrestricted]] === `dbms.security.procedures.unrestricted` @@ -4122,6 +4556,7 @@ a|A comma-separated list where each element is a string. m|++++++ |=== + [[config_dbms.netty.ssl.provider]] === `dbms.netty.ssl.provider` @@ -4136,15 +4571,18 @@ a|One of [JDK, OPENSSL, OPENSSL_REFCNT]. m|+++JDK+++ |=== + == Server directories settings The server directories settings can be used to change the default locations of your Neo4j files. For more information, see xref:configuration/file-locations.adoc[Default file locations]. + +[role=label--enterprise-edition] [[config_server.directories.cluster_state]] === `server.directories.cluster_state` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.directories.cluster_state [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -4157,6 +4595,7 @@ a|A path. If relative, it is resolved from server.directories.data. m|+++cluster-state+++ |=== + [[config_server.directories.data]] === `server.directories.data` @@ -4171,6 +4610,7 @@ a|A path. If relative, it is resolved from server.directories.neo4j_home. m|+++data+++ |=== + [[config_server.directories.dumps.root]] === `server.directories.dumps.root` @@ -4185,6 +4625,7 @@ a|A path. If relative, it is resolved from server.directories.data. m|+++dumps+++ |=== + [[config_server.directories.import]] === `server.directories.import` @@ -4199,6 +4640,7 @@ a|A path. If relative, it is resolved from server.directories.neo4j_home. m| |=== + [[config_server.directories.lib]] === `server.directories.lib` @@ -4213,6 +4655,7 @@ a|A path. If relative, it is resolved from server.directories.neo4j_home. m|+++lib+++ |=== + [[config_server.directories.licenses]] === `server.directories.licenses` @@ -4227,6 +4670,7 @@ a|A path. If relative, it is resolved from server.directories.neo4j_home. m|+++licenses+++ |=== + [[config_server.directories.logs]] === `server.directories.logs` @@ -4241,10 +4685,12 @@ a|A path. If relative, it is resolved from server.directories.neo4j_home. m|+++logs+++ |=== + +[role=label--enterprise-edition] [[config_server.directories.metrics]] === `server.directories.metrics` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.directories.metrics [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -4257,6 +4703,7 @@ a|A path. If relative, it is resolved from server.directories.neo4j_home. m|+++metrics+++ |=== + [[config_server.directories.neo4j_home]] === `server.directories.neo4j_home` @@ -4271,6 +4718,7 @@ a|A path that is absolute. m| |=== + [[config_server.directories.plugins]] === `server.directories.plugins` @@ -4285,6 +4733,7 @@ a|A path. If relative, it is resolved from server.directories.neo4j_home. m|+++plugins+++ |=== + [[config_server.directories.run]] === `server.directories.run` @@ -4299,6 +4748,7 @@ a|A path. If relative, it is resolved from server.directories.neo4j_home. m|+++run+++ |=== + [[config_server.directories.script.root]] === `server.directories.script.root` @@ -4313,6 +4763,7 @@ a|A path. If relative, it is resolved from server.directories.data. m|+++scripts+++ |=== + [[config_server.directories.transaction.logs.root]] === `server.directories.transaction.logs.root` @@ -4331,10 +4782,12 @@ m|+++transactions+++ Server settings apply only to the specific server and can be varied between configuration files across a cluster/DBMS. + +[role=label--enterprise-edition] [[config_server.backup.enabled]] === `server.backup.enabled` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.backup.enabled [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -4347,10 +4800,12 @@ a|A boolean. m|+++true+++ |=== + +[role=label--enterprise-edition] [[config_server.backup.exec_connector.command]] === `server.backup.exec_connector.command` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.backup.exec_connector.command [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -4363,12 +4818,15 @@ a|A string. m|++++++ |=== + [[config_server.backup.exec_connector.command_timeout]] + +[role=label--enterprise-edition] [[config_server.backup.exec_connector.scheme]] === `server.backup.exec_connector.scheme` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.backup.exec_connector.scheme [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -4381,13 +4839,15 @@ a|A comma-separated list where each element is a string. m| |=== + [[config_server.backup.exec_connector.tls_ca]] +[role=label--enterprise-edition] [[config_server.backup.listen_address]] === `server.backup.listen_address` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.backup.listen_address [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -4400,10 +4860,12 @@ a|A socket address in the format of `hostname:port`, `hostname`, or `:port`. m|+++127.0.0.1:6362+++ |=== + +[role=label--enterprise-edition] [[config_server.backup.store_copy_max_retry_time_per_request]] === `server.backup.store_copy_max_retry_time_per_request` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.backup.store_copy_max_retry_time_per_request [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -4416,6 +4878,7 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++20m+++ |=== + [[config_server.config.strict_validation.enabled]] === `server.config.strict_validation.enabled` @@ -4430,10 +4893,12 @@ a|A boolean. m|+++true+++ |=== + +[role=label--dynamic] [[config_server.databases.default_to_read_only]] === `server.databases.default_to_read_only` -label:dynamic[Dynamic] +// label:dynamic[Dynamic] .server.databases.default_to_read_only [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -4446,10 +4911,12 @@ a|A boolean. m|+++false+++ |=== + +[role=label--dynamic] [[config_server.databases.read_only]] === `server.databases.read_only` -label:dynamic[Dynamic] +// label:dynamic[Dynamic] .server.databases.read_only [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -4462,10 +4929,12 @@ a| A comma-separated set where each element is a valid database name containing m|++++++ |=== + +[role=label--dynamic] [[config_server.databases.writable]] === `server.databases.writable` -label:dynamic[Dynamic] +// label:dynamic[Dynamic] .server.databases.writable [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -4478,10 +4947,12 @@ a|A comma-separated set where each element is a valid database name containing o m|++++++ |=== + +[role=label--enterprise-edition] [[config_server.dynamic.setting.allowlist]] === `server.dynamic.setting.allowlist` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.dynamic.setting.allowlist [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -4494,6 +4965,7 @@ a|A comma-separated list where each element is a string. m|+++*+++ |=== + [[config_server.jvm.additional]] === `server.jvm.additional` @@ -4509,10 +4981,11 @@ m| |=== +[role=label--enterprise-edition label--deprecated=5.6] [[config_server.max_databases]] === `server.max_databases` -label:enterprise-edition[Enterprise Edition] label:deprecated[Deprecated in 5.6] +// label:enterprise-edition[Enterprise Edition] label:deprecated[Deprecated in 5.6] .server.max_databases [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -4528,10 +5001,11 @@ a|<> |=== +[role=label--enterprise-edition] [[config_server.panic.shutdown_on_panic]] === `server.panic.shutdown_on_panic` -label:enterprise-edition[Enterprise Edition] +// label:enterprise-edition[Enterprise Edition] .server.panic.shutdown_on_panic [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -4544,6 +5018,7 @@ a|A boolean. m|false |=== + [[config_server.threads.worker_count]] === `server.threads.worker_count` @@ -4558,6 +5033,7 @@ a|An integer that is in the range `1` to `44738`. m| |=== + [[config_server.unmanaged_extension_classes]] === `server.unmanaged_extension_classes` @@ -4572,6 +5048,7 @@ a|A comma-separated list where each element is `=` strin m|++++++ |=== + [[config_server.windows_service_name]] === `server.windows_service_name` @@ -4586,15 +5063,18 @@ a|A string. m|+++neo4j+++ |=== + == Transaction settings The transaction settings helps you manage the transactions in your database, for example, the transaction timeout, the lock acquisition timeout, the maximum number of concurrently running transactions, etc. For more information, see xref:/database-internals/transaction-management.adoc#_manage-transactions[Manage transactions] and xref:/database-internals/locks-deadlocks.adoc[Locks and deadlocks]. + +[role=label--dynamic] [[config_db.lock.acquisition.timeout]] === `db.lock.acquisition.timeout` -label:dynamic[Dynamic] +// label:dynamic[Dynamic] .db.lock.acquisition.timeout [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -4607,6 +5087,7 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++0s+++ |=== + [[config_db.shutdown_transaction_end_timeout]] === `db.shutdown_transaction_end_timeout` @@ -4621,10 +5102,12 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++10s+++ |=== + +[role=label--dynamic] [[config_db.transaction.bookmark_ready_timeout]] === `db.transaction.bookmark_ready_timeout` -label:dynamic[Dynamic] +// label:dynamic[Dynamic] .db.transaction.bookmark_ready_timeout [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -4637,10 +5120,12 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++30s+++ |=== + +[role=label--dynamic] [[config_db.transaction.concurrent.maximum]] === `db.transaction.concurrent.maximum` -label:dynamic[Dynamic] +// label:dynamic[Dynamic] .db.transaction.concurrent.maximum [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -4653,6 +5138,7 @@ a|An integer. m|+++1000+++ |=== + [[config_db.transaction.monitor.check.interval]] === `db.transaction.monitor.check.interval` @@ -4667,10 +5153,12 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++2s+++ |=== + +[role=label--dynamic] [[config_db.transaction.sampling.percentage]] === `db.transaction.sampling.percentage` -label:dynamic[Dynamic] +// label:dynamic[Dynamic] .db.transaction.sampling.percentage [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -4683,10 +5171,12 @@ a|An integer that is in the range `1` to `100`. m|+++5+++ |=== + +[role=label--dynamic] [[config_db.transaction.timeout]] === `db.transaction.timeout` -label:dynamic[Dynamic] +// label:dynamic[Dynamic] .db.transaction.timeout [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -4699,10 +5189,12 @@ a|A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default m|+++0s+++ |=== + +[role=label--dynamic] [[config_db.transaction.tracing.level]] === `db.transaction.tracing.level` -label:dynamic[Dynamic] +// label:dynamic[Dynamic] .db.transaction.tracing.level [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -4715,6 +5207,7 @@ a|One of [DISABLED, SAMPLE, ALL]. m|+++DISABLED+++ |=== + == Transaction log settings Transaction logs keep the list of transactions that have not yet been applied to the store files. @@ -4723,6 +5216,7 @@ The following settings configure the number of transaction logs left after a pru See also <>. + [[config_db.recovery.fail_on_missing_files]] === `db.recovery.fail_on_missing_files` @@ -4737,6 +5231,7 @@ a|A boolean. m|+++true+++ |=== + [[config_db.tx_log.buffer.size]] === `db.tx_log.buffer.size` @@ -4752,10 +5247,12 @@ a|A long that is minimum `131072`. m| |=== + +[role=label--dynamic] [[config_db.tx_log.preallocate]] === `db.tx_log.preallocate` -label:dynamic[Dynamic] +// label:dynamic[Dynamic] .db.tx_log.preallocate [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -4769,10 +5266,12 @@ a|A boolean. m|+++true+++ |=== + +[role=label--changed-5.13 label--dynamic] [[config_db.tx_log.rotation.retention_policy]] === `db.tx_log.rotation.retention_policy` -label:dynamic[Dynamic] label:changed[Default value changed in 5.13] +// label:dynamic[Dynamic] label:changed[Default value changed in 5.13] .db.tx_log.rotation.retention_policy [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] @@ -4789,10 +5288,12 @@ a| A string that matches the pattern `^(true\|keep_all\|false\|keep_none\|(\d+[K m|+++2 days 2G+++ |=== + +[role=label--dynamic] [[config_db.tx_log.rotation.size]] === `db.tx_log.rotation.size` -label:dynamic[Dynamic] +// label:dynamic[Dynamic] .db.tx_log.rotation.size [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] diff --git a/modules/ROOT/pages/configuration/set-initial-password.adoc b/modules/ROOT/pages/configuration/set-initial-password.adoc index a21ddf9a6..46910315c 100644 --- a/modules/ROOT/pages/configuration/set-initial-password.adoc +++ b/modules/ROOT/pages/configuration/set-initial-password.adoc @@ -8,13 +8,13 @@ This must be performed before starting up the database for the first time. If the password is not set explicitly using this method, it will be set to the default password `neo4j`. In that case, you will be prompted to change the default password at first login. + +[role=label--new-5.3] [NOTE] ==== -label:Neo4j-5.3[] - The default minimum password length is 8 characters. -Use the `dbms.security.auth_minimum_password_length` configuration to change it. -The requirement has been introduced in *Neo4j 5.3*. + +Use the xref:configuration/configuration-settings.adoc#config_config_dbms.security.auth_minimum_password_length[`dbms.security.auth_minimum_password_length`] configuration setting to change the default minimum value. ==== *Syntax:* @@ -24,9 +24,9 @@ The requirement has been introduced in *Neo4j 5.3*. .Use the `set-initial-password` command of neo4j-admin ==== -Set the password for the native `neo4j` user to 'h6u4%kr' before starting the database for the first time. +Set the password for the native `neo4j` user to 'h6u4%krd' before starting the database for the first time. ---- -$neo4j-home> bin/neo4j-admin dbms set-initial-password h6u4%kr +$neo4j-home> bin/neo4j-admin dbms set-initial-password h6u4%krd ---- ==== diff --git a/modules/ROOT/pages/database-administration/aliases/manage-aliases-composite-databases.adoc b/modules/ROOT/pages/database-administration/aliases/manage-aliases-composite-databases.adoc index b6680cf89..e96b6b808 100644 --- a/modules/ROOT/pages/database-administration/aliases/manage-aliases-composite-databases.adoc +++ b/modules/ROOT/pages/database-administration/aliases/manage-aliases-composite-databases.adoc @@ -262,9 +262,9 @@ CREATE ALIAS `my.alias.with.dots` FOR DATABASE `northwind-graph` CREATE ALIAS `my.composite.database.with.dots`.`my.other.alias.with.dots` FOR DATABASE `northwind-graph` ---- -=== Single dots and local database aliases -label:deprecated[] +[role=label--deprecated] +=== Single dots and local database aliases There is a special case for local database aliases with a single dot without any existing composite database. If a composite database `some` exists, the query below will create a database alias named `alias` within the composite database `some`. diff --git a/modules/ROOT/pages/database-internals/checkpointing.adoc b/modules/ROOT/pages/database-internals/checkpointing.adoc index 976048d15..065f6fa73 100644 --- a/modules/ROOT/pages/database-internals/checkpointing.adoc +++ b/modules/ROOT/pages/database-internals/checkpointing.adoc @@ -29,7 +29,7 @@ Depending on your needs, the checkpoint can run on a periodic basis, which is th |Description |PERIODIC -|label:default[Default] +|label:default[] This policy checks every 10 minutes whether there are changes pending flushing and if so, it performs a checkpoint and subsequently triggers a log prune. The periodic policy is specified by the xref:configuration/configuration-settings.adoc#config_db.checkpoint.interval.tx[`db.checkpoint.interval.tx`] and xref:configuration/configuration-settings.adoc#config_db.checkpoint.interval.time[`db.checkpoint.interval.time`] settings and the checkpointing is triggered when either of them is reached. See <> for more details. @@ -39,12 +39,12 @@ See <> for more details. By default, it is set to `250.00MiB`. |CONTINUOUS -|label:enterprise[Enterprise Edition] +|label:enterprise-edition[] This policy ignores xref:configuration/configuration-settings.adoc#config_db.checkpoint.interval.tx[`db.checkpoint.interval.tx`] and xref:configuration/configuration-settings.adoc#config_db.checkpoint.interval.time[`db.checkpoint.interval.time`] settings and runs the checkpoint process all the time. The log pruning is triggered immediately after the checkpointing completes, just like in the periodic policy. |VOLUMETRIC -|label:enterprise[Enterprise Edition] +|label:enterprise-edition[] This policy checks every 10 seconds if there is enough volume of logs available for pruning and, if so, it triggers a checkpoint and subsequently, it prunes the logs. By default, the volume is set to 256MiB, but it can be configured using the setting xref:configuration/configuration-settings.adoc#config_db.tx_log.rotation.retention_policy[`db.tx_log.rotation.retention_policy`] and xref:configuration/configuration-settings.adoc#config_db.tx_log.rotation.size[`db.tx_log.rotation.size`]. For more information, see xref:database-internals/transaction-logs.adoc#transaction-logging-log-rotation[Configure transaction log rotation size]. @@ -88,8 +88,8 @@ Since database updates are communicated between cluster members and backup clien The number of transaction logs left after a pruning operation is controlled by the setting `db.tx_log.rotation.retention_policy`. -label:new[Introduced in 5.13] -Starting with Neo4j 5.13, the default value of `db.tx_log.rotation.retention_policy` is changed from `2 days` to `2 days 2G`, which means that Neo4j keeps logical logs that contain any transaction committed within two days and within the designated log space of 2G. +[role=label--new-5.13] +The default value of `db.tx_log.rotation.retention_policy` is changed from `2 days` to `2 days 2G`, which means that Neo4j keeps logical logs that contain any transaction committed within two days and within the designated log space of 2G. For more information, see xref:database-internals/transaction-logs.adoc#transaction-logging-log-retention[Configure transaction log retention policy]. Having the least amount of transaction log data speeds up the checkpoint process. diff --git a/modules/ROOT/pages/database-internals/transaction-logs.adoc b/modules/ROOT/pages/database-internals/transaction-logs.adoc index a959deb6b..7464e7caa 100644 --- a/modules/ROOT/pages/database-internals/transaction-logs.adoc +++ b/modules/ROOT/pages/database-internals/transaction-logs.adoc @@ -63,11 +63,11 @@ For more information about how to do it, see xref:configuration/dynamic-settings Up to Neo4j 5.12, the default value is set to `2 days`, which means Neo4j keeps logical logs that contain any transaction committed within 2 days and prunes the ones that only contain transactions older than 2 days. -label:new[Introduced in Neo4j 5.9] + +[role=label--new-5.9] From Neo4j 5.9 onwards, you can optionally add a period-based restriction to the size of logs to keep. For example, `2 days 1G` prunes logical logs that only contain transactions older than 2 days or are larger than 1G. -label:new[Introduced in Neo4j 5.13] + +[role=label--new-5.13] Starting from Neo4j 5.13, the default value is changed to `2 days 2G`, which means Neo4j keeps logical logs that contain any transaction committed within 2 days from the current time and within the allocated log space (2G). Other possible ways to configure the log retention policy are: diff --git a/modules/ROOT/pages/database-internals/transaction-management.adoc b/modules/ROOT/pages/database-internals/transaction-management.adoc index a14cd4c32..1873a5875 100644 --- a/modules/ROOT/pages/database-internals/transaction-management.adoc +++ b/modules/ROOT/pages/database-internals/transaction-management.adoc @@ -56,7 +56,7 @@ db.transaction.timeout=10s Configuring transaction timeout does not affect transactions executed with custom timeouts (e.g., via the Java API or Neo4j Drivers), as the custom timeout overrides the value set for `db.transaction.timeout`. Note that the timeout value can only be overridden to a value smaller than that configured by `db.transaction.timeout`. -label:new[Introduced in Neo4j 5.3] +[role=label--new-5.3] Starting from Neo4j 5.3, you can set the transaction timeout to any value, even larger than configured by `db.transaction.timeout`. diff --git a/modules/ROOT/pages/docker/introduction.adoc b/modules/ROOT/pages/docker/introduction.adoc index 45513f764..1dd760a61 100644 --- a/modules/ROOT/pages/docker/introduction.adoc +++ b/modules/ROOT/pages/docker/introduction.adoc @@ -100,10 +100,13 @@ You can try out your Neo4j container by opening _http://localhost:7474/_ (the Ne By default, Neo4j requires authentication and prompts you to log in with a username/password of `neo4j/neo4j` at the first connection. You are then prompted to set a new password. + +[role=label--new-5.13] [NOTE] ==== The default minimum password length is 8 characters. -Use the `dbms.security.auth_minimum_password_length` configuration to change it. + +Use the xref:configuration/configuration-settings.adoc#config_config_dbms.security.auth_minimum_password_length[`dbms.security.auth_minimum_password_length`] configuration setting to change the default minimum value. ==== The following sections provide more information about how to set an initial password, configure Neo4j to persist data between restarts, and use the Neo4j Docker image. diff --git a/modules/ROOT/pages/kubernetes/authentication-authorization.adoc b/modules/ROOT/pages/kubernetes/authentication-authorization.adoc index 990e22abf..1e026f9e4 100644 --- a/modules/ROOT/pages/kubernetes/authentication-authorization.adoc +++ b/modules/ROOT/pages/kubernetes/authentication-authorization.adoc @@ -1,9 +1,10 @@ [[configure-authentication-and-authorization]] = Authentication and authorization + +[role=label--enterprise-edition] [[configure-ldap-password-through-secret]] == Configure LDAP password through secret -label:enterprise-edition[] To configure the Neo4j Helm deployment to use the LDAP system password through secret, you need to create a Kubernetes secret with the LDAP password and then add the secret name and the mount path to the _values.yaml_ file. diff --git a/modules/ROOT/pages/kubernetes/persistent-volumes.adoc b/modules/ROOT/pages/kubernetes/persistent-volumes.adoc index 4d9b5671b..bfbf29b7a 100644 --- a/modules/ROOT/pages/kubernetes/persistent-volumes.adoc +++ b/modules/ROOT/pages/kubernetes/persistent-volumes.adoc @@ -66,7 +66,9 @@ The volume used for each volume mount can be changed by modifying the `volumes.< The Neo4j Helm chart `volumes` object supports different modes, such as `dynamic`, `share`, `defaultStorageClass`, `volume`, `selector`, and `volumeClaimTemplate`. From Neo4j 5.10, you can also set a label on creation for the volumes with mode `dynamic`, `defaultStorageClass`, `selector`, and `volumeClaimTemplate`, which can be used to filter the PVs that are used for the volume mount. -=== `mode: dynamic` label:Recommended[] + +[role=label--recommended] +=== `mode: dynamic` Description:: Dynamic volumes are recommended for most production workloads due to ease of management. @@ -248,8 +250,10 @@ To see a list of available storage classes in your Kubernetes cluster, run the f kubectl get storageclass ---- + +[role=label--recommended] [[dynamic-pv-mode]] -==== Provision a PV using a dedicated `StorageClass` label:Recommended[] +==== Provision a PV using a dedicated `StorageClass` For production workloads, it is recommended to create a dedicated storage class for Neo4j, which uses the `Retain` reclaim policy. This is to avoid data loss when disks are deleted after removing the persistent volume resource. diff --git a/modules/ROOT/pages/monitoring/metrics/reference.adoc b/modules/ROOT/pages/monitoring/metrics/reference.adoc index 1a5cb75f1..3d7013eef 100644 --- a/modules/ROOT/pages/monitoring/metrics/reference.adoc +++ b/modules/ROOT/pages/monitoring/metrics/reference.adoc @@ -97,10 +97,12 @@ By default, database metrics include: |.dbms.bolt.response_failed|(unsupported feature) When `internal.server.bolt.response_metrics` is enabled, number of `encounteredinstances` of a given error code. (counter) |=== + +[role=label--new-5.13] [[bolt-driver-metrics]] === Bolt Driver metrics -label:new[Introduced in 5.13] +// label:new[Introduced in 5.13] .Bolt Driver metrics [options="header",cols="<3m,<4"] @@ -183,10 +185,12 @@ label:new[Introduced in 5.13] |.db.operation.count.recovered|Count of database operations that failed previously but have recovered. (counter) |=== + +[role=label--new-5.7] [[db-state-count-metrics]] === Database state count metrics -label:new[Introduced in 5.7] +// label:new[Introduced in 5.7] .Database state count metrics [options="header",cols="<3m,<4"] @@ -289,10 +293,12 @@ label:deprecated[Deprecated in 5.15] |.db.query.execution.slotted.latency.millis|Execution time in milliseconds of queries executed successfully in slotted runtime. (histogram) |=== + +[role=label--new-5.10] [[query-routing-metrics]] === Query routing metrics -label:new[Introduced in 5.10] +// label:new[Introduced in 5.10] .Query routing metrics [options="header",cols="<3m,<4"] diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index 4191243a0..4ea67389d 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -767,10 +767,13 @@ Replaced by: `ALTER USER`. |=== + == Procedure descriptions + +[role=label--new-5.13 label--beta label--deprecated--5.17] [[procedure_cdc_current]] -.cdc.current() label:new[Introduced in 5.13] label:beta[] label:deprecated[Deprecated in 5.17] +.cdc.current() [cols="<15s,<85"] |=== | Description @@ -784,8 +787,10 @@ m|READ a|xref:reference/procedures.adoc#procedure_db_cdc_current[`db.cdc.current()`] |=== + +[role=label--new-5.13 label--beta label--deprecated--5.17] [[procedure_cdc_earliest]] -.cdc.earliest() label:new[Introduced in 5.13] label:beta[] label:deprecated[Deprecated in 5.17] +.cdc.earliest() [cols="<15s,<85"] |=== | Description @@ -799,8 +804,10 @@ m|READ a|xref:reference/procedures.adoc#procedure_db_cdc_earliest[`db.cdc.earliest()`] |=== + +[role=label--new-5.13 label--beta label--deprecated--5.17 label--admin-only] [[procedure_cdc_query]] -.cdc.query() label:new[Introduced in 5.13] label:beta[] label:deprecated[Deprecated in 5.17] label:admin-only[] +.cdc.query() [cols="<15s,<85"] |=== | Description @@ -814,8 +821,10 @@ m|READ a|xref:reference/procedures.adoc#procedure_db_cdc_query[`db.cdc.query()`] |=== + +[role=label--new-5.17 label--beta] [[procedure_db_cdc_current]] -.db.cdc.current() label:new[Introduced in 5.17] label:beta[] +.db.cdc.current() [cols="<15s,<85"] |=== | Description @@ -827,8 +836,10 @@ m|cdc.current() :: (id :: STRING) m|READ |=== + +[role=label--new-5.17 label--beta] [[procedure_db_cdc_earliest]] -.db.cdc.earliest() label:new[Introduced in 5.17] label:beta[] +.db.cdc.earliest() [cols="<15s,<85"] |=== | Description @@ -840,8 +851,10 @@ m|cdc.earliest() :: (id :: STRING) m|READ |=== + +[role=label--new-5.17 label--beta label--admin-only] [[procedure_db_cdc_query]] -.db.cdc.query() label:new[Introduced in 5.17] label:beta[] label:admin-only[] +.db.cdc.query() [cols="<15s,<85"] |=== | Description @@ -854,6 +867,7 @@ m|READ |=== + [[procedure_db_awaitindex]] .db.awaitIndex() [cols="<15s,<85"] @@ -876,6 +890,7 @@ It is therefore not supported by the parallel runtime (introduced in Neo4j 5.13) For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/planning-and-tuning/runtimes/concepts#runtimes-parallel-runtime[Cypher Manual -> Parallel runtime]. ==== + [[procedure_db_awaitindexes]] .db.awaitIndexes() [cols="<15s,<85"] @@ -898,8 +913,10 @@ It is therefore not supported by the parallel runtime (introduced in Neo4j 5.13) For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/planning-and-tuning/runtimes/concepts#runtimes-parallel-runtime[Cypher Manual -> Parallel runtime]. ==== + +[role=label--enterprise-edition] [[procedure_db_checkpoint]] -.db.checkpoint() label:enterprise-edition[] +.db.checkpoint() [cols="<15s,<85"] |=== | Description @@ -923,8 +940,10 @@ It is therefore not supported by the parallel runtime (introduced in Neo4j 5.13) For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/planning-and-tuning/runtimes/concepts#runtimes-parallel-runtime[Cypher Manual -> Parallel runtime]. ==== + +[role=label--admin-only] [[procedure_db_clearquerycaches]] -.db.clearQueryCaches() label:admin-only[] +.db.clearQueryCaches() [cols="<15s,<85"] |=== | Description @@ -938,8 +957,10 @@ m|DBMS // m|admin |=== + +[role=label--new-5.13 label--beta] [[procedure_db_create_setNodeVectorProperty]] -.db.create.setNodeVectorProperty() label:new[Introduced in 5.13] label:beta[] +.db.create.setNodeVectorProperty() [cols="<15s,<85"] |=== | Description @@ -951,8 +972,10 @@ m| db.create.setNodeVectorProperty(node :: NODE, key :: STRING, vector :: LIST Parallel runtime]. ==== + +[role=label--admin-only] [[procedure_db_prepareforreplanning]] -.db.prepareForReplanning() label:admin-only[] +.db.prepareForReplanning() [cols="<15s,<85"] |=== | Description @@ -1405,8 +1436,10 @@ It is therefore not supported by the parallel runtime (introduced in Neo4j 5.13) For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/planning-and-tuning/runtimes/concepts#runtimes-parallel-runtime[Cypher Manual -> Parallel runtime]. ==== + +[role=label--admin-only] [[procedure_db_stats_clear]] -.db.stats.clear() label:admin-only[] +.db.stats.clear() [cols="<15s,<85"] |=== | Description @@ -1423,8 +1456,9 @@ m|READ |=== +[role=label--admin-only] [[procedure_db_stats_collect]] -.db.stats.collect() label:admin-only[] +.db.stats.collect() [cols="<15s,<85"] |=== | Description @@ -1441,8 +1475,9 @@ m|READ |=== +[role=label--admin-only] [[procedure_db_stats_retrieve]] -.db.stats.retrieve() label:admin-only[] +.db.stats.retrieve() [cols="<15s,<85"] |=== | Description @@ -1459,8 +1494,9 @@ m|READ |=== +[role=label--admin-only] [[procedure_db_stats_retrieveallanonymized]] -.db.stats.retrieveAllAnonymized() label:admin-only[] +.db.stats.retrieveAllAnonymized() [cols="<15s,<85"] |=== | Description @@ -1475,8 +1511,9 @@ m|READ |=== +[role=label--admin-only] [[procedure_db_stats_status]] -.db.stats.status() label:admin-only[] +.db.stats.status() [cols="<15s,<85"] |=== | Description @@ -1491,8 +1528,9 @@ m|READ |=== +[role=label--admin-only] [[procedure_db_stats_stop]] -.db.stats.stop() label:admin-only[] +.db.stats.stop() [cols="<15s,<85"] |=== | Description @@ -1508,8 +1546,10 @@ m|READ // m|admin |=== + +[role=label--admin-only label--enterprise-edition] [[procedure_dbms_checkconfigvalue]] -.dbms.checkConfigValue() label:admin-only[] label:enterprise-edition[] +.dbms.checkConfigValue() [cols="<15s,<85"] |=== | Description @@ -1539,8 +1579,10 @@ It is therefore not supported by the parallel runtime (introduced in Neo4j 5.13) For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/planning-and-tuning/runtimes/concepts#runtimes-parallel-runtime[Cypher Manual -> Parallel runtime]. ==== + +[role=label--admin-only label--enterprise-edition] [[procedure_dbms_cluster_setAutomaticallyEnableFreeServers]] -.dbms.cluster.setAutomaticallyEnableFreeServers() label:enterprise-edition[] label:admin-only[] +.dbms.cluster.setAutomaticallyEnableFreeServers() [cols="<15s,<85"] |=== | Description @@ -1552,8 +1594,10 @@ m|dbms.cluster.setAutomaticallyEnableFreeServers(autoEnable :: BOOLEAN) m|WRITE |=== + +[role=label--admin-only label--enterprise-edition] [[procedure_dbms_cluster_checkConnectivity]] -.dbms.cluster.checkConnectivity() label:enterprise-edition[] label:admin-only[] +.dbms.cluster.checkConnectivity() [cols="<15s,<85"] |=== | Description @@ -1567,8 +1611,10 @@ m|dbms.cluster.checkConnectivity(port-name = null :: STRING, server = null :: ST m|DBMS |=== + +[role=label--admin-only label--enterprise-edition] [[procedure_dbms_cluster_cordonServer]] -.dbms.cluster.cordonServer() label:enterprise-edition[] label:admin-only[] +.dbms.cluster.cordonServer() [cols="<15s,<85"] |=== | Description @@ -1599,8 +1645,10 @@ m|DBMS // m|reader, editor, publisher, architect, admin |=== + +[role=label--enterprise-edition] [[procedure_dbms_cluster_protocols]] -.dbms.cluster.protocols() label:enterprise-edition[] +.dbms.cluster.protocols() [cols="<15s,<85"] |=== | Description @@ -1614,8 +1662,10 @@ m|DBMS // m|reader, editor, publisher, architect, admin |=== + +[role=label--admin-only label--enterprise-edition label--deprecated-5.6] [[procedure_dbms_cluster_readreplicatoggle]] -.dbms.cluster.readReplicaToggle() label:enterprise-edition[] label:admin-only[] label:deprecated[Deprecated in 5.6] +.dbms.cluster.readReplicaToggle() [cols="<15s,<85"] |=== | Description @@ -1650,21 +1700,24 @@ If connected directly to a server hosting a database in secondary mode, Data Sci This procedure can only be executed on a database that runs in a secondary role on the connected server. ==== + .Pause transaction pulling for database `neo4j` [source, cypher, role="noheader"] ---- CALL dbms.cluster.readReplicaToggle("neo4j", true) ---- + .Resume transaction pulling for database `neo4j` [source, cypher, role="noheader"] ---- CALL dbms.cluster.readReplicaToggle("neo4j", false) ---- - +[role=label--new-5.6 label--admin-only label--enterprise-edition] +[[procedure_dbms_cluster_secondaryreplicationenable]] [[procedure_dbms_cluster_secondaryreplicationdisable]] -.dbms.cluster.secondaryReplicationDisable() label:enterprise-edition[] label:admin-only[] label:new[Introduced in 5.6] +.dbms.cluster.secondaryReplicationDisable() [cols="<15s,<85"] |=== | Description @@ -1709,8 +1762,10 @@ CALL dbms.cluster.secondaryReplicationDisable("neo4j", true) CALL dbms.cluster.secondaryReplicationDisable("neo4j", false) ---- + +[role=label--admin-only label--enterprise-edition] [[procedure_dbms_cluster_uncordonServer]] -.dbms.cluster.uncordonServer() label:enterprise-edition[] label:admin-only[] +.dbms.cluster.uncordonServer() [cols="<15s,<85"] |=== | Description @@ -1737,6 +1792,7 @@ m|DBMS // m|reader, editor, publisher, architect, admin |=== + [[procedure_dbms_info]] .dbms.info() [cols="<15s,<85"] @@ -1785,8 +1841,9 @@ m|DBMS |=== +[role=label--enterprise-edition] [[procedure_dbms_listactivelocks]] -.dbms.listActiveLocks() label:enterprise-edition[] +.dbms.listActiveLocks() [cols="<15s,<85"] |=== | Description @@ -1807,6 +1864,7 @@ It is therefore not supported by the parallel runtime (introduced in Neo4j 5.13) For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/planning-and-tuning/runtimes/concepts#runtimes-parallel-runtime[Cypher Manual -> Parallel runtime]. ==== + [[procedure_dbms_listcapabilities]] .dbms.listCapabilities() [cols="<15s,<85"] @@ -1820,8 +1878,10 @@ m|dbms.listCapabilities() :: (name :: STRING, description :: STRING, value :: AN m|DBMS |=== + +[role=label--admin-only] [[procedure_dbms_listconfig]] -.dbms.listConfig() label:admin-only[] +.dbms.listConfig() [cols="<15s,<85"] |=== | Description @@ -1850,8 +1910,10 @@ m|DBMS // m|reader, editor, publisher, architect, admin |=== + +[role=label--enterprise-edition] [[procedure_dbms_listpools]] -.dbms.listPools() label:enterprise-edition[] +.dbms.listPools() [cols="<15s,<85"] |=== | Description @@ -1872,8 +1934,10 @@ It is therefore not supported by the parallel runtime (introduced in Neo4j 5.13) For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/planning-and-tuning/runtimes/concepts#runtimes-parallel-runtime[Cypher Manual -> Parallel runtime]. ==== + +[role=label--admin-only label--enterprise-edition] [[procedure_dbms_quarantineDatabase]] -.dbms.quarantineDatabase() label:enterprise-edition[] label:admin-only[] +.dbms.quarantineDatabase() [cols="<15s,<85"] |=== | Description @@ -1919,8 +1983,10 @@ m|DBMS // m|reader, editor, publisher, architect, admin |=== + +[role=label--admin-only label--enterprise-edition] [[procedure_dbms_setDatabaseAllocator]] -.dbms.setDatabaseAllocator() label:enterprise-edition[] label:admin-only[] +.dbms.setDatabaseAllocator() [cols="<15s,<85"] |=== | Description @@ -1932,8 +1998,10 @@ m|dbms.setDatabaseAllocator(allocator :: STRING) a|WRITE |=== + +[role=label--admin-only label--enterprise-edition] [[procedure_dbms_setDefaultAllocationNumbers]] -.dbms.setDefaultAllocationNumbers() label:enterprise-edition[] label:admin-only[] +.dbms.setDefaultAllocationNumbers() [cols="<15s,<85"] |=== | Description @@ -1944,8 +2012,10 @@ m|dbms.setDefaultAllocationNumbers(primaries :: INTEGER, secondaries :: INTEGER) a|WRITE |=== + +[role=label--admin-only label--enterprise-edition] [[procedure_dbms_setDefaultDatabase]] -.dbms.setDefaultDatabase() label:enterprise-edition[] label:admin-only[] +.dbms.setDefaultDatabase() [cols="<15s,<85"] |=== | Description @@ -1957,8 +2027,10 @@ m|dbms.setDefaultDatabase(databaseName :: STRING) :: (result :: STRING) a|WRITE |=== + +[role=label--admin-only label--enterprise-edition] [[procedure_dbms_scheduler_failedjobs]] -.dbms.scheduler.failedJobs() label:enterprise-edition[] label:admin-only[] +.dbms.scheduler.failedJobs() [cols="<15s,<85"] |=== | Description @@ -1980,8 +2052,9 @@ For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-ver ==== +[role=label--admin-only label--enterprise-edition] [[procedure_dbms_scheduler_groups]] -.dbms.scheduler.groups() label:enterprise-edition[] label:admin-only[] +.dbms.scheduler.groups() [cols="<15s,<85"] |=== | Description @@ -2002,8 +2075,10 @@ It is therefore not supported by the parallel runtime (introduced in Neo4j 5.13) For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/planning-and-tuning/runtimes/concepts#runtimes-parallel-runtime[Cypher Manual -> Parallel runtime]. ==== + +[role=label--admin-only label--enterprise-edition] [[procedure_dbms_scheduler_jobs]] -.dbms.scheduler.jobs() label:enterprise-edition[] label:admin-only[] +.dbms.scheduler.jobs() [cols="<15s,<85"] |=== | Description @@ -2024,8 +2099,10 @@ It is therefore not supported by the parallel runtime (introduced in Neo4j 5.13) For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/planning-and-tuning/runtimes/concepts#runtimes-parallel-runtime[Cypher Manual -> Parallel runtime]. ==== + +[role=label--admin-only label--enterprise-edition] [[procedure_dbms_security_clearauthcache]] -.dbms.security.clearAuthCache() label:enterprise-edition[] label:admin-only[] +.dbms.security.clearAuthCache() [cols="<15s,<85"] |=== | Description @@ -2039,8 +2116,10 @@ m|DBMS // m|admin |=== + +[role=label--admin-only label--enterprise-edition] [[procedure_dbms_setconfigvalue]] -.dbms.setConfigValue() label:enterprise-edition[] label:admin-only[] +.dbms.setConfigValue() [cols="<15s,<85"] |=== | Description @@ -2073,8 +2152,10 @@ m|DBMS // m|reader, editor, publisher, architect, admin |=== + +[role=label--enterprise-edition label--admin-only] [[procedure_dbms_showTopologyGraphConfig]] -.dbms.showTopologyGraphConfig() label:enterprise-only[] label:admin-only[] +.dbms.showTopologyGraphConfig() [cols="<15s,<85"] |=== | Description @@ -2085,8 +2166,10 @@ m|dbms.showTopologyGraphConfig() :: (allocator :: STRING, defaultPrimariesCount m|READ |=== + +[role=label--deprecated-5.9 label--admin-only] [[procedure_dbms_upgrade]] -.dbms.upgrade() label:admin-only[] label:deprecated[Deprecated in 5.9] +.dbms.upgrade() [cols="<15s,<85"] |=== | Description @@ -2107,8 +2190,10 @@ It is therefore not supported by the parallel runtime (introduced in Neo4j 5.13) For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/planning-and-tuning/runtimes/concepts#runtimes-parallel-runtime[Cypher Manual -> Parallel runtime]. ==== + +[role=label--deprecated-5.9 label--admin-only] [[procedure_dbms_upgradestatus]] -.dbms.upgradeStatus() label:admin-only[] label:deprecated[Deprecated in 5.9] +.dbms.upgradeStatus() [cols="<15s,<85"] |=== | Description @@ -2129,8 +2214,10 @@ It is therefore not supported by the parallel runtime (introduced in Neo4j 5.13) For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/planning-and-tuning/runtimes/concepts#runtimes-parallel-runtime[Cypher Manual -> Parallel runtime]. ==== + +[role=label--aura label--new-5.17] [[procedure_genai_vector_encodeBatch]] -.genai.vector.encodeBatch() label:new[Available in Aura] label:new[Introduced in 5.17] +.genai.vector.encodeBatch() [cols="<15s,<85"] |=== diff --git a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc index 4cd520153..1333b7127 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc @@ -423,9 +423,9 @@ If importing to a database that has not explicitly been created prior to the imp ==== +[role=label--enterprise-edition] [[import-tool-incremental]] == Incremental import -label:enterprise-only[] [WARNING] ==== @@ -1308,11 +1308,11 @@ neo4j_home$ bin/neo4j-admin database import --nodes import/movies-header.csv,imp ---- ==== + +[role=label--enterprise-edition] [[import-tool-resume]] == Resuming a stopped or canceled import -label:enterprise-only[] - An import that is stopped or fails before completing can be resumed from a point closer to where it was stopped. An import can be resumed from the following points: diff --git a/modules/ROOT/pages/tools/neo4j-admin/validate-config.adoc b/modules/ROOT/pages/tools/neo4j-admin/validate-config.adoc index fe07701ba..79e538dfb 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/validate-config.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/validate-config.adoc @@ -1,12 +1,13 @@ -:description: How to validate configurations using Neo4j Admin. [[neo4j-admin-validate-config]] = Validate configurations +:page-role: new-5.5 +:description: How to validate configurations using Neo4j Admin. -This feature was introduced in Neo4j 5.5. The `neo4j-admin server validate-config` command validates the Neo4j and Log4j configurations. It is located in the `bin` directory and is used to validate the configuration files before starting Neo4j. + == Syntax The `neo4j-admin server validate-config` command has the following syntax: @@ -16,6 +17,7 @@ The `neo4j-admin server validate-config` command has the following syntax: neo4j-admin server validate-config [-h] [--expand-commands] [--verbose] ---- + == Options The `neo4j-admin server validate-config` command has the following options: From daab50de24f95111cb439ab90b2d93eae65e1a9e Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 13 Mar 2024 15:55:28 +0000 Subject: [PATCH 591/876] Swap the role and anchor places (#1481) --- modules/ROOT/pages/reference/procedures.adoc | 125 ++++++++++++------- 1 file changed, 79 insertions(+), 46 deletions(-) diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index 4ea67389d..a36482f49 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -771,8 +771,8 @@ Replaced by: `ALTER USER`. == Procedure descriptions -[role=label--new-5.13 label--beta label--deprecated--5.17] [[procedure_cdc_current]] +[role=label--new-5.13 label--beta label--deprecated--5.17] .cdc.current() [cols="<15s,<85"] |=== @@ -788,8 +788,8 @@ a|xref:reference/procedures.adoc#procedure_db_cdc_current[`db.cdc.current()`] |=== -[role=label--new-5.13 label--beta label--deprecated--5.17] [[procedure_cdc_earliest]] +[role=label--new-5.13 label--beta label--deprecated--5.17] .cdc.earliest() [cols="<15s,<85"] |=== @@ -805,8 +805,8 @@ a|xref:reference/procedures.adoc#procedure_db_cdc_earliest[`db.cdc.earliest()`] |=== -[role=label--new-5.13 label--beta label--deprecated--5.17 label--admin-only] [[procedure_cdc_query]] +[role=label--new-5.13 label--beta label--deprecated--5.17 label--admin-only] .cdc.query() [cols="<15s,<85"] |=== @@ -822,8 +822,8 @@ a|xref:reference/procedures.adoc#procedure_db_cdc_query[`db.cdc.query()`] |=== -[role=label--new-5.17 label--beta] [[procedure_db_cdc_current]] +[role=label--new-5.17 label--beta] .db.cdc.current() [cols="<15s,<85"] |=== @@ -837,8 +837,8 @@ m|READ |=== -[role=label--new-5.17 label--beta] [[procedure_db_cdc_earliest]] +[role=label--new-5.17 label--beta] .db.cdc.earliest() [cols="<15s,<85"] |=== @@ -852,8 +852,8 @@ m|READ |=== -[role=label--new-5.17 label--beta label--admin-only] [[procedure_db_cdc_query]] +[role=label--new-5.17 label--beta label--admin-only] .db.cdc.query() [cols="<15s,<85"] |=== @@ -914,8 +914,8 @@ For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-ver ==== -[role=label--enterprise-edition] [[procedure_db_checkpoint]] +[role=label--enterprise-edition] .db.checkpoint() [cols="<15s,<85"] |=== @@ -941,8 +941,8 @@ For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-ver ==== -[role=label--admin-only] [[procedure_db_clearquerycaches]] +[role=label--admin-only] .db.clearQueryCaches() [cols="<15s,<85"] |=== @@ -958,8 +958,8 @@ m|DBMS |=== -[role=label--new-5.13 label--beta] [[procedure_db_create_setNodeVectorProperty]] +[role=label--new-5.13 label--beta] .db.create.setNodeVectorProperty() [cols="<15s,<85"] |=== @@ -973,8 +973,8 @@ m|WRITE |=== -[role=label--new-5.11 label--beta label--deprecated-5.13] [[procedure_db_create_setVectorProperty]] +[role=label--new-5.11 label--beta label--deprecated-5.13] .db.create.setVectorProperty() [cols="<15s,<85"] |=== @@ -1120,8 +1120,9 @@ m|READ |=== -[role=label--new-5.11] + [[procedure_db_index_vector_createNodeIndex]] +[role=label--new-5.11] .db.index.vector.createNodeIndex() label:beta[Beta until 5.13] [cols="<15s,<85"] |=== @@ -1139,8 +1140,9 @@ m|CREATE VECTOR INDEX ... |=== -[role=label--new-5.11] + [[procedure_db_index_vector_queryNodes]] +[role=label--new-5.11] .db.index.vector.queryNodes() label:beta[Beta until 5.13] [cols="<15s,<85"] |=== @@ -1202,8 +1204,9 @@ For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-ver ==== -[role=label--enterprise-edition label--admin-only] + [[procedure_db_listlocks]] +[role=label--enterprise-edition label--admin-only] .db.listLocks() [cols="<15s,<85"] |=== @@ -1251,8 +1254,9 @@ For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-ver ==== -[role=label--admin-only] + [[procedure_db_prepareforreplanning]] +[role=label--admin-only] .db.prepareForReplanning() [cols="<15s,<85"] |=== @@ -1437,8 +1441,9 @@ For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-ver ==== -[role=label--admin-only] + [[procedure_db_stats_clear]] +[role=label--admin-only] .db.stats.clear() [cols="<15s,<85"] |=== @@ -1456,8 +1461,9 @@ m|READ |=== -[role=label--admin-only] + [[procedure_db_stats_collect]] +[role=label--admin-only] .db.stats.collect() [cols="<15s,<85"] |=== @@ -1475,8 +1481,9 @@ m|READ |=== -[role=label--admin-only] + [[procedure_db_stats_retrieve]] +[role=label--admin-only] .db.stats.retrieve() [cols="<15s,<85"] |=== @@ -1494,8 +1501,9 @@ m|READ |=== -[role=label--admin-only] + [[procedure_db_stats_retrieveallanonymized]] +[role=label--admin-only] .db.stats.retrieveAllAnonymized() [cols="<15s,<85"] |=== @@ -1511,8 +1519,9 @@ m|READ |=== -[role=label--admin-only] + [[procedure_db_stats_status]] +[role=label--admin-only] .db.stats.status() [cols="<15s,<85"] |=== @@ -1528,8 +1537,9 @@ m|READ |=== -[role=label--admin-only] + [[procedure_db_stats_stop]] +[role=label--admin-only] .db.stats.stop() [cols="<15s,<85"] |=== @@ -1547,8 +1557,9 @@ m|READ |=== -[role=label--admin-only label--enterprise-edition] + [[procedure_dbms_checkconfigvalue]] +[role=label--admin-only label--enterprise-edition] .dbms.checkConfigValue() [cols="<15s,<85"] |=== @@ -1580,8 +1591,9 @@ For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-ver ==== -[role=label--admin-only label--enterprise-edition] + [[procedure_dbms_cluster_setAutomaticallyEnableFreeServers]] +[role=label--admin-only label--enterprise-edition] .dbms.cluster.setAutomaticallyEnableFreeServers() [cols="<15s,<85"] |=== @@ -1595,8 +1607,9 @@ m|WRITE |=== -[role=label--admin-only label--enterprise-edition] + [[procedure_dbms_cluster_checkConnectivity]] +[role=label--admin-only label--enterprise-edition] .dbms.cluster.checkConnectivity() [cols="<15s,<85"] |=== @@ -1612,8 +1625,9 @@ m|DBMS |=== -[role=label--admin-only label--enterprise-edition] + [[procedure_dbms_cluster_cordonServer]] +[role=label--admin-only label--enterprise-edition] .dbms.cluster.cordonServer() [cols="<15s,<85"] |=== @@ -1646,8 +1660,9 @@ m|DBMS |=== -[role=label--enterprise-edition] + [[procedure_dbms_cluster_protocols]] +[role=label--enterprise-edition] .dbms.cluster.protocols() [cols="<15s,<85"] |=== @@ -1663,8 +1678,9 @@ m|DBMS |=== -[role=label--admin-only label--enterprise-edition label--deprecated-5.6] + [[procedure_dbms_cluster_readreplicatoggle]] +[role=label--admin-only label--enterprise-edition label--deprecated-5.6] .dbms.cluster.readReplicaToggle() [cols="<15s,<85"] |=== @@ -1714,10 +1730,11 @@ CALL dbms.cluster.readReplicaToggle("neo4j", true) CALL dbms.cluster.readReplicaToggle("neo4j", false) ---- -[role=label--new-5.6 label--admin-only label--enterprise-edition] -[[procedure_dbms_cluster_secondaryreplicationenable]] + + [[procedure_dbms_cluster_secondaryreplicationdisable]] -.dbms.cluster.secondaryReplicationDisable() +[role=label--new-5.6 label--admin-only label--enterprise-edition] +.dbms.cluster.secondaryReplicationDisable() [cols="<15s,<85"] |=== | Description @@ -1763,8 +1780,9 @@ CALL dbms.cluster.secondaryReplicationDisable("neo4j", false) ---- -[role=label--admin-only label--enterprise-edition] + [[procedure_dbms_cluster_uncordonServer]] +[role=label--admin-only label--enterprise-edition] .dbms.cluster.uncordonServer() [cols="<15s,<85"] |=== @@ -1841,8 +1859,9 @@ m|DBMS |=== -[role=label--enterprise-edition] + [[procedure_dbms_listactivelocks]] +[role=label--enterprise-edition] .dbms.listActiveLocks() [cols="<15s,<85"] |=== @@ -1879,8 +1898,9 @@ m|DBMS |=== -[role=label--admin-only] + [[procedure_dbms_listconfig]] +[role=label--admin-only] .dbms.listConfig() [cols="<15s,<85"] |=== @@ -1911,8 +1931,9 @@ m|DBMS |=== -[role=label--enterprise-edition] + [[procedure_dbms_listpools]] +[role=label--enterprise-edition] .dbms.listPools() [cols="<15s,<85"] |=== @@ -1935,8 +1956,9 @@ For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-ver ==== -[role=label--admin-only label--enterprise-edition] + [[procedure_dbms_quarantineDatabase]] +[role=label--admin-only label--enterprise-edition] .dbms.quarantineDatabase() [cols="<15s,<85"] |=== @@ -1984,8 +2006,9 @@ m|DBMS |=== -[role=label--admin-only label--enterprise-edition] + [[procedure_dbms_setDatabaseAllocator]] +[role=label--admin-only label--enterprise-edition] .dbms.setDatabaseAllocator() [cols="<15s,<85"] |=== @@ -1999,8 +2022,9 @@ a|WRITE |=== -[role=label--admin-only label--enterprise-edition] + [[procedure_dbms_setDefaultAllocationNumbers]] +[role=label--admin-only label--enterprise-edition] .dbms.setDefaultAllocationNumbers() [cols="<15s,<85"] |=== @@ -2013,8 +2037,9 @@ a|WRITE |=== -[role=label--admin-only label--enterprise-edition] + [[procedure_dbms_setDefaultDatabase]] +[role=label--admin-only label--enterprise-edition] .dbms.setDefaultDatabase() [cols="<15s,<85"] |=== @@ -2028,8 +2053,9 @@ a|WRITE |=== -[role=label--admin-only label--enterprise-edition] + [[procedure_dbms_scheduler_failedjobs]] +[role=label--admin-only label--enterprise-edition] .dbms.scheduler.failedJobs() [cols="<15s,<85"] |=== @@ -2052,8 +2078,8 @@ For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-ver ==== -[role=label--admin-only label--enterprise-edition] [[procedure_dbms_scheduler_groups]] +[role=label--admin-only label--enterprise-edition] .dbms.scheduler.groups() [cols="<15s,<85"] |=== @@ -2076,8 +2102,9 @@ For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-ver ==== -[role=label--admin-only label--enterprise-edition] + [[procedure_dbms_scheduler_jobs]] +[role=label--admin-only label--enterprise-edition] .dbms.scheduler.jobs() [cols="<15s,<85"] |=== @@ -2100,8 +2127,9 @@ For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-ver ==== -[role=label--admin-only label--enterprise-edition] + [[procedure_dbms_security_clearauthcache]] +[role=label--admin-only label--enterprise-edition] .dbms.security.clearAuthCache() [cols="<15s,<85"] |=== @@ -2117,8 +2145,9 @@ m|DBMS |=== -[role=label--admin-only label--enterprise-edition] + [[procedure_dbms_setconfigvalue]] +[role=label--admin-only label--enterprise-edition] .dbms.setConfigValue() [cols="<15s,<85"] |=== @@ -2153,8 +2182,9 @@ m|DBMS |=== -[role=label--enterprise-edition label--admin-only] + [[procedure_dbms_showTopologyGraphConfig]] +[role=label--enterprise-edition label--admin-only] .dbms.showTopologyGraphConfig() [cols="<15s,<85"] |=== @@ -2167,8 +2197,9 @@ m|READ |=== -[role=label--deprecated-5.9 label--admin-only] + [[procedure_dbms_upgrade]] +[role=label--deprecated-5.9 label--admin-only] .dbms.upgrade() [cols="<15s,<85"] |=== @@ -2191,8 +2222,9 @@ For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-ver ==== -[role=label--deprecated-5.9 label--admin-only] + [[procedure_dbms_upgradestatus]] +[role=label--deprecated-5.9 label--admin-only] .dbms.upgradeStatus() [cols="<15s,<85"] |=== @@ -2215,8 +2247,9 @@ For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-ver ==== -[role=label--aura label--new-5.17] + [[procedure_genai_vector_encodeBatch]] +[role=label--aura label--new-5.17] .genai.vector.encodeBatch() [cols="<15s,<85"] From b421d02caa37e11785344d4d5457d90470cf6efd Mon Sep 17 00:00:00 2001 From: Neil Dewhurst Date: Wed, 13 Mar 2024 16:05:35 +0000 Subject: [PATCH 592/876] run npm update before start (#1480) --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index be31f0220..bd48b3d87 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,7 @@ "main": "server.js", "scripts": { "test": "echo \"Error: no test specified\" && exit 1", - "start": "nodemon -e adoc --exec \"npm run build && npm run serve\"", + "start": "npm update && nodemon -e adoc --exec \"npm run build && npm run serve\"", "serve": "node server.js", "adoc-gen": "node scripts/adoc-gen.js", "build": "antora preview.yml --stacktrace --log-format=pretty", From a80518489d8bf2ce7a20250f4b8b22230ffaf7ab Mon Sep 17 00:00:00 2001 From: Neil Dewhurst Date: Wed, 13 Mar 2024 16:09:55 +0000 Subject: [PATCH 593/876] Fix added version number (#1479) --- modules/ROOT/pages/configuration/configuration-settings.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/configuration/configuration-settings.adoc b/modules/ROOT/pages/configuration/configuration-settings.adoc index 615e0d3ee..f7e41072b 100644 --- a/modules/ROOT/pages/configuration/configuration-settings.adoc +++ b/modules/ROOT/pages/configuration/configuration-settings.adoc @@ -2201,7 +2201,7 @@ Neo4j has two different configuration files for logging, one for the _neo4j.log_ For more information, see xref:/monitoring/logging.adoc[Logging]. -[role=label--new-5.18 label--deprecated-5.12 label--dynamic] +[role=label--new-5.8 label--deprecated-5.12 label--dynamic] [[config_db.logs.query.annotation_data_as_json_enabled]] === `db.logs.query.annotation_data_as_json_enabled` From 2622e92459c8d70f417d644688ef745c76abe668 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 13 Mar 2024 16:54:24 +0000 Subject: [PATCH 594/876] Add bolt configs (#1474) --- .../configuration/configuration-settings.adoc | 165 +++++++++++++++++- 1 file changed, 163 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/configuration/configuration-settings.adoc b/modules/ROOT/pages/configuration/configuration-settings.adoc index f7e41072b..656314f63 100644 --- a/modules/ROOT/pages/configuration/configuration-settings.adoc +++ b/modules/ROOT/pages/configuration/configuration-settings.adoc @@ -414,7 +414,7 @@ m|+++LIST+++ |Description a|Minimum number of machines initially required to form a clustered DBMS. The cluster is considered formed when at least this many members have discovered each other, bound together and bootstrapped a highly available system database. As a result, at least this many of the cluster's initial machines must have `<>` set to 'PRIMARY'.NOTE: If `<>` is set to 'LIST' and `<>` is empty then the user is assumed to be deploying a standalone DBMS, and the value of this setting is ignored. |Valid values -a|An integer that is minimum `2`. +a|An integer that is minimum `1`. |Default value m|+++3+++ |=== @@ -1197,8 +1197,66 @@ a|A boolean. m|+++false+++ |=== +[role=label--new-5.18] +[[config_server.bolt.enable_network_error_accounting]] +=== `server.bolt.enable_network_error_accounting` -[[config_server.bolt.thread_pool_keep_alive]] +.server.bolt.enable_network_error_accounting +[frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] +|=== +|Description +a|Enables accounting based reporting of benign errors within the Bolt stack (when enabled, benign errors are reported only when such events occur with unusual frequency. +Otherwise, all benign network errors will be reported +|Valid values +a|A boolean. +|Default value +m|+++true+++ +|=== + +[role=label--new-5.18] +[[config_server.bolt.network_abort_clear_window_duration]] +=== `server.bolt.network_abort_clear_window_duration` + +.server.bolt.network_abort_clear_window_duration +[frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] +|=== +|Description +a|The duration for which network related connection aborts need to remain at a reasonable level before the error is cleared +|Valid values +a|A duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s) that is minimum `1s`. +|Default value +m|+++10m+++ +|=== + +[role=label--new-5.18] +[[config_server.bolt.network_abort_warn_threshold]] +=== `server.bolt.network_abort_warn_threshold` + +.server.bolt.network_abort_warn_threshold +[frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] +|=== +|Description +a|The maximum amount of network related connection aborts permitted within a given window before emitting log messages (a value of zero reverts to legacy warning behavior) +|Valid values +a|A long that is minimum `1`. +|Default value +m|+++2+++ +|=== + +[role=label--new-5.18] +[[config_server.bolt.network_abort_warn_window_duration]] +=== `server.bolt.network_abort_warn_window_duration` + +.server.bolt.network_abort_warn_window_duration +[frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] +|=== +|Description +a|The duration of the window in which network related connection aborts are sampled +|Valid values +a|A duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s) that is minimum `1s`. +|Default value +m|+++10m+++ +|=== [[config_server.bolt.thread_pool_keep_alive]] @@ -1245,6 +1303,50 @@ a|An integer. m|+++5+++ |=== +[role=label--new-5.18] +[[config_server.bolt.thread_starvation_clear_window_duration]] +=== `server.bolt.thread_starvation_clear_window_duration` + +.server.bolt.thread_starvation_clear_window_duration +[frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] +|=== +|Description +a|The duration for which unscheduled requests need to remain at a reasonable level before the error is cleared +|Valid values +a| A duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s) that is minimum `1s`. +|Default value +m|+++10m+++ +|=== + +[role=label--new-5.18] +[[config_server.bolt.thread_starvation_warn_threshold]] +=== `server.bolt.thread_starvation_warn_threshold` + +.server.bolt.thread_starvation_warn_threshold +[frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] +|=== +|Description +a|The maximum amount of unscheduled requests permitted during thread starvation events within a given window before emitting log messages +|Valid values +a|A long that is minimum `1`. +|Default value +m|+++2+++ +|=== + +[role=label--new-5.18] +[[config_server.bolt.thread_starvation_warn_window_duration]] +=== `server.bolt.thread_starvation_warn_window_duration` + +.server.bolt.thread_starvation_warn_window_duration +[frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] +|=== +|Description +a|The duration of the window in which unscheduled requests are sampled +|Valid values +a|A duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s) that is minimum `1s`. +|Default value +m|+++10m+++ +|=== [[config_server.bolt.tls_level]] === `server.bolt.tls_level` @@ -1260,6 +1362,65 @@ a|One of [REQUIRED, OPTIONAL, DISABLED]. m|+++DISABLED+++ |=== +[role=label--new-5.18] +[[config_server.bolt.traffic_accounting_check_period]] +=== `server.bolt.traffic_accounting_check_period` + +.server.bolt.traffic_accounting_check_period +[frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] +|=== +|Description +a|Amount of time spent between samples of current traffic usage (lower values result in more accurate reporting while incurring a higher performance penalty; a value of zero disables traffic accounting) +|Valid values +a|A duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s) that is 0s or is minimum `1m`. +|Default value +m|+++5m+++ +|=== + +[role=label--new-5.18] +[[config_server.bolt.traffic_accounting_clear_duration]] +=== `server.bolt.traffic_accounting_clear_duration` + +.server.bolt.traffic_accounting_clear_duration +[frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] +|=== +|Description +a|Time required to be spent below the configured traffic threshold in order to clear traffic warnings +|Valid values +a|A duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s) that is minimum `1m`. +|Default value +m|+++10m+++ +|=== + +[role=label--new-5.18] +[[server.bolt.traffic_accounting_incoming_threshold_mbps]] +=== `server.bolt.traffic_accounting_incoming_threshold_mbps` + +.server.bolt.traffic_accounting_incoming_threshold_mbps +[frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] +|=== +|Description +a|Maximum permitted incoming traffic within a configured accounting check window before emitting a warning (in Mbps) +|Valid values +a|A long that is minimum `1`. +|Default value +m|+++950+++ +|=== + +[role=label--new-5.18] +[[server.bolt.traffic_accounting_outgoing_threshold_mbps]] +=== `server.bolt.traffic_accounting_outgoing_threshold_mbps` + +.server.bolt.traffic_accounting_outgoing_threshold_mbps +[frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] +|=== +|Description +a|Maximum permitted outgoing traffic within a configured accounting check window before emitting a warning (in Mbps) +|Valid values +a|A long that is minimum `1`. +|Default value +m|+++950+++ +|=== [[config_server.http.advertised_address]] === `server.http.advertised_address` From 3d8af9d72290a68979e931bfb1c9cde4c3903f7f Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 13 Mar 2024 17:06:49 +0000 Subject: [PATCH 595/876] Document db.create.setRelationshipVectorProperty procedure (#1478) Co-authored-by: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> --- modules/ROOT/pages/reference/procedures.adoc | 57 ++++++++++++++++---- 1 file changed, 47 insertions(+), 10 deletions(-) diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index a36482f49..7c9b28b1f 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -84,6 +84,11 @@ For more information, see xref:authentication-authorization/dbms-administration. | label:yes[] | label:new[Introduced in 5.13] label:beta[] +| xref:reference/procedures.adoc#procedure_db.create.setRelationshipVectorProperty[`db.create.setRelationshipVectorProperty()`] +| label:yes[] +| label:yes[] +| label:new[Introduced in 5.18] label:beta[] + | xref:reference/procedures.adoc#procedure_db_createlabel[`db.createLabel()`] | label:yes[] | label:yes[] @@ -129,6 +134,11 @@ For more information, see xref:authentication-authorization/dbms-administration. | label:yes[] | label:new[Introduced in 5.11] label:beta[Beta until 5.13] +| xref:reference/procedures.adoc#procedure_db.index.vector.queryRelationships[`db.index.vector.queryRelationships()`] +| label:yes[] +| label:yes[] +| label:new[Introduced in 5.18] + | xref:reference/procedures.adoc#procedure_db_info[`db.info()`] | label:yes[] | label:yes[] @@ -831,7 +841,7 @@ a|xref:reference/procedures.adoc#procedure_db_cdc_query[`db.cdc.query()`] a| Returns the current change identifier that can be used to stream changes from. | Signature -m|cdc.current() :: (id :: STRING) +m|db.cdc.current() :: (id :: STRING) | Mode m|READ |=== @@ -846,7 +856,7 @@ m|READ a| Returns the earliest change identifier that can be used to stream changes from. | Signature -m|cdc.earliest() :: (id :: STRING) +m|db.cdc.earliest() :: (id :: STRING) | Mode m|READ |=== @@ -861,7 +871,7 @@ m|READ a| Query changes happened from the provided change identifier. | Signature -m|cdc.query(from = :: STRING, selectors = [] :: LIST) :: (id :: STRING, txId :: INTEGER, seq :: INTEGER, metadata :: MAP, event :: MAP) +m|db.cdc.query(from = :: STRING, selectors = [] :: LIST) :: (id :: STRING, txId :: INTEGER, seq :: INTEGER, metadata :: MAP, event :: MAP) | Mode m|READ @@ -967,11 +977,24 @@ m|DBMS a| Set a vector property on a given node in a more space efficient representation than Cypher’s link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/clauses/set#set-set-a-property[`SET`]. | Signature -m| db.create.setNodeVectorProperty(node :: NODE, key :: STRING, vector :: LIST) +m| db.create.setNodeVectorProperty(node :: NODE, key :: STRING, vector :: ANY) | Mode m|WRITE |=== +[role=label--new-5.18 label--beta] +[[procedure_db.create.setRelationshipVectorProperty]] +.db.create.setRelationshipVectorProperty() +[cols="<15s,<85"] +|=== +| Description +a| +Set a vector property on a given relationship in a more space efficient representation than Cypher's link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/clauses/set#set-set-a-property[`SET`]. +| Signature +m| db.create.setRelationshipVectorProperty(relationship :: RELATIONSHIP, key :: STRING, vector :: ANY) +| Mode +m|WRITE +|=== [[procedure_db_create_setVectorProperty]] [role=label--new-5.11 label--beta label--deprecated-5.13] @@ -982,7 +1005,7 @@ m|WRITE a| Set a vector property on a given node in a more space efficient representation than Cypher’s link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/clauses/set#set-set-a-property[`SET`]. | Signature -m| db.create.setVectorProperty(node :: NODE, key :: STRING, vector :: LIST) :: (node :: NODE) +m| db.create.setVectorProperty(node :: NODE, key :: STRING, vector :: ANY) :: (node :: NODE) | Mode m|WRITE | Replaced by @@ -1152,7 +1175,22 @@ Query the given vector index. Returns requested number of nearest neighbors to the provided query vector, and their similarity score to that query vector, based on the configured similarity function for the index. The similarity score is a value between [0, 1]; where `0` indicates least similar, `1` most similar. | Signature -m| db.index.vector.queryNodes(indexName :: STRING, numberOfNearestNeighbours :: INTEGER, query :: LIST) :: (node :: NODE, score :: FLOAT) +m| db.index.vector.queryNodes(indexName :: STRING, numberOfNearestNeighbours :: INTEGER, query :: ANY) :: (node :: NODE, score :: FLOAT) +| Mode +m|READ +|=== + +[role=label--new-5.18] +[[procedure_db.index.vector.queryRelationships]] +.db.index.vector.queryRelationships() +[cols="<15s,<85"] +|=== +| Description +a| +Query the given relationship vector index. +Returns requested number of nearest neighbors to the provided query vector, and their similarity score to that query vector, based on the configured similarity function for the index. The similarity score is a value between `[0, 1]`; where `0` indicates least similar, `1` most similar. +| Signature +m| db.index.vector.queryRelationships(indexName :: STRING, numberOfNearestNeighbours :: INTEGER, query :: ANY) :: (relationship :: RELATIONSHIP, score :: FLOAT) | Mode m|READ |=== @@ -2246,12 +2284,9 @@ It is therefore not supported by the parallel runtime (introduced in Neo4j 5.13) For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/planning-and-tuning/runtimes/concepts#runtimes-parallel-runtime[Cypher Manual -> Parallel runtime]. ==== - - [[procedure_genai_vector_encodeBatch]] [role=label--aura label--new-5.17] .genai.vector.encodeBatch() - [cols="<15s,<85"] |=== | Description @@ -2263,7 +2298,9 @@ For each element in the given resource LIST this returns: * the original 'resource' element itself, * and the encoded 'vector' | Signature -m|genai.vector.encodeBatch(resources :: LIST, provider :: STRING, configuration :: MAP = {}) :: (index :: INTEGER, resource :: STRING, vector :: LIST) +m|genai.vector.encodeBatch(resources :: LIST, provider :: STRING, configuration = {} :: MAP) :: (index :: INTEGER, resource :: STRING, vector :: ANY) +| Mode +m|DEFAULT |=== For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/genai-integrations/#multiple-embeddings[Cypher Manual -> Generating a batch of embeddings]. From 4f9125d52c031f7e45d83cced8c7dc653789909d Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 14 Mar 2024 13:04:19 +0000 Subject: [PATCH 596/876] Update the dev version to 5.19 (#1484) --- antora.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/antora.yml b/antora.yml index 930578744..3fec6daf2 100644 --- a/antora.yml +++ b/antora.yml @@ -7,7 +7,7 @@ nav: asciidoc: attributes: neo4j-version: '5' - neo4j-version-minor: '5.18' - neo4j-version-exact: '5.18.0' - neo4j-buildnumber: '5.18' - neo4j-debian-package-version: '1:5.18.0@' + neo4j-version-minor: '5.19' + neo4j-version-exact: '5.19.0' + neo4j-buildnumber: '5.19' + neo4j-debian-package-version: '1:5.19.0@' From 1545e672fa41b1d621b3db6d2b4fa584f926bd9f Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 14 Mar 2024 14:01:56 +0000 Subject: [PATCH 597/876] Improve Changing the store format (#1475) --- .../database-internals/store-formats.adoc | 27 ++++++++++++------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/modules/ROOT/pages/database-internals/store-formats.adoc b/modules/ROOT/pages/database-internals/store-formats.adoc index 77fc4e001..9934d6512 100644 --- a/modules/ROOT/pages/database-internals/store-formats.adoc +++ b/modules/ROOT/pages/database-internals/store-formats.adoc @@ -50,9 +50,23 @@ neo4j-admin database import full ... --format=block blockdb // CREATE DATABASE blockdb OPTIONS {storeFormat: 'block'} // ---- -=== Changing the format of existing databases +=== Changing the store format of existing databases -Changing the store format is possible by re-writing all data in the new format using one of the following options: +Changing the store format is possible by re-writing all data in the new format. +Therefore, it requires that: + +* The database is offline. +* There is enough disk space for both old and new copies of the database. +* The graph fits within the new <>. + +[NOTE] +==== +Changing the store format can be a time-consuming operation, depending on the size and complexity of the data in the database. +Performance heavily depends on the speed of the disk and the amount of available memory. +==== + +. Stop the database using the Cypher command `STOP DATABASE mydb`. +. Change the store format of the stopped database using one of the following options: * Migrate an existing database using xref:tools/neo4j-admin/migrate-database.adoc[`neo4j-admin database migrate`] command. For example: @@ -69,14 +83,7 @@ For example: ---- neo4j-admin database copy --to-format="block" mydb blockdb ---- - -Changing the store format requires that: - -* The database is offline. -* There is enough disk space for both old and new copies of the database. -* The graph fits within the new <>. - -Changing store format can be a time-consuming operation, depending on the size and complexity of the data in the database. Performance heavily depends on the speed of the disk and the amount of available memory. +. After the successful completion, start the database using the Cypher command `START DATABASE mydb`. === Verify the store format From 8fead8f23f59d8a43c71997ebe5e0d502b897c84 Mon Sep 17 00:00:00 2001 From: Bruno Caricchio Buss Date: Thu, 14 Mar 2024 15:09:52 +0000 Subject: [PATCH 598/876] Add Store Format link to `--format` parameter entry (#1486) Since we don't list anywhere the list of available store formats (since these can change based on the version and edition of the DBMS), we can point to our Store Formats documentation to allow users figure out what are the options they could use there. --- modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc index 1333b7127..00e996273 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc @@ -175,6 +175,8 @@ Unicode character ID can be used if prepended by `\`. |--format= |Name of database format. Imported database will be created of the specified format or use format from configuration if not specified. + +For an example, see the available xref:/database-internals/store-formats.adoc[Store Formats]. | |-h, --help From 4c8b46a456b02326b3b25d2b9ed0120d225f8274 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Tue, 19 Mar 2024 14:43:03 +0000 Subject: [PATCH 599/876] Add a note about using additional-config with the import command (#1477) Co-authored-by: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> --- .../ROOT/pages/tools/neo4j-admin/index.adoc | 6 ++++ .../tools/neo4j-admin/neo4j-admin-import.adoc | 33 +++++++++++++++++++ 2 files changed, 39 insertions(+) diff --git a/modules/ROOT/pages/tools/neo4j-admin/index.adoc b/modules/ROOT/pages/tools/neo4j-admin/index.adoc index 0ecaf0254..91efe230a 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/index.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/index.adoc @@ -207,6 +207,12 @@ The help command can be invoked on any level except the last one, which means co The help command also accepts a parameter. For example, `neo4j help`, `neo4j-admin help`, `neo4j-admin [category] help`, `neo4j-admin help [category]`, `neo4j help [command]`, or `neo4j-admin [category] [command ] help [subcommand]`. +== Limitations + +When using both a multi-value option and a positional parameter, the multi-value option is "greedy" and pulls in the next positional parameter via its convertor. +This is a limitation of the underlying library, Picocli, and is not specific to Neo4j Admin. +See link:https://picocli.info/#_variable_arity_options_and_positional_parameters[Picocli -> Variable Arity Options and Positional Parameters] official documentation for more information. + == Configuration Administration operations use the configuration specified in the _neo4j.conf_ file. diff --git a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc index 00e996273..2d64849ea 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc @@ -365,6 +365,23 @@ neo4j-admin database import full @/path/to/your/ mydb For more information, see link:https://picocli.info/#AtFiles[Picocli -> AtFiles] official documentation. ==== +[NOTE] +.Using both a multi-value option and a positional parameter +==== +When using both a multi-value option, such as `--nodes` and `--relationships`, and a positional parameter (for example, in `--additional-config neo4j.properties --nodes 0-nodes.csv mydatabase`), the `--nodes` option acts "greedy" and the next option, in this case, `mydatabase`, is pulled in via the nodes convertor. + +This is a limitation of the underlying library, Picocli, and is not specific to Neo4j Admin. +For more information, see link:https://picocli.info/#_variable_arity_options_and_positional_parameters[Picocli -> Variable Arity Options and Positional Parameters] official documentation. + +To resolve the problem, use one of the following solutions: + +* Put the positional parameters first. +For example, `mydatabase --nodes 0-nodes.csv`. +* Put the positional parameters last, after `--` and the final value of the last multi-value option. +For example, `nodes 0-nodes.csv -- mydatabase`. +==== + + [[import-tool-examples]] === Examples @@ -734,6 +751,22 @@ performance, this value should not be greater than the number of available proce | |=== +[NOTE] +.Using both a multi-value option and a positional parameter +==== +When using both a multi-value option, such as `--nodes` and `--relationships`, and a positional parameter (for example, in `--additional-config neo4j.properties --nodes 0-nodes.csv mydatabase`), the `--nodes` option acts "greedy" and the next option, in this case, `mydatabase`, is pulled in via the nodes convertor. + +This is a limitation of the underlying library, Picocli, and is not specific to Neo4j Admin. +For more information, see link:https://picocli.info/#_variable_arity_options_and_positional_parameters[Picocli -> Variable Arity Options and Positional Parameters] official documentation. + +To resolve the problem, use one of the following solutions: + +* Put the positional parameters first. +For example, `mydatabase --nodes 0-nodes.csv`. +* Put the positional parameters last, after `--` and the final value of the last multi-value option. +For example, `nodes 0-nodes.csv -- mydatabase`. +==== + [[import-tool-incremental-examples]] === Examples From e5fe5f726aecbce5acaf92176d353c517d44b4f6 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Tue, 19 Mar 2024 15:34:13 +0000 Subject: [PATCH 600/876] Add a note about LIST (#1491) --- modules/ROOT/pages/reference/procedures.adoc | 41 ++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index 7c9b28b1f..7a489642b 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -982,6 +982,13 @@ m| db.create.setNodeVectorProperty(node :: NODE, key :: STRING, vector :: ANY) m|WRITE |=== +.Known issue +[NOTE] +==== +Procedure signatures from `SHOW PROCEDURES` renders the vector arguments with a type of `ANY` rather than the semantically correct type of `LIST`. +The types are still enforced as `LIST`. +==== + [role=label--new-5.18 label--beta] [[procedure_db.create.setRelationshipVectorProperty]] .db.create.setRelationshipVectorProperty() @@ -996,6 +1003,13 @@ m| db.create.setRelationshipVectorProperty(relationship :: RELATIONSHIP, key :: m|WRITE |=== +.Known issue +[NOTE] +==== +Procedure signatures from `SHOW PROCEDURES` renders the vector arguments with a type of `ANY` rather than the semantically correct type of `LIST`. +The types are still enforced as `LIST`. +==== + [[procedure_db_create_setVectorProperty]] [role=label--new-5.11 label--beta label--deprecated-5.13] .db.create.setVectorProperty() @@ -1012,6 +1026,12 @@ m|WRITE a|xref:reference/procedures.adoc#procedure_db_create_setNodeVectorProperty[`db.create.setNodeVectorProperty()`] |=== +.Known issue +[NOTE] +==== +Procedure signatures from `SHOW PROCEDURES` renders the vector arguments with a type of `ANY` rather than the semantically correct type of `LIST`. +The types are still enforced as `LIST`. +==== [[procedure_db_createlabel]] .db.createLabel() @@ -1180,6 +1200,13 @@ m| db.index.vector.queryNodes(indexName :: STRING, numberOfNearestNeighbours :: m|READ |=== +.Known issue +[NOTE] +==== +Procedure signatures from `SHOW PROCEDURES` renders the vector arguments with a type of `ANY` rather than the semantically correct type of `LIST`. +The types are still enforced as `LIST`. +==== + [role=label--new-5.18] [[procedure_db.index.vector.queryRelationships]] .db.index.vector.queryRelationships() @@ -1195,6 +1222,13 @@ m| db.index.vector.queryRelationships(indexName :: STRING, numberOfNearestNeighb m|READ |=== +.Known issue +[NOTE] +==== +Procedure signatures from `SHOW PROCEDURES` renders the vector arguments with a type of `ANY` rather than the semantically correct type of `LIST`. +The types are still enforced as `LIST`. +==== + [[procedure_db_info]] .db.info() [cols="<15s,<85"] @@ -2305,6 +2339,13 @@ m|DEFAULT For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/genai-integrations/#multiple-embeddings[Cypher Manual -> Generating a batch of embeddings]. +.Known issue +[NOTE] +==== +Procedure signatures from `SHOW PROCEDURES` renders the vector arguments with a type of `ANY` rather than the semantically correct type of `LIST`. +The types are still enforced as `LIST`. +==== + [[procedure_tx_getmetadata]] .tx.getMetaData() [cols="<15s,<85"] From 786c523931b31cf292f9ce1124745b818c3cb4ae Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 20 Mar 2024 11:37:43 +0000 Subject: [PATCH 601/876] Fix dbms.jvm.additionalto be server.jvm.additional (#1494) --- modules/ROOT/pages/configuration/file-locations.adoc | 2 +- modules/ROOT/pages/installation/requirements.adoc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/configuration/file-locations.adoc b/modules/ROOT/pages/configuration/file-locations.adoc index 7b8b8e483..81b08660d 100644 --- a/modules/ROOT/pages/configuration/file-locations.adoc +++ b/modules/ROOT/pages/configuration/file-locations.adoc @@ -12,7 +12,7 @@ Instructions provided for Neo4j Desktop are applicable across all operating syst [NOTE] ==== -If _tmp_ is set to `noexec`, it is recommended to set `dbms.jvm.additional=-Djava.io.tmpdir=/home/neo4j` in _conf/neo4j.conf_. +If _tmp_ is set to `noexec`, it is recommended to set `server.jvm.additional=-Djava.io.tmpdir=/home/neo4j` in _conf/neo4j.conf_. Additionally, replace _/home/neo4j_ with a path that has `exec` permissions. For _/bin/cypher-shell_, set this via an environment variable: `export JAVA_OPTS=-Djava.io.tmpdir=/home/neo4j` and replace `/home/neo4j` with a path that has `exec` permissions. diff --git a/modules/ROOT/pages/installation/requirements.adoc b/modules/ROOT/pages/installation/requirements.adoc index 24ec55781..41813eb84 100644 --- a/modules/ROOT/pages/installation/requirements.adoc +++ b/modules/ROOT/pages/installation/requirements.adoc @@ -123,7 +123,7 @@ See xref:performance/linux-file-system-tuning.adoc[Linux file system tuning] for [NOTE] ==== -If _tmp_ is set to `noexec`, it is recommended to set `dbms.jvm.additional=-Djava.io.tmpdir=/home/neo4j` in _conf/neo4j.conf_. +If _tmp_ is set to `noexec`, it is recommended to set `server.jvm.additional=-Djava.io.tmpdir=/home/neo4j` in _conf/neo4j.conf_. Additionally, replace _/home/neo4j_ with a path that has `exec` permissions. For _/bin/cypher-shell_, set this via an environment variable: `export JAVA_OPTS=-Djava.io.tmpdir=/home/neo4j` and replace `/home/neo4j` with a path that has `exec` permissions. From 8e3e43587e65286a8376ea0f8559f2c054de70ba Mon Sep 17 00:00:00 2001 From: Mark Dixon <1756429+mnd999@users.noreply.github.com> Date: Thu, 21 Mar 2024 11:43:15 +0100 Subject: [PATCH 602/876] Remove azp checking from docs in line with OIDC spec update (#1490) We removed the `azp` claim check. Update the documentation to reflect this. --- .../sso-integration.adoc | 12 ------------ .../pages/configuration/configuration-settings.adoc | 6 +++--- 2 files changed, 3 insertions(+), 15 deletions(-) diff --git a/modules/ROOT/pages/authentication-authorization/sso-integration.adoc b/modules/ROOT/pages/authentication-authorization/sso-integration.adoc index 6ece24eb8..119807b9f 100644 --- a/modules/ROOT/pages/authentication-authorization/sso-integration.adoc +++ b/modules/ROOT/pages/authentication-authorization/sso-integration.adoc @@ -84,11 +84,6 @@ This will be checked against the `iss` claim in the token. | true | The expected value for the `aud` claim. -| xref:configuration/configuration-settings.adoc#config_dbms.security.oidc.-provider-.client_id[dbms.security.oidc..client_id] -| -| true -| The `client_id` of this client as issued by the provider. - | xref:configuration/configuration-settings.adoc#config_dbms.security.oidc.-provider-.params[dbms.security.oidc..params] | | true @@ -242,13 +237,6 @@ Provide the expected value for the audience(`aud`) claim: ---- dbms.security.oidc.mysso.claims.audience=myaudience ---- -In some situations there may be multiple values for the `aud` claim. -In this situation, the id_token should contain an authorized party(`azp`) claim containing the client id, which is configured as follows: -+ -[source, properties] ----- -dbms.security.oidc.mysso.claims.client_id=myclientid ----- . Configure claims. + diff --git a/modules/ROOT/pages/configuration/configuration-settings.adoc b/modules/ROOT/pages/configuration/configuration-settings.adoc index 656314f63..7d329ffe8 100644 --- a/modules/ROOT/pages/configuration/configuration-settings.adoc +++ b/modules/ROOT/pages/configuration/configuration-settings.adoc @@ -4453,17 +4453,17 @@ m|+++sub+++ |=== -[role=label--enterprise-edition label--dynamic] +[role=label--enterprise-edition label--dynamic label--deprecated] [[config_dbms.security.oidc.-provider-.client_id]] === `dbms.security.oidc..client_id` -// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] +// label:enterprise-edition[Enterprise Edition] label:dynamic[Dynamic] label:deprecated[Deprecated] .dbms.security.oidc..client_id [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] |=== |Description -a|Client id needed if token contains multiple Audience (aud) claims. +a|Client id. Not used. This value was previously used to validate the `azp` claim in the id_token, but this validation has been removed in line with updates to the OIDC specification. |Valid values a|A string. |=== From 2136a921a082092b623a59f280b3605ead6d0ecb Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Fri, 22 Mar 2024 11:12:39 +0000 Subject: [PATCH 603/876] Add a step for reseeding the cluster after migration (#1488) --- .../database-internals/store-formats.adoc | 79 ++++++++++++++++++- 1 file changed, 75 insertions(+), 4 deletions(-) diff --git a/modules/ROOT/pages/database-internals/store-formats.adoc b/modules/ROOT/pages/database-internals/store-formats.adoc index 9934d6512..2ddbc1585 100644 --- a/modules/ROOT/pages/database-internals/store-formats.adoc +++ b/modules/ROOT/pages/database-internals/store-formats.adoc @@ -50,21 +50,26 @@ neo4j-admin database import full ... --format=block blockdb // CREATE DATABASE blockdb OPTIONS {storeFormat: 'block'} // ---- + === Changing the store format of existing databases Changing the store format is possible by re-writing all data in the new format. Therefore, it requires that: -* The database is offline. * There is enough disk space for both old and new copies of the database. * The graph fits within the new <>. [NOTE] ==== -Changing the store format can be a time-consuming operation, depending on the size and complexity of the data in the database. -Performance heavily depends on the speed of the disk and the amount of available memory. +Changing the store format can be a time-consuming operation, depending on the size and complexity of the data in the database. Performance heavily depends on the speed of the disk and the amount of available memory. ==== +[[change-store-format-standalone]] +==== In a standalone server + +Changing the store format of an existing database in a standalone server requires the database to be offline. +The following steps assume that you want to migrate the database called `mydb` to `block` format. + . Stop the database using the Cypher command `STOP DATABASE mydb`. . Change the store format of the stopped database using one of the following options: @@ -75,7 +80,7 @@ For example: ---- neo4j-admin database migrate --to-format="block" mydb ---- - ++ * Pass the new store format as an argument when using the xref:backup-restore/copy-database.adoc[`neo4j-admin database copy`] command to create a copy of an existing database. For example: + @@ -85,6 +90,72 @@ neo4j-admin database copy --to-format="block" mydb blockdb ---- . After the successful completion, start the database using the Cypher command `START DATABASE mydb`. +[[change-store-format-cluster]] +==== In a cluster + +Changing the store format of an existing database in a cluster requires that you restore a backup of the database that you want to migrate on one of the servers, and then, use that server as a xref:clustering/databases.adoc#cluster-designated-seeder[designated seeder] for the other cluster members to copy that database from. + +The following steps assume that you want to migrate the database called `mydb` to `block` format. +The database is hosted on three servers in primary mode. + +**On one of the servers, `server01`** + +. In Cypher Shell, put the database that you want to migrate in read-only mode using the Cypher command xref:database-administration/standard-databases/manage-databases.adoc#manage-databases-alter[`ALTER DATABASE ...​ SET ACCESS READ ONLY`]. +For example: ++ +[source,cypher] +---- +@system> ALTER DATABASE mydb SET ACCESS READ ONLY; +---- +. In your command-line tool, back up that database using the xref:backup-restore/online-backup.adoc[`neo4j-admin database backup`] command. +For example: ++ +[source,shell] +---- +neo4j-admin database backup mydb --to-path=/path/to/your-backup-folder --include-metadata=all +---- +. Back in Cypher Shell, drop the database to delete it and all users and roles associated with it: ++ +[source,cypher] +---- +@system> DROP DATABASE mydb; +---- +. In the command-line tool, restore the backup that you created using the xref:backup-restore/restore-backup.adoc[`neo4j-admin database restore`] command: ++ +[source,shell] +---- +bin/neo4j-admin database restore --from-path=/path/to/mydb-backup-dir mydb +---- +. Migrate the restored database to `block` format: ++ +[source,shell] +---- +bin/neo4j-admin database migrate --to-format="block" mydb +---- +. In Cypher Shell, run `SHOW SERVERS` to find the server ID of `server01`. +Cross-reference the address to find the server ID. +Use any database to connect. ++ +[source,shell] +---- +SHOW SERVERS YIELD serverId, name, address, state, health, hosting; +---- + +**On a different server, `server02`:** + +. In Cypher Shell, create the migrated database using the Cypher command `CREATE DATABASE`. +The topology of `mydb` is stored in the `system` database and when you create it, it is allocated according to the default topology (which can be shown with `CALL dbms.showTopologyGraphConfig`). +For more information, see xref:clustering/databases.adoc#cluster-designated-seeder[Designated seeder]. ++ +[source,cypher] +---- +@system> CREATE DATABASE mydb OPTIONS {existingData: 'use', existingDataSeedInstance: ''}; +---- +. Verify that the database is created and available using the Cypher command `SHOW DATABASE mydb`. +. After the successful completion, restore the roles and permissions. +For more information, see xref:backup-restore/restore-backup.adoc#_restore_users_and_roles_metadata[Restore users and roles metadata]. + + === Verify the store format You can verify the store format of a database using the following Cypher: From 943d56b33b06605579bcf9dab5515e0ba0703c16 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Fri, 22 Mar 2024 11:37:50 +0000 Subject: [PATCH 604/876] Editorial review of the descriptions of the restore options (#1432) Depends on https://github.com/neo-technology/neo4j/pull/24305 --- .../pages/backup-restore/restore-backup.adoc | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/modules/ROOT/pages/backup-restore/restore-backup.adoc b/modules/ROOT/pages/backup-restore/restore-backup.adoc index a9c231cba..3d8e64174 100644 --- a/modules/ROOT/pages/backup-restore/restore-backup.adoc +++ b/modules/ROOT/pages/backup-restore/restore-backup.adoc @@ -50,7 +50,7 @@ neo4j-admin database restore [-h] [--expand-commands] | Parameter | Description -| +|[] |Name of the database after restore. Usage of this parameter is only allowed if the `--from-path` option points to a path to a single artifact. |=== @@ -85,8 +85,7 @@ An artifact file can be 1) a full backup, in which case it is restored directly |--overwrite-destination[=true\|false] |If an existing database should be replaced. [NOTE] -This option is not safe on a cluster since clusters have an additional state that would be inconsistent with the restored database. -In a cluster, restore to a new database to avoid this problem. +This option is not safe on a cluster since clusters have an additional state that would be inconsistent with the restored database. In a cluster, restore to a new database to avoid this problem. |false |--restore-until= @@ -94,21 +93,21 @@ In a cluster, restore to a new database to avoid this problem. The database applies logs until the recovery predicate is satisfied. Currently supported predicates are: `` and ``. -- to restore a database up to a transaction ID, the required transaction predicate should look like `--restore-until=123`, where 123 is a provided transaction ID. -The restore recovers transaction logs up to - but not including - transaction 123. +- to restore a database up to a transaction ID, the required transaction predicate should look like `<--restore-until=123>`, where 123 is the provided transaction ID. +The restore recovers transaction logs up to, but not including, the transaction 123. -- to restore a database up to a specific date, the required date predicate should look like `--restore-until=2023-05-01 10:15:30`, where 2023-05-01 10:15:30 is a UTC date and time. -The restore recovers transactions that were committed before the provided date. +- to restore a database up to a specific date, the required date predicate should look like `<--restore-until=2021-09-11 10:15:30>`, where 2023-05-01 10:15:30 is a UTC date and time. +The restore recovers transactions that were committed before the provided timestamp. | | --to-path-data= |Base directory for databases. -Usage of this option is only allowed if the `--from-path` parameter points to one directory. +Usage of this option is only allowed if the `--from-path` parameter points to exactly one directory. | |--to-path-txn= |Base directory for transaction logs. -Usage of this option is only allowed if the `--from-path` parameter points to one directory. +Usage of this option is only allowed if the `--from-path` parameter points to exactly one directory. | |--verbose From 4da7f32d487c2de35a1bf2026431293a60a9f352 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Fri, 22 Mar 2024 11:44:22 +0000 Subject: [PATCH 605/876] Add information for using JNA (#1499) --- modules/ROOT/pages/configuration/file-locations.adoc | 11 ++++++----- modules/ROOT/pages/installation/requirements.adoc | 5 +++-- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/modules/ROOT/pages/configuration/file-locations.adoc b/modules/ROOT/pages/configuration/file-locations.adoc index 81b08660d..07d363d0d 100644 --- a/modules/ROOT/pages/configuration/file-locations.adoc +++ b/modules/ROOT/pages/configuration/file-locations.adoc @@ -12,10 +12,11 @@ Instructions provided for Neo4j Desktop are applicable across all operating syst [NOTE] ==== -If _tmp_ is set to `noexec`, it is recommended to set `server.jvm.additional=-Djava.io.tmpdir=/home/neo4j` in _conf/neo4j.conf_. -Additionally, replace _/home/neo4j_ with a path that has `exec` permissions. +If _tmp_ is set to `noexec`, it is recommended to set `server.jvm.additional=-Djava.io.tmpdir=/home/neo4j` in _conf/neo4j.conf_ and replace _/home/neo4j_ with a path that has `exec` permissions. For _/bin/cypher-shell_, set this via an environment variable: `export JAVA_OPTS=-Djava.io.tmpdir=/home/neo4j` and replace `/home/neo4j` with a path that has `exec` permissions. + +For the Neo4j's uses of the Java Native Access (JNA) library, set `server.jvm.additional=-Djna.tmpdir=/tmp` in _conf/neo4j.conf_ and replace `/tmp` with a path that has `exec` permissions. ==== [[neo4j-bin]] @@ -278,15 +279,15 @@ The locations of __ and _conf_ can be configured using environment v | Environment variable | Notes -| __ +| __ | parent of _bin_ | `NEO4J_HOME` | Must be set explicitly if _bin_ is not a subdirectory. | _conf_ -| _/conf_ +| _/conf_ | `NEO4J_CONF` -| Must be set explicitly if it is not a subdirectory of __. +| Must be set explicitly if it is not a subdirectory of __. |=== diff --git a/modules/ROOT/pages/installation/requirements.adoc b/modules/ROOT/pages/installation/requirements.adoc index 41813eb84..2b7da2b4b 100644 --- a/modules/ROOT/pages/installation/requirements.adoc +++ b/modules/ROOT/pages/installation/requirements.adoc @@ -123,10 +123,11 @@ See xref:performance/linux-file-system-tuning.adoc[Linux file system tuning] for [NOTE] ==== -If _tmp_ is set to `noexec`, it is recommended to set `server.jvm.additional=-Djava.io.tmpdir=/home/neo4j` in _conf/neo4j.conf_. -Additionally, replace _/home/neo4j_ with a path that has `exec` permissions. +If _tmp_ is set to `noexec`, it is recommended to set `server.jvm.additional=-Djava.io.tmpdir=/home/neo4j` in _conf/neo4j.conf_ and replace _/home/neo4j_ with a path that has `exec` permissions. For _/bin/cypher-shell_, set this via an environment variable: `export JAVA_OPTS=-Djava.io.tmpdir=/home/neo4j` and replace `/home/neo4j` with a path that has `exec` permissions. + +For the Neo4j's uses of the Java Native Access (JNA) library, set `server.jvm.additional=-Djna.tmpdir=/tmp` in _conf/neo4j.conf_ and replace `/tmp` with a path that has `exec` permissions. ==== [[deployment-requirements-java]] From d4923af0f02045fc9af9281792afe53787dc6ed6 Mon Sep 17 00:00:00 2001 From: Phil Wright <95368282+phil198@users.noreply.github.com> Date: Mon, 25 Mar 2024 12:34:59 +0000 Subject: [PATCH 606/876] clarifying that DBMS privileges do not get backed up (#1501) DBMS-wide privileges do not get backed up when performing a database backup. This PR changes the docs entry of `neo4j-admin backup` to clarify this. --------- Co-authored-by: Reneta Popova --- modules/ROOT/pages/backup-restore/online-backup.adoc | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/backup-restore/online-backup.adoc b/modules/ROOT/pages/backup-restore/online-backup.adoc index 2b3694e48..0bf5e35da 100644 --- a/modules/ROOT/pages/backup-restore/online-backup.adoc +++ b/modules/ROOT/pages/backup-restore/online-backup.adoc @@ -141,7 +141,14 @@ the size of the produced artifact will be approximately equal to the size of bac - `all` - include both `roles` and `users`. - `none` - does not include any metadata. [NOTE] -`roles` and `users` that do not have database-related privileges are not included in the backup (e.g. those with only DBMS or no privileges). It is recommended to use `SHOW USERS` and `SHOW ROLES` to get the complete list of users and roles in these situations. +==== +Privileges specific to the DBMS and not to the backed-up database are not included in the backup. +For instance, `GRANT ROLE MANAGEMENT ON DBMS TO $role` will not be backed up. + +Accordingly, `roles` and `users` that do not have database-related privileges are not included in the backup (e.g. those with only DBMS or no privileges). + +It is recommended to use `SHOW USERS`, `SHOW ROLES`, and `SHOW ROLE $role PRIVILEGES AS COMMANDS` to get the complete list of users, roles and privileges in these situations. +==== |all |--inspect-path= From 4aee763532231a49fe075fcc41b1c536f1c61f93 Mon Sep 17 00:00:00 2001 From: Richard Sill <156673635+rsill-neo4j@users.noreply.github.com> Date: Tue, 26 Mar 2024 13:38:50 +0100 Subject: [PATCH 607/876] S3 URI support for admin database import and database load/dump (#1504) Added the 5.19 version info to the table texts. We could use version labels in suitable places instead. --- .../ROOT/pages/backup-restore/aggregate.adoc | 15 ++++++++++++++- .../pages/backup-restore/offline-backup.adoc | 16 ++++++++++++++-- .../pages/backup-restore/online-backup.adoc | 16 ++++++++++++++++ modules/ROOT/pages/backup-restore/planning.adoc | 2 +- .../pages/backup-restore/restore-backup.adoc | 13 +++++++++++++ .../ROOT/pages/backup-restore/restore-dump.adoc | 13 +++++++++++++ .../tools/neo4j-admin/consistency-checker.adoc | 7 +++++++ .../tools/neo4j-admin/neo4j-admin-import.adoc | 17 +++++++++++++++++ 8 files changed, 95 insertions(+), 4 deletions(-) diff --git a/modules/ROOT/pages/backup-restore/aggregate.adoc b/modules/ROOT/pages/backup-restore/aggregate.adoc index 6ac8af696..89464ad09 100644 --- a/modules/ROOT/pages/backup-restore/aggregate.adoc +++ b/modules/ROOT/pages/backup-restore/aggregate.adoc @@ -68,7 +68,7 @@ Aggregates a chain of backup artifacts into a single artifact. | |--from-path= -|Accepts either a path to a single artifact file or, a folder containing backup artifacts. +|Accepts either a path to a single artifact file or a folder containing backup artifacts. When a file is supplied, the __ parameter should be omitted. The option to supply a file is only available in Neo4j 5.2 and later. @@ -94,6 +94,13 @@ Consult Neo4j support before use. | |=== +[NOTE] +==== +As of Neo4j 5.19, the `--from-path=` option can also load backup artifacts from AWS S3 URIs. +Neo4j uses link:https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html[default AWS credentials] to access AWS S3 URIs. +==== + + [[aggregate-backup-example]] == Examples @@ -104,6 +111,12 @@ bin/neo4j-admin database aggregate-backup --from-path=/mnt/backups/ neo4j ---- The command first looks inside the `/mnt/backups/` directory for a backup chain for the database `neo4j`. If found, it is then aggregated into a single backup artifact. +.An example of how to perform aggregation of a set of backups located in a given folder for the `neo4j` database in an AWS S3 URI. +[source,shell] +---- +bin/neo4j-admin database aggregate-backup --from-path=s3://mnt/backups/ neo4j +---- + .An example of how to perform aggregation of a set of backups identified using a given backup file for the `neo4j` database. [source,shell] ---- diff --git a/modules/ROOT/pages/backup-restore/offline-backup.adoc b/modules/ROOT/pages/backup-restore/offline-backup.adoc index c67bb3763..fe44c4521 100644 --- a/modules/ROOT/pages/backup-restore/offline-backup.adoc +++ b/modules/ROOT/pages/backup-restore/offline-backup.adoc @@ -44,7 +44,7 @@ neo4j-admin database dump [-h] [--expand-commands] Dump a database into a single-file archive. The archive can be used by the load command. `` should be a directory (in which case a file called _.dump_ will be created), or `--to-stdout` can be supplied to use standard output. -If neither `--to-path` or `--to-stdout` is supplied `server.directories.dumps.root` setting will be used as a destination. +If neither `--to-path` or `--to-stdout` is supplied `server.directories.dumps.root` setting will be used as a destination. It is not possible to dump a database that is mounted in a running Neo4j server. === Parameters @@ -101,6 +101,11 @@ The `neo4j-admin database dump` command has the following options: | |=== +[NOTE] +==== +As of Neo4j 5.19, the `--to-path=` option can also dump databases to AWS S3 URIs. +Neo4j uses link:https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html[default AWS credentials] to access AWS S3 URIs. +==== [[offline-backup-example]] == Example @@ -115,8 +120,15 @@ bin/neo4j-admin database dump --to-path=/full/path/to/dumps/ The command creates a file called _.dump_ where `` is the database specified in the command. +The following is an example of how to create a dump in an AWS S3 URI, as of Neo4j 5.19. + +[source, shell, role="nocopy"] +---- +bin/neo4j-admin database dump --to-path=s3://full/path/to/aws-s3-dumps/ +---- + [NOTE] ==== `neo4j-admin database dump` cannot be applied to xref:database-administration/composite-databases/manage-composite-databases.adoc[Composite databases]. It must be run directly on the databases that are associated with that Composite database. -==== +==== \ No newline at end of file diff --git a/modules/ROOT/pages/backup-restore/online-backup.adoc b/modules/ROOT/pages/backup-restore/online-backup.adoc index 0bf5e35da..52775bfa1 100644 --- a/modules/ROOT/pages/backup-restore/online-backup.adoc +++ b/modules/ROOT/pages/backup-restore/online-backup.adoc @@ -183,6 +183,12 @@ If you want to force a full backup, use `FULL`. | |=== +[NOTE] +==== +As of Neo4j 5.19, the `--to-path=` option can also create backups in AWS S3 URIs. +Neo4j uses link:https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html[default AWS credentials] to access AWS S3 URIs. +==== + [[backup-command-exit-codes]] === Exit codes @@ -341,6 +347,16 @@ bin/neo4j-admin database backup --to-path=/path/to/backups/neo4j neo4j ---- ==== +.Perform a backup to an AWS S3 URI +==== +The following is an example of how to create a database backup in an AWS S3 URI, as of Neo4j 5.19. + +[source, shell,role=nocopy noplay] +---- +bin/neo4j-admin database backup --to-path=s3://path/to/backups/neo4j neo4j +---- +==== + .Perform a forced full backup of a single database. ==== If you want to force a full backup after several differential backups, you can use the `--type=full` option. diff --git a/modules/ROOT/pages/backup-restore/planning.adoc b/modules/ROOT/pages/backup-restore/planning.adoc index 901324fe0..98ca85edd 100644 --- a/modules/ROOT/pages/backup-restore/planning.adoc +++ b/modules/ROOT/pages/backup-restore/planning.adoc @@ -74,7 +74,7 @@ When using `neo4j-admin database backup` in a cluster, it is recommended to back ==== * `neo4j-admin database dump/load` –- used for performing offline dump and load operations. The database to be dumped must be in **offline** mode. -The dump command can only be invoked from the server command line and is suitable for environments, where downtime is not a factor. +The dump command can only be invoked from the server command line and is suitable for environments where downtime is not a factor. The command produces an archive file that follows the format _.dump_. * `neo4j-admin database copy` –- used for copying an offline database or backup. This command can be used for cleaning up database inconsistencies and reclaiming unused space. diff --git a/modules/ROOT/pages/backup-restore/restore-backup.adoc b/modules/ROOT/pages/backup-restore/restore-backup.adoc index 3d8e64174..73ee7b07d 100644 --- a/modules/ROOT/pages/backup-restore/restore-backup.adoc +++ b/modules/ROOT/pages/backup-restore/restore-backup.adoc @@ -115,6 +115,12 @@ Usage of this option is only allowed if the `--from-path` parameter points to ex | |=== +[NOTE] +==== +As of Neo4j 5.19, the `--from-path=` option can also load backups from AWS S3 URIs. +Neo4j uses link:https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html[default AWS credentials] to access AWS S3 URIs. +==== + [[restore-backup-example]] == Examples @@ -159,6 +165,13 @@ bin/neo4j-admin database restore --from-path=/path/to/backups/neo4j-2023-05-05T1 + The `--from-path=` argument must contain the path to the last backup of a chain, in this case, `neo4j-2023-06-29T14-51-33.backup`. + +As of Neo4j 5.19, `from-path=` can alternatively load an AWS S3 URI: ++ +[source, shell,role=nocopy noplay] +---- +bin/neo4j-admin database restore --from-path=s3:///path/to/backups/neo4j-2023-05-05T11-26-38.backup mydatabase +---- ++ [TIP] ==== If you want to restore several databases at once, you must stop them first and then you can alter the command by specifying a comma-separated list of paths to backup artifacts, and remove the `` parameter. diff --git a/modules/ROOT/pages/backup-restore/restore-dump.adoc b/modules/ROOT/pages/backup-restore/restore-dump.adoc index 818d01214..ffc9aff38 100644 --- a/modules/ROOT/pages/backup-restore/restore-dump.adoc +++ b/modules/ROOT/pages/backup-restore/restore-dump.adoc @@ -98,6 +98,12 @@ Can contain `*` and `?` for globbing. |Enable verbose output. |=== +[NOTE] +==== +As of Neo4j 5.19, the `--from-path=` option can also load databases from AWS S3 URIs. +Neo4j uses link:https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html[default AWS credentials] to access AWS S3 URIs. +==== + [[restore-dump-example]] == Example @@ -112,6 +118,13 @@ If you are not replacing an existing database, you must create the database (usi ./neo4j-admin database load --from-path=/full-path/data/dumps --overwrite-destination=true ---- +The following is an example of how to load the dump from an AWS S3 URI, as of Neo4j 5.19. + +[source,shell, role="nocopy"] +---- +./neo4j-admin database load --from-path=s3://full/path/to/aws-s3-dumps/ --overwrite-destination=true +---- + [TIP] ==== The command looks for a file called _.dump_ where `` is the database specified in the command. diff --git a/modules/ROOT/pages/tools/neo4j-admin/consistency-checker.adoc b/modules/ROOT/pages/tools/neo4j-admin/consistency-checker.adoc index b1adabb80..bb57dfd4e 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/consistency-checker.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/consistency-checker.adoc @@ -122,6 +122,13 @@ Value can be plain numbers, like `10000000` or e.g. `20G` for 20 gigabytes, or e | |=== +[NOTE] +==== +As of Neo4j 5.19, the `--from-path=` option can also check artifacts in AWS S3 URIs. +Neo4j uses link:https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html[default AWS credentials] to access AWS S3 URIs. +==== + + == Output If the consistency checker does not find errors, it exits cleanly and does not produce a report. diff --git a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc index 2d64849ea..d08b102a9 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc @@ -381,6 +381,13 @@ For example, `mydatabase --nodes 0-nodes.csv`. For example, `nodes 0-nodes.csv -- mydatabase`. ==== +[NOTE] +.Importing from AWS S3 URIs +==== +As of Neo4j 5.19, the `--nodes` and `--relationships` options can also import files from AWS S3 URIs. +Neo4j uses link:https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html[default AWS credentials] to access AWS S3 URIs. +==== + [[import-tool-examples]] === Examples @@ -436,6 +443,16 @@ neo4j_home$ bin/neo4j-admin database import full --nodes import/node_header.csv, ---- ==== +.Importing files from AWS S3 URIs +==== +The following is an example of how to import files from AWS S3 URIs, as of Neo4j 5.19. + +[source, shell, role=noplay] +---- +neo4j_home$ bin/neo4j-admin database import full --nodes s3://my-bucket/data/nodes.csv --relationships s3://my-bucket/data/relationships.csv newdb +---- +==== + [NOTE] ==== If importing to a database that has not explicitly been created prior to the import, it must be created subsequently in order to be used. From 87090ab0904b6df63590bd03f7ef268cb7b3534e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 26 Mar 2024 12:39:42 +0000 Subject: [PATCH 608/876] Bump the dev-dependencies group with 1 update (#1508) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the dev-dependencies group with 1 update: [express](https://github.com/expressjs/express). Updates `express` from 4.18.3 to 4.19.2
Release notes

Sourced from express's releases.

4.19.2

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.19.1...4.19.2

4.19.1

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.19.0...4.19.1

4.19.0

What's Changed

New Contributors

Full Changelog: https://github.com/expressjs/express/compare/4.18.3...4.19.0

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

  • Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

  • Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

  • Prevent open redirect allow list bypass due to encodeurl
  • deps: cookie@0.6.0
Commits
  • 04bc627 4.19.2
  • da4d763 Improved fix for open redirect allow list bypass
  • 4f0f6cc 4.19.1
  • a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
  • a1fa90f fixed un-edited version in history.md for 4.19.0
  • 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
  • 084e365 4.19.0
  • 0867302 Prevent open redirect allow list bypass due to encodeurl
  • 567c9c6 Add note on how to update docs for new release (#5541)
  • 69a4cf2 deps: cookie@0.6.0
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=express&package-manager=npm_and_yarn&previous-version=4.18.3&new-version=4.19.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 30 +++++++++++++++--------------- package.json | 2 +- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/package-lock.json b/package-lock.json index da8591cce..96e3fb90b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -20,7 +20,7 @@ "@neo4j-documentation/remote-include": "^1.0.0" }, "devDependencies": { - "express": "^4.18.3", + "express": "^4.19.2", "nodemon": "^3.1.0" } }, @@ -757,9 +757,9 @@ } }, "node_modules/cookie": { - "version": "0.5.0", - "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.5.0.tgz", - "integrity": "sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw==", + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz", + "integrity": "sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==", "dev": true, "engines": { "node": ">= 0.6" @@ -959,9 +959,9 @@ } }, "node_modules/express": { - "version": "4.18.3", - "resolved": "https://registry.npmjs.org/express/-/express-4.18.3.tgz", - "integrity": "sha512-6VyCijWQ+9O7WuVMTRBTl+cjNNIzD5cY5mQ1WM8r/LEkI2u8EYpOotESNwzNlyCn3g+dmjKYI6BmNneSr/FSRw==", + "version": "4.19.2", + "resolved": "https://registry.npmjs.org/express/-/express-4.19.2.tgz", + "integrity": "sha512-5T6nhjsT+EOMzuck8JjBHARTHfMht0POzlA60WV2pMD3gyXw2LZnZ+ueGdNxG+0calOJcWKbpFcuzLZ91YWq9Q==", "dev": true, "dependencies": { "accepts": "~1.3.8", @@ -969,7 +969,7 @@ "body-parser": "1.20.2", "content-disposition": "0.5.4", "content-type": "~1.0.4", - "cookie": "0.5.0", + "cookie": "0.6.0", "cookie-signature": "1.0.6", "debug": "2.6.9", "depd": "2.0.0", @@ -3610,9 +3610,9 @@ } }, "cookie": { - "version": "0.5.0", - "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.5.0.tgz", - "integrity": "sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw==", + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz", + "integrity": "sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==", "dev": true }, "cookie-signature": { @@ -3757,9 +3757,9 @@ "integrity": "sha512-mQw+2fkQbALzQ7V0MY0IqdnXNOeTtP4r0lN9z7AAawCXgqea7bDii20AYrIBrFd/Hx0M2Ocz6S111CaFkUcb0Q==" }, "express": { - "version": "4.18.3", - "resolved": "https://registry.npmjs.org/express/-/express-4.18.3.tgz", - "integrity": "sha512-6VyCijWQ+9O7WuVMTRBTl+cjNNIzD5cY5mQ1WM8r/LEkI2u8EYpOotESNwzNlyCn3g+dmjKYI6BmNneSr/FSRw==", + "version": "4.19.2", + "resolved": "https://registry.npmjs.org/express/-/express-4.19.2.tgz", + "integrity": "sha512-5T6nhjsT+EOMzuck8JjBHARTHfMht0POzlA60WV2pMD3gyXw2LZnZ+ueGdNxG+0calOJcWKbpFcuzLZ91YWq9Q==", "dev": true, "requires": { "accepts": "~1.3.8", @@ -3767,7 +3767,7 @@ "body-parser": "1.20.2", "content-disposition": "0.5.4", "content-type": "~1.0.4", - "cookie": "0.5.0", + "cookie": "0.6.0", "cookie-signature": "1.0.6", "debug": "2.6.9", "depd": "2.0.0", diff --git a/package.json b/package.json index bd48b3d87..d9a2ec354 100644 --- a/package.json +++ b/package.json @@ -30,7 +30,7 @@ "@neo4j-documentation/remote-include": "^1.0.0" }, "devDependencies": { - "express": "^4.18.3", + "express": "^4.19.2", "nodemon": "^3.1.0" }, "overrides": { From 2d834618aa45dedb281baec43ec40cd69559707c Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Tue, 26 Mar 2024 15:48:48 +0100 Subject: [PATCH 609/876] =?UTF-8?q?Fix=20the=20Deprecated=20label=20of=20t?= =?UTF-8?q?he=20cdc=20related=20procedures=20by=20adding=20v.n.=E2=80=A6?= =?UTF-8?q?=20(#1496)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit …5.17 --- modules/ROOT/pages/reference/procedures.adoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index 7a489642b..fc8ceee0d 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -782,7 +782,7 @@ Replaced by: `ALTER USER`. [[procedure_cdc_current]] -[role=label--new-5.13 label--beta label--deprecated--5.17] +[role=label--new-5.13 label--beta label--deprecated-5.17] .cdc.current() [cols="<15s,<85"] |=== @@ -799,7 +799,7 @@ a|xref:reference/procedures.adoc#procedure_db_cdc_current[`db.cdc.current()`] [[procedure_cdc_earliest]] -[role=label--new-5.13 label--beta label--deprecated--5.17] +[role=label--new-5.13 label--beta label--deprecated-5.17] .cdc.earliest() [cols="<15s,<85"] |=== @@ -816,7 +816,7 @@ a|xref:reference/procedures.adoc#procedure_db_cdc_earliest[`db.cdc.earliest()`] [[procedure_cdc_query]] -[role=label--new-5.13 label--beta label--deprecated--5.17 label--admin-only] +[role=label--new-5.13 label--beta label--deprecated-5.17 label--admin-only] .cdc.query() [cols="<15s,<85"] |=== From ac1c4da6e420f82e371ebfbde247f49f33a31c68 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 27 Mar 2024 10:53:15 +0000 Subject: [PATCH 610/876] make all mentions of NEO4J_HOME and /bin the same (#1500) Co-authored-by: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> --- .../password-and-user-recovery.adoc | 22 +++---- modules/ROOT/pages/backup-restore/modes.adoc | 10 +-- .../pages/backup-restore/restore-backup.adoc | 2 +- modules/ROOT/pages/clustering/databases.adoc | 2 +- .../pages/clustering/setup/encryption.adoc | 10 +-- .../pages/configuration/file-locations.adoc | 64 +++++++++---------- modules/ROOT/pages/configuration/plugins.adoc | 2 +- .../configuration/set-initial-password.adoc | 4 +- .../sharding-with-copy.adoc | 6 +- .../standard-databases/manage-databases.adoc | 2 +- .../database-internals/transaction-logs.adoc | 2 +- modules/ROOT/pages/docker/operations.adoc | 2 +- modules/ROOT/pages/index.adoc | 2 +- modules/ROOT/pages/installation/osx.adoc | 11 ++-- modules/ROOT/pages/installation/windows.adoc | 11 ++-- modules/ROOT/pages/monitoring/logging.adoc | 2 +- .../performance/memory-configuration.adoc | 8 +-- .../ROOT/pages/performance/space-reuse.adoc | 4 +- .../ROOT/pages/security/ssl-framework.adoc | 40 ++++++------ .../neo4j-admin/consistency-checker.adoc | 2 +- .../tools/neo4j-admin/neo4j-admin-import.adoc | 16 ++--- .../tools/neo4j-admin/neo4j-admin-report.adoc | 6 +- .../ROOT/pages/tools/neo4j-admin/unbind.adoc | 4 +- .../tools/neo4j-admin/upload-to-aura.adoc | 2 +- 24 files changed, 117 insertions(+), 119 deletions(-) diff --git a/modules/ROOT/pages/authentication-authorization/password-and-user-recovery.adoc b/modules/ROOT/pages/authentication-authorization/password-and-user-recovery.adoc index 3842a19d7..d90ad47c5 100644 --- a/modules/ROOT/pages/authentication-authorization/password-and-user-recovery.adoc +++ b/modules/ROOT/pages/authentication-authorization/password-and-user-recovery.adoc @@ -17,7 +17,7 @@ It specifically focuses on how to recover an admin user if all the admin users h + [source, shell] ---- -$ bin/neo4j stop +bin/neo4j stop ---- . Open the _neo4j.conf_ file and set `dbms.security.auth_enabled` parameter to `false` to disable the authentication: + @@ -51,7 +51,7 @@ server.default_listen_address=127.0.0.1 + [source, shell] ---- -$ bin/neo4j start +bin/neo4j start ---- ====== [.include-with-cluster] @@ -60,7 +60,7 @@ $ bin/neo4j start + [source, shell] ---- -$ bin/neo4j stop +bin/neo4j stop ---- + . On each member, open the _neo4j.conf_ file and modify the following settings: @@ -85,7 +85,7 @@ server.bolt.listen_address:127.0.0.1 + [source, shell] ---- -$ bin/neo4j start +bin/neo4j start ---- ====== ===== @@ -106,7 +106,7 @@ Alternatively, log into Neo4j Browser. + [source, shell] ---- -$ bin/cypher-shell -d system +bin/cypher-shell -d system ---- + [NOTE, role=label--cluster] @@ -144,7 +144,7 @@ Alternatively, log into Neo4j Browser. + [source, shell] ---- -$ bin/cypher-shell -d system +bin/cypher-shell -d system ---- + [NOTE, role=label--cluster] @@ -182,7 +182,7 @@ Alternatively, log into Neo4j Browser. + [source, shell] ---- -$ bin/cypher-shell -d system +bin/cypher-shell -d system ---- + [role=label--cluster] @@ -232,14 +232,14 @@ To grant the role to a user (assuming your existing user is named `neo4j`), you + [source, shell] ---- -$ bin/neo4j stop +bin/neo4j stop ---- . Enable the authentication and restore your Neo4j to its original configuration (See xref:authentication-authorization/password-and-user-recovery.adoc#disable-authentication[Disable authentication]). . Start Neo4j: + [source, shell] ---- -$ bin/neo4j start +bin/neo4j start ---- ====== [.include-with-cluster] @@ -248,7 +248,7 @@ $ bin/neo4j start + [source, shell] ---- -$ bin/neo4j stop +bin/neo4j stop ---- + . Enable the authentication and restore each cluster member to its original configuration (See xref:authentication-authorization/password-and-user-recovery.adoc#disable-authentication[Disable authentication]). @@ -256,7 +256,7 @@ $ bin/neo4j stop + [source, shell] ---- -$ bin/neo4j start +bin/neo4j start ---- ====== ===== diff --git a/modules/ROOT/pages/backup-restore/modes.adoc b/modules/ROOT/pages/backup-restore/modes.adoc index 756457612..20e90dd98 100644 --- a/modules/ROOT/pages/backup-restore/modes.adoc +++ b/modules/ROOT/pages/backup-restore/modes.adoc @@ -18,9 +18,9 @@ The full backup can be run against both an *online* (using `neo4j-admin database ==== [source,shell,role=nocopy] ---- -$neo4j-home> export HEAP_SIZE=2G -$neo4j-home> mkdir /mnt/backups -$neo4j-home> bin/neo4j-admin database backup --from=192.168.1.34 --to-path=/mnt/backups/neo4j --pagecache=4G neo4j +$NEO4J_HOME> export HEAP_SIZE=2G +$NEO4J_HOME> mkdir /mnt/backups +$NEO4J_HOME> bin/neo4j-admin database backup --from=192.168.1.34 --to-path=/mnt/backups/neo4j --pagecache=4G neo4j Doing full backup... 2017-02-01 14:09:09.510+0000 INFO [o.n.c.s.StoreCopyClient] Copying neostore.nodestore.db.labels 2017-02-01 14:09:09.537+0000 INFO [o.n.c.s.StoreCopyClient] Copied neostore.nodestore.db.labels 8.00 kB @@ -53,8 +53,8 @@ If the required transaction logs are not available on the backup server, then th ==== [source,shell,role=nocopy] ---- -$neo4j-home> export HEAP_SIZE=2G -$neo4j-home> bin/neo4j-admin database backup --from=192.168.1.34 --to-path=/mnt/backups/neo4j --pagecache=4G neo4j +$NEO4J_HOME> export HEAP_SIZE=2G +$NEO4J_HOME> bin/neo4j-admin database backup --from=192.168.1.34 --to-path=/mnt/backups/neo4j --pagecache=4G neo4j Destination is not empty, doing differential backup... Backup complete. ---- diff --git a/modules/ROOT/pages/backup-restore/restore-backup.adoc b/modules/ROOT/pages/backup-restore/restore-backup.adoc index 73ee7b07d..1c87e08fe 100644 --- a/modules/ROOT/pages/backup-restore/restore-backup.adoc +++ b/modules/ROOT/pages/backup-restore/restore-backup.adoc @@ -229,7 +229,7 @@ For more information, see xref:clustering/databases.adoc#cluster-seed[Designated If you have backed up a database with the option `--include-metadata`, you can manually restore the users and roles metadata. -From the __ directory, you run the Cypher script _data/scripts/databasename/restore_metadata.cypher_, which the `neo4j-admin database restore` command outputs, using xref:tools/cypher-shell.adoc[Cypher Shell]: +From the __ directory, you run the Cypher script _data/scripts/databasename/restore_metadata.cypher_, which the `neo4j-admin database restore` command outputs, using xref:tools/cypher-shell.adoc[Cypher Shell]: *Using `cat` (UNIX)* [source, shell, role=nocopy noplay] diff --git a/modules/ROOT/pages/clustering/databases.adoc b/modules/ROOT/pages/clustering/databases.adoc index 604d4feb3..7b15777f2 100644 --- a/modules/ROOT/pages/clustering/databases.adoc +++ b/modules/ROOT/pages/clustering/databases.adoc @@ -148,7 +148,7 @@ In this example, the `server01` member is used. + [source, shell] ---- -neo4j@neo4j$ ./bin/neo4j-admin database restore --from-path=/path/to/foo-backup-dir foo +bin/neo4j-admin database restore --from-path=/path/to/foo-backup-dir foo ---- . Find the server ID of `server01` by logging in to Cypher Shell and running `SHOW SERVERS`. Cross-reference the address to find the server ID. diff --git a/modules/ROOT/pages/clustering/setup/encryption.adoc b/modules/ROOT/pages/clustering/setup/encryption.adoc index bca2bf6d2..6797c775a 100644 --- a/modules/ROOT/pages/clustering/setup/encryption.adoc +++ b/modules/ROOT/pages/clustering/setup/encryption.adoc @@ -67,12 +67,12 @@ For this server, use the default configuration, create the appropriate directory [source, shell] ---- -$neo4j-home> mkdir certificates/cluster -$neo4j-home> mkdir certificates/cluster/trusted -$neo4j-home> mkdir certificates/cluster/revoked +$NEO4J_HOME> mkdir certificates/cluster +$NEO4J_HOME> mkdir certificates/cluster/trusted +$NEO4J_HOME> mkdir certificates/cluster/revoked -$neo4j-home> cp $some-dir/private.key certificates/cluster -$neo4j-home> cp $some-dir/public.crt certificates/cluster +$NEO4J_HOME> cp $some-dir/private.key certificates/cluster +$NEO4J_HOME> cp $some-dir/public.crt certificates/cluster ---- ==== diff --git a/modules/ROOT/pages/configuration/file-locations.adoc b/modules/ROOT/pages/configuration/file-locations.adoc index 07d363d0d..e30cd8964 100644 --- a/modules/ROOT/pages/configuration/file-locations.adoc +++ b/modules/ROOT/pages/configuration/file-locations.adoc @@ -31,8 +31,8 @@ File permissions:: Read only and execute. | Neo4j distribution | Default file location -| Linux / macOS / Docker | _/bin_ -| Windows | _\bin_ +| Linux / macOS / Docker | _/bin_ +| Windows | _\bin_ | Debian / RPM | _/usr/bin_ | Neo4j Desktop | From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_ and run `cd bin`. |=== @@ -49,8 +49,8 @@ File permissions:: Read only. | Neo4j distribution | Default file location -| Linux / macOS / Docker | _/certificates_ -| Windows | _\certificates_ +| Linux / macOS / Docker | _/certificates_ +| Windows | _\certificates_ | Debian / RPM | _/var/lib/neo4j/certificates_ | Neo4j Desktop| From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_ and run `cd certificates`. |=== @@ -68,12 +68,12 @@ File permissions:: Read only | Neo4j distribution | Default file location -| Linux / macOS / Docker | _/conf/neo4j.conf_ + - _/conf/server-logs.xml_ + - _/conf/user-log.xml_ -| Windows | _\conf\neo4j.conf_ + -_\conf\server-logs.xml_ + -_\conf\user-log.xml_ +| Linux / macOS / Docker | _/conf/neo4j.conf_ + + _/conf/server-logs.xml_ + + _/conf/user-log.xml_ +| Windows | _\conf\neo4j.conf_ + +_\conf\server-logs.xml_ + +_\conf\user-log.xml_ | Debian / RPM | _/etc/neo4j/neo4j.conf_ + _/etc/neo4j/server-logs.xml_ + _/etc/neo4j/user-log.xml_ @@ -93,8 +93,8 @@ File permissions:: Read and write. | Neo4j distribution | Default file location -| Linux / macOS / Docker | _/data_ -| Windows | _\data_ +| Linux / macOS / Docker | _/data_ +| Windows | _\data_ | Debian / RPM | _/var/lib/neo4j/data_ | Neo4j Desktop | From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd data`. |=== @@ -111,8 +111,8 @@ File permissions:: Read only | Neo4j distribution | Default file location -| Linux / macOS / Docker | _/import_ -| Windows | _\import_ +| Linux / macOS / Docker | _/import_ +| Windows | _\import_ | Debian / RPM | _/var/lib/neo4j/import_ | Neo4j Desktop | From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd import`. |=== @@ -130,8 +130,8 @@ File permissions:: Read only. | Neo4j distribution | Default file location -| Linux / macOS / Docker | _/labs_ -| Windows | _\labs_ +| Linux / macOS / Docker | _/labs_ +| Windows | _\labs_ | Debian / RPM | _/var/lib/neo4j/labs_ | Neo4j Desktop | From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd labs`. |=== @@ -148,8 +148,8 @@ File permissions:: Read only. | Neo4j distribution | Default file location -| Linux / macOS / Docker | _/lib_ -| Windows | _\lib_ +| Linux / macOS / Docker | _/lib_ +| Windows | _\lib_ | Debian / RPM | _/usr/share/neo4j/lib_ | Neo4j Desktop | From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd lib`. |=== @@ -166,8 +166,8 @@ File permissions:: Read only. | Neo4j distribution | Default file location -| Linux / macOS / Docker | _/licenses_ -| Windows | _\licenses_ +| Linux / macOS / Docker | _/licenses_ +| Windows | _\licenses_ | Debian / RPM | _/var/lib/neo4j/licenses_ | Neo4j Desktop | From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd licences`. |=== @@ -184,8 +184,8 @@ File permissions:: Read and write. | Neo4j distribution | Default file location -| Linux / macOS / Docker | _/logs_ footnote:[To view _neo4j.log_ in Docker, use xref:docker/mounting-volumes.adoc#docker-volumes-logs[`docker logs `].] -| Windows | _\logs_ +| Linux / macOS / Docker | _/logs_ footnote:[To view _neo4j.log_ in Docker, use xref:docker/mounting-volumes.adoc#docker-volumes-logs[`docker logs `].] +| Windows | _\logs_ | Debian / RPM | _/var/log/neo4j/_ footnote:[To view the neo4j.log for Debian and RPM, use `journalctl --unit=neo4j`.] | Neo4j Desktop | From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd logs`. |=== @@ -202,8 +202,8 @@ File permissions:: Read and write. | Neo4j distribution | Default file location -| Linux / macOS / Docker | _/metrics_ -| Windows | _\metrics_ +| Linux / macOS / Docker | _/metrics_ +| Windows | _\metrics_ | Debian / RPM | _/var/lib/neo4j/metrics_ | Neo4j Desktop | From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd metrics`. |=== @@ -220,8 +220,8 @@ File permissions:: Read only. | Neo4j distribution | Default file location -| Linux / macOS / Docker | _/plugins_ -| Windows | _\plugins_ +| Linux / macOS / Docker | _/plugins_ +| Windows | _\plugins_ | Debian / RPM | _/var/lib/neo4j/plugins_ | Neo4j Desktop | From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd plugins`. |=== @@ -239,8 +239,8 @@ File permissions:: Read only. | Neo4j distribution | Default file location -| Linux / macOS / Docker | _/products_ -| Windows | _\products_ +| Linux / macOS / Docker | _/products_ +| Windows | _\products_ | Debian / RPM | _/var/lib/neo4j/products_ | Neo4j Desktop | From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd products`. |=== @@ -257,8 +257,8 @@ File permissions:: Read and write. | Neo4j distribution | Default file location -| Linux / macOS / Docker | _/run_ -| Windows | _\run_ +| Linux / macOS / Docker | _/run_ +| Windows | _\run_ | Debian / RPM | _/var/lib/neo4j/run_ | Neo4j Desktop | From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_, and run `cd run`. |=== @@ -268,10 +268,10 @@ File permissions:: Read and write. == Customize your file locations The file locations can also be customized by using environment variables and options. -The locations of __ and _conf_ can be configured using environment variables: +The locations of __ and _conf_ can be configured using environment variables: [[table-file-locations-environment-variables]] -.Configuration of __ and _conf_ +.Configuration of __ and _conf_ [cols="4", options="header"] |=== | Location diff --git a/modules/ROOT/pages/configuration/plugins.adoc b/modules/ROOT/pages/configuration/plugins.adoc index 32955ffa8..cc79be98e 100644 --- a/modules/ROOT/pages/configuration/plugins.adoc +++ b/modules/ROOT/pages/configuration/plugins.adoc @@ -76,7 +76,7 @@ Here are the steps to enable the plugins: . Move or copy the plugins (_.jar files_) from _/products_ and _/labs_ to the _/plugins_ directory. See the table in xref:configuration/file-locations.adoc[File locations] for more information. -. Add the following lines in _$NEO4J_HOME/conf/neo4j.conf_: +. Add the following lines in _/conf/neo4j.conf_: + [source, properties] ---- diff --git a/modules/ROOT/pages/configuration/set-initial-password.adoc b/modules/ROOT/pages/configuration/set-initial-password.adoc index 46910315c..9bd277fe4 100644 --- a/modules/ROOT/pages/configuration/set-initial-password.adoc +++ b/modules/ROOT/pages/configuration/set-initial-password.adoc @@ -26,7 +26,7 @@ Use the xref:configuration/configuration-settings.adoc#config_config_dbms.securi Set the password for the native `neo4j` user to 'h6u4%krd' before starting the database for the first time. ---- -$neo4j-home> bin/neo4j-admin dbms set-initial-password h6u4%krd +bin/neo4j-admin dbms set-initial-password h6u4%krd ---- ==== @@ -36,6 +36,6 @@ $neo4j-home> bin/neo4j-admin dbms set-initial-password h6u4%krd Set the password for the native `neo4j` user to 'secretpassword' before starting the database for the first time. You will be prompted to change this password to one of your own choice at first login. ---- -$neo4j-home> bin/neo4j-admin dbms set-initial-password secretpassword --require-password-change +bin/neo4j-admin dbms set-initial-password secretpassword --require-password-change ---- ==== \ No newline at end of file diff --git a/modules/ROOT/pages/database-administration/composite-databases/sharding-with-copy.adoc b/modules/ROOT/pages/database-administration/composite-databases/sharding-with-copy.adoc index 8595e14cc..5338b14a0 100644 --- a/modules/ROOT/pages/database-administration/composite-databases/sharding-with-copy.adoc +++ b/modules/ROOT/pages/database-administration/composite-databases/sharding-with-copy.adoc @@ -32,7 +32,7 @@ _Shard 2_ and _Shard 3_ contain person data. + [source, shell] ---- -$neo4j-home> bin/neo4j-admin database copy neo4j shard1 \ +bin/neo4j-admin database copy neo4j shard1 \ --copy-only-nodes-with-labels=S1,SAll \ #<1> --skip-labels=S1,S2,S3,SAll #<2> ---- @@ -53,7 +53,7 @@ The resulting shard contains the following: + [source, shell] ---- -$neo4j-home> bin/neo4j-admin database copy neo4j shard2 \ +bin/neo4j-admin database copy neo4j shard2 \ --copy-only-nodes-with-labels=S2,SAll \ --skip-labels=S1,S2,S3,SAll \ --copy-only-node-properties=Team.id @@ -79,7 +79,7 @@ Observe that `--copy-only-node-properties` did not filter out `Person.name` sinc + [source, shell] ---- -$neo4j-home> bin/neo4j-admin database copy neo4j shard3 \ +bin/neo4j-admin database copy neo4j shard3 \ --copy-only-nodes-with-labels=S3,SAll \ --skip-labels=S1,S2,S3,SAll \ --skip-node-properties=Team.name,Team.mascot diff --git a/modules/ROOT/pages/database-administration/standard-databases/manage-databases.adoc b/modules/ROOT/pages/database-administration/standard-databases/manage-databases.adoc index d9b8654b8..557f78690 100644 --- a/modules/ROOT/pages/database-administration/standard-databases/manage-databases.adoc +++ b/modules/ROOT/pages/database-administration/standard-databases/manage-databases.adoc @@ -805,7 +805,7 @@ DROP DATABASE customers IF EXISTS [[manage-databases-dump]] === Use `DUMP DATA` or `DESTROY DATA` when deleting databases -You can request that a dump of the store files is produced first, and stored in the path configured using the `dbms.directories.dumps.root` setting (by default `/data/dumps`). +You can request that a dump of the store files be produced first, and stored in the path configured using the `dbms.directories.dumps.root` setting (by default _/data/dumps_). This can be achieved by appending `DUMP DATA` to the command (or `DESTROY DATA` to explicitly request the default behavior). These dumps are equivalent to those produced by `neo4j-admin dump` and can be similarly restored using `neo4j-admin load`. diff --git a/modules/ROOT/pages/database-internals/transaction-logs.adoc b/modules/ROOT/pages/database-internals/transaction-logs.adoc index 7464e7caa..57688d3ed 100644 --- a/modules/ROOT/pages/database-internals/transaction-logs.adoc +++ b/modules/ROOT/pages/database-internals/transaction-logs.adoc @@ -19,7 +19,7 @@ The transaction logging configuration is set per database and can be configured [[transaction-logging-log-location]] == Configure transaction log location -By default, transaction logs for a database are located at _/data/transactions/_. +By default, transaction logs for a database are located at _/data/transactions/_. The root directory where those folders are located is configured by xref:configuration/configuration-settings.adoc#config_server.directories.transaction.logs.root[`server.directories.transaction.logs.root`]. The value is a path. diff --git a/modules/ROOT/pages/docker/operations.adoc b/modules/ROOT/pages/docker/operations.adoc index c1f825e40..51f2f4e56 100644 --- a/modules/ROOT/pages/docker/operations.adoc +++ b/modules/ROOT/pages/docker/operations.adoc @@ -74,7 +74,7 @@ The following example shows how `neo4j-admin server memory-recommendation --dock ==== [source, shell] ---- -$neo4j-home> bin/neo4j-admin server memory-recommendation --memory=16g --docker +bin/neo4j-admin server memory-recommendation --memory=16g --docker ... ... diff --git a/modules/ROOT/pages/index.adoc b/modules/ROOT/pages/index.adoc index cdfb2b714..54f19d1e6 100644 --- a/modules/ROOT/pages/index.adoc +++ b/modules/ROOT/pages/index.adoc @@ -60,7 +60,7 @@ You can find more details there. * Log4j integration completion. + The logging framework is fully integrated with Log4j, providing more functionality and better control of all the database logs. + -Configuration settings are located in the `$NEO4J_HOME/conf` folder in the _user-logs.xml_ used for _neo4j.log_ and _server-logs.xml_ used for _debug.log_, _security.log_, _http.log_, and _query.log_. +Configuration settings are located in the `/conf` folder in the _user-logs.xml_ used for _neo4j.log_ and _server-logs.xml_ used for _debug.log_, _security.log_, _http.log_, and _query.log_. Query log uses the same format as _neo4j.log_. + Users are able to use/modify Log4j XML files. + See xref:monitoring/logging.adoc[the section on the logging mechanisms in Neo4j] for more details. diff --git a/modules/ROOT/pages/installation/osx.adoc b/modules/ROOT/pages/installation/osx.adoc index cfbcd5921..dff8c9a20 100644 --- a/modules/ROOT/pages/installation/osx.adoc +++ b/modules/ROOT/pages/installation/osx.adoc @@ -18,24 +18,23 @@ Select the appropriate tar.gz distribution for your platform. .. Ensure that the two are identical. . Extract the contents of the archive, using `tar -xf` . For example, `tar -xf neo4j-community-{neo4j-version-exact}-unix.tar.gz`. -. Place the extracted files in a permanent home on your server. -The top level directory is referred to as NEO4J_HOME. +. Place the extracted files in a permanent home on your server and set the environment variable `NEO4J_HOME` to point to the extracted directory, for example, `export NEO4J_HOME=/path/to/_` to make it easier to refer to it later. . From Neo4j 5.4 onwards, you are required to accept either the commercial or the evaluation license agreement before running the Neo4j Enterprise Edition. If you are using Community Edition, you can skip this step. * Use one of the following options to accept the commercial license agreement. See the link:https://neo4j.com/terms/licensing/[Neo4j licensing] page for details on the available agreements. + ** Set the environment variable `NEO4J_ACCEPT_LICENSE_AGREEMENT=yes`. -** Run `/bin/neo4j-admin server license --accept-commercial` +** Run `$NEO4J_HOME/bin/neo4j-admin server license --accept-commercial` * Use one of the following options to accept the link:https://neo4j.com/terms/enterprise_us/[Neo4j Evaluation Agreement for Neo4j Software]: + ** Set the environment variable `NEO4J_ACCEPT_LICENSE_AGREEMENT=eval`. -** Run `/bin/neo4j-admin server license --accept-evaluation`. +** Run `$NEO4J_HOME/bin/neo4j-admin server license --accept-evaluation`. . (Optional) Decouple the data and configuration directories from the binary files by setting the environment variable `NEO4J_CONF` and `server.directories.data` to point to the desired locations. Storing your data and configuration on a separate disk or partition can simplify the upgrade process later. . Start Neo4j: -* To run Neo4j as a console application, use: `/bin/neo4j console`. -* To run Neo4j in a background process, use: `/bin/neo4j start`. +* To run Neo4j as a console application, use: `$NEO4J_HOME/bin/neo4j console`. +* To run Neo4j in a background process, use: `$NEO4J_HOME/bin/neo4j start`. . Open http://localhost:7474 in your web browser. . Connect using the username `neo4j` with the default password `neo4j`. You will then be prompted to change the password. diff --git a/modules/ROOT/pages/installation/windows.adoc b/modules/ROOT/pages/installation/windows.adoc index d75d6fa8c..0cd910947 100644 --- a/modules/ROOT/pages/installation/windows.adoc +++ b/modules/ROOT/pages/installation/windows.adoc @@ -17,24 +17,23 @@ Select the appropriate ZIP distribution. .. Using the appropriate commands for your platform, display the `SHA-256` hash for the file that you downloaded. .. Ensure that the two are identical. . Right-click the downloaded file and click *Extract All*. -. Place the extracted files in a permanent home on your server, for example, _D:\neo4j\_. -The top-level directory is referred to as _NEO4J_HOME_. +. Place the extracted files in a permanent home on your server and set the environment variable `NEO4J_HOME` to point to the extracted directory, for example, `export NEO4J_HOME=/path/to/_` to make it easier to refer to it later. . From Neo4j 5.4 onwards, you are required to accept either the commercial or the evaluation license agreement before running the Neo4j Enterprise Edition. If you are using Community Edition, you can skip this step. * Use one of the following options to accept the commercial license agreement. See the link:https://neo4j.com/terms/licensing/[Neo4j licensing] page for details on the available agreements. + ** Set it as an environment variable using `set NEO4J_ACCEPT_LICENSE_AGREEMENT=yes`. -** Run `\bin\neo4j-admin server license --accept-commercial` +** Run `$NEO4J_HOME\bin\neo4j-admin server license --accept-commercial` * Use one of the following options to accept the link:https://neo4j.com/terms/enterprise_us/[Neo4j Evaluation Agreement for Neo4j Software]. + ** Set it as an environment variable using `set NEO4J_ACCEPT_LICENSE_AGREEMENT=eval`. -** Run `\bin\neo4j-admin server license --accept-evaluation`. +** Run `$NEO4J_HOME\bin\neo4j-admin server license --accept-evaluation`. . (Optional) Decouple the data and configuration directories from the binary files by setting the environment variable `NEO4J_CONF` and `server.directories.data` to point to the desired locations. Storing your data and configuration on a separate disk or partition can simplify the upgrade process later. . Start Neo4j: -* To run Neo4j as a console application, use: `\bin\neo4j console`. -* To install Neo4j as a service use: `\bin\neo4j windows-service install`. +* To run Neo4j as a console application, use: `$NEO4J_HOME\bin\neo4j console`. +* To install Neo4j as a service use: `$NEO4J_HOME\bin\neo4j windows-service install`. For additional commands and to learn about the Windows PowerShell module included in the Zip file, see xref:installation/windows.adoc#powershell[Windows PowerShell module]. . Open http://localhost:7474 in your web browser. . Connect using the username `neo4j` with the default password `neo4j`. diff --git a/modules/ROOT/pages/monitoring/logging.adoc b/modules/ROOT/pages/monitoring/logging.adoc index ebb4ebb9d..c2a0df8de 100644 --- a/modules/ROOT/pages/monitoring/logging.adoc +++ b/modules/ROOT/pages/monitoring/logging.adoc @@ -659,7 +659,7 @@ For available options, consult the documentation of the JVM distribution used. Neo4j provides security event logging that records all security events. The security log is enabled automatically when the configuration xref:configuration/configuration-settings.adoc#config_dbms.security.auth_enabled[`dbms.security.auth_enabled`] is set to `true` (which is the default). It ensures that all requests to Neo4j are authenticated. -For additional configuration of the security log, see _$NEO4J_HOME/conf/server-logs.xml_. +For additional configuration of the security log, see _/conf/server-logs.xml_. For native user management, the following actions are recorded: diff --git a/modules/ROOT/pages/performance/memory-configuration.adoc b/modules/ROOT/pages/performance/memory-configuration.adoc index 671f827e7..fb1fe9e85 100644 --- a/modules/ROOT/pages/performance/memory-configuration.adoc +++ b/modules/ROOT/pages/performance/memory-configuration.adoc @@ -102,7 +102,7 @@ Estimate the total size of the database files. [source, shell] ---- -$neo4j-home> bin/neo4j-admin server memory-recommendation +bin/neo4j-admin server memory-recommendation ... ... ... @@ -155,7 +155,7 @@ First, estimate the total size of data and indexes, and then multiply with some [source, shell] ---- -$neo4j-home> bin/neo4j-admin server memory-recommendation +bin/neo4j-admin server memory-recommendation ... ... ... @@ -184,7 +184,7 @@ When planning for a future database, it is useful to run an import with a fracti + [source, shell] ---- -$neo4j-home> bin/neo4j-admin server memory-recommendation +bin/neo4j-admin server memory-recommendation ... ... ... @@ -196,7 +196,7 @@ $neo4j-home> bin/neo4j-admin server memory-recommendation + [source, shell] ---- -$neo4j-home> bin/neo4j-admin server memory-recommendation +bin/neo4j-admin server memory-recommendation ... ... ... diff --git a/modules/ROOT/pages/performance/space-reuse.adoc b/modules/ROOT/pages/performance/space-reuse.adoc index 216a2549d..aeacaf3c5 100644 --- a/modules/ROOT/pages/performance/space-reuse.adoc +++ b/modules/ROOT/pages/performance/space-reuse.adoc @@ -61,7 +61,7 @@ Let's use the Cypher Shell command-line tool to add 100k nodes and then see how + [source, shell] ---- -$neo4j-home/bin$> ./cypher-shell -u neo4j -p +bin/cypher-shell -u neo4j -p ---- + [queryresult] @@ -169,7 +169,7 @@ Use the `system` database and stop the `neo4j` database before running the comma + [source, shell] ---- -$neo4j-home/bin$> ./neo4j-admin database copy neo4j neo4jcopy1 --compact-node-store --verbose +bin/neo4j-admin database copy neo4j neo4jcopy1 --compact-node-store --verbose ---- + [queryresult] diff --git a/modules/ROOT/pages/security/ssl-framework.adoc b/modules/ROOT/pages/security/ssl-framework.adoc index b62211ae2..de998d254 100644 --- a/modules/ROOT/pages/security/ssl-framework.adoc +++ b/modules/ROOT/pages/security/ssl-framework.adoc @@ -289,14 +289,14 @@ server.bolt.enabled=true (default is true) ---- . Set up the _bolt_ folder under _certificates_. -.. Create a directory _bolt_ under _/certificates_ folder: +.. Create a directory _bolt_ under _/certificates_ folder: + [source, shell] ---- mkdir certificates/bolt ---- -.. Create a directory _trusted_ and _revoked_ under _/certificates/bolt_ folder: +.. Create a directory _trusted_ and _revoked_ under _/certificates/bolt_ folder: + [source, shell] ---- @@ -304,20 +304,20 @@ mkdir certificates/bolt/trusted mkdir certificates/bolt/revoked ---- -. Place the certificates _private.key_ and the _public.crt_ files under _/certificates/bolt_ folder: +. Place the certificates _private.key_ and the _public.crt_ files under _/certificates/bolt_ folder: + [source, shell] ---- cp /path/to/certs/private.key certificates/bolt cp /path/to/certs/public.crt certificates/bolt ---- -. Place the _public.crt_ file under the _/certificates/bolt/trusted_ folder. +. Place the _public.crt_ file under the _/certificates/bolt/trusted_ folder. + [source, shell] ---- cp /path/to/certs/public.crt certificates/bolt/trusted ---- -. (Optional) If a particular certificate is revoked, then place it under _/certificates/bolt/revoked_ folder. +. (Optional) If a particular certificate is revoked, then place it under _/certificates/bolt/revoked_ folder. + [source, shell] ---- @@ -517,14 +517,14 @@ server.https.enabled=true (default is false) ---- . Set up the _https_ folder under _certificates_. -.. Create a directory _https_ under _/certificates_ folder: +.. Create a directory _https_ under _/certificates_ folder: + [source, shell] ---- mkdir certificates/https ---- -.. Create a directory _trusted_ and _revoked_ under _/certificates/https_ folder: +.. Create a directory _trusted_ and _revoked_ under _/certificates/https_ folder: + [source, shell] ---- @@ -532,20 +532,20 @@ mkdir certificates/https/trusted mkdir certificates/https/revoked ---- -. Place the certificates _private.key_ and the _public.crt_ files under _/certificates/https_ folder: +. Place the certificates _private.key_ and the _public.crt_ files under _/certificates/https_ folder: + [source, shell] ---- cp /path/to/certs/private.key certificates/https cp /path/to/certs/public.crt certificates/https ---- -. Place the _public.crt_ file under the _/certificates/https/trusted_ folder. +. Place the _public.crt_ file under the _/certificates/https/trusted_ folder. + [source, shell] ---- cp /path/to/certs/public.crt certificates/https/trusted ---- -. (Optional) If a particular certificate is revoked, then place it under _/certificates/https/revoked_ folder. +. (Optional) If a particular certificate is revoked, then place it under _/certificates/https/revoked_ folder. + [source, shell] ---- @@ -670,14 +670,14 @@ To set up intra-cluster encryption, on each server create the folder structure a Then, you need to configure the SSL cluster policies in the _neo4j.conf_ file and test that the intra-cluster communication is encrypted. . Set up the _cluster_ folder under _certificates_. -.. Create a directory _cluster_ under_/certificates_ folder: +.. Create a directory _cluster_ under_/certificates_ folder: + [source, shell] ---- mkdir certificates/cluster ---- -.. Create a directory _trusted_ and _revoked_ under _/certificates/cluster_ folder: +.. Create a directory _trusted_ and _revoked_ under _/certificates/cluster_ folder: + [source, shell] ---- @@ -685,14 +685,14 @@ mkdir certificates/cluster/trusted mkdir certificates/cluster/revoked ---- -. Place the certificates _private.key_ and the _public.crt_ files under _/certificates/cluster_ folder: +. Place the certificates _private.key_ and the _public.crt_ files under _/certificates/cluster_ folder: + [source, shell] ---- cp /path/to/certs/private.key certificates/cluster cp /path/to/certs/public.crt certificates/cluster ---- -. Place the _public.crt_ file under the _/certificates/cluster/trusted_ folder. +. Place the _public.crt_ file under the _/certificates/cluster/trusted_ folder. + [source, shell] ---- @@ -704,7 +704,7 @@ cp /path/to/certs/public.crt certificates/cluster/trusted If each server has a certificate of its own, signed by a CA, then each server's public certificate has to be put in the _trusted_ folder on each instance of the cluster. Thus, the servers are able to establish trust relationships with each other. ==== -. (Optional) If a particular certificate is revoked, then place it under _/certificates/cluster/revoked_ folder. +. (Optional) If a particular certificate is revoked, then place it under _/certificates/cluster/revoked_ folder. + [source, shell] ---- @@ -840,14 +840,14 @@ To set up SSL for backup communication, create the folder structure and place th Then, you need to configure the SSL backup policies in the _neo4j.conf_ file. . Set up the _backup_ folder under _certificates_. -.. Create a directory _backup_ under _/certificates_ folder: +.. Create a directory _backup_ under _/certificates_ folder: + [source, shell] ---- mkdir certificates/backup ---- -.. Create a directory _trusted_ and _revoked_ under _/certificates/backup_ folder: +.. Create a directory _trusted_ and _revoked_ under _/certificates/backup_ folder: + [source, shell] ---- @@ -855,20 +855,20 @@ mkdir certificates/backup/trusted mkdir certificates/backup/revoked ---- -. Place the certificates _private.key_ and the _public.crt_ files under _/certificates/backup_ folder: +. Place the certificates _private.key_ and the _public.crt_ files under _/certificates/backup_ folder: + [source, shell] ---- cp /path/to/certs/private.key certificates/backup cp /path/to/certs/public.crt certificates/backup ---- -. Place the _public.crt_ file under the _/certificates/backup/trusted_ folder. +. Place the _public.crt_ file under the _/certificates/backup/trusted_ folder. + [source, shell] ---- cp /path/to/certs/public.crt certificates/backup/trusted ---- -. (Optional) If a particular certificate is revoked, then place it under _/certificates/backup/revoked_ folder. +. (Optional) If a particular certificate is revoked, then place it under _/certificates/backup/revoked_ folder. + [source, shell] ---- diff --git a/modules/ROOT/pages/tools/neo4j-admin/consistency-checker.adoc b/modules/ROOT/pages/tools/neo4j-admin/consistency-checker.adoc index bb57dfd4e..b0b56898d 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/consistency-checker.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/consistency-checker.adoc @@ -142,7 +142,7 @@ The location of the report file is the current working directory, or as specifie Note that the database must be stopped first. ---- -$neo4j-home> bin/neo4j-admin database check neo4j +bin/neo4j-admin database check neo4j Running consistency check with max off-heap:618.6MiB Store size:160.0KiB diff --git a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc index d08b102a9..ebabc440e 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc @@ -408,7 +408,7 @@ The following command imports the three datasets: [source, shell, role=noplay] ---- -neo4j_home$ bin/neo4j-admin database import full --nodes import/movies_header.csv,import/movies.csv \ +bin/neo4j-admin database import full --nodes import/movies_header.csv,import/movies.csv \ --nodes import/actors_header.csv,import/actors.csv \ --relationships import/roles_header.csv,import/roles.csv ---- @@ -426,7 +426,7 @@ For example: [source, shell, role=noplay] ---- -neo4j_home$ bin/neo4j-admin database import full --nodes import/node_header.csv,import/node_data_\d+\.csv +bin/neo4j-admin database import full --nodes import/node_header.csv,import/node_data_\d+\.csv ---- ==== @@ -439,7 +439,7 @@ For example: [source, shell, role=noplay] ---- -neo4j_home$ bin/neo4j-admin database import full --nodes import/node_header.csv,'import/node_data_\d{1,5}.csv' databasename +bin/neo4j-admin database import full --nodes import/node_header.csv,'import/node_data_\d{1,5}.csv' databasename ---- ==== @@ -799,7 +799,7 @@ This option requires the database to be stopped. ---- neo4j@system> STOP DATABASE db1 WAIT; ... -$ bin/neo4j-admin database import incremental --stage=all --nodes=N1=../../raw-data/incremental-import/b.csv db1 +bin/neo4j-admin database import incremental --stage=all --nodes=N1=../../raw-data/incremental-import/b.csv db1 ---- ==== @@ -825,7 +825,7 @@ neo4j@system> STOP DATABASE db1 WAIT; + [source, shell, role=noplay] ---- -$ bin/neo4j-admin database import incremental --stage=prepare --nodes=N1=../../raw-data/incremental-import/c.csv db1 +bin/neo4j-admin database import incremental --stage=prepare --nodes=N1=../../raw-data/incremental-import/c.csv db1 ---- . `build` stage: + @@ -843,7 +843,7 @@ ALTER DATABASE db1 SET ACCESS READ ONLY; + [source, shell, role=noplay] ---- -$ bin/neo4j-admin database import incremental --stage=build --nodes=N1=../../raw-data/incremental-import/c.csv db1 +bin/neo4j-admin database import incremental --stage=build --nodes=N1=../../raw-data/incremental-import/c.csv db1 ---- . `merge` stage: + @@ -862,7 +862,7 @@ neo4j@system> STOP DATABASE db1 WAIT; + [source, shell, role=noplay] ---- -$ bin/neo4j-admin database import incremental --stage=merge db1 +bin/neo4j-admin database import incremental --stage=merge db1 ---- ==== @@ -1356,7 +1356,7 @@ actors-header.csv actors.csv.zip movies-header.csv movies.csv.gz roles-heade [source, sh] ---- -neo4j_home$ bin/neo4j-admin database import --nodes import/movies-header.csv,import/movies.csv.gz --nodes import/actors-header.csv,import/actors.csv.zip --relationships import/roles-header.csv,import/roles.csv.gz +bin/neo4j-admin database import --nodes import/movies-header.csv,import/movies.csv.gz --nodes import/actors-header.csv,import/actors.csv.zip --relationships import/roles-header.csv,import/roles.csv.gz ---- ==== diff --git a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-report.adoc b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-report.adoc index b53230f9d..cd747fec7 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-report.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-report.adoc @@ -181,7 +181,7 @@ The following command gathers information about the Neo4j instance using the def [source, shell] ---- -$neo4j-home> bin/neo4j-admin server report +bin/neo4j-admin server report ---- ==== @@ -192,7 +192,7 @@ The following command gathers information about the Neo4j instance using all cla [source, shell] ---- -$neo4j-home> bin/neo4j-admin server report --to-path=./report all +bin/neo4j-admin server report --to-path=./report all ---- ==== @@ -203,6 +203,6 @@ The following command gathers only logs and thread dumps from the running Neo4j [source, shell] ---- -$neo4j-home> bin/neo4j-admin server report --to-path=./report threads logs +bin/neo4j-admin server report --to-path=./report threads logs ---- ==== diff --git a/modules/ROOT/pages/tools/neo4j-admin/unbind.adoc b/modules/ROOT/pages/tools/neo4j-admin/unbind.adoc index 3020bf291..980399075 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/unbind.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/unbind.adoc @@ -66,7 +66,7 @@ You can use the `neo4j-admin server unbind` command to remove the cluster state === Remove the cluster state of a server -To remove the cluster state of a server, run the `neo4j-admin server unbind` command from the __ folder of that server. +To remove the cluster state of a server, run the `neo4j-admin server unbind` command from the __ folder of that server. When restarted, an unbound server rejoins the cluster as a new server and has to be enabled using the `ENABLE SERVER` command. [WARNING] @@ -83,7 +83,7 @@ To start the Neo4j server in single (standalone) mode after unbinding it from th === Archive cluster state -If something goes wrong and debugging is needed, you can archive the cluster state, from the __ folder, run the `neo4j-admin server unbind` command with the arguments `--archive-cluster-state=true` and `--archive-path=`: +If something goes wrong and debugging is needed, you can archive the cluster state, from the __ folder, run the `neo4j-admin server unbind` command with the arguments `--archive-cluster-state=true` and `--archive-path=`: [source, shell] ---- diff --git a/modules/ROOT/pages/tools/neo4j-admin/upload-to-aura.adoc b/modules/ROOT/pages/tools/neo4j-admin/upload-to-aura.adoc index 43944600c..7e19a6b4f 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/upload-to-aura.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/upload-to-aura.adoc @@ -140,7 +140,7 @@ Please https://aura.support.neo4j.com/hc/en-us/requests/new[raise a support tick [source, shell,role=nocopy] ---- -$neo4j-home> bin/neo4j-admin database upload --from-path= --to-uri= --overwrite-destination=true +bin/neo4j-admin database upload --from-path= --to-uri= --overwrite-destination=true Neo4j cloud database user name: neo4j Neo4j cloud database password: Upload From 115860e48a24c3967305dd11303361b1931c6c98 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 27 Mar 2024 16:51:03 +0000 Subject: [PATCH 611/876] A few more neo4j-admin paths (#1512) --- modules/ROOT/pages/backup-restore/modes.adoc | 10 +++++----- .../ROOT/pages/backup-restore/online-backup.adoc | 6 +++--- .../ROOT/pages/backup-restore/restore-dump.adoc | 6 +++--- .../ROOT/pages/clustering/disaster-recovery.adoc | 14 +++++++------- .../pages/clustering/setup/single-to-cluster.adoc | 2 +- .../pages/database-internals/store-formats.adoc | 8 ++++---- .../tools/neo4j-admin/migrate-configuration.adoc | 2 +- .../pages/tools/neo4j-admin/migrate-database.adoc | 2 +- .../tools/neo4j-admin/neo4j-admin-import.adoc | 8 ++++---- 9 files changed, 29 insertions(+), 29 deletions(-) diff --git a/modules/ROOT/pages/backup-restore/modes.adoc b/modules/ROOT/pages/backup-restore/modes.adoc index 20e90dd98..f1105bb9c 100644 --- a/modules/ROOT/pages/backup-restore/modes.adoc +++ b/modules/ROOT/pages/backup-restore/modes.adoc @@ -18,9 +18,9 @@ The full backup can be run against both an *online* (using `neo4j-admin database ==== [source,shell,role=nocopy] ---- -$NEO4J_HOME> export HEAP_SIZE=2G -$NEO4J_HOME> mkdir /mnt/backups -$NEO4J_HOME> bin/neo4j-admin database backup --from=192.168.1.34 --to-path=/mnt/backups/neo4j --pagecache=4G neo4j +export HEAP_SIZE=2G +mkdir /mnt/backups +bin/neo4j-admin database backup --from=192.168.1.34 --to-path=/mnt/backups/neo4j --pagecache=4G neo4j Doing full backup... 2017-02-01 14:09:09.510+0000 INFO [o.n.c.s.StoreCopyClient] Copying neostore.nodestore.db.labels 2017-02-01 14:09:09.537+0000 INFO [o.n.c.s.StoreCopyClient] Copied neostore.nodestore.db.labels 8.00 kB @@ -53,8 +53,8 @@ If the required transaction logs are not available on the backup server, then th ==== [source,shell,role=nocopy] ---- -$NEO4J_HOME> export HEAP_SIZE=2G -$NEO4J_HOME> bin/neo4j-admin database backup --from=192.168.1.34 --to-path=/mnt/backups/neo4j --pagecache=4G neo4j +export HEAP_SIZE=2G +bin/neo4j-admin database backup --from=192.168.1.34 --to-path=/mnt/backups/neo4j --pagecache=4G neo4j Destination is not empty, doing differential backup... Backup complete. ---- diff --git a/modules/ROOT/pages/backup-restore/online-backup.adoc b/modules/ROOT/pages/backup-restore/online-backup.adoc index 52775bfa1..2cf25408c 100644 --- a/modules/ROOT/pages/backup-restore/online-backup.adoc +++ b/modules/ROOT/pages/backup-restore/online-backup.adoc @@ -186,8 +186,8 @@ If you want to force a full backup, use `FULL`. [NOTE] ==== As of Neo4j 5.19, the `--to-path=` option can also create backups in AWS S3 URIs. -Neo4j uses link:https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html[default AWS credentials] to access AWS S3 URIs. -==== +Neo4j uses link:https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html[default AWS credentials] to access AWS S3 URIs. +==== [[backup-command-exit-codes]] === Exit codes @@ -374,6 +374,6 @@ For example, to backup all databases that start with *n* from your three-node cl [source, shell,role=nocopy noplay] ---- -neo4j-admin database backup --from=192.168.1.34:6362,192.168.1.35:6362,192.168.1.36:6362 --to-path=/mnt/backups/neo4j --pagecache=4G "n*" +bin/neo4j-admin database backup --from=192.168.1.34:6362,192.168.1.35:6362,192.168.1.36:6362 --to-path=/mnt/backups/neo4j --pagecache=4G "n*" ---- ==== \ No newline at end of file diff --git a/modules/ROOT/pages/backup-restore/restore-dump.adoc b/modules/ROOT/pages/backup-restore/restore-dump.adoc index ffc9aff38..60e9aa9d4 100644 --- a/modules/ROOT/pages/backup-restore/restore-dump.adoc +++ b/modules/ROOT/pages/backup-restore/restore-dump.adoc @@ -101,7 +101,7 @@ Can contain `*` and `?` for globbing. [NOTE] ==== As of Neo4j 5.19, the `--from-path=` option can also load databases from AWS S3 URIs. -Neo4j uses link:https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html[default AWS credentials] to access AWS S3 URIs. +Neo4j uses link:https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html[default AWS credentials] to access AWS S3 URIs. ==== [[restore-dump-example]] @@ -115,14 +115,14 @@ If you are not replacing an existing database, you must create the database (usi [source,shell, role="nocopy"] ---- -./neo4j-admin database load --from-path=/full-path/data/dumps --overwrite-destination=true +bin/neo4j-admin database load --from-path=/full-path/data/dumps --overwrite-destination=true ---- The following is an example of how to load the dump from an AWS S3 URI, as of Neo4j 5.19. [source,shell, role="nocopy"] ---- -./neo4j-admin database load --from-path=s3://full/path/to/aws-s3-dumps/ --overwrite-destination=true +bin/neo4j-admin database load --from-path=s3://full/path/to/aws-s3-dumps/ --overwrite-destination=true ---- [TIP] diff --git a/modules/ROOT/pages/clustering/disaster-recovery.adoc b/modules/ROOT/pages/clustering/disaster-recovery.adoc index fb7cdfe02..a8a24b69a 100644 --- a/modules/ROOT/pages/clustering/disaster-recovery.adoc +++ b/modules/ROOT/pages/clustering/disaster-recovery.adoc @@ -34,7 +34,7 @@ Consequently, in a disaster where multiple servers go down, some databases may k There are three main steps to recover a cluster from a disaster. Depending on the disaster scenario, some steps may not be required, but it is recommended to complete each step in order to ensure that the cluster is fully operational. -The first step is to ensure that the `system` database is available in the cluster. +The first step is to ensure that the `system` database is available in the cluster. The `system` database defines the configuration for the other databases and therefore it is vital to ensure that it is available before doing anything else. Once the `system` database's availability is verified, whether it was recovered or unaffected by the disaster, the next step is to recover lost servers to make sure the cluster's topology requirements are met. @@ -91,16 +91,16 @@ This is required since the current `system` database has lost too many members i .. Shut down the Neo4j process on all servers. Note that this causes downtime for all databases in the cluster. -.. On each server, run the following `neo4j-admin` command `neo4j-admin dbms unbind-system-db` to reset the `system` database state on the servers. +.. On each server, run the following `neo4j-admin` command `bin/neo4j-admin dbms unbind-system-db` to reset the `system` database state on the servers. See xref:tools/neo4j-admin/index.adoc#neo4j-admin-commands[`neo4j-admin` commands] for more information. -.. On each server, run the following `neo4j-admin` command `neo4j-admin database info system` to find out which server is most up-to-date, ie. has the highest last-committed transaction id. -.. On the most up-to-date server, take a dump of the current `system` database by running `neo4j-admin database dump system --to-path=[path-to-dump]` and store the dump in an accessible location. +.. On each server, run the following `neo4j-admin` command `bin/neo4j-admin database info system` to find out which server is most up-to-date, ie. has the highest last-committed transaction id. +.. On the most up-to-date server, take a dump of the current `system` database by running `bin/neo4j-admin database dump system --to-path=[path-to-dump]` and store the dump in an accessible location. See xref:tools/neo4j-admin/index.adoc#neo4j-admin-commands[`neo4j-admin` commands] for more information. .. Ensure there are enough `system` database primaries to create the new `system` database with fault tolerance. Either: ... Add completely new servers (see xref:clustering/servers.adoc#cluster-add-server[Add a server to the cluster]) or ... Change the `system` database mode (`server.cluster.system_database_mode`) on the current `system` database's secondary servers to allow them to be primaries for the new `system` database. -.. On each server, run `neo4j-admin database load system --from-path=[path-to-dump] --overwrite-destination=true` to load the current `system` database dump. +.. On each server, run `bin/neo4j-admin database load system --from-path=[path-to-dump] --overwrite-destination=true` to load the current `system` database dump. .. Ensure that `dbms.cluster.discovery.endpoints` are set correctly on all servers, see xref:clustering/setup/discovery.adoc[Cluster server discovery] for more information. .. Return to step 1. @@ -121,8 +121,8 @@ If *all* servers show health `AVAILABLE` and status `ENABLED` continue to xref:c + or + -`Could not deallocate server(s) [server]. -Database [database] has lost quorum of servers, only found [existing number of primaries] of [expected number of primaries]. +`Could not deallocate server(s) [server]. +Database [database] has lost quorum of servers, only found [existing number of primaries] of [expected number of primaries]. Cannot be safely reallocated.` + First ensure that there is a backup for the database in question (see xref:backup-restore/online-backup.adoc[Online backup]), and then drop the database by running `DROP DATABASE database-name`. diff --git a/modules/ROOT/pages/clustering/setup/single-to-cluster.adoc b/modules/ROOT/pages/clustering/setup/single-to-cluster.adoc index 838120d35..408b06d22 100644 --- a/modules/ROOT/pages/clustering/setup/single-to-cluster.adoc +++ b/modules/ROOT/pages/clustering/setup/single-to-cluster.adoc @@ -44,7 +44,7 @@ Use the `neo4j-admin database load` command to load the `system` database dump f [source,shell, role="nocopy"] ---- -./neo4j-admin database load --from-path=/full-path/data/dumps system +bin/neo4j-admin database load --from-path=/full-path/data/dumps system ---- See xref:backup-restore/restore-dump.adoc[] for more information on the load command. diff --git a/modules/ROOT/pages/database-internals/store-formats.adoc b/modules/ROOT/pages/database-internals/store-formats.adoc index 2ddbc1585..54c33414f 100644 --- a/modules/ROOT/pages/database-internals/store-formats.adoc +++ b/modules/ROOT/pages/database-internals/store-formats.adoc @@ -37,7 +37,7 @@ For example: [source,shell] ---- -neo4j-admin database import full ... --format=block blockdb +bin/neo4j-admin database import full ... --format=block blockdb ---- //There are several ways to create a new database in a specific store format: @@ -78,7 +78,7 @@ For example: + [source,shell] ---- -neo4j-admin database migrate --to-format="block" mydb +bin/neo4j-admin database migrate --to-format="block" mydb ---- + * Pass the new store format as an argument when using the xref:backup-restore/copy-database.adoc[`neo4j-admin database copy`] command to create a copy of an existing database. @@ -86,7 +86,7 @@ For example: + [source,shell] ---- -neo4j-admin database copy --to-format="block" mydb blockdb +bin/neo4j-admin database copy --to-format="block" mydb blockdb ---- . After the successful completion, start the database using the Cypher command `START DATABASE mydb`. @@ -112,7 +112,7 @@ For example: + [source,shell] ---- -neo4j-admin database backup mydb --to-path=/path/to/your-backup-folder --include-metadata=all +bin/neo4j-admin database backup mydb --to-path=/path/to/your-backup-folder --include-metadata=all ---- . Back in Cypher Shell, drop the database to delete it and all users and roles associated with it: + diff --git a/modules/ROOT/pages/tools/neo4j-admin/migrate-configuration.adoc b/modules/ROOT/pages/tools/neo4j-admin/migrate-configuration.adoc index a5274c7fd..4da523c86 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/migrate-configuration.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/migrate-configuration.adoc @@ -57,7 +57,7 @@ The following example shows how to migrate a legacy configuration file to the cu [source, shell, subs="attributes+"] ---- -$ neo4j-admin server migrate-configuration --from-path=/path/to/legacy/neo4j-enterprise-4.4.10/conf/ --to-path=/path/to/new/neo4j-enterprise-{neo4j-version-exact}/conf/ +bin/neo4j-admin server migrate-configuration --from-path=/path/to/legacy/neo4j-enterprise-4.4.10/conf/ --to-path=/path/to/new/neo4j-enterprise-{neo4j-version-exact}/conf/ ---- .Example output diff --git a/modules/ROOT/pages/tools/neo4j-admin/migrate-database.adoc b/modules/ROOT/pages/tools/neo4j-admin/migrate-database.adoc index e82625530..0101f1c94 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/migrate-database.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/migrate-database.adoc @@ -93,7 +93,7 @@ The following example migrates the `movies` database to the latest known combina [source, shell, subs="attributes+"] ---- -neo4j-admin database migrate --to-format=high_limit movies +bin/neo4j-admin database migrate --to-format=high_limit movies ---- .Example output diff --git a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc index ebabc440e..aa495f3eb 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-import.adoc @@ -345,7 +345,7 @@ This is achieved by using the `format` option of the import command and setting [source, shell] -- -neo4j-admin database import full --format=high_limit +bin/neo4j-admin database import full --format=high_limit -- The `high_limit` format is available for Enterprise Edition only. @@ -360,7 +360,7 @@ For example, the following command: [source, shell] ---- -neo4j-admin database import full @/path/to/your/ mydb +bin/neo4j-admin database import full @/path/to/your/ mydb ---- For more information, see link:https://picocli.info/#AtFiles[Picocli -> AtFiles] official documentation. ==== @@ -385,7 +385,7 @@ For example, `nodes 0-nodes.csv -- mydatabase`. .Importing from AWS S3 URIs ==== As of Neo4j 5.19, the `--nodes` and `--relationships` options can also import files from AWS S3 URIs. -Neo4j uses link:https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html[default AWS credentials] to access AWS S3 URIs. +Neo4j uses link:https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html[default AWS credentials] to access AWS S3 URIs. ==== @@ -449,7 +449,7 @@ The following is an example of how to import files from AWS S3 URIs, as of Neo4j [source, shell, role=noplay] ---- -neo4j_home$ bin/neo4j-admin database import full --nodes s3://my-bucket/data/nodes.csv --relationships s3://my-bucket/data/relationships.csv newdb +bin/neo4j-admin database import full --nodes s3://my-bucket/data/nodes.csv --relationships s3://my-bucket/data/relationships.csv newdb ---- ==== From 7f29328c8c0c02752e23cadd46b5da3c2f0ccb58 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 27 Mar 2024 18:25:54 +0000 Subject: [PATCH 612/876] Improve the dump page and add default location for the dumps (#1498) Co-authored-by: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> --- .../ROOT/pages/backup-restore/offline-backup.adoc | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/modules/ROOT/pages/backup-restore/offline-backup.adoc b/modules/ROOT/pages/backup-restore/offline-backup.adoc index fe44c4521..afede58cd 100644 --- a/modules/ROOT/pages/backup-restore/offline-backup.adoc +++ b/modules/ROOT/pages/backup-restore/offline-backup.adoc @@ -4,29 +4,21 @@ [CAUTION] ==== -Remember to xref:backup-restore/planning.adoc[plan your backup] carefully and to back up each of your databases, including the `system` database. +Remember to xref:backup-restore/planning.adoc[plan your backup] carefully and back up each of your databases, including the `system` database. ==== [[offline-backup-command]] == Command -A Neo4j database can be backed up in offline mode using the `dump` command of `neo4j-admin`. -If the database is hosted in a cluster, make sure that the database is stopped on the server you are connected to. - - -[[offline-backup-command-usage]] -=== Usage - The `neo4j-admin database dump` command can be used for performing a full backup of an **offline** database. -It dumps a database into a single-file archive, called _.dump_. +It dumps a database into a single-file archive, called _.dump_, and stores it in the xref:configuration/file-locations.adoc#data[_/data_] directory. Alternatively, `neo4j-admin database dump` can stream dump to standard output, enabling the output to be piped to another program, for example to `neo4j-admin database load`. +If the database is hosted in a cluster, make sure that the database is stopped on the server you are connected to. The command can be run only locally from an online or an offline Neo4j DBMS. - It does not support SSL/TLS. - [[offline-command-syntax]] === Syntax From 27be676d52e0a0572618bde9acd7d77ae439f8d1 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 27 Mar 2024 18:30:58 +0000 Subject: [PATCH 613/876] Add page-aliases to the clustering section (#1509) --- .../clustering-advanced/multi-data-center-routing.adoc | 3 ++- modules/ROOT/pages/clustering/databases.adoc | 1 + modules/ROOT/pages/clustering/setup/discovery.adoc | 1 + modules/ROOT/pages/clustering/setup/encryption.adoc | 1 + modules/ROOT/pages/clustering/setup/routing.adoc | 1 + 5 files changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc b/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc index 6d6c3026e..b440b4978 100644 --- a/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc +++ b/modules/ROOT/pages/clustering/clustering-advanced/multi-data-center-routing.adoc @@ -1,7 +1,8 @@ +:description: This section shows how to configure Neo4j servers so that they are topology/data center-aware. It describes the precise configuration needed to achieve a scalable multi-data center deployment. +:page-aliases: clustering-advanced/multi-data-center/index.adoc [role=enterprise-edition] [[multi-data-center-routing]] = Multi-data center routing -:description: This section shows how to configure Neo4j servers so that they are topology/data center-aware. It describes the precise configuration needed to achieve a scalable multi-data center deployment. This section describes the following: diff --git a/modules/ROOT/pages/clustering/databases.adoc b/modules/ROOT/pages/clustering/databases.adoc index 7b15777f2..b0a979aca 100644 --- a/modules/ROOT/pages/clustering/databases.adoc +++ b/modules/ROOT/pages/clustering/databases.adoc @@ -1,4 +1,5 @@ :description: This section describes how to manage databases in a cluster. +:page-aliases: clustering/seed.adoc [role=enterprise-edition] [[database-management]] = Managing databases in a cluster diff --git a/modules/ROOT/pages/clustering/setup/discovery.adoc b/modules/ROOT/pages/clustering/setup/discovery.adoc index 8c1b5523e..bba62c052 100644 --- a/modules/ROOT/pages/clustering/setup/discovery.adoc +++ b/modules/ROOT/pages/clustering/setup/discovery.adoc @@ -1,4 +1,5 @@ :description: This section describes how members of a cluster discover each other. +:page-aliases: clustering/discovery.adoc [role=enterprise-edition] [[clustering-discovery]] = Cluster server discovery diff --git a/modules/ROOT/pages/clustering/setup/encryption.adoc b/modules/ROOT/pages/clustering/setup/encryption.adoc index 6797c775a..ba1c00105 100644 --- a/modules/ROOT/pages/clustering/setup/encryption.adoc +++ b/modules/ROOT/pages/clustering/setup/encryption.adoc @@ -1,4 +1,5 @@ :description: This section describes how to secure the cluster communication between server instances. +:page-aliases: clustering/intra-cluster-encryption.adoc [role=enterprise-edition] [[clustering-intra-cluster-encryption]] = Intra-cluster encryption diff --git a/modules/ROOT/pages/clustering/setup/routing.adoc b/modules/ROOT/pages/clustering/setup/routing.adoc index 70d7da28e..235eefc77 100644 --- a/modules/ROOT/pages/clustering/setup/routing.adoc +++ b/modules/ROOT/pages/clustering/setup/routing.adoc @@ -1,4 +1,5 @@ :description: This section describes leadership, routing and load balancing in a cluster. +:page-aliases: clustering/internals.adoc [role=enterprise-edition] [[clustering-routing-load-balancing]] = Leadership, routing and load balancing From de9246260f86cd68977d9b113af27501b48ed46c Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Thu, 28 Mar 2024 14:12:39 +0100 Subject: [PATCH 614/876] Improve the Removed procedures section (#1514) Make changes to the 4th column of the table _Removed procedures in 5.0_: - rename the table header **Comment** to **Replaced by** - remove unnecessary details --- modules/ROOT/pages/reference/procedures.adoc | 129 ++++++------------- 1 file changed, 39 insertions(+), 90 deletions(-) diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index fc8ceee0d..0bcde8ccd 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -502,81 +502,70 @@ Replaced by: xref:reference/procedures.adoc#procedure_dbms_cluster_secondaryrepl == List of removed procedures -.Removed Neo4j procedures +.Removed Neo4j procedures in 5.0 [options=header,cols="3m,1,1,3"] |=== | Name | Community Edition | Enterprise Edition -| Comment +| Replaced by | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_db_constraints[`db.constraints()`] | label:yes[] | label:yes[] -| label:removed[] + -Replaced by: `SHOW CONSTRAINTS`. +| `SHOW CONSTRAINTS` | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_db_createindex[`db.createIndex()`] | label:yes[] | label:yes[] -| label:removed[] + -Replaced by: `CREATE INDEX`. +| `CREATE INDEX` | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_db_createnodekey[`db.createNodeKey()`] | label:no[] | label:yes[] -| label:removed[] + -Replaced by: `CREATE CONSTRAINT ... IS NODE KEY`. +| `CREATE CONSTRAINT ... IS NODE KEY` | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_db_createuniquepropertyconstraint[`db.createUniquePropertyConstraint()`] | label:yes[] | label:yes[] -| label:removed[] + -Replaced by: `CREATE CONSTRAINT ... IS UNIQUE`. +| `CREATE CONSTRAINT ... IS UNIQUE` | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_db_indexes[`db.indexes()`] | label:yes[] | label:yes[] -| label:removed[] + -Replaced by: `SHOW INDEXES`. +| `SHOW INDEXES` | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_db_indexdetails[`db.indexDetails()`] | label:yes[] | label:yes[] -| label:removed[] + -Replaced by: `SHOW INDEXES YIELD*`. +| `SHOW INDEXES YIELD*` | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_db_index_fulltext_createnodeindex[`db.index.fulltext.createNodeIndex()`] | label:yes[] | label:yes[] -| label:removed[] + -Replaced by: `CREATE FULLTEXT INDEX ...`. +| `CREATE FULLTEXT INDEX ...` | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_db_index_fulltext_createrelationshipindex[`db.index.fulltext.createRelationshipIndex()`] | label:yes[] | label:yes[] -| label:removed[] + -Replaced by: `CREATE FULLTEXT INDEX ...`. +| `CREATE FULLTEXT INDEX ...` | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_db_index_fulltext_drop[`db.index.fulltext.drop()`] | label:yes[] | label:yes[] -| label:removed[] + -Replaced by: `DROP INDEX ...`. +| `DROP INDEX ...` | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_db_schemastatements[`db.schemaStatements()`] | label:yes[] | label:yes[] -| label:removed[] + -Replaced by: `SHOW INDEXES YIELD *` and `SHOW CONSTRAINTS YIELD *`. +| `SHOW INDEXES YIELD *` and `SHOW CONSTRAINTS YIELD *` // New in 4.0 // com.neo4j.causaulclustering.discovery.procedures.ClusterOverviewProcedure | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_dbms_cluster_overview[`dbms.cluster.overview()`] | label:no[] | label:yes[] -| label:removed[] + -Replaced by: `SHOW SERVERS`. +| `SHOW SERVERS` // New in 4.2 @@ -584,8 +573,7 @@ Replaced by: `SHOW SERVERS`. | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_dbms_cluster_quarantinedatabase[`dbms.cluster.quarantineDatabase()`] | label:no[] | label:yes[] -| label:removed[] + -Replaced by: `dbms.quarantineDatabase()`. +| `dbms.quarantineDatabase()` // New in 4.0 @@ -594,8 +582,7 @@ Replaced by: `dbms.quarantineDatabase()`. | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_dbms_cluster_role[`dbms.cluster.role()`] | label:no[] | label:yes[] -| label:removed[] + -Replaced by: `SHOW DATABASES`. +| `SHOW DATABASES` // New in 4.1 // Removed in 5.0 @@ -603,177 +590,139 @@ Replaced by: `SHOW DATABASES`. | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_dbms_cluster_setdefaultdatabase[`dbms.cluster.setDefaultDatabase()`] | label:no[] | label:yes[] -| label:removed[] + -Replaced by: `dbms.setDefaultDatabase`. +| `dbms.setDefaultDatabase` // Removed in 5.0 | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_dbms_database_state[`dbms.database.state()`] | label:yes[] | label:yes[] -| label:removed[] + -Replaced by: `SHOW DATABASES`. +| `SHOW DATABASES` | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_dbms_functions[`dbms.functions()`] | label:yes[] | label:yes[] -| label:removed[] + -Replaced by: `SHOW FUNCTIONS`. +| `SHOW FUNCTIONS` | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_dbms_killqueries[`dbms.killQueries()`] | label:yes[] | label:yes[] -| label:removed[] + -Replaced by: `TERMINATE TRANSACTIONS`. +| `TERMINATE TRANSACTIONS` | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_dbms_killquery[`dbms.killQuery()`] | label:yes[] | label:yes[] -| label:removed[] + -Replaced by: `TERMINATE TRANSACTIONS`. +| `TERMINATE TRANSACTIONS` | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_dbms_killtransaction[`dbms.killTransaction()`] | label:yes[] | label:yes[] -| label:removed[] + -Replaced by: `TERMINATE TRANSACTIONS`. +| `TERMINATE TRANSACTIONS` | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_dbms_killtransactions[`dbms.killTransactions()`] | label:yes[] | label:yes[] -| label:removed[] + -Replaced by: `TERMINATE TRANSACTIONS`. +| `TERMINATE TRANSACTIONS` | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_dbms_listqueries[`dbms.listQueries()`] | label:yes[] | label:yes[] -| label:removed[] + -Replaced by: `SHOW TRANSACTIONS`. +| `SHOW TRANSACTIONS` | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_dbms_listtransactions[`dbms.listTransactions()`] | label:yes[] | label:yes[] -| label:removed[] + -Replaced by: `SHOW TRANSACTIONS`. +| `SHOW TRANSACTIONS` | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_dbms_procedures[`dbms.procedures()`] | label:no[] | label:yes[] -| label:removed[] + -Replaced by: `SHOW PROCEDURES`. +| `SHOW PROCEDURES` // Removed in 5.0 | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_dbms_security_activateuser[`dbms.security.activateUser()`] | label:no[] | label:yes[] -| label:removed[] label:admin-only[] + -In 4.1, mode changed to `write`. + -Replaced by: `ALTER USER`. +| `ALTER USER` // Removed in 5.0 | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_dbms_security_addroletouser[`dbms.security.addRoleToUser()`] | label:no[] | label:yes[] -| label:removed[] label:admin-only[] + -In 4.1, mode changed to `write`. + -Replaced by: `GRANT ROLE TO USER`. +| `GRANT ROLE TO USER` // Removed in 5.0 // newSet( READER, EDITOR, PUBLISHER, ARCHITECT, ADMIN ) | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_dbms_security_changepassword[`dbms.security.changePassword()`] | label:yes[] | label:yes[] -| label:removed[] label:admin-only[] + -In 4.1, mode changed to `write`. + -Replaced by: `ALTER CURRENT USER SET PASSWORD`. +| `ALTER CURRENT USER SET PASSWORD` // Removed in 5.0 | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_dbms_security_changeuserpassword[`dbms.security.changeUserPassword()`] | label:no[] | label:yes[] -| label:removed[] label:admin-only[] + -In 4.1, mode changed to `write`. + -Replaced by: `ALTER USER`. +| `ALTER USER` // Removed in 5.0 | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_dbms_security_createrole[`dbms.security.createRole()`] | label:no[] | label:yes[] -| label:removed[] label:admin-only[] + -In 4.1, mode changed to `write`. + -Replaced by: `CREATE ROLE`. +| `CREATE ROLE` // Removed in 5.0 | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_dbms_security_createuser[`dbms.security.createUser()`] | label:yes[] | label:yes[] -| label:removed[] label:admin-only[] + -In 4.1, mode changed to `write`. + -Replaced by: `CREATE USER`. +| `CREATE USER` // Removed in 5.0 | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_dbms_security_deleterole[`dbms.security.deleteRole()`] | label:no[] | label:yes[] -| label:removed[] label:admin-only[] + -In 4.1, mode changed to `write`. + -Replaced by: `DROP ROLE`. +| `DROP ROLE` // Removed in 5.0 | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_dbms_security_deleteuser[`dbms.security.deleteUser()`] | label:yes[] | label:yes[] -| label:removed[] label:admin-only[] + -In 4.1, mode changed to `write`. + -Replaced by: `DROP USER`. +| `DROP USER` // Removed in 5.0 | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_dbms_security_listroles[`dbms.security.listRoles()`] | label:yes[] | label:yes[] -| label:removed[] label:admin-only[] + -In 4.1, mode changed to `read`. + -Replaced by: `SHOW ROLES`. +| `SHOW ROLES` // Removed in 5.0 | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_dbms_security_listrolesforuser[`dbms.security.listRolesForUser()`] | label:no[] | label:yes[] -| label:removed[] + -In 4.1, mode changed to `read`. + -Replaced by: `SHOW USERS`. +| `SHOW USERS` // Removed in 5.0 | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_dbms_security_listusers[`dbms.security.listUsers()`] | label:yes[] | label:yes[] -| label:removed[] label:admin-only[] + -In 4.1, mode changed to `read`. + -Replaced by: `SHOW USERS`. +| `SHOW USERS` // Removed in 5.0 | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_dbms_security_listusersforrole[`dbms.security.listUsersForRole()`] | label:no[] | label:yes[] -| label:removed[] label:admin-only[] + -In 4.1, mode changed to `read`. + -Replaced by: `SHOW ROLES WITH USERS`. +| `SHOW ROLES WITH USERS` // Removed in 5.0 | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_dbms_security_removerolefromuser[`dbms.security.removeRoleFromUser()`] | label:no[] | label:yes[] -| label:removed[] label:admin-only[] + -In 4.1, mode changed to `write`. + -Replaced by: `REVOKE ROLE FROM USER`. +| `REVOKE ROLE FROM USER` // Removed in 5.0 | link:{neo4j-docs-base-uri}/operations-manual/4.4/reference/procedures/#procedure_dbms_security_suspenduser[`dbms.security.suspendUser()`] | label:no[] | label:yes[] -| label:removed[] label:admin-only[] + -In 4.1, mode changed to `write`. + -Replaced by: `ALTER USER`. +| `ALTER USER` |=== From 0b1fa64bc8682ab7f94ca17012a0c9862e8210d6 Mon Sep 17 00:00:00 2001 From: Fi Quick <47183728+fiquick@users.noreply.github.com> Date: Thu, 28 Mar 2024 14:58:40 +0000 Subject: [PATCH 615/876] Change "Starting the service automatically on system start" section and add code (#1523) Instead of saying "On Debian-based distributions, Neo4j is enabled to start automatically on system boot by default" It should say "On Debian-based distributions, users will need to run the following command to ensure that Neo4j starts automatically at boot time.:" with the code example sudo systemctl enable neo4j --- modules/ROOT/pages/installation/linux/debian.adoc | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/installation/linux/debian.adoc b/modules/ROOT/pages/installation/linux/debian.adoc index 60e57e3fa..dae34250f 100644 --- a/modules/ROOT/pages/installation/linux/debian.adoc +++ b/modules/ROOT/pages/installation/linux/debian.adoc @@ -282,7 +282,11 @@ For operating systems that are not using `systemd`, some package-specific option [[debian-service-start-automatically]] == Starting the service automatically on system start -On Debian-based distributions, Neo4j is enabled to start automatically on system boot by default. +On Debian-based distributions, run the following command to ensure that Neo4j starts automatically at boot time: +[source, shell] +---- +sudo systemctl enable neo4j +---- [NOTE] ==== From ca55a555b4292cbfb4338c35bb7c81dbced86884 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Tue, 2 Apr 2024 13:46:13 +0300 Subject: [PATCH 616/876] Add an example to the online backup with lists of database names (#1507) --- .../pages/backup-restore/online-backup.adoc | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/modules/ROOT/pages/backup-restore/online-backup.adoc b/modules/ROOT/pages/backup-restore/online-backup.adoc index 2cf25408c..0194ade8f 100644 --- a/modules/ROOT/pages/backup-restore/online-backup.adoc +++ b/modules/ROOT/pages/backup-restore/online-backup.adoc @@ -347,33 +347,33 @@ bin/neo4j-admin database backup --to-path=/path/to/backups/neo4j neo4j ---- ==== -.Perform a backup to an AWS S3 URI +.Perform a forced full backup of a single database. ==== -The following is an example of how to create a database backup in an AWS S3 URI, as of Neo4j 5.19. +If you want to force a full backup after several differential backups, you can use the `--type=full` option. [source, shell,role=nocopy noplay] ---- -bin/neo4j-admin database backup --to-path=s3://path/to/backups/neo4j neo4j +bin/neo4j-admin database backup --type=full --to-path=/path/to/backups/neo4j neo4j ---- ==== -.Perform a forced full backup of a single database. +.Use `neo4j-admin database backup` to back up multiple databases ==== -If you want to force a full backup after several differential backups, you can use the `--type=full` option. +To back up several databases that match database a pattern you can use name globbing. +For example, to backup all databases that start with *n* from your three-node cluster, run: [source, shell,role=nocopy noplay] ---- -bin/neo4j-admin database backup --type=full --to-path=/path/to/backups/neo4j neo4j +bin/neo4j-admin database backup --from=192.168.1.34:6362,192.168.1.35:6362,192.168.1.36:6362 --to-path=/mnt/backups/neo4j --pagecache=4G "n*" ---- ==== -.Use `neo4j-admin database backup` to back up multiple databases. +.Use `neo4j-admin database backup` to back up a list of databases ==== -To back up several databases that match database a pattern you can use name globbing. -For example, to backup all databases that start with *n* from your three-node cluster, run: +To back up several databases by name, you can provide a list of database names. [source, shell,role=nocopy noplay] ---- -bin/neo4j-admin database backup --from=192.168.1.34:6362,192.168.1.35:6362,192.168.1.36:6362 --to-path=/mnt/backups/neo4j --pagecache=4G "n*" +neo4j-admin database backup --from=192.168.1.34:6362,192.168.1.35:6362,192.168.1.36:6362 --to-path=/mnt/backups/neo4j --pagecache=4G "test*" "neo4j" ---- ==== \ No newline at end of file From 651a71638a93fccd4347166bff1c80611c6ddf7c Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 3 Apr 2024 11:25:34 +0300 Subject: [PATCH 617/876] Update the steps for changing the store format in a cluster (#1526) --- .../database-internals/store-formats.adoc | 10 +- package-lock.json | 224 +++++++++--------- 2 files changed, 117 insertions(+), 117 deletions(-) diff --git a/modules/ROOT/pages/database-internals/store-formats.adoc b/modules/ROOT/pages/database-internals/store-formats.adoc index 54c33414f..f776f712b 100644 --- a/modules/ROOT/pages/database-internals/store-formats.adoc +++ b/modules/ROOT/pages/database-internals/store-formats.adoc @@ -68,7 +68,7 @@ Changing the store format can be a time-consuming operation, depending on the si ==== In a standalone server Changing the store format of an existing database in a standalone server requires the database to be offline. -The following steps assume that you want to migrate the database called `mydb` to `block` format. +The following steps assume that you want to migrate the database called `mydb` to `block` format but the same steps apply to other formats. . Stop the database using the Cypher command `STOP DATABASE mydb`. . Change the store format of the stopped database using one of the following options: @@ -95,7 +95,7 @@ bin/neo4j-admin database copy --to-format="block" mydb blockdb Changing the store format of an existing database in a cluster requires that you restore a backup of the database that you want to migrate on one of the servers, and then, use that server as a xref:clustering/databases.adoc#cluster-designated-seeder[designated seeder] for the other cluster members to copy that database from. -The following steps assume that you want to migrate the database called `mydb` to `block` format. +The following steps assume that you want to migrate the database called `mydb` to `block` format but the same steps apply to other formats. The database is hosted on three servers in primary mode. **On one of the servers, `server01`** @@ -124,7 +124,7 @@ bin/neo4j-admin database backup mydb --to-path=/path/to/your-backup-folder --inc + [source,shell] ---- -bin/neo4j-admin database restore --from-path=/path/to/mydb-backup-dir mydb +bin/neo4j-admin database restore --from-path=/path/to/your-backup-folder/mydb-2024-03-05T11-26-38.backup mydb ---- . Migrate the restored database to `block` format: + @@ -141,9 +141,9 @@ Use any database to connect. SHOW SERVERS YIELD serverId, name, address, state, health, hosting; ---- -**On a different server, `server02`:** +**On one of the servers:** -. In Cypher Shell, create the migrated database using the Cypher command `CREATE DATABASE`. +. Use the `system` database and create the migrated database `mydb` using the server ID of `server01`. The topology of `mydb` is stored in the `system` database and when you create it, it is allocated according to the default topology (which can be shown with `CALL dbms.showTopologyGraphConfig`). For more information, see xref:clustering/databases.adoc#cluster-designated-seeder[Designated seeder]. + diff --git a/package-lock.json b/package-lock.json index 96e3fb90b..39355b333 100644 --- a/package-lock.json +++ b/package-lock.json @@ -281,9 +281,9 @@ } }, "node_modules/@asciidoctor/core": { - "version": "2.2.6", - "resolved": "https://registry.npmjs.org/@asciidoctor/core/-/core-2.2.6.tgz", - "integrity": "sha512-TmB2K5UfpDpSbCNBBntXzKHcAk2EA3/P68jmWvmJvglVUdkO9V6kTAuXVe12+h6C4GK0ndwuCrHHtEVcL5t6pQ==", + "version": "2.2.7", + "resolved": "https://registry.npmjs.org/@asciidoctor/core/-/core-2.2.7.tgz", + "integrity": "sha512-63cfnV606vXNUnh/zcuUi5e3tY5qTzaYY5pGP4p9sRk8CcCmX4Z8OfU0BkfM8/k2Y7Cz/jZqxL+vzHjrLQa8tw==", "dependencies": { "asciidoctor-opal-runtime": "0.3.3", "unxhr": "1.0.1" @@ -466,12 +466,15 @@ ] }, "node_modules/binary-extensions": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz", - "integrity": "sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==", + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", + "integrity": "sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==", "dev": true, "engines": { "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/body-parser": { @@ -599,16 +602,10 @@ } }, "node_modules/chokidar": { - "version": "3.5.3", - "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz", - "integrity": "sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw==", + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz", + "integrity": "sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==", "dev": true, - "funding": [ - { - "type": "individual", - "url": "https://paulmillr.com/funding/" - } - ], "dependencies": { "anymatch": "~3.1.2", "braces": "~3.0.2", @@ -621,6 +618,9 @@ "engines": { "node": ">= 8.10.0" }, + "funding": { + "url": "https://paulmillr.com/funding/" + }, "optionalDependencies": { "fsevents": "~2.3.2" } @@ -875,14 +875,14 @@ "integrity": "sha512-iSq8ngPOt0K53A6eVr4d5Kn6GNrM2nQZtC740pzIriHtn4pOQ2lyzEXQMBeVcWERN0ye7fhBsk9PbLLQOnUx/g==" }, "node_modules/duplexify": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/duplexify/-/duplexify-4.1.2.tgz", - "integrity": "sha512-fz3OjcNCHmRP12MJoZMPglx8m4rrFP8rovnk4vT8Fs+aonZoCwGg10dSsQsfP/E62eZcPTMSMP6686fu9Qlqtw==", + "version": "4.1.3", + "resolved": "https://registry.npmjs.org/duplexify/-/duplexify-4.1.3.tgz", + "integrity": "sha512-M3BmBhwJRZsSx38lZyhE53Csddgzl5R7xGJNk7CVddZD6CcmwMCH8J+7AprIrQKH7TonKxaCjcv27Qmf+sQ+oA==", "dependencies": { "end-of-stream": "^1.4.1", "inherits": "^2.0.3", "readable-stream": "^3.1.1", - "stream-shift": "^1.0.0" + "stream-shift": "^1.0.2" } }, "node_modules/ee-first": { @@ -1006,14 +1006,14 @@ "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==" }, "node_modules/fast-copy": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/fast-copy/-/fast-copy-3.0.1.tgz", - "integrity": "sha512-Knr7NOtK3HWRYGtHoJrjkaWepqT8thIVGAwt0p0aUs1zqkAzXZV4vo9fFNwyb5fcqK1GKYFYxldQdIDVKhUAfA==" + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/fast-copy/-/fast-copy-3.0.2.tgz", + "integrity": "sha512-dl0O9Vhju8IrcLndv2eU4ldt1ftXMqqfgN4H1cpmGV7P6jeB9FwpN9a2c8DPGE1Ys88rNUJVYDHq73CGAGOPfQ==" }, "node_modules/fast-redact": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/fast-redact/-/fast-redact-3.3.0.tgz", - "integrity": "sha512-6T5V1QK1u4oF+ATxs1lWUmlEk6P2T9HqJG3e2DnHOdVgZy2rFJBoEnrIedcTXlkAHU/zKC+7KETJ+KGGKwxgMQ==", + "version": "3.5.0", + "resolved": "https://registry.npmjs.org/fast-redact/-/fast-redact-3.5.0.tgz", + "integrity": "sha512-dwsoQlS7h9hMeYUq1W++23NDcBLV4KqONnITDV9DjfS3q1SgDGVrBdvvTLUotWtPSD7asWDV9/CmsZPy8Hf70A==", "engines": { "node": ">=6" } @@ -1283,20 +1283,20 @@ } }, "node_modules/has-property-descriptors": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.1.tgz", - "integrity": "sha512-VsX8eaIewvas0xnvinAe9bw4WfIeODpGYikiWYLH+dma0Jw6KHYqWiWfhQlgOVK8D6PvjubK5Uc4P0iIhIcNVg==", + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz", + "integrity": "sha512-55JNKuIW+vq4Ke1BjOTjM2YctQIvCT7GFzHwmfZPGo5wnrgkid0YQtnAleFSqumZm4az3n2BS+erby5ipJdgrg==", "dependencies": { - "get-intrinsic": "^1.2.2" + "es-define-property": "^1.0.0" }, "funding": { "url": "https://github.com/sponsors/ljharb" } }, "node_modules/has-proto": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.1.tgz", - "integrity": "sha512-7qE+iP+O+bgF9clE5+UoBFzE65mlBiVj3tKCrlNQ0Ogwm0BjpT/gK4SlLYDMybDh5I3TCTKnPPa0oMG7JDYrhg==", + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.3.tgz", + "integrity": "sha512-SJ1amZAJUiZS+PhsVLf5tGydlaVB8EdFpaSO4gmiUKUOxk8qzn5AIy4ZeJUmh22znIdk/uMAUT2pl3FxzVUH+Q==", "engines": { "node": ">= 0.4" }, @@ -1316,9 +1316,9 @@ } }, "node_modules/hasown": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.0.tgz", - "integrity": "sha512-vUptKVTpIJhcczKBbgnS+RtcuYMB8+oNzPK2/Hp3hanz8JmpATdmmgLgSaadVREkDm+e2giHwY3ZRkyjSIDDFA==", + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", + "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==", "dependencies": { "function-bind": "^1.1.2" }, @@ -1428,9 +1428,9 @@ ] }, "node_modules/ignore": { - "version": "5.3.0", - "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.0.tgz", - "integrity": "sha512-g7dmpshy+gD7mh88OC9NwSGTKoc3kyLAZQRU1mt53Aw/vnvfXnbC+F/7F7QoYVKbV+KNvJx8wArewKy1vXMtlg==", + "version": "5.3.1", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.1.tgz", + "integrity": "sha512-5Fytz/IraMjqpwfd34ke28PTVMjZjJG2MPn5t7OE4eUCUNf8BAa7b5WUS9/Qvr6mwOQS7Mk6vdsMno5he+T8Xw==", "engines": { "node": ">= 4" } @@ -1577,9 +1577,9 @@ "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==" }, "node_modules/isomorphic-git": { - "version": "1.25.3", - "resolved": "https://registry.npmjs.org/isomorphic-git/-/isomorphic-git-1.25.3.tgz", - "integrity": "sha512-iUaDB5kObupWpwjQ+EGkDQmaYQzbq1XaPqo+xJCCfbPViGZL94rU2RvK4EDJKpYbyiwbq5OSLEjkXHa8r5I1aw==", + "version": "1.25.6", + "resolved": "https://registry.npmjs.org/isomorphic-git/-/isomorphic-git-1.25.6.tgz", + "integrity": "sha512-zA3k3QOO7doqOnBgwsaXJwHKSIIl5saEdH4xxalu082WHVES4KghsG6RE2SDwjXMCIlNa1bWocbitH6bRIrmLQ==", "dependencies": { "async-lock": "^1.1.0", "clean-git-ref": "^2.0.1", @@ -2088,9 +2088,9 @@ } }, "node_modules/pino-abstract-transport/node_modules/readable-stream": { - "version": "4.5.1", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.5.1.tgz", - "integrity": "sha512-uQjbf34vmf/asGnOHQEw07Q4llgMACQZTWWa4MmICS0IKJoHbLwKCy71H3eR99Dw5iYejc6W+pqZZEeqRtUFAw==", + "version": "4.5.2", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.5.2.tgz", + "integrity": "sha512-yjavECdqeZ3GLXNgRXgeQEdz9fvDDkNKyHnbHRFtOr7/LcfgBcmct7t/ET+HaCTqfh06OzoAxrkN/IfjJBVe+g==", "dependencies": { "abort-controller": "^3.0.0", "buffer": "^6.0.3", @@ -2127,9 +2127,9 @@ } }, "node_modules/pino-pretty/node_modules/readable-stream": { - "version": "4.5.1", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.5.1.tgz", - "integrity": "sha512-uQjbf34vmf/asGnOHQEw07Q4llgMACQZTWWa4MmICS0IKJoHbLwKCy71H3eR99Dw5iYejc6W+pqZZEeqRtUFAw==", + "version": "4.5.2", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.5.2.tgz", + "integrity": "sha512-yjavECdqeZ3GLXNgRXgeQEdz9fvDDkNKyHnbHRFtOr7/LcfgBcmct7t/ET+HaCTqfh06OzoAxrkN/IfjJBVe+g==", "dependencies": { "abort-controller": "^3.0.0", "buffer": "^6.0.3", @@ -2391,9 +2391,9 @@ "integrity": "sha512-6aU+Rwsezw7VR8/nyvKTx8QpWH9FrcYiXXlqC4z5d5XQBDRqtbfsRjnwGyqbi3gddNtWHuEk9OANUotL26qKUw==" }, "node_modules/semver": { - "version": "7.5.4", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", - "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", + "version": "7.6.0", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.0.tgz", + "integrity": "sha512-EnwXhrlwXMk9gKu5/flx5sv/an57AkRplG3hTK68W7FRDN+k+OWBj65M7719OkA82XLBxrcX0KSHj+X5COhOVg==", "dev": true, "dependencies": { "lru-cache": "^6.0.0" @@ -2451,16 +2451,16 @@ } }, "node_modules/set-function-length": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.1.tgz", - "integrity": "sha512-j4t6ccc+VsKwYHso+kElc5neZpjtq9EnRICFZtWyBsLojhmeF/ZBd/elqm22WJh/BziDe/SBiOeAt0m2mfLD0g==", + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz", + "integrity": "sha512-pgRc4hJ4/sNjWCSS9AmnS40x3bNMDTknHgL5UaMBTMyJnU90EgWh1Rz+MC9eFu4BuN/UwZjKQuY/1v3rM7HMfg==", "dependencies": { - "define-data-property": "^1.1.2", + "define-data-property": "^1.1.4", "es-errors": "^1.3.0", "function-bind": "^1.1.2", - "get-intrinsic": "^1.2.3", + "get-intrinsic": "^1.2.4", "gopd": "^1.0.1", - "has-property-descriptors": "^1.0.1" + "has-property-descriptors": "^1.0.2" }, "engines": { "node": ">= 0.4" @@ -2596,9 +2596,9 @@ } }, "node_modules/stream-shift": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/stream-shift/-/stream-shift-1.0.1.tgz", - "integrity": "sha512-AiisoFqQ0vbGcZgQPY1cdP2I76glaVA/RauYR4G4thNFgkTqr90yXTo4LYX60Jl+sIlPNHHdGSwo01AvbKUSVQ==" + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/stream-shift/-/stream-shift-1.0.3.tgz", + "integrity": "sha512-76ORR0DO1o1hlKwTbi/DM3EXWGf3ZJYO8cXX5RJwnul2DEg2oyoZyjLNoQM8WsvZiFKCRfC1O0J7iCvie3RZmQ==" }, "node_modules/string_decoder": { "version": "1.3.0", @@ -3247,9 +3247,9 @@ } }, "@asciidoctor/core": { - "version": "2.2.6", - "resolved": "https://registry.npmjs.org/@asciidoctor/core/-/core-2.2.6.tgz", - "integrity": "sha512-TmB2K5UfpDpSbCNBBntXzKHcAk2EA3/P68jmWvmJvglVUdkO9V6kTAuXVe12+h6C4GK0ndwuCrHHtEVcL5t6pQ==", + "version": "2.2.7", + "resolved": "https://registry.npmjs.org/@asciidoctor/core/-/core-2.2.7.tgz", + "integrity": "sha512-63cfnV606vXNUnh/zcuUi5e3tY5qTzaYY5pGP4p9sRk8CcCmX4Z8OfU0BkfM8/k2Y7Cz/jZqxL+vzHjrLQa8tw==", "requires": { "asciidoctor-opal-runtime": "0.3.3", "unxhr": "1.0.1" @@ -3392,9 +3392,9 @@ "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==" }, "binary-extensions": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz", - "integrity": "sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==", + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", + "integrity": "sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==", "dev": true }, "body-parser": { @@ -3480,9 +3480,9 @@ } }, "chokidar": { - "version": "3.5.3", - "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz", - "integrity": "sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw==", + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz", + "integrity": "sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==", "dev": true, "requires": { "anymatch": "~3.1.2", @@ -3691,14 +3691,14 @@ "integrity": "sha512-iSq8ngPOt0K53A6eVr4d5Kn6GNrM2nQZtC740pzIriHtn4pOQ2lyzEXQMBeVcWERN0ye7fhBsk9PbLLQOnUx/g==" }, "duplexify": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/duplexify/-/duplexify-4.1.2.tgz", - "integrity": "sha512-fz3OjcNCHmRP12MJoZMPglx8m4rrFP8rovnk4vT8Fs+aonZoCwGg10dSsQsfP/E62eZcPTMSMP6686fu9Qlqtw==", + "version": "4.1.3", + "resolved": "https://registry.npmjs.org/duplexify/-/duplexify-4.1.3.tgz", + "integrity": "sha512-M3BmBhwJRZsSx38lZyhE53Csddgzl5R7xGJNk7CVddZD6CcmwMCH8J+7AprIrQKH7TonKxaCjcv27Qmf+sQ+oA==", "requires": { "end-of-stream": "^1.4.1", "inherits": "^2.0.3", "readable-stream": "^3.1.1", - "stream-shift": "^1.0.0" + "stream-shift": "^1.0.2" } }, "ee-first": { @@ -3801,14 +3801,14 @@ "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==" }, "fast-copy": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/fast-copy/-/fast-copy-3.0.1.tgz", - "integrity": "sha512-Knr7NOtK3HWRYGtHoJrjkaWepqT8thIVGAwt0p0aUs1zqkAzXZV4vo9fFNwyb5fcqK1GKYFYxldQdIDVKhUAfA==" + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/fast-copy/-/fast-copy-3.0.2.tgz", + "integrity": "sha512-dl0O9Vhju8IrcLndv2eU4ldt1ftXMqqfgN4H1cpmGV7P6jeB9FwpN9a2c8DPGE1Ys88rNUJVYDHq73CGAGOPfQ==" }, "fast-redact": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/fast-redact/-/fast-redact-3.3.0.tgz", - "integrity": "sha512-6T5V1QK1u4oF+ATxs1lWUmlEk6P2T9HqJG3e2DnHOdVgZy2rFJBoEnrIedcTXlkAHU/zKC+7KETJ+KGGKwxgMQ==" + "version": "3.5.0", + "resolved": "https://registry.npmjs.org/fast-redact/-/fast-redact-3.5.0.tgz", + "integrity": "sha512-dwsoQlS7h9hMeYUq1W++23NDcBLV4KqONnITDV9DjfS3q1SgDGVrBdvvTLUotWtPSD7asWDV9/CmsZPy8Hf70A==" }, "fast-safe-stringify": { "version": "2.1.1", @@ -4019,17 +4019,17 @@ "dev": true }, "has-property-descriptors": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.1.tgz", - "integrity": "sha512-VsX8eaIewvas0xnvinAe9bw4WfIeODpGYikiWYLH+dma0Jw6KHYqWiWfhQlgOVK8D6PvjubK5Uc4P0iIhIcNVg==", + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz", + "integrity": "sha512-55JNKuIW+vq4Ke1BjOTjM2YctQIvCT7GFzHwmfZPGo5wnrgkid0YQtnAleFSqumZm4az3n2BS+erby5ipJdgrg==", "requires": { - "get-intrinsic": "^1.2.2" + "es-define-property": "^1.0.0" } }, "has-proto": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.1.tgz", - "integrity": "sha512-7qE+iP+O+bgF9clE5+UoBFzE65mlBiVj3tKCrlNQ0Ogwm0BjpT/gK4SlLYDMybDh5I3TCTKnPPa0oMG7JDYrhg==" + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.3.tgz", + "integrity": "sha512-SJ1amZAJUiZS+PhsVLf5tGydlaVB8EdFpaSO4gmiUKUOxk8qzn5AIy4ZeJUmh22znIdk/uMAUT2pl3FxzVUH+Q==" }, "has-symbols": { "version": "1.0.3", @@ -4037,9 +4037,9 @@ "integrity": "sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==" }, "hasown": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.0.tgz", - "integrity": "sha512-vUptKVTpIJhcczKBbgnS+RtcuYMB8+oNzPK2/Hp3hanz8JmpATdmmgLgSaadVREkDm+e2giHwY3ZRkyjSIDDFA==", + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", + "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==", "requires": { "function-bind": "^1.1.2" } @@ -4116,9 +4116,9 @@ "integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==" }, "ignore": { - "version": "5.3.0", - "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.0.tgz", - "integrity": "sha512-g7dmpshy+gD7mh88OC9NwSGTKoc3kyLAZQRU1mt53Aw/vnvfXnbC+F/7F7QoYVKbV+KNvJx8wArewKy1vXMtlg==" + "version": "5.3.1", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.1.tgz", + "integrity": "sha512-5Fytz/IraMjqpwfd34ke28PTVMjZjJG2MPn5t7OE4eUCUNf8BAa7b5WUS9/Qvr6mwOQS7Mk6vdsMno5he+T8Xw==" }, "ignore-by-default": { "version": "1.0.1", @@ -4229,9 +4229,9 @@ "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==" }, "isomorphic-git": { - "version": "1.25.3", - "resolved": "https://registry.npmjs.org/isomorphic-git/-/isomorphic-git-1.25.3.tgz", - "integrity": "sha512-iUaDB5kObupWpwjQ+EGkDQmaYQzbq1XaPqo+xJCCfbPViGZL94rU2RvK4EDJKpYbyiwbq5OSLEjkXHa8r5I1aw==", + "version": "1.25.6", + "resolved": "https://registry.npmjs.org/isomorphic-git/-/isomorphic-git-1.25.6.tgz", + "integrity": "sha512-zA3k3QOO7doqOnBgwsaXJwHKSIIl5saEdH4xxalu082WHVES4KghsG6RE2SDwjXMCIlNa1bWocbitH6bRIrmLQ==", "requires": { "async-lock": "^1.1.0", "clean-git-ref": "^2.0.1", @@ -4618,9 +4618,9 @@ }, "dependencies": { "readable-stream": { - "version": "4.5.1", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.5.1.tgz", - "integrity": "sha512-uQjbf34vmf/asGnOHQEw07Q4llgMACQZTWWa4MmICS0IKJoHbLwKCy71H3eR99Dw5iYejc6W+pqZZEeqRtUFAw==", + "version": "4.5.2", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.5.2.tgz", + "integrity": "sha512-yjavECdqeZ3GLXNgRXgeQEdz9fvDDkNKyHnbHRFtOr7/LcfgBcmct7t/ET+HaCTqfh06OzoAxrkN/IfjJBVe+g==", "requires": { "abort-controller": "^3.0.0", "buffer": "^6.0.3", @@ -4653,9 +4653,9 @@ }, "dependencies": { "readable-stream": { - "version": "4.5.1", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.5.1.tgz", - "integrity": "sha512-uQjbf34vmf/asGnOHQEw07Q4llgMACQZTWWa4MmICS0IKJoHbLwKCy71H3eR99Dw5iYejc6W+pqZZEeqRtUFAw==", + "version": "4.5.2", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-4.5.2.tgz", + "integrity": "sha512-yjavECdqeZ3GLXNgRXgeQEdz9fvDDkNKyHnbHRFtOr7/LcfgBcmct7t/ET+HaCTqfh06OzoAxrkN/IfjJBVe+g==", "requires": { "abort-controller": "^3.0.0", "buffer": "^6.0.3", @@ -4854,9 +4854,9 @@ "integrity": "sha512-6aU+Rwsezw7VR8/nyvKTx8QpWH9FrcYiXXlqC4z5d5XQBDRqtbfsRjnwGyqbi3gddNtWHuEk9OANUotL26qKUw==" }, "semver": { - "version": "7.5.4", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", - "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", + "version": "7.6.0", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.0.tgz", + "integrity": "sha512-EnwXhrlwXMk9gKu5/flx5sv/an57AkRplG3hTK68W7FRDN+k+OWBj65M7719OkA82XLBxrcX0KSHj+X5COhOVg==", "dev": true, "requires": { "lru-cache": "^6.0.0" @@ -4904,16 +4904,16 @@ } }, "set-function-length": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.1.tgz", - "integrity": "sha512-j4t6ccc+VsKwYHso+kElc5neZpjtq9EnRICFZtWyBsLojhmeF/ZBd/elqm22WJh/BziDe/SBiOeAt0m2mfLD0g==", + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz", + "integrity": "sha512-pgRc4hJ4/sNjWCSS9AmnS40x3bNMDTknHgL5UaMBTMyJnU90EgWh1Rz+MC9eFu4BuN/UwZjKQuY/1v3rM7HMfg==", "requires": { - "define-data-property": "^1.1.2", + "define-data-property": "^1.1.4", "es-errors": "^1.3.0", "function-bind": "^1.1.2", - "get-intrinsic": "^1.2.3", + "get-intrinsic": "^1.2.4", "gopd": "^1.0.1", - "has-property-descriptors": "^1.0.1" + "has-property-descriptors": "^1.0.2" } }, "setprototypeof": { @@ -4997,9 +4997,9 @@ "dev": true }, "stream-shift": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/stream-shift/-/stream-shift-1.0.1.tgz", - "integrity": "sha512-AiisoFqQ0vbGcZgQPY1cdP2I76glaVA/RauYR4G4thNFgkTqr90yXTo4LYX60Jl+sIlPNHHdGSwo01AvbKUSVQ==" + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/stream-shift/-/stream-shift-1.0.3.tgz", + "integrity": "sha512-76ORR0DO1o1hlKwTbi/DM3EXWGf3ZJYO8cXX5RJwnul2DEg2oyoZyjLNoQM8WsvZiFKCRfC1O0J7iCvie3RZmQ==" }, "string_decoder": { "version": "1.3.0", From 83018872f7e957e2c86928cd37d2b56676c71485 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 3 Apr 2024 14:07:40 +0300 Subject: [PATCH 618/876] Order the procedure labels (#1528) I ordered both the labels and roles, but the roles are displayed alphabetically instead of in the specified order. --- modules/ROOT/pages/reference/procedures.adoc | 46 ++++++++++---------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index 0bcde8ccd..ad4fd6017 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -280,7 +280,7 @@ In 4.2, signature changed to `db.listLocks() :: (mode :: STRING, resourceType :: | xref:reference/procedures.adoc#procedure_dbms_cluster_secondaryreplicationdisable[`dbms.cluster.secondaryReplicationDisable()`] | label:no[] | label:yes[] -| label:admin-only[] label:new[Introduced in 5.6] +| label:new[Introduced in 5.6] label:admin-only[] // Clustering is an Enterprise feature, the naming is weird. // dbms.routing.getRoutingTable() does the same thing. @@ -427,7 +427,7 @@ In 4.2, signature changed to `db.listLocks() :: (mode :: STRING, resourceType :: | xref:reference/procedures.adoc#procedure_genai_vector_encodeBatch[`genai.vector.encodeBatch()`] | label:yes[] | label:yes[] -| label:new[Available in Aura] label:new[Introduced in 5.17] +| label:new[Introduced in 5.17] | xref:reference/procedures.adoc#procedure_tx_getmetadata[`tx.getMetaData()`] | label:yes[] @@ -467,7 +467,7 @@ Replaced by: xref:reference/procedures.adoc#procedure_db_cdc_earliest[`db.cdc.ea | xref:reference/procedures.adoc#procedure_cdc_query[`cdc.query()`] | label:no[] | label:yes[] -| label:new[Introduced in 5.13] label:beta[] label:deprecated[Deprecated in 5.17] label:admin-only[] +| label:new[Introduced in 5.13] label:beta[] label:admin-only[] label:deprecated[Deprecated in 5.17] Replaced by: xref:reference/procedures.adoc#procedure_db_cdc_query[`db.cdc.query()`] | xref:reference/procedures.adoc#procedure_db_create_setVectorProperty[`db.create.setVectorProperty()`] @@ -765,7 +765,7 @@ a|xref:reference/procedures.adoc#procedure_db_cdc_earliest[`db.cdc.earliest()`] [[procedure_cdc_query]] -[role=label--new-5.13 label--beta label--deprecated-5.17 label--admin-only] +[role=label--new-5.13 label--beta label--admin-only label--deprecated-5.17] .cdc.query() [cols="<15s,<85"] |=== @@ -1580,7 +1580,7 @@ m|READ [[procedure_dbms_checkconfigvalue]] -[role=label--admin-only label--enterprise-edition] +[role=label--enterprise-edition label--admin-only] .dbms.checkConfigValue() [cols="<15s,<85"] |=== @@ -1614,7 +1614,7 @@ For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-ver [[procedure_dbms_cluster_setAutomaticallyEnableFreeServers]] -[role=label--admin-only label--enterprise-edition] +[role=label--enterprise-edition label--admin-only] .dbms.cluster.setAutomaticallyEnableFreeServers() [cols="<15s,<85"] |=== @@ -1630,7 +1630,7 @@ m|WRITE [[procedure_dbms_cluster_checkConnectivity]] -[role=label--admin-only label--enterprise-edition] +[role=label--enterprise-edition label--admin-only] .dbms.cluster.checkConnectivity() [cols="<15s,<85"] |=== @@ -1648,7 +1648,7 @@ m|DBMS [[procedure_dbms_cluster_cordonServer]] -[role=label--admin-only label--enterprise-edition] +[role=label--enterprise-edition label--admin-only] .dbms.cluster.cordonServer() [cols="<15s,<85"] |=== @@ -1701,7 +1701,7 @@ m|DBMS [[procedure_dbms_cluster_readreplicatoggle]] -[role=label--admin-only label--enterprise-edition label--deprecated-5.6] +[role=label--enterprise-edition label--admin-only label--deprecated-5.6] .dbms.cluster.readReplicaToggle() [cols="<15s,<85"] |=== @@ -1754,7 +1754,7 @@ CALL dbms.cluster.readReplicaToggle("neo4j", false) [[procedure_dbms_cluster_secondaryreplicationdisable]] -[role=label--new-5.6 label--admin-only label--enterprise-edition] +[role= label--enterprise-edition label--new-5.6 label--admin-only] .dbms.cluster.secondaryReplicationDisable() [cols="<15s,<85"] |=== @@ -1803,7 +1803,7 @@ CALL dbms.cluster.secondaryReplicationDisable("neo4j", false) [[procedure_dbms_cluster_uncordonServer]] -[role=label--admin-only label--enterprise-edition] +[role=label--enterprise-edition label--admin-only] .dbms.cluster.uncordonServer() [cols="<15s,<85"] |=== @@ -1979,7 +1979,7 @@ For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-ver [[procedure_dbms_quarantineDatabase]] -[role=label--admin-only label--enterprise-edition] +[role=label--enterprise-edition label--admin-only] .dbms.quarantineDatabase() [cols="<15s,<85"] |=== @@ -2029,7 +2029,7 @@ m|DBMS [[procedure_dbms_setDatabaseAllocator]] -[role=label--admin-only label--enterprise-edition] +[role=label--enterprise-edition label--admin-only] .dbms.setDatabaseAllocator() [cols="<15s,<85"] |=== @@ -2045,7 +2045,7 @@ a|WRITE [[procedure_dbms_setDefaultAllocationNumbers]] -[role=label--admin-only label--enterprise-edition] +[role=label--enterprise-edition label--admin-only] .dbms.setDefaultAllocationNumbers() [cols="<15s,<85"] |=== @@ -2060,7 +2060,7 @@ a|WRITE [[procedure_dbms_setDefaultDatabase]] -[role=label--admin-only label--enterprise-edition] +[role=label--enterprise-edition label--admin-only] .dbms.setDefaultDatabase() [cols="<15s,<85"] |=== @@ -2076,7 +2076,7 @@ a|WRITE [[procedure_dbms_scheduler_failedjobs]] -[role=label--admin-only label--enterprise-edition] +[role=label--enterprise-edition label--admin-only] .dbms.scheduler.failedJobs() [cols="<15s,<85"] |=== @@ -2100,7 +2100,7 @@ For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-ver [[procedure_dbms_scheduler_groups]] -[role=label--admin-only label--enterprise-edition] +[role=label--enterprise-edition label--admin-only] .dbms.scheduler.groups() [cols="<15s,<85"] |=== @@ -2125,7 +2125,7 @@ For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-ver [[procedure_dbms_scheduler_jobs]] -[role=label--admin-only label--enterprise-edition] +[role=label--enterprise-edition label--admin-only] .dbms.scheduler.jobs() [cols="<15s,<85"] |=== @@ -2150,7 +2150,7 @@ For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-ver [[procedure_dbms_security_clearauthcache]] -[role=label--admin-only label--enterprise-edition] +[role=label--enterprise-edition label--admin-only] .dbms.security.clearAuthCache() [cols="<15s,<85"] |=== @@ -2168,7 +2168,7 @@ m|DBMS [[procedure_dbms_setconfigvalue]] -[role=label--admin-only label--enterprise-edition] +[role=label--enterprise-edition label--admin-only] .dbms.setConfigValue() [cols="<15s,<85"] |=== @@ -2220,7 +2220,7 @@ m|READ [[procedure_dbms_upgrade]] -[role=label--deprecated-5.9 label--admin-only] +[role=label--admin-only label--deprecated-5.9] .dbms.upgrade() [cols="<15s,<85"] |=== @@ -2245,7 +2245,7 @@ For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-ver [[procedure_dbms_upgradestatus]] -[role=label--deprecated-5.9 label--admin-only] +[role=label--admin-only label--deprecated-5.9] .dbms.upgradeStatus() [cols="<15s,<85"] |=== @@ -2268,7 +2268,7 @@ For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-ver ==== [[procedure_genai_vector_encodeBatch]] -[role=label--aura label--new-5.17] +[role=label--new-5.17] .genai.vector.encodeBatch() [cols="<15s,<85"] |=== From 84a714fa8f39d304486e0c68d802f6f8d84823a4 Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Thu, 4 Apr 2024 15:25:47 +0200 Subject: [PATCH 619/876] Fix asciidoc syntax mistake to reflect the Deprecated label for `server.max_databases` (#1533) --- modules/ROOT/pages/configuration/configuration-settings.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/configuration/configuration-settings.adoc b/modules/ROOT/pages/configuration/configuration-settings.adoc index 7d329ffe8..964308464 100644 --- a/modules/ROOT/pages/configuration/configuration-settings.adoc +++ b/modules/ROOT/pages/configuration/configuration-settings.adoc @@ -5142,7 +5142,7 @@ m| |=== -[role=label--enterprise-edition label--deprecated=5.6] +[role=label--enterprise-edition label--deprecated-5.6] [[config_server.max_databases]] === `server.max_databases` From 46f0803e4205b0e455c9d2f684b1ed8564145e33 Mon Sep 17 00:00:00 2001 From: Therese Magnusson Date: Fri, 5 Apr 2024 15:19:41 +0200 Subject: [PATCH 620/876] Title was missing a word (#1537) --- .../standard-databases/manage-databases.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/database-administration/standard-databases/manage-databases.adoc b/modules/ROOT/pages/database-administration/standard-databases/manage-databases.adoc index 557f78690..a7fdf8d71 100644 --- a/modules/ROOT/pages/database-administration/standard-databases/manage-databases.adoc +++ b/modules/ROOT/pages/database-administration/standard-databases/manage-databases.adoc @@ -437,7 +437,7 @@ SHOW DATABASES YIELD name ---- [[manage-databases-existing]] -=== Use `IF EXISTS` or `OR REPLACE` when creating databases +=== Use `IF NOT EXISTS` or `OR REPLACE` when creating databases The `CREATE DATABASE` command is optionally idempotent, with the default behavior to fail with an error if the database already exists. There are two ways to circumvent this behavior. From 5400a581871f85d86361ef6b01850e8fcb11bd74 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Fri, 5 Apr 2024 16:21:58 +0300 Subject: [PATCH 621/876] Add missing genai.vector.listEncodingProviders (#1536) --- modules/ROOT/pages/reference/procedures.adoc | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/modules/ROOT/pages/reference/procedures.adoc b/modules/ROOT/pages/reference/procedures.adoc index ad4fd6017..704f3399b 100644 --- a/modules/ROOT/pages/reference/procedures.adoc +++ b/modules/ROOT/pages/reference/procedures.adoc @@ -423,6 +423,12 @@ In 4.2, signature changed to `db.listLocks() :: (mode :: STRING, resourceType :: | label:yes[] | label:admin-only[] label:deprecated[Deprecated in 5.9] +// New in 5.19 +| xref:reference/procedures.adoc#procedure_genai_vector_listEncodingProviders[`genai.vector.listEncodingProviders()`] +| label:yes[] +| label:yes[] +| label:new[Introduced in 5.19] + // New in 5.16 on Aura, from Neo4j 5.17 also on-prem | xref:reference/procedures.adoc#procedure_genai_vector_encodeBatch[`genai.vector.encodeBatch()`] | label:yes[] @@ -2267,6 +2273,19 @@ It is therefore not supported by the parallel runtime (introduced in Neo4j 5.13) For more information, see the link:{neo4j-docs-base-uri}/cypher-manual/{page-version}/planning-and-tuning/runtimes/concepts#runtimes-parallel-runtime[Cypher Manual -> Parallel runtime]. ==== +[[procedure_genai_vector_listEncodingProviders]] +[role=label--new-5.19] +.genai.vector.listEncodingProviders() +[cols="<15s,<85"] +|=== +| Description +a|Lists the available vector embedding providers. +| Signature +m|genai.vector.listEncodingProviders() :: (name :: STRING, requiredConfigType :: STRING, optionalConfigType :: STRING, defaultConfig :: MAP) +| Mode +m|DEFAULT +|=== + [[procedure_genai_vector_encodeBatch]] [role=label--new-5.17] .genai.vector.encodeBatch() From 3aaf555fbf74406925a8498c552b3dde7eff2667 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Fri, 5 Apr 2024 18:21:15 +0300 Subject: [PATCH 622/876] Fix a typo (#1541) --- modules/ROOT/pages/kubernetes/monitoring.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/kubernetes/monitoring.adoc b/modules/ROOT/pages/kubernetes/monitoring.adoc index 639f6aaeb..9b7f1d960 100644 --- a/modules/ROOT/pages/kubernetes/monitoring.adoc +++ b/modules/ROOT/pages/kubernetes/monitoring.adoc @@ -2,7 +2,7 @@ [[kubernetes-monitoring]] = Monitoring -You can monitor a Neo4j DBMS running on Kubernetes using the same mechanisms as you would for a Neoj4 running on-prem. +You can monitor a Neo4j DBMS running on Kubernetes using the same mechanisms as you would for a Neo4j running on-prem. [[monitoring-logging]] == Logging From b2e63f96081e4175e51b6d1d40e6a8968aa5830c Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Mon, 8 Apr 2024 12:47:16 +0300 Subject: [PATCH 623/876] Add license keys for Bloom and GDS to Additional files to back up (#1540) Co-authored-by: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> --- modules/ROOT/pages/backup-restore/planning.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/ROOT/pages/backup-restore/planning.adoc b/modules/ROOT/pages/backup-restore/planning.adoc index 98ca85edd..fa65ee98f 100644 --- a/modules/ROOT/pages/backup-restore/planning.adoc +++ b/modules/ROOT/pages/backup-restore/planning.adoc @@ -208,6 +208,7 @@ If you have a cluster deployment, you should back up the configuration file for The locations of these are described in xref:security/ssl-framework.adoc[SSL framework]. If you have a cluster, you should back up these files for each cluster member. * If using custom plugins, make sure that you have the plugins in a safe location. +* If using Bloom or GDS Enterprise, back up license key files for these products as well. [[backup-planning-storage]] == Storage considerations From 48f80472682665af449cd19bca7e3d1ca9192b45 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Mon, 8 Apr 2024 12:51:51 +0300 Subject: [PATCH 624/876] Fix config mismatches (#1539) --- .../ROOT/pages/configuration/configuration-settings.adoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/pages/configuration/configuration-settings.adoc b/modules/ROOT/pages/configuration/configuration-settings.adoc index 964308464..f87bbebdf 100644 --- a/modules/ROOT/pages/configuration/configuration-settings.adoc +++ b/modules/ROOT/pages/configuration/configuration-settings.adoc @@ -774,7 +774,7 @@ m|+++0+++ |Description a|The names of databases that are allowed on this server - all others are denied. Empty means all are allowed. Can be overridden when enabling the server, or altered at runtime, without changing this setting. Exclusive with 'server.initial_denied_databases' |Valid values -a|A comma-separated set where each element is a string. +a|A comma-separated set where each element is a valid database name containing only alphabetic characters, numbers, dots, and dashes with a length between 3 and 63 characters, starting with an alphabetic character but not with the name `system`. |Default value m|++++++ |=== @@ -792,7 +792,7 @@ m|++++++ |Description a|The names of databases that are not allowed on this server. Empty means nothing is denied. Can be overridden when enabling the server, or altered at runtime, without changing this setting. Exclusive with 'server.initial_allowed_databases' |Valid values -a|A comma-separated set where each element is a string. +a|A comma-separated set where each element is a valid database name containing only alphabetic characters, numbers, dots, and dashes with a length between 3 and 63 characters, starting with an alphabetic character but not with the name `system`. |Default value m|++++++ |=== @@ -1476,7 +1476,7 @@ m|+++:7474+++ |Description a|Defines the set of modules loaded into the Neo4j web server. Options include TRANSACTIONAL_ENDPOINTS, BROWSER, UNMANAGED_EXTENSIONS and ENTERPRISE_MANAGEMENT_ENDPOINTS (if applicable). |Valid values -a|A comma-separated set where each element is one of [TRANSACTIONAL_ENDPOINTS, UNMANAGED_EXTENSIONS, BROWSER, ENTERPRISE_MANAGEMENT_ENDPOINTS]. +a|A comma-separated set where each element is one of [TRANSACTIONAL_ENDPOINTS, UNMANAGED_EXTENSIONS, BROWSER, ENTERPRISE_MANAGEMENT_ENDPOINTS, QUERY_API_ENDPOINTS]. |Default value m|+++TRANSACTIONAL_ENDPOINTS,UNMANAGED_EXTENSIONS,BROWSER,ENTERPRISE_MANAGEMENT_ENDPOINTS+++ |=== From b87a72d51644c3f6fd208923177a68b3c0c7bd14 Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Mon, 8 Apr 2024 16:30:51 +0200 Subject: [PATCH 625/876] Add page-aliases attr to the neo4j-admin report page (#1545) --- modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-report.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-report.adoc b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-report.adoc index cd747fec7..5df9ddfa5 100644 --- a/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-report.adoc +++ b/modules/ROOT/pages/tools/neo4j-admin/neo4j-admin-report.adoc @@ -1,4 +1,5 @@ :description: This chapter describes the `report` command of Neo4j Admin. +:page-aliases: tools/neo4j-admin-report.adoc [[neo4j-admin-report]] = Neo4j Admin report From f510f4a6ff2661689b1ca862b9f2c58a4af8503d Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 11 Apr 2024 16:21:42 +0300 Subject: [PATCH 626/876] Update the steps for installing Neo4j via a package installer (#1546) --- .../ROOT/pages/installation/linux/rpm.adoc | 90 ++++++++----------- 1 file changed, 37 insertions(+), 53 deletions(-) diff --git a/modules/ROOT/pages/installation/linux/rpm.adoc b/modules/ROOT/pages/installation/linux/rpm.adoc index 1b21dc9d7..5436f058b 100644 --- a/modules/ROOT/pages/installation/linux/rpm.adoc +++ b/modules/ROOT/pages/installation/linux/rpm.adoc @@ -7,7 +7,7 @@ You can deploy Neo4j on Red Hat, CentOS, Fedora, or Amazon Linux distributions u [[linux-rpm-prerequisites]] == Java prerequisites -Neo4j {neo4j-version} requires the Java 17 runtime. +Neo4j 5.x runs on Java 17, and from Neo4j 5.14, it also supports Java 21. === OpenJDK Java 17 @@ -19,8 +19,8 @@ Consequently, no extra setup is required if you are using OpenJDK Java, the corr === Oracle Java 17 There is some minor setup required for compatibility with Oracle Java 17 because Oracle and OpenJDK provide incompatible RPM packages for Java 17. -We provide an adapter for Oracle Java 17 which must be installed before Neo4j. -The adapter contains no code, but will stop the package manager from installing OpenJDK 17 as a dependency despite an existing Oracle Java 17 installation. +You can use an adapter for Oracle Java 17, which must be installed before Neo4j. +The adapter contains no code but stops the package manager from installing OpenJDK 17 as a dependency despite an existing Oracle Java 17 installation. . Download and install the Oracle Java 17 JDK from the https://www.oracle.com/technetwork/java/javase/downloads/index.html[Oracle website]. . Install the adapter: @@ -34,8 +34,8 @@ The SHA-256 of the adapter package can be verified against https://dist.neo4j.or === Zulu JDK 17 or Corretto 17 -If you wish to use a non-default JDK, it must be installed prior to starting the Neo4j installation. -Otherwise your package manager will install the default java distribution for your operating system, usually OpenJDK. +If you want to use a non-default JDK, it must be installed before starting the Neo4j installation. +Otherwise, your package manager will install the default Java distribution for your operating system, usually OpenJDK. Installation instructions can be found on the manufacturer's website: @@ -85,8 +85,9 @@ yum install neo4j-{neo4j-version-exact} * Enterprise Edition + From Neo4j 5.4 onwards, you are required to accept either the commercial or the evaluation license agreement before running the Neo4j Enterprise Edition. -The following example uses an interactive prompt: +The following are examples of using an interactive prompt and a non-interactive installation: + +.Interactive installation of Enterprise Edition under the commercial license [source, shell, subs="attributes"] ---- yum install neo4j-enterprise-{neo4j-version-exact} @@ -105,13 +106,13 @@ NEO4J_ACCEPT_LICENSE_AGREEMENT=yes yum install neo4j-enterprise-{neo4j-version-e [NOTE] ==== -Neo4j supports Security-Enhanced Linux (SELinux), by default. +Neo4j supports Security-Enhanced Linux (SELinux) by default. ==== [[linux-rpm-suse]] == Install on SUSE -For SUSE-based distributions the steps are as follows: +For SUSE-based distributions, the steps are as follows: . Use the following as `root` to add the repository: + @@ -132,15 +133,18 @@ zypper install neo4j-{neo4j-version-exact} * Enterprise Edition + From Neo4j 5.4 onwards, you are required to accept either the commercial or the evaluation license agreement before running the Neo4j Enterprise Edition. -The following example uses an interactive prompt: +The following are examples of using an interactive prompt and a non-interactive installation: + +.Interactive installation of Enterprise Edition under the commercial license [source, shell, subs="attributes"] ---- zypper install neo4j-enterprise-{neo4j-version-exact} ---- You have to choose either a link:https://neo4j.com/terms/licensing/[commercial license] or an link:https://neo4j.com/terms/enterprise_us/[evaluation license] before the interactive installation is allowed to complete. ++ For a non-interactive installation, you can set the `NEO4J_ACCEPT_LICENSE_AGREEMENT` to `yes` (for the commercial license) or `eval` (for the evaluation license) as in the following example: + +.Non-interactive installation of Enterprise Edition under the commercial license [source, shell, subs="attributes"] ---- NEO4J_ACCEPT_LICENSE_AGREEMENT=yes zypper install neo4j-enterprise-{neo4j-version-exact} @@ -149,26 +153,20 @@ NEO4J_ACCEPT_LICENSE_AGREEMENT=yes zypper install neo4j-enterprise-{neo4j-versio [[linux-rpm-install-offline-installation]] == Offline installation -If you cannot reach `\https://yum.neo4j.com/stable/{neo4j-version}` to install Neo4j using RPM, perhaps due to a firewall, you will need to obtain Neo4j via an alternative machine that has the relevant access, and then move the RPM package manually. +If you cannot reach `\https://yum.neo4j.com/stable/{neo4j-version}` to install Neo4j using RPM, perhaps due to a firewall, you need to obtain Neo4j via an alternative machine that has the relevant access, and then move the RPM package manually. [NOTE] ==== -It is important to note that using this method will mean that the offline machine will not receive the dependencies that are normally downloaded and installed automatically when using `yum` for installing Neo4j; xref:tools/cypher-shell.adoc[Neo4j Cypher Shell] and Java. - -For information on supported versions of Java, see xref:installation/requirements.adoc[System requirements]. +It is important to note that using this method means that the offline machine cannot receive the dependencies that are normally downloaded and installed automatically when using `yum` for installing Neo4j, xref:tools/cypher-shell.adoc[Neo4j Cypher Shell], and Java. ==== - -[[linux-rpm-install-offline-install-download]] -=== Install Neo4j using the RPM installer - -. Run the following to obtain the required Neo4j RPM package: +. Download the Neo4j and Cypher Shell RPM installers from https://neo4j.com/deployment-center/[Deployment Center] or run the following to obtain the required packages: + -* Neo4j Enterprise Edition: +* Cypher Shell: + [source, curl, subs="attributes"] ---- -curl -O https://dist.neo4j.org/rpm/neo4j-enterprise-{neo4j-version-exact}-1.noarch.rpm +curl -O https://dist.neo4j.org/cypher-shell/cypher-shell-{neo4j-version-exact}-1.noarch.rpm ---- * Neo4j Community Edition: + @@ -176,6 +174,13 @@ curl -O https://dist.neo4j.org/rpm/neo4j-enterprise-{neo4j-version-exact}-1.noar ---- curl -O https://dist.neo4j.org/rpm/neo4j-{neo4j-version-exact}-1.noarch.rpm ---- +* Neo4j Enterprise Edition: ++ +[source, curl, subs="attributes"] +---- +curl -O https://dist.neo4j.org/rpm/neo4j-enterprise-{neo4j-version-exact}-1.noarch.rpm +---- + . Manually move the downloaded RPM packages to the offline machine. Before installing Neo4j, you must manually install the required Java 17 packages. + @@ -184,13 +189,20 @@ Before installing Neo4j, you must manually install the required Java 17 packages If using Oracle Java 17, the same dependency issues apply as with the xref:installation/linux/rpm.adoc#linux-rpm-prerequisites-oracle[Oracle Java prerequisites]. You will need to additionally download and install the Java adaptor described in that section. ==== -. Install Neo4j as `root` using the following command depending on which edition you are using: +. Install Neo4j and Cypher Shell as `root` using the following command depending on which edition you are using: ++ +[NOTE] +==== +If you are upgrading from Neo4j 4.4 or earlier versions of 5.x, due to strict dependencies between Neo4j and Cypher Shell, both packages must be upgraded simultaneously. +This must be one single command, and Neo4j Cypher Shell must be the first package in the command. +For later versions, you can install them separately but still need to install Cypher Shell first. +==== + * Community Edition + [source, shell, subs="attributes"] ---- -rpm --install neo4j-{neo4j-version-exact}-1.noarch.rpm +rpm --install cypher-shell-{neo4j-version-exact}-1.noarch.rpm neo4j-{neo4j-version-exact}-1.noarch.rpm ---- + * Enterprise Edition @@ -200,46 +212,18 @@ The following example uses an interactive prompt: + [source, shell, subs="attributes"] ---- -rpm --install neo4j-enterprise-{neo4j-version-exact} +rpm --install cypher-shell-{neo4j-version-exact}-1.noarch.rpm neo4j-enterprise-{neo4j-version-exact}-1.noarch.rpm ---- You have to choose either a link:https://neo4j.com/terms/licensing/[commercial license] or an link:https://neo4j.com/terms/enterprise_us/[evaluation license] before the interactive installation is allowed to complete. For a non-interactive installation, you can set the `NEO4J_ACCEPT_LICENSE_AGREEMENT` to `yes` (for the commercial license) or `eval` (for the evaluation license) as in the following example: + [source, shell, subs="attributes"] ---- -NEO4J_ACCEPT_LICENSE_AGREEMENT=yes rpm --install neo4j-enterprise-{neo4j-version-exact}-1.noarch.rpm ----- - - -[[linux-rpm-install-offline-install-perform]] -=== Install Cypher Shell using the RPM installer - -. Downloaded the Cypher Shell RPM installer from {neo4j-download-center-uri}/#cyphershell[Neo4j Download Center]. -. Install Cypher Shell by running the following command as a `root` user: -+ -[source, shell] ----- -rpm --install +NEO4J_ACCEPT_LICENSE_AGREEMENT=yes rpm --install cypher-shell-{neo4j-version-exact}-1.noarch.rpm neo4j-enterprise-{neo4j-version-exact}-1.noarch.rpm ---- -[[linux-rpm-install-offline-install-upgrade]] -==== Offline upgrade from 4.4.0 or later - -Before you begin, you will need to have Java 17 pre-installed and set to the default Java version. -If using Oracle Java 17, the same dependency issues apply as with the xref:installation/linux/rpm.adoc#linux-rpm-prerequisites-oracle[Oracle Java prerequisites]. - -Due to strict dependencies between Neo4j and Cypher Shell, both packages must be upgraded simultaneously. -Run the following on the offline machine as `root`, to install Neo4j Cypher Shell and Neo4j simultaneously: - -[source, shell] ----- -rpm -U ----- - -This must be one single command, and Neo4j Cypher Shell must be the first package in the command. - [[rpm-service-start-automatically]] -== Starting the service automatically on system start +== Start the Neo4j service automatically on system start To enable Neo4j to start automatically on system boot, run the following command: From 5f54fc632a19d271f9186ec095344d060259489d Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Fri, 12 Apr 2024 12:32:06 +0200 Subject: [PATCH 627/876] Update the dev version to 5.20 (#1550) --- antora.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/antora.yml b/antora.yml index 3fec6daf2..ee84896c7 100644 --- a/antora.yml +++ b/antora.yml @@ -7,7 +7,7 @@ nav: asciidoc: attributes: neo4j-version: '5' - neo4j-version-minor: '5.19' - neo4j-version-exact: '5.19.0' - neo4j-buildnumber: '5.19' - neo4j-debian-package-version: '1:5.19.0@' + neo4j-version-minor: '5.20' + neo4j-version-exact: '5.20.0' + neo4j-buildnumber: '5.20' + neo4j-debian-package-version: '1:5.20.0@' From 99281a85b9129235d138b7a106c0199faa9e30e7 Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Thu, 18 Apr 2024 14:35:44 +0200 Subject: [PATCH 628/876] Restructure the Managing standard databases page (#1532) Co-authored-by: Reneta Popova --- modules/ROOT/content-nav.adoc | 6 +- .../built-in-roles.adoc | 2 +- .../pages/backup-restore/restore-backup.adoc | 2 +- modules/ROOT/pages/clustering/databases.adoc | 4 +- .../pages/clustering/disaster-recovery.adoc | 2 +- .../monitoring/show-databases-monitoring.adoc | 2 +- .../manage-composite-databases.adoc | 6 +- .../standard-databases/alter-databases.adoc | 152 +++ .../configuration-parameters.adoc | 2 +- .../standard-databases/create-databases.adoc | 219 +++++ .../standard-databases/delete-databases.adoc | 83 ++ .../standard-databases/errors.adoc | 4 +- .../standard-databases/listing-databases.adoc | 373 ++++++++ .../standard-databases/manage-databases.adoc | 881 ------------------ .../standard-databases/wait-options.adoc | 48 + .../database-internals/store-formats.adoc | 4 +- 16 files changed, 894 insertions(+), 896 deletions(-) create mode 100644 modules/ROOT/pages/database-administration/standard-databases/alter-databases.adoc create mode 100644 modules/ROOT/pages/database-administration/standard-databases/create-databases.adoc create mode 100644 modules/ROOT/pages/database-administration/standard-databases/delete-databases.adoc create mode 100644 modules/ROOT/pages/database-administration/standard-databases/listing-databases.adoc delete mode 100644 modules/ROOT/pages/database-administration/standard-databases/manage-databases.adoc create mode 100644 modules/ROOT/pages/database-administration/standard-databases/wait-options.adoc diff --git a/modules/ROOT/content-nav.adoc b/modules/ROOT/content-nav.adoc index 144112a8f..ff3f7967d 100644 --- a/modules/ROOT/content-nav.adoc +++ b/modules/ROOT/content-nav.adoc @@ -104,7 +104,11 @@ * xref:database-administration/index.adoc[] ** Standard databases *** xref:database-administration/standard-databases/naming-databases.adoc[] -*** xref:database-administration/standard-databases/manage-databases.adoc[] +*** xref:database-administration/standard-databases/create-databases.adoc[] +*** xref:database-administration/standard-databases/listing-databases.adoc[] +*** xref:database-administration/standard-databases/alter-databases.adoc[] +*** xref:database-administration/standard-databases/delete-databases.adoc[] +*** xref:database-administration/standard-databases/wait-options.adoc[] *** xref:database-administration/standard-databases/configuration-parameters.adoc[] *** xref:database-administration/standard-databases/errors.adoc[] ** Database aliases diff --git a/modules/ROOT/pages/authentication-authorization/built-in-roles.adoc b/modules/ROOT/pages/authentication-authorization/built-in-roles.adoc index 2026b13f4..2499251b9 100644 --- a/modules/ROOT/pages/authentication-authorization/built-in-roles.adoc +++ b/modules/ROOT/pages/authentication-authorization/built-in-roles.adoc @@ -831,7 +831,7 @@ These include the rights to perform the following classes of tasks: ** Allow the creation of labels, relationship types, or property names. ** Manage transactions. * Manage xref:authentication-authorization/dbms-administration.adoc[DBMS privileges] to control the rights to perform actions on the entire system: -** Manage xref:database-administration/standard-databases/manage-databases.adoc[multiple databases]. +** Manage xref:database-administration/index.adoc[multiple databases]. ** Manage xref:authentication-authorization/manage-users.adoc[users] and xref:authentication-authorization/manage-roles.adoc[roles]. ** Change configuration parameters. ** Manage sub-graph privileges. diff --git a/modules/ROOT/pages/backup-restore/restore-backup.adoc b/modules/ROOT/pages/backup-restore/restore-backup.adoc index 1c87e08fe..11bdd12af 100644 --- a/modules/ROOT/pages/backup-restore/restore-backup.adoc +++ b/modules/ROOT/pages/backup-restore/restore-backup.adoc @@ -15,7 +15,7 @@ Restoring a database backup to a previous Neo4j version is not supported. You must create the database (using `CREATE DATABASE` against the `system` database) after the restore operation finishes, unless you are replacing an existing database. `neo4j-admin database restore` must be invoked as the `neo4j` user to ensure the appropriate file permissions. -For more information, see xref:database-administration/standard-databases/manage-databases.adoc[Manage databases]. +For more information, see xref:database-administration/standard-databases/create-databases.adoc[Create databases]. [NOTE] ==== diff --git a/modules/ROOT/pages/clustering/databases.adoc b/modules/ROOT/pages/clustering/databases.adoc index b0a979aca..8664d6d09 100644 --- a/modules/ROOT/pages/clustering/databases.adoc +++ b/modules/ROOT/pages/clustering/databases.adoc @@ -10,7 +10,7 @@ If a database is no longer needed, the command `DROP DATABASE` deletes the datab == `CREATE DATABASE` -The command to create a database in a cluster is not significantly different from the command to create a database in a non-clustered environment (see xref:database-administration/standard-databases/manage-databases.adoc[Database management] for more information on database management on single servers). +The command to create a database in a cluster is not significantly different from the command to create a database in a non-clustered environment (see xref:database-administration/standard-databases/create-databases.adoc[Create, start, and stop databases] for more information on database management on single servers). The difference in a clustered environment is that the topology can be specified, i.e. how many primaries and secondaries are desired for the database. To create a database `foo` with 3 servers hosting the database in primary mode and 2 servers in secondary mode, the command looks like this: @@ -63,7 +63,7 @@ It is not possible to automatically transition to a topology with a single prima However, it is possible to _manually_ do this transition. The first step is to back up the database, see xref:backup-restore/index.adoc[Backup and restore] for more information. -Once the database is backed up, the next step is to drop the database, see xref:database-administration/standard-databases/manage-databases.adoc[Manage databases] for more information. +Once the database is backed up, the next step is to drop the database, see xref:database-administration/standard-databases/delete-databases.adoc[Delete databases] for more information. The last step is to either seed a cluster from the backup with the new topology, or to restore the backup on a single server. See xref:clustering/databases.adoc#cluster-seed[Seed a cluster] further on for information on seeding. diff --git a/modules/ROOT/pages/clustering/disaster-recovery.adoc b/modules/ROOT/pages/clustering/disaster-recovery.adoc index a8a24b69a..0268cedab 100644 --- a/modules/ROOT/pages/clustering/disaster-recovery.adoc +++ b/modules/ROOT/pages/clustering/disaster-recovery.adoc @@ -155,7 +155,7 @@ Once the `system` database is verified available, and all servers are online, th The steps here aim to make the unavailable databases available. . If you have previously dropped databases as part of this guide, re-create each one from backup. -See the xref:database-administration/standard-databases/manage-databases.adoc[Manage databases] section for more information on how to create a database. +See the xref:database-administration/standard-databases/create-databases.adoc[Create databases] section for more information on how to create a database. . Run `SHOW DATABASES`. If all databases are in desired states on all servers (`requestedStatus`=`currentStatus`), disaster recovery is complete. // . For each database that remains unavailable, refer to <>. diff --git a/modules/ROOT/pages/clustering/monitoring/show-databases-monitoring.adoc b/modules/ROOT/pages/clustering/monitoring/show-databases-monitoring.adoc index deb16b35a..5fb664f46 100644 --- a/modules/ROOT/pages/clustering/monitoring/show-databases-monitoring.adoc +++ b/modules/ROOT/pages/clustering/monitoring/show-databases-monitoring.adoc @@ -46,7 +46,7 @@ For example: The possible values for `currentStatus` are `online`, `offline`, `starting`, `stopping`, `store copying`, `initial`, `deallocating`, `dirty`, `quarantined`, and `unknown`. The `requestedStatus` can only be `online` or `offline`. -See xref::database-administration/standard-databases/manage-databases.adoc#database-states[Database states] for more information. +See xref::database-administration/standard-databases/listing-databases.adoc#database-states[Database states] for more information. Additionally, note that databases hosted on servers that are offline are also returned by the `SHOW DATABASES` command. For such databases the `address` column displays `NULL`, the `currentStatus` column displays `unknown`, and the `statusMessage` displays `Server is unavailable`. diff --git a/modules/ROOT/pages/database-administration/composite-databases/manage-composite-databases.adoc b/modules/ROOT/pages/database-administration/composite-databases/manage-composite-databases.adoc index 521d9b0ff..64fa2ea64 100644 --- a/modules/ROOT/pages/database-administration/composite-databases/manage-composite-databases.adoc +++ b/modules/ROOT/pages/database-administration/composite-databases/manage-composite-databases.adoc @@ -6,7 +6,7 @@ Composite databases are managed using Cypher(R) administrative commands. Note that it is not possible to modify access options or database topologies for composite databases as these are inherited from the constituent databases. -For information about modifying access options, see xref:database-administration/standard-databases/manage-databases.adoc#manage-databases-alter[Alter database access mode]. +For information about modifying access options, see xref:database-administration/standard-databases/alter-databases.adoc#manage-databases-alter[Alter database access mode]. For information about about topologies for databases, see xref:clustering/setup/deploy.adoc#cluster-example-create-databases-on-cluster[Create databases in a cluster]. // The above two links will have to be changed when server management and access control sections are migrated from Cypher Manual. @@ -43,7 +43,7 @@ SHOW DATABASES +----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ---- -For a description of all the returned column of this command, ways in which the `SHOW DATABASE` command can be filtered, and details about the privileges required for the command, see xref:database-administration/standard-databases/manage-databases.adoc#manage-databases-list[listing standard databases]. +For a description of all the returned column of this command, ways in which the `SHOW DATABASE` command can be filtered, and details about the privileges required for the command, see xref:database-administration/standard-databases/listing-databases.adoc#manage-databases-list[listing standard databases]. For composite databases, the `constituents` column is particularly interesting as it lists the aliases that make up the composite database. @@ -106,7 +106,7 @@ SHOW DATABASES +------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ---- -For a full description of the columns returned by this command, and how to sort the results by specific columns, see xref:database-administration/standard-databases/manage-databases.adoc#manage-databases-listing-databases[Managing databases]. +For a full description of the columns returned by this command, and how to sort the results by specific columns, see xref:database-administration/standard-databases/listing-databases.adoc#manage-databases-listing-databases[Managing databases]. To create database aliases in the composite database, give the composite database as a namespace for the alias. For information about creating aliases in composite databases, see xref:database-administration/aliases/manage-aliases-composite-databases.adoc#create-composite-database-alias[Managing aliases in composite databases]. diff --git a/modules/ROOT/pages/database-administration/standard-databases/alter-databases.adoc b/modules/ROOT/pages/database-administration/standard-databases/alter-databases.adoc new file mode 100644 index 000000000..7e086765c --- /dev/null +++ b/modules/ROOT/pages/database-administration/standard-databases/alter-databases.adoc @@ -0,0 +1,152 @@ +:description: how to modify standard databases in Neo4j using the Cypher command `ALTER DATABASE`. +[role=enterprise-edition not-on-aura] +[[administration-databases-alter-database]] += Alter databases +Standard databases can be modified using the command `ALTER DATABASE`. + +[[manage-databases-alter]] +== Alter database access mode + +By default, a database has read-write access mode on creation. +The database can be limited to read-only mode on creation using the configuration parameters `dbms.databases.default_to_read_only`, `dbms.databases.read_only`, and `dbms.database.writable`. +For details, see the section on xref::database-administration/standard-databases/configuration-parameters.adoc#[Configuration parameters]. +A database that was created with read-write access mode can be changed to read-only. +To change it to read-only, you can use the `ALTER DATABASE` command with the sub-clause `SET ACCESS READ ONLY`. +Subsequently, the database access mode can be switched back to read-write using the sub-clause `SET ACCESS READ WRITE`. +Altering the database access mode is allowed at all times, whether a database is online or offline. + +If conflicting modes are set by the `ALTER DATABASE` command and the configuration parameters, i.e. one says read-write and the other read-only, the database will be read-only and prevent write queries. + +The `WAIT` _sub-clause was added as an option to the_ `ALTER DATABASE` _command in Neo4j 5.7._ + +[NOTE] +==== +Modifying access mode is only available to standard databases and not composite databases. +==== + + +=== Alter database access mode to read-only + +.Query +[source, cypher] +---- +ALTER DATABASE customers SET ACCESS READ ONLY +---- + +The database access mode can be seen in the `access` output column of the command `SHOW DATABASES`. + +.Query +[source, cypher] +---- +SHOW DATABASES yield name, access +---- + +.Result +[role="queryresult"] +---- ++----------------------------+ +| name | access | ++----------------------------+ +| "customers" | "read-only" | +| "movies" | "read-write" | +| "neo4j" | "read-write" | +| "system" | "read-write" | ++----------------------------+ +---- + +=== Alter database access using `IF EXISTS` + +`ALTER DATABASE` commands are optionally idempotent, with the default behavior to fail with an error if the database does not exist. +Appending `IF EXISTS` to the command ensures that no error is returned and nothing happens should the database not exist. + +.Query +[source, cypher] +---- +ALTER DATABASE nonExisting IF EXISTS +SET ACCESS READ WRITE +---- + +== Alter database topology + +In a cluster environment, you can use the `ALTER DATABASE` command to change the number of servers hosting a database. +For more information, see xref::clustering/databases.adoc#alter-topology[Managing databases in a cluster]. + +[[alter-database-options]] +== Alter database options + +The `ALTER DATABASE` command can be used to set or remove specific options for a database. + +[options="header", cols="1m,1m,3a"] +|=== +| Key +| Value +| Description + +| txLogEnrichment +| FULL\|DIFF\|NONE +| Defines the level of enrichment applied to transaction logs for Change Data Capture (CDC) purposes. +For details about enrichment mode, see link:{neo4j-docs-base-uri}/cdc/{page-version}/getting-started/enrichment-mode[Change Data Capture Manual -> Getting Started -> Enrichment mode]. +|=== + +[NOTE] +==== +There are no available `OPTIONS` values for composite databases. +==== + +=== Alter the options set for a database + +.Query +[source, cypher] +---- +ALTER DATABASE `movies` +SET OPTION txLogEnrichment 'FULL' +---- + +The database set options can be seen in the `options` output column of the command `SHOW DATABASES`. + +.Query +[source, cypher] +---- +SHOW DATABASES yield name, options +---- +// Limited result set. +// The output has been capped. +.Result +[role="queryresult",options="header,footer",cols="2* Upgrade a cluster]. +==== + +[[create-neo4j-database]] +== Create databases + +You can create a database using the Cypher command xref:database-administration/syntax.adoc#administration-syntax-database-management[`CREATE DATABASE`]. + +[NOTE] +==== +Database names are subject to the rules specified in xref:database-administration/standard-databases/naming-databases.adoc[Database names] section. +Having dots (`.`) in the database names is not recommended. +This is due to the difficulty of determining if a dot is part of the database name or a delimiter for a database alias in a composite database. +==== + +.Query +[source, cypher] +---- +CREATE DATABASE customers +---- + +In Neo4j, the default store format for all new databases is `aligned`. +If you want to change it, you can set a new value for the xref:configuration/configuration-settings.adoc#config_db.format[`db.format`] configuration in the _neo4j.conf_ file. + +See xref:database-internals/store-formats.adoc[Store formats], for more details about available database store formats in Neo4j. + +When a database has been created, it will show up in the listing provided by the command `SHOW DATABASES`. + +.Query +[source, cypher] +---- +SHOW DATABASES YIELD name +---- + +.Result +[role="queryresult",options="header,footer",cols="1* Getting Started -> Enrichment mode]. +|=== + +[NOTE] +==== +The `existingData`, `existingDataSeedInstance`, `seedURI`, `seedConfig`, and `seedCredentials` options cannot be combined with the `OR REPLACE` part of this command. +More details about seeding options can be found in xref::clustering/databases.adoc#cluster-seed[Seed a cluster]. +==== + + +[[manage-databases-start]] +== Start databases + +Databases can be started using the command `START DATABASE`. + +.Query +[source, cypher] +---- +START DATABASE customers +---- + +[NOTE] +==== +Both standard databases and composite databases can be started using this command. +==== + +The status of the started database can be seen using the command `SHOW DATABASE name`. + +.Query +[source, cypher] +---- +SHOW DATABASE customers YIELD name, requestedStatus, currentStatus +---- + +.Result +[role="queryresult"] +---- ++-----------------------------------------------+ +| name | requestedStatus | currentStatus | ++-----------------------------------------------+ +| "customers" | "online" | "online" | ++-----------------------------------------------+ +---- + +[[manage-databases-stop]] +== Stop databases + +Databases can be stopped using the command `STOP DATABASE`. + +.Query +[source, cypher] +---- +STOP DATABASE customers +---- + +[NOTE] +==== +Both standard databases and composite databases can be stopped using this command. +==== + +The status of the stopped database can be seen using the command `SHOW DATABASE name`. + +.Query +[source, cypher] +---- +SHOW DATABASE customers YIELD name, requestedStatus, currentStatus +---- + +.Result +[role="queryresult"] +---- ++-----------------------------------------------+ +| name | requestedStatus | currentStatus | ++-----------------------------------------------+ +| "customers" | "offline" | "offline" | ++-----------------------------------------------+ +---- + +[NOTE] +==== +Databases that are stopped with the `STOP` command are completely shut down and may be started again through the `START` command. +In a cluster, as long as a database is in a shutdown state, it can not be considered available to other members of the cluster. +It is not possible to do online backups against shutdown databases and they need to be taken into special consideration during disaster recovery, as they do not have a running Raft machine while shutdown. +Unlike stopped databases, dropped databases are completely removed and are not intended to be used again at all. +==== diff --git a/modules/ROOT/pages/database-administration/standard-databases/delete-databases.adoc b/modules/ROOT/pages/database-administration/standard-databases/delete-databases.adoc new file mode 100644 index 000000000..9d1b9dd85 --- /dev/null +++ b/modules/ROOT/pages/database-administration/standard-databases/delete-databases.adoc @@ -0,0 +1,83 @@ +:description: how to delete databases in Neo4j. +[role=enterprise-edition not-on-aura] +[[manage-databases-delete]] += Delete databases + +Databases can be deleted by using the command `DROP DATABASE`. +Note that all database aliases must be dropped before dropping a database. + +.Query +[source, cypher] +---- +DROP DATABASE customers +---- + +[NOTE] +==== +Both standard databases and composite databases can be deleted using this command. +==== + +The `DROP DATABASE` command removes a database entirely. +Therefore, it no longer shows up in the listing provided by the command `SHOW DATABASES`. + +.Query +[source, cypher] +---- +SHOW DATABASES YIELD name +---- + +.Result +[role="queryresult] +---- ++---------------------+ +| name | ++---------------------+ +| "movies" | +| "neo4j" | +| "system" | ++---------------------+ +---- + +[[delete-databases-existing]] +== Use `IF EXISTS` when deleting databases + +The `DROP DATABASE` command is optionally idempotent, with the default behavior to fail with an error if the database does not exist. +Appending `IF EXISTS` to the command ensures that no error is returned and nothing happens should the database not exist. +It will always return an error if there is an existing alias that targets the database. +In that case, the alias needs to be dropped before dropping the database. + +.Query +[source, cypher] +---- +DROP DATABASE customers IF EXISTS +---- + +[[manage-databases-dump]] +== Use `DUMP DATA` or `DESTROY DATA` when deleting databases + +You can request that a dump of the store files is produced first, and stored in the path configured using the `dbms.directories.dumps.root` setting (by default `/data/dumps`). +This can be achieved by appending `DUMP DATA` to the command (or `DESTROY DATA` to explicitly request the default behavior). +These dumps are equivalent to those produced by `neo4j-admin dump` and can be similarly restored using `neo4j-admin load`. + +//// +[source, cypher, role=test-setup] +---- +DROP ALIAS `films` FOR DATABASE; +DROP ALIAS `motion pictures` FOR DATABASE; +---- +//// + +.Query +[source, cypher] +---- +DROP DATABASE movies DUMP DATA +---- + +The options `IF EXISTS` and `DUMP DATA`/ `DESTROY DATA` can also be combined. +An example could look like this: + +.Query +[source, cypher] +---- +DROP DATABASE customers IF EXISTS DUMP DATA +---- diff --git a/modules/ROOT/pages/database-administration/standard-databases/errors.adoc b/modules/ROOT/pages/database-administration/standard-databases/errors.adoc index 82fbc930d..6d0153e96 100644 --- a/modules/ROOT/pages/database-administration/standard-databases/errors.adoc +++ b/modules/ROOT/pages/database-administration/standard-databases/errors.adoc @@ -74,7 +74,7 @@ However, databases may only be in one of a select number of states: * `quarantined` * `unknown` -For more details about the various states, see xref::database-administration/standard-databases/manage-databases.adoc#database-states[Database states]. +For more details about the various states, see xref::database-administration/standard-databases/listing-databases.adoc#database-states[Database states]. Most often, when a database management operation fails, Neo4j attempts to transition the database in question to the `offline` state. If the system is certain that no store files have yet been created, it transitions the database to `initial` instead. Similarly, if the system suspects that the store files underlying the database are invalid (incomplete, partially deleted, or corrupt), then it transitions the database to `dirty`. @@ -148,7 +148,7 @@ neo4j@system> SHOW DATABASE foo; ---- ==== -If repeated retries of a command have no effect, or if a database is in a `dirty` state, you may drop and recreate the database, as detailed in xref:database-administration/standard-databases/manage-databases.adoc[Database management]. +If repeated retries of a command have no effect, or if a database is in a `dirty` state, you may drop and recreate the database, as detailed in xref:database-administration/standard-databases/create-databases.adoc[Create database]. [NOTE] ==== diff --git a/modules/ROOT/pages/database-administration/standard-databases/listing-databases.adoc b/modules/ROOT/pages/database-administration/standard-databases/listing-databases.adoc new file mode 100644 index 000000000..724daef02 --- /dev/null +++ b/modules/ROOT/pages/database-administration/standard-databases/listing-databases.adoc @@ -0,0 +1,373 @@ +:description: how to list databases in Neo4j, use SHOW DATABASES command, see all available databases, databases states. How to filter listed databases in Neo4j. +[[manage-databases-list]] += Listing databases + +There are four different commands for listing databases, depending on whether you want to show: + +* All databases. +* A particular database. +* The default database. +* The home database. + +These commands return the following columns: + +.Listing databases output +[options="header", width="100%", cols="4m,6a,2m"] +|=== +| Column | Description | Type + +| name +| The name of the database. label:default-output[] +| STRING + +| type +| The type of the database: `system`, `standard`, or `composite`. label:default-output[] +| STRING + +| aliases +| The names of any aliases the database may have. label:default-output[] +| LIST + +| access +| The database access mode, either `read-write` or `read-only`. label:default-output[] +A database may be described as read-only when using `ALTER DATABASE ... SET ACCESS READ ONLY`. +| STRING + +| databaseID +| The database unique ID. +| STRING + +| serverID +| The server instance ID. +| STRING + +| address +| +Instance address in a clustered DBMS. +The default for a standalone database is `neo4j://localhost:7687`. label:default-output[] +| STRING + +| role +| The current role of the database (`primary`, `secondary`, `unknown`). label:default-output[] +| STRING + +| writer +|`true` for the instance that accepts writes for this database (this instance is the leader for this database in a cluster or this is a standalone instance). label:default-output[] +| BOOLEAN + +| requestedStatus +| The expected status of the database. +The value can be either `online` or `offline`. label:default-output[] +| STRING + +| currentStatus +| The actual status of the database. label:default-output[] + +The possible statuses are: + +* `online` +* `offline` +* `starting` +* `stopping` +* `store copying` +* `initial` +* `deallocating` +* `dirty` +* `quarantined` +* `unknown` + +See <> for more information. +| STRING + +| statusMessage +| A message explaining the status of the database, often explaining why it is not in the correct state. label:default-output[] +| STRING + +| default +| +Show if this is the default database for the DBMS. label:default-output[] +Not returned by `SHOW HOME DATABASE` or `SHOW DEFAULT DATABASE`. +| BOOLEAN + +| home +| +Shown if this is the home database for the current user. label:default-output[] +Not returned by `SHOW HOME DATABASE` or `SHOW DEFAULT DATABASE`. +| BOOLEAN + +| `currentPrimariesCount` +| Number of primaries for this database reported as running currently. +It is the same as the number of rows where `role=primary` and `name=this database`. +| INTEGER + +| `currentSecondariesCount` +| Number of secondaries for this database reported as running currently. +It is the same as the number of rows where `role=secondary` and `name=this database`. +| INTEGER + +| `requestedPrimariesCount` +| The requested number of primaries for this database. +May be lower than current if the DBMS is currently reducing the number of copies of the database, or higher if it is currently increasing the number of copies. +| INTEGER + +| `requestedSecondariesCount` +| The requested number of secondaries for this database. +May be lower than current if the DBMS is currently reducing the number of copies of the database, or higher if it is currently increasing the number of copies. +| INTEGER + +| creationTime +| The date and time at which the database was created. +| ZONED DATETIME + +| lastStartTime +| The date and time at which the database was last started. +| ZONED DATETIME + +| lastStopTime +| The date and time at which the database was last stopped. +| ZONED DATETIME + +| store +a| +Information about the storage engine and the store format. + +The value is a string formatted as: + +[source, syntax, role="noheader"] +---- +{storage engine}-{store format}-{major version}.{minor version} +---- +| STRING + +| lastCommittedTxn +| The ID of the last transaction received. +| INTEGER + +| replicationLag +| +Number of transactions the current database is behind compared to the database on the primary instance. +The lag is expressed in negative integers. In standalone environments, the value is always `0`. +| INTEGER + +|constituents +|The names of any constituents the database may have. Applicable only for composite databases. label:default-output[] +| LIST + +|options +|The map of options applied to the database. +| MAP + +|=== + +The results of the `SHOW DATABASES` command are filtered according to the `ACCESS` privileges of the user. +However, some privileges enable users to see additional databases regardless of their `ACCESS` privileges: + +* Users with `CREATE/DROP/ALTER DATABASE` or `SET DATABASE ACCESS` privileges can see all standard databases. +* Users with `CREATE/DROP COMPOSITE DATABASE` or `COMPOSITE DATABASE MANAGEMENT` privileges can see all composite databases. +* Users with `DATABASE MANAGEMENT` privilege can see all databases. + +If a user has not been granted `ACCESS` privilege to any databases nor any of the above special cases, the command can still be executed but it will only return the `system` database, which is always visible. + +[[database-states]] +== Database states + +A database's `currentStatus` can be one of the following: + +[options="header" cols="m,a"] +|=== +| State +| Description + +| online +| The database is running. + +| offline +| The database is not running. +If the `statusMessage` column is filled, the database is not running because of a problem. + +| starting +| The database is not running, but is about to. + +| stopping +| The database is not running anymore, but still has not stopped completely. +No offline operations (e.g. `load`/`dump`) can be performed yet. + +| store copying +| The database is currently being updated from another instance of Neo4j. + +| initial +| The database has not yet been created. + +| deallocating +| Only applies to databases in a cluster. +The database is still online but will eventually be offline due to a transfer of its role in the cluster to a different member. +The status is `deallocting` until the transfer is complete, which can take anything from a second to a day or more. + +| dirty +| This state implies an error has occurred. +The database's underlying store files may be invalid. +For more information, consult the `statusMessage` column or the server's logs. + +| quarantined +| The database is effectively stopped and its state may not be changed until no longer quarantined. +For more information, consult the `statusMessage` column or the server's logs. + +| unknown +| This instance of Neo4j does not know the state of this database. + +|=== + +[NOTE] +==== +Note that for failed databases, the `currentStatus` and `requestedStatus` are different. +This often implies an error, but **that is not always the case**. +For example, a database may take a while to transition from `offline` to `online` due to a performing recovery. +Or, during normal operation, a database's `currentStatus` may be transiently different from its `requestedStatus` due to a necessary automatic process, such as one Neo4j instance copying store files from another. +==== + + +== Show all available databases + +A summary of all available databases can be displayed using the command `SHOW DATABASES`. + +.Query +[source, cypher] +---- +SHOW DATABASES +---- + +.Result +[role="queryresult"] +---- ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| name | type | aliases | access | address | role | writer | requestedStatus | currentStatus | statusMessage | default | home | constituents | ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| "movies" | "standard" | ["films", "motion pictures"] | "read-write" | "localhost:7687" | "primary" | TRUE | "online" | "online" | "" | FALSE | FALSE | [] | +| "neo4j" | "standard" | [] | "read-write" | "localhost:7687" | "primary" | TRUE | "online" | "online" | "" | TRUE | TRUE | [] | +| "system" | "system" | [] | "read-write" | "localhost:7687" | "primary" | TRUE | "online" | "online" | "" | FALSE | FALSE | [] | ++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +---- + +[NOTE] +==== +As of Neo4j 5.3, databases hosted on servers that are offline are also returned by the `SHOW DATABASES` command. +For such databases, the `address` column displays `NULL`, the `currentStatus` column displays `unknown`, and the `statusMessage` displays `Server is unavailable`. +==== + +== Show detailed information for a particular database + +In this example, the detailed information for a particular database can be displayed using the command `SHOW DATABASE name YIELD *`. +When a `YIELD` clause is provided, the full set of columns is returned. + +.Query +[source, cypher, role=test-result-skip] +---- +SHOW DATABASE movies YIELD * +---- + +.Result +[role="queryresult"] +---- ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| name | type | aliases | access | databaseID | serverID | address | role | writer | requestedStatus | currentStatus | statusMessage | default | home | currentPrimariesCount | currentSecondariesCount | requestedPrimariesCount | requestedSecondariesCount | creationTime | lastStartTime | lastStopTime | store | lastCommittedTxn | replicationLag | constituents | options | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| "movies" | "standard" | ["films", "motion pictures"] | "read-write" | "C066801F54B44EA1520F0FE392B4005AABF42D8DD0A5FD09969B955575D287D5" | "e3063985-e2f4-4728-824b-a7d53779667a" | "localhost:7687" | "primary" | TRUE | "online" | "online" | "" | FALSE | FALSE | 1 | 0 | 1 | 0 | 2023-08-14T10:01:29.074Z | 2023-08-14T10:01:29.074Z | NULL | "record-aligned-1.1" | 3 | 0 | [] | {} | ++----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +---- + +== Show the number of databases + +The number of distinct databases can be seen using `YIELD` and a `count()` function in the `RETURN` clause. + +.Query +[source, cypher] +---- +SHOW DATABASES YIELD name +RETURN count(DISTINCT name) AS count +---- + +.Result +[role="queryresult"] +---- ++-------+ +| count | ++-------+ +| 3 | ++-------+ +---- + +By specifying the `name` column and sorting the results by distinct name, only the number of distinct databases are counted, **not** the number of allocations of databases in a clustered environment. + + +== Show the default database + +The default database can be seen using the command `SHOW DEFAULT DATABASE`. + +.Query +[source, cypher] +---- +SHOW DEFAULT DATABASE +---- + +.Result +[role="queryresult"] +---- ++--------------------------------------------------------------------------------------------------------------------------------------------------------+ +| name | type | aliases | access | address | role | writer | requestedStatus | currentStatus | statusMessage | constituents | ++--------------------------------------------------------------------------------------------------------------------------------------------------------+ +| "neo4j" | "standard" | [] | "read-write" | "localhost:7687" | "primary" | TRUE | "online" | "online" | "" | [] | ++--------------------------------------------------------------------------------------------------------------------------------------------------------+ +---- + +== Show the home database + +The home database for the current user can be seen using the command `SHOW HOME DATABASE`. + +.Query +[source, cypher] +---- +SHOW HOME DATABASE +---- + +.Result +[role="queryresult"] +---- ++--------------------------------------------------------------------------------------------------------------------------------------------------------+ +| name | type | aliases | access | address | role | writer | requestedStatus | currentStatus | statusMessage | constituents | ++--------------------------------------------------------------------------------------------------------------------------------------------------------+ +| "neo4j" | "standard" | [] | "read-write" | "localhost:7687" | "primary" | TRUE | "online" | "online" | "" | [] | ++--------------------------------------------------------------------------------------------------------------------------------------------------------+ +---- + +== Filter the listed databases + +It is also possible to filter and sort the results by using `YIELD`, `ORDER BY`, and `WHERE`. + +.Query +[source, cypher] +---- +SHOW DATABASES YIELD name, currentStatus, requestedStatus +ORDER BY currentStatus +WHERE name CONTAINS 'o' +---- + +In this example: + +* The number of columns returned has been reduced with the `YIELD` clause. +* The order of the returned columns has been changed. +* The results are ordered by the `currentStatus` column using `ORDER BY`. +* The results have been filtered to only show database names containing `'o'`. + +It is also possible to use `SKIP` and `LIMIT` to paginate the results. + + +.Result +[role="queryresult"] +---- ++--------------------------------------------+ +| name | currentStatus | requestedStatus | ++--------------------------------------------+ +| "movies" | "online" | "online" | +| "neo4j" | "online" | "online" | ++--------------------------------------------+ +---- diff --git a/modules/ROOT/pages/database-administration/standard-databases/manage-databases.adoc b/modules/ROOT/pages/database-administration/standard-databases/manage-databases.adoc deleted file mode 100644 index a7fdf8d71..000000000 --- a/modules/ROOT/pages/database-administration/standard-databases/manage-databases.adoc +++ /dev/null @@ -1,881 +0,0 @@ -:description: This page describes how to manage multiple active databases. -:page-aliases: manage-databases/queries.adoc -[[manage-databases]] -= Managing databases - -//// -[source, cypher, role=test-setup] ----- -CREATE DATABASE `movies`; -CREATE ALIAS `films` FOR DATABASE `movies`; -CREATE ALIAS `motion pictures` FOR DATABASE `movies`; ----- -//// - -Neo4j supports the management of multiple databases within the same DBMS. -The metadata for these databases, including the associated security model, is maintained in a special database called the `system` database. -All multi-database administrative commands must be run against the `system` database. -These administrative commands are automatically routed to the `system` database when connected to the DBMS over Bolt. - -[NOTE] -==== -Administrative commands should not be used during a rolling upgrade. -For more information, see link:{neo4j-docs-base-uri}/upgrade-migration-guide/upgrade/upgrade-4.4/causal-cluster/[Upgrade and Migration Guide -> Upgrade a cluster]. -==== - -[[manage-databases-list]] -== Listing databases - -There are four different commands for listing databases, depending on whether you want to show: - -* All databases. -* A particular database. -* The default database. -* The home database. - -These commands return the following columns: - -.Listing databases output -[options="header", width="100%", cols="4m,6a,2m"] -|=== -| Column | Description | Type - -| name -| The name of the database. label:default-output[] -| STRING - -| type -| The type of the database: `system`, `standard`, or `composite`. label:default-output[] -| STRING - -| aliases -| The names of any aliases the database may have. label:default-output[] -| LIST - -| access -| The database access mode, either `read-write` or `read-only`. label:default-output[] -A database may be described as read-only when using `ALTER DATABASE ... SET ACCESS READ ONLY`. -| STRING - -| databaseID -| The database unique ID. -| STRING - -| serverID -| The server instance ID. -| STRING - -| address -| -Instance address in a clustered DBMS. -The default for a standalone database is `neo4j://localhost:7687`. label:default-output[] -| STRING - -| role -| The current role of the database (`primary`, `secondary`, `unknown`). label:default-output[] -| STRING - -| writer -|`true` for the instance that accepts writes for this database (this instance is the leader for this database in a cluster or this is a standalone instance). label:default-output[] -| BOOLEAN - -| requestedStatus -| The expected status of the database. -The value can be either `online` or `offline`. label:default-output[] -| STRING - -| currentStatus -| The actual status of the database. label:default-output[] - -The possible statuses are: - -* `online` -* `offline` -* `starting` -* `stopping` -* `store copying` -* `initial` -* `deallocating` -* `dirty` -* `quarantined` -* `unknown` - -See <> for more information. -| STRING - -| statusMessage -| A message explaining the status of the database, often explaining why it is not in the correct state. label:default-output[] -| STRING - -| default -| -Show if this is the default database for the DBMS. label:default-output[] -Not returned by `SHOW HOME DATABASE` or `SHOW DEFAULT DATABASE`. -| BOOLEAN - -| home -| -Shown if this is the home database for the current user. label:default-output[] -Not returned by `SHOW HOME DATABASE` or `SHOW DEFAULT DATABASE`. -| BOOLEAN - -| `currentPrimariesCount` -| Number of primaries for this database reported as running currently. -It is the same as the number of rows where `role=primary` and `name=this database`. -| INTEGER - -| `currentSecondariesCount` -| Number of secondaries for this database reported as running currently. -It is the same as the number of rows where `role=secondary` and `name=this database`. -| INTEGER - -| `requestedPrimariesCount` -| The requested number of primaries for this database. -May be lower than current if the DBMS is currently reducing the number of copies of the database, or higher if it is currently increasing the number of copies. -| INTEGER - -| `requestedSecondariesCount` -| The requested number of secondaries for this database. -May be lower than current if the DBMS is currently reducing the number of copies of the database, or higher if it is currently increasing the number of copies. -| INTEGER - -| creationTime -| The date and time at which the database was created. -| ZONED DATETIME - -| lastStartTime -| The date and time at which the database was last started. -| ZONED DATETIME - -| lastStopTime -| The date and time at which the database was last stopped. -| ZONED DATETIME - -| store -a| -Information about the storage engine and the store format. - -The value is a string formatted as: - -[source, syntax, role="noheader"] ----- -{storage engine}-{store format}-{major version}.{minor version} ----- -| STRING - -| lastCommittedTxn -| The ID of the last transaction received. -| INTEGER - -| replicationLag -| -Number of transactions the current database is behind compared to the database on the primary instance. -The lag is expressed in negative integers. In standalone environments, the value is always `0`. -| INTEGER - -|constituents -|The names of any constituents the database may have. Applicable only for composite databases. label:default-output[] -| LIST - -|options -|The map of options applied to the database. -| MAP - -|=== - -The results of the `SHOW DATABASES` command are filtered according to the `ACCESS` privileges of the user. -However, some privileges enable users to see additional databases regardless of their `ACCESS` privileges: - -* Users with `CREATE/DROP/ALTER DATABASE` or `SET DATABASE ACCESS` privileges can see all standard databases. -* Users with `CREATE/DROP COMPOSITE DATABASE` or `COMPOSITE DATABASE MANAGEMENT` privileges can see all composite databases. -* Users with `DATABASE MANAGEMENT` privilege can see all databases. - -If a user has not been granted `ACCESS` privilege to any databases nor any of the above special cases, the command can still be executed but it will only return the `system` database, which is always visible. - -[[database-states]] -=== Database states - -A database's `currentStatus` can be one of the following: - -[options="header" cols="m,a"] -|=== -| State -| Description - -| online -| The database is running. - -| offline -| The database is not running. -If the `statusMessage` column is filled, the database is not running because of a problem. - -| starting -| The database is not running, but is about to. - -| stopping -| The database is not running anymore, but still has not stopped completely. -No offline operations (e.g. `load`/`dump`) can be performed yet. - -| store copying -| The database is currently being updated from another instance of Neo4j. - -| initial -| The database has not yet been created. - -| deallocating -| Only applies to databases in a cluster. -The database is still online but will eventually be offline due to a transfer of its role in the cluster to a different member. -The status is `deallocting` until the transfer is complete, which can take anything from a second to a day or more. - -| dirty -| This state implies an error has occurred. -The database's underlying store files may be invalid. -For more information, consult the `statusMessage` column or the server's logs. - -| quarantined -| The database is effectively stopped and its state may not be changed until no longer quarantined. -For more information, consult the `statusMessage` column or the server's logs. - -| unknown -| This instance of Neo4j does not know the state of this database. - -|=== - -[NOTE] -==== -Note that for failed databases, the `currentStatus` and `requestedStatus` are different. -This often implies an error, but **that is not always the case**. -For example, a database may take a while to transition from `offline` to `online` due to a performing recovery. -Or, during normal operation, a database's `currentStatus` may be transiently different from its `requestedStatus` due to a necessary automatic process, such as one Neo4j instance copying store files from another. -==== - - -=== Show all available databases - -A summary of all available databases can be displayed using the command `SHOW DATABASES`. - -.Query -[source, cypher] ----- -SHOW DATABASES ----- - -.Result -[role="queryresult"] ----- -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| name | type | aliases | access | address | role | writer | requestedStatus | currentStatus | statusMessage | default | home | constituents | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| "movies" | "standard" | ["films", "motion pictures"] | "read-write" | "localhost:7687" | "primary" | TRUE | "online" | "online" | "" | FALSE | FALSE | [] | -| "neo4j" | "standard" | [] | "read-write" | "localhost:7687" | "primary" | TRUE | "online" | "online" | "" | TRUE | TRUE | [] | -| "system" | "system" | [] | "read-write" | "localhost:7687" | "primary" | TRUE | "online" | "online" | "" | FALSE | FALSE | [] | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ----- - -[NOTE] -==== -As of Neo4j 5.3, databases hosted on servers that are offline are also returned by the `SHOW DATABASES` command. -For such databases, the `address` column displays `NULL`, the `currentStatus` column displays `unknown`, and the `statusMessage` displays `Server is unavailable`. -==== - -=== Show detailed information for a particular database - -In this example, the detailed information for a particular database can be displayed using the command `SHOW DATABASE name YIELD *`. -When a `YIELD` clause is provided, the full set of columns is returned. - -.Query -[source, cypher, role=test-result-skip] ----- -SHOW DATABASE movies YIELD * ----- - -.Result -[role="queryresult"] ----- -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| name | type | aliases | access | databaseID | serverID | address | role | writer | requestedStatus | currentStatus | statusMessage | default | home | currentPrimariesCount | currentSecondariesCount | requestedPrimariesCount | requestedSecondariesCount | creationTime | lastStartTime | lastStopTime | store | lastCommittedTxn | replicationLag | constituents | options | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| "movies" | "standard" | ["films", "motion pictures"] | "read-write" | "C066801F54B44EA1520F0FE392B4005AABF42D8DD0A5FD09969B955575D287D5" | "e3063985-e2f4-4728-824b-a7d53779667a" | "localhost:7687" | "primary" | TRUE | "online" | "online" | "" | FALSE | FALSE | 1 | 0 | 1 | 0 | 2023-08-14T10:01:29.074Z | 2023-08-14T10:01:29.074Z | NULL | "record-aligned-1.1" | 3 | 0 | [] | {} | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ----- - -=== Show the number of databases - -The number of distinct databases can be seen using `YIELD` and a `count()` function in the `RETURN` clause. - -.Query -[source, cypher] ----- -SHOW DATABASES YIELD name -RETURN count(DISTINCT name) AS count ----- - -.Result -[role="queryresult"] ----- -+-------+ -| count | -+-------+ -| 3 | -+-------+ ----- - -By specifying the `name` column and sorting the results by distinct name, only the number of distinct databases are counted, **not** the number of allocations of databases in a clustered environment. - - -=== Show the default database - -The default database can be seen using the command `SHOW DEFAULT DATABASE`. - -.Query -[source, cypher] ----- -SHOW DEFAULT DATABASE ----- - -.Result -[role="queryresult"] ----- -+--------------------------------------------------------------------------------------------------------------------------------------------------------+ -| name | type | aliases | access | address | role | writer | requestedStatus | currentStatus | statusMessage | constituents | -+--------------------------------------------------------------------------------------------------------------------------------------------------------+ -| "neo4j" | "standard" | [] | "read-write" | "localhost:7687" | "primary" | TRUE | "online" | "online" | "" | [] | -+--------------------------------------------------------------------------------------------------------------------------------------------------------+ ----- - -=== Show the home database - -The home database for the current user can be seen using the command `SHOW HOME DATABASE`. - -.Query -[source, cypher] ----- -SHOW HOME DATABASE ----- - -.Result -[role="queryresult"] ----- -+--------------------------------------------------------------------------------------------------------------------------------------------------------+ -| name | type | aliases | access | address | role | writer | requestedStatus | currentStatus | statusMessage | constituents | -+--------------------------------------------------------------------------------------------------------------------------------------------------------+ -| "neo4j" | "standard" | [] | "read-write" | "localhost:7687" | "primary" | TRUE | "online" | "online" | "" | [] | -+--------------------------------------------------------------------------------------------------------------------------------------------------------+ ----- - -=== Filter the listed databases - -It is also possible to filter and sort the results by using `YIELD`, `ORDER BY`, and `WHERE`. - -.Query -[source, cypher] ----- -SHOW DATABASES YIELD name, currentStatus, requestedStatus -ORDER BY currentStatus -WHERE name CONTAINS 'o' ----- - -In this example: - -* The number of columns returned has been reduced with the `YIELD` clause. -* The order of the returned columns has been changed. -* The results are ordered by the `currentStatus` column using `ORDER BY`. -* The results have been filtered to only show database names containing `'o'`. - -It is also possible to use `SKIP` and `LIMIT` to paginate the results. - - -.Result -[role="queryresult"] ----- -+--------------------------------------------+ -| name | currentStatus | requestedStatus | -+--------------------------------------------+ -| "movies" | "online" | "online" | -| "neo4j" | "online" | "online" | -+--------------------------------------------+ ----- - -[role=enterprise-edition not-on-aura] -[[manage-databases-create]] -== Create databases - -Databases can be created using `CREATE DATABASE`. - -[NOTE] -==== -Database names are subject to the rules specified in xref:database-administration/standard-databases/naming-databases.adoc[Database names] section. -Having dots (`.`) in the database names is not recommended. -This is due to the difficulty of determining if a dot is part of the database name or a delimiter for a database alias in a composite database. -==== - -.Query -[source, cypher] ----- -CREATE DATABASE customers ----- - -When a database has been created, it will show up in the listing provided by the command `SHOW DATABASES`. - -.Query -[source, cypher] ----- -SHOW DATABASES YIELD name ----- - -.Result -[role="queryresult",options="header,footer",cols="1* Getting Started -> Enrichment mode]. -|=== - -[NOTE] -==== -The `existingData`, `existingDataSeedInstance`, `seedURI`, `seedConfig`, and `seedCredentials` options cannot be combined with the `OR REPLACE` part of this command. -More details about seeding options can be found in xref::clustering/databases.adoc#cluster-seed[Seed a cluster]. -==== - -[role=enterprise-edition not-on-aura] -[[administration-databases-alter-database]] -== Alter databases -Standard databases can be modified using the command `ALTER DATABASE`. - -[role=enterprise-edition not-on-aura] -[[manage-databases-alter]] -=== Alter database access mode - -By default, a database has read-write access mode on creation. -The database can be limited to read-only mode on creation using the configuration parameters `dbms.databases.default_to_read_only`, `dbms.databases.read_only`, and `dbms.database.writable`. -For details, see the section on xref::database-administration/standard-databases/configuration-parameters.adoc#[Configuration parameters]. -A database that was created with read-write access mode can be changed to read-only. -To change it to read-only, you can use the `ALTER DATABASE` command with the sub-clause `SET ACCESS READ ONLY`. -Subsequently, the database access mode can be switched back to read-write using the sub-clause `SET ACCESS READ WRITE`. -Altering the database access mode is allowed at all times, whether a database is online or offline. - -If conflicting modes are set by the `ALTER DATABASE` command and the configuration parameters, i.e. one says read-write and the other read-only, the database will be read-only and prevent write queries. - -[NOTE] -==== -Modifying access mode is only available to standard databases and not composite databases. -==== - - -==== Alter database access mode to read-only - -.Query -[source, cypher] ----- -ALTER DATABASE customers SET ACCESS READ ONLY ----- - -The database access mode can be seen in the `access` output column of the command `SHOW DATABASES`. - -.Query -[source, cypher] ----- -SHOW DATABASES yield name, access ----- - -.Result -[role="queryresult"] ----- -+----------------------------+ -| name | access | -+----------------------------+ -| "customers" | "read-only" | -| "movies" | "read-write" | -| "neo4j" | "read-write" | -| "system" | "read-write" | -+----------------------------+ ----- - -==== Alter database access using `IF EXISTS` - -`ALTER DATABASE` commands are optionally idempotent, with the default behavior to fail with an error if the database does not exist. -Appending `IF EXISTS` to the command ensures that no error is returned and nothing happens should the database not exist. - -.Query -[source, cypher] ----- -ALTER DATABASE nonExisting IF EXISTS -SET ACCESS READ WRITE ----- - -=== Alter database topology - -In a cluster environment, you can use the `ALTER DATABASE` command to change the number of servers hosting a database. -For more information, see xref::clustering/databases.adoc#alter-topology[Managing databases in a cluster]. - -[role=enterprise-edition] -[[alter-database-options]] -=== Alter database options - -The `ALTER DATABASE` command can be used to set or remove specific options for a database. - -[options="header", cols="1m,1m,3a"] -|=== -| Key -| Value -| Description - -| txLogEnrichment -| FULL\|DIFF\|NONE -| Defines the level of enrichment applied to transaction logs for Change Data Capture (CDC) purposes. -For details about enrichment mode, see link:{neo4j-docs-base-uri}/cdc/{page-version}/getting-started/enrichment-mode[Change Data Capture Manual -> Getting Started -> Enrichment mode]. -|=== - -[NOTE] -==== -There are no available `OPTIONS` values for composite databases. -==== - -==== Alter the options set for a database - -.Query -[source, cypher] ----- -ALTER DATABASE `movies` -SET OPTION txLogEnrichment 'FULL' ----- - -The database set options can be seen in the `options` output column of the command `SHOW DATABASES`. - -.Query -[source, cypher] ----- -SHOW DATABASES yield name, options ----- -// Limited result set. -// The output has been capped. -.Result -[role="queryresult",options="header,footer",cols="2*/data/dumps_). -This can be achieved by appending `DUMP DATA` to the command (or `DESTROY DATA` to explicitly request the default behavior). -These dumps are equivalent to those produced by `neo4j-admin dump` and can be similarly restored using `neo4j-admin load`. - -//// -[source, cypher, role=test-setup] ----- -DROP ALIAS `films` FOR DATABASE; -DROP ALIAS `motion pictures` FOR DATABASE; ----- -//// - -.Query -[source, cypher] ----- -DROP DATABASE movies DUMP DATA ----- - -The options `IF EXISTS` and `DUMP DATA`/ `DESTROY DATA` can also be combined. -An example could look like this: - -.Query -[source, cypher] ----- -DROP DATABASE customers IF EXISTS DUMP DATA ----- - -[role=enterprise-edition not-on-aura] -[[manage-databases-wait-options]] -== Wait options - -The `WAIT` _sub-clause was added as an option to the_ `ALTER DATABASE` _command in Neo4j 5.7._ - -Aside from `SHOW DATABASES`, all database management commands accept an optional `WAIT`/`NOWAIT` sub-clause. -The `WAIT`/`NOWAIT` sub-clause allows you to specify a time limit in which the command must complete and return. - -The options are: - -* `WAIT n SECONDS` - Returns once completed or when the specified time limit of `n` seconds is up. -* `WAIT` - Returns once completed or when the default time limit of 300 seconds is up. -* `NOWAIT` - Returns immediately. - -A command using a `WAIT` sub-clause automatically commits the current transaction when it executes successfully, as the command needs to run immediately for it to be possible to `WAIT` for it to complete. -Any subsequent commands executed are therefore performed in a new transaction. -This is different from the usual transactional behavior, and for this reason, it is recommended that these commands be run in their own transaction. -The default behavior is `NOWAIT`, so if no clause is specified the transaction behaves normally and the action is performed in the background post-commit. - -[NOTE] -==== -A command with a `WAIT` clause may be interrupted whilst it is waiting to complete. -In this event, the command will continue to execute in the background and will not be aborted. -==== - -.Create a database with `WAIT` -====== -.Query -[source, cypher] ----- -CREATE DATABASE slow WAIT 5 SECONDS ----- - -.Result -[role="queryresult"] ----- -+-------------------------------------------------------+ -| address | state | message | success | -+-------------------------------------------------------+ -| "localhost:7687" | "CaughtUp" | "caught up" | TRUE | -+-------------------------------------------------------+ ----- - -The `success` column provides an aggregate status of whether or not the command is considered successful and thus every row will have the same value. -This column is to determine, for example in a script, whether or not the command has been completed successfully without timing out. -====== diff --git a/modules/ROOT/pages/database-administration/standard-databases/wait-options.adoc b/modules/ROOT/pages/database-administration/standard-databases/wait-options.adoc new file mode 100644 index 000000000..ae96eab41 --- /dev/null +++ b/modules/ROOT/pages/database-administration/standard-databases/wait-options.adoc @@ -0,0 +1,48 @@ +:description: the page on how to use the WAIT subclause with administrative Cypher commands. +[role=enterprise-edition not-on-aura] +[[manage-databases-wait-options]] += `WAIT` options + +Aside from `SHOW DATABASES`, all database management commands accept an optional `WAIT`/`NOWAIT` sub-clause. +The `WAIT`/`NOWAIT` sub-clause allows you to specify a time limit in which the command must complete and return. + +The options are: + +* `WAIT n SECONDS` - Returns once completed or when the specified time limit of `n` seconds is up. +* `WAIT` - Returns once completed or when the default time limit of 300 seconds is up. +* `NOWAIT` - Returns immediately. + +A command using a `WAIT` sub-clause automatically commits the current transaction when it executes successfully, as the command needs to run immediately for it to be possible to `WAIT` for it to complete. +Any subsequent commands executed are therefore performed in a new transaction. +This is different from the usual transactional behavior, and for this reason, it is recommended that these commands be run in their own transaction. +The default behavior is `NOWAIT`, so if no clause is specified the transaction behaves normally and the action is performed in the background post-commit. + +The `WAIT` _sub-clause was added as an option to the_ `ALTER DATABASE` _command in Neo4j 5.7._ + +[NOTE] +==== +A command with a `WAIT` clause may be interrupted whilst it is waiting to complete. +In this event, the command will continue to execute in the background and will not be aborted. +==== + +.Create a database with `WAIT` +====== +.Query +[source, cypher] +---- +CREATE DATABASE slow WAIT 5 SECONDS +---- + +.Result +[role="queryresult"] +---- ++-------------------------------------------------------+ +| address | state | message | success | ++-------------------------------------------------------+ +| "localhost:7687" | "CaughtUp" | "caught up" | TRUE | ++-------------------------------------------------------+ +---- + +The `success` column provides an aggregate status of whether or not the command is considered successful and thus every row will have the same value. +This column is to determine, for example in a script, whether or not the command has been completed successfully without timing out. +====== diff --git a/modules/ROOT/pages/database-internals/store-formats.adoc b/modules/ROOT/pages/database-internals/store-formats.adoc index f776f712b..9e71c6dab 100644 --- a/modules/ROOT/pages/database-internals/store-formats.adoc +++ b/modules/ROOT/pages/database-internals/store-formats.adoc @@ -100,7 +100,7 @@ The database is hosted on three servers in primary mode. **On one of the servers, `server01`** -. In Cypher Shell, put the database that you want to migrate in read-only mode using the Cypher command xref:database-administration/standard-databases/manage-databases.adoc#manage-databases-alter[`ALTER DATABASE ...​ SET ACCESS READ ONLY`]. +. In Cypher Shell, put the database that you want to migrate in read-only mode using the Cypher command xref:database-administration/standard-databases/alter-databases.adoc#manage-databases-alter[`ALTER DATABASE ...​ SET ACCESS READ ONLY`]. For example: + [source,cypher] @@ -439,4 +439,4 @@ The following tables show the format and Neo4j version compatibility and the lim | Property keys | `2^31` (2 147 483 648) -|=== \ No newline at end of file +|=== From 9991784611423d13ffa4fc95122ad4475d659460 Mon Sep 17 00:00:00 2001 From: Stefano Ottolenghi Date: Thu, 18 Apr 2024 14:46:44 +0200 Subject: [PATCH 629/876] Update `server.http_enabled_modules` config description. --- modules/ROOT/pages/configuration/configuration-settings.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/configuration/configuration-settings.adoc b/modules/ROOT/pages/configuration/configuration-settings.adoc index f87bbebdf..55c30182e 100644 --- a/modules/ROOT/pages/configuration/configuration-settings.adoc +++ b/modules/ROOT/pages/configuration/configuration-settings.adoc @@ -1474,7 +1474,7 @@ m|+++:7474+++ [frame="topbot", stripes=odd, grid="cols", cols="<1s,<4"] |=== |Description -a|Defines the set of modules loaded into the Neo4j web server. Options include TRANSACTIONAL_ENDPOINTS, BROWSER, UNMANAGED_EXTENSIONS and ENTERPRISE_MANAGEMENT_ENDPOINTS (if applicable). +a|Defines the set of modules loaded into the Neo4j web server. The enterprise management endpoints are only available in the enterprise edition. |Valid values a|A comma-separated set where each element is one of [TRANSACTIONAL_ENDPOINTS, UNMANAGED_EXTENSIONS, BROWSER, ENTERPRISE_MANAGEMENT_ENDPOINTS, QUERY_API_ENDPOINTS]. |Default value From 714bb0a04941f13e732128f3ddd21fa120ecadf6 Mon Sep 17 00:00:00 2001 From: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> Date: Thu, 18 Apr 2024 15:36:40 +0200 Subject: [PATCH 630/876] Fix `page-aliases` attr in the file Create, start and stop db (#1553) --- .../standard-databases/create-databases.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/database-administration/standard-databases/create-databases.adoc b/modules/ROOT/pages/database-administration/standard-databases/create-databases.adoc index f4f8ff6ce..f76156307 100644 --- a/modules/ROOT/pages/database-administration/standard-databases/create-databases.adoc +++ b/modules/ROOT/pages/database-administration/standard-databases/create-databases.adoc @@ -1,5 +1,5 @@ :description: how to create, start, and stop databases in Neo4j. How to use `CREATE DATABASE`, `START DATABASE`, `STOP DATABASE` Cypher commands. -:page-aliases: database-administration/standard-databases/manage-databases.adoc +:page-aliases: manage-databases/queries.adoc [role=enterprise-edition not-on-aura] [[manage-databases-create]] = Create, start, and stop databases From ce87f55938715275c3f820d2594e75dbb83cda8e Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 18 Apr 2024 16:49:15 +0300 Subject: [PATCH 631/876] Update accessing-neo4j-ingress.adoc (#1552) (#1555) The example incorrectly includes an old release - the version is not needed as the image value in values.yaml should be the default Co-authored-by: davidlrosenblum --- modules/ROOT/pages/kubernetes/accessing-neo4j-ingress.adoc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/kubernetes/accessing-neo4j-ingress.adoc b/modules/ROOT/pages/kubernetes/accessing-neo4j-ingress.adoc index 48d099694..2c130b2b3 100644 --- a/modules/ROOT/pages/kubernetes/accessing-neo4j-ingress.adoc +++ b/modules/ROOT/pages/kubernetes/accessing-neo4j-ingress.adoc @@ -177,7 +177,9 @@ Alternatively, if you want to access Neo4j on port `:80`, leave `tls.enabled` wi [source, yaml] ---- reverseProxy: - image: neo4j/helm-charts-reverse-proxy:5.12.0 + #Use image only when need a specific version or using your internal artifactory. + #Otherwise let it default to what is in the values.yaml + #image: neo4j/helm-charts-reverse-proxy:5.12.0 serviceName: "standalone-admin" ingress: enabled: true From 3926fb58d01ce582638ce7fd79cf6d23eb821a36 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 18 Apr 2024 16:49:36 +0300 Subject: [PATCH 632/876] Update accessing-neo4j-ingress.adoc (#1551) (#1554) The following line has a typo scv instead of svc kubectl get scv -n ingress-nginx should be kubectl get svc -n ingress-nginx or kubectl get service -n ingress-nginx Co-authored-by: davidlrosenblum --- modules/ROOT/pages/kubernetes/accessing-neo4j-ingress.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/kubernetes/accessing-neo4j-ingress.adoc b/modules/ROOT/pages/kubernetes/accessing-neo4j-ingress.adoc index 2c130b2b3..4dad5671b 100644 --- a/modules/ROOT/pages/kubernetes/accessing-neo4j-ingress.adoc +++ b/modules/ROOT/pages/kubernetes/accessing-neo4j-ingress.adoc @@ -235,7 +235,7 @@ kubectl apply -f /path/to/your/nginx-tcp.yaml + [source,shell] ---- -kubectl get scv -n ingress-nginx +kubectl get svc -n ingress-nginx ---- .. Open the Ingress controller service for editing: + From 346f3a85d590a220cea1cb1dae38dfd22373ec41 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 18 Apr 2024 17:10:28 +0300 Subject: [PATCH 633/876] A short editorial review of disaster recovery page, update the misleading steps, and update the error message (#1547) Co-authored-by: Jack Waudby <33488812+jackwaudby@users.noreply.github.com> Co-authored-by: NataliaIvakina <82437520+NataliaIvakina@users.noreply.github.com> --- .../pages/clustering/disaster-recovery.adoc | 57 +++++++++---------- package-lock.json | 12 ++-- 2 files changed, 34 insertions(+), 35 deletions(-) diff --git a/modules/ROOT/pages/clustering/disaster-recovery.adoc b/modules/ROOT/pages/clustering/disaster-recovery.adoc index 0268cedab..cbfe8475f 100644 --- a/modules/ROOT/pages/clustering/disaster-recovery.adoc +++ b/modules/ROOT/pages/clustering/disaster-recovery.adoc @@ -3,21 +3,18 @@ [[cluster-recovery]] = Disaster recovery -Databases can become unavailable for different reasons. -For the purpose of this section, an _unavailable database_ is defined as a database that is incapable of serving writes, while still may be able to serve reads. -Databases not performing as expected for other reasons are not considered unavailable and cannot be helped by this section. -//Refer to <> for more information on troubleshooting. -This section contains a step-by-step guide on how to recover databases that have become unavailable. -By performing the actions described here, the unavailable databases are recovered and made fully operational with as little impact as possible on the other databases in the cluster. +A database can become unavailable due to issues on different system levels. +For example, a data center failover may lead to the loss of multiple servers, which may cause a set of databases to become unavailable. +It is also possible for databases to become quarantined due to a critical failure in the system, which may lead to unavailability even without the loss of servers. -There are many reasons why a database becomes unavailable and it can be caused by issues on different levels in the system. -For example, a data-center failover may lead to the loss of multiple serves which in turn may cause a set of databases to become unavailable. -It is also possible for databases to become quarantined due to a critical failure in the system which may lead to unavailability even without loss of servers. +This section contains a step-by-step guide on how to recover _unavailable databases_ that are incapable of serving writes, while still may be able to serve reads. +However, if a database is not performing as expected for other reasons, this section cannot help. +By following the steps outlined here, you can recover the unavailable databases and make them fully operational with minimal impact on the other databases in the cluster. [NOTE] ==== -If *all* servers in a Neo4j cluster are lost in a data-center failover, it is not possible to recover the current cluster. -A new cluster has to be created and the databases restored. +If *all* servers in a Neo4j cluster are lost in a data center failover, it is not possible to recover the current cluster. +You have to create a new cluster and restore the databases. See xref:clustering/setup/deploy.adoc[Deploy a basic cluster] and xref:clustering/databases.adoc#cluster-seed[Seed a database] for more information. ==== @@ -31,22 +28,22 @@ Consequently, in a disaster where multiple servers go down, some databases may k == Guide to disaster recovery -There are three main steps to recover a cluster from a disaster. -Depending on the disaster scenario, some steps may not be required, but it is recommended to complete each step in order to ensure that the cluster is fully operational. +There are three main steps to recovering a cluster from a disaster. +Completing each step, regardless of the disaster scenario, is recommended to ensure the cluster is fully operational. -The first step is to ensure that the `system` database is available in the cluster. -The `system` database defines the configuration for the other databases and therefore it is vital to ensure that it is available before doing anything else. +. Ensure the `system` database is available in the cluster. +The `system` database defines the configuration for the other databases; therefore, it is vital to ensure it is available before doing anything else. -Once the `system` database's availability is verified, whether it was recovered or unaffected by the disaster, the next step is to recover lost servers to make sure the cluster's topology requirements are met. +. After the `system` database's availability is verified, whether recovered or unaffected by the disaster, recover the lost servers to ensure the cluster's topology meets the requirements. -Only after the `system` database is available and the cluster topology is satisfied, can the databases be managed. +. After the `system` database is available and the cluster's topology is satisfied, you can manage the databases. The steps are described in detail in the following sections. [NOTE] ==== In this section, an _offline_ server is a server that is not running but may be _restartable_. -A _lost_ server however, is a server that is currently not running and cannot be restarted. +A _lost_ server, however, is a server that is currently not running and cannot be restarted. ==== [NOTE] @@ -66,16 +63,16 @@ The `system` database is required for clusters to function properly. The server may have to be considered indefinitely lost.) . *Validate the `system` database's availability.* .. Run `SHOW DATABASE system`. -If the response doesn't contain a writer, the `system` database is unavailable and needs to be recovered, continue to step 3. +If the response does not contain a writer, the `system` database is unavailable and needs to be recovered, continue to step 3. .. Optionally, you can create a temporary user to validate the `system` database's writability by running `CREATE USER 'temporaryUser' SET PASSWORD 'temporaryPassword'`. -... Confirm that the query was executed successfully and the temporary user was created as expected, by running `SHOW USERS`, then continue to xref:clustering/disaster-recovery.adoc#recover-servers[Recover servers]. +.. Confirm that the temporary user is created as expected, by running `SHOW USERS`, then continue to xref:clustering/disaster-recovery.adoc#recover-servers[Recover servers]. If not, continue to step 3. + . *Restore the `system` database.* + [NOTE] ==== -Only do the steps below if the `system` database's availability could not be validated by the first two steps in this section. +Only do the steps below if the `system` database's availability cannot be validated by the first two steps in this section. ==== + [NOTE] @@ -86,7 +83,7 @@ This method prevents downtime for the other databases in the cluster. If this is the case, ie. if a majority of servers are still available, follow the instructions in <>. ==== + -The following steps creates a new `system` database from a backup of the current `system` database. +The following steps create a new `system` database from a backup of the current `system` database. This is required since the current `system` database has lost too many members in the server failover. .. Shut down the Neo4j process on all servers. @@ -114,14 +111,16 @@ The steps here identify the lost servers and safely detach them from the cluster . Run `SHOW SERVERS`. If *all* servers show health `AVAILABLE` and status `ENABLED` continue to xref:clustering/disaster-recovery.adoc#recover-databases[Recover databases]. -. On each `UNAVAILABLE` server, run `CALL dbms.cluster.cordonServer("unavailable-server-id")`. -. On each `CORDONED` server, run `DEALLOCATE DATABASES FROM SERVER cordoned-server-id`. -. On each server that failed to deallocate with one of the following messages: -.. `Could not deallocate server [server]. Can't move databases with only one primary [database].` +. For each `UNAVAILABLE` server, run `CALL dbms.cluster.cordonServer("unavailable-server-id")` on one of the available servers. +. For each `CORDONED` server, run `DEALLOCATE DATABASES FROM SERVER cordoned-server-id` on one of the available servers. +. For each server that failed to deallocate with one of the following messages: +.. `Could not deallocate server(s) 'serverId'. Unable to reallocate 'DatabaseId.\*'. + +Required topology for 'DatabaseId.*' is 3 primaries and 0 secondaries. + +Consider running SHOW SERVERS to determine what action is suitable to resolve this issue.` + or + -`Could not deallocate server(s) [server]. +`Could not deallocate server(s) `serverId`. Database [database] has lost quorum of servers, only found [existing number of primaries] of [expected number of primaries]. Cannot be safely reallocated.` + @@ -143,7 +142,7 @@ A database can be set to `READ-ONLY`-mode before it is started to avoid updates .. `Could not deallocate server [server]. Reallocation of [database] not possible, no new target found. All existing servers: [existing-servers]. Actual allocated server with mode [mode] is [current-hostings].` + Add new servers and enable them and then return to step 3, see xref:clustering/servers.adoc#cluster-add-server[Add a server to the cluster] for more information. -. Run `SHOW SERVERS YIELD *` once all enabled servers host the requested databases (`hosting`-field contains exactly the databases in the `requestedHosting` field), proceed to the next step. +. Run `SHOW SERVERS YIELD *` once all enabled servers host the requested databases (`hosting`-field contains exactly the databases in the `requestedHosting` field), and proceed to the next step. Note that this may take a few minutes. . For each deallocated server, run `DROP SERVER deallocated-server-id`. . Return to step 1. @@ -154,7 +153,7 @@ Note that this may take a few minutes. Once the `system` database is verified available, and all servers are online, the databases can be managed. The steps here aim to make the unavailable databases available. -. If you have previously dropped databases as part of this guide, re-create each one from backup. +. If you have previously dropped databases as part of this guide, re-create each one from a backup. See the xref:database-administration/standard-databases/create-databases.adoc[Create databases] section for more information on how to create a database. . Run `SHOW DATABASES`. If all databases are in desired states on all servers (`requestedStatus`=`currentStatus`), disaster recovery is complete. diff --git a/package-lock.json b/package-lock.json index 39355b333..ab4be810c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1577,9 +1577,9 @@ "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==" }, "node_modules/isomorphic-git": { - "version": "1.25.6", - "resolved": "https://registry.npmjs.org/isomorphic-git/-/isomorphic-git-1.25.6.tgz", - "integrity": "sha512-zA3k3QOO7doqOnBgwsaXJwHKSIIl5saEdH4xxalu082WHVES4KghsG6RE2SDwjXMCIlNa1bWocbitH6bRIrmLQ==", + "version": "1.25.7", + "resolved": "https://registry.npmjs.org/isomorphic-git/-/isomorphic-git-1.25.7.tgz", + "integrity": "sha512-KE10ejaIsEpQ+I/apS33qqTjyzCXgOniEaL32DwNbXtboKG8H3cu+RiBcdp3G9w4MpOOTQfGPsWp4i8UxRfDLg==", "dependencies": { "async-lock": "^1.1.0", "clean-git-ref": "^2.0.1", @@ -4229,9 +4229,9 @@ "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==" }, "isomorphic-git": { - "version": "1.25.6", - "resolved": "https://registry.npmjs.org/isomorphic-git/-/isomorphic-git-1.25.6.tgz", - "integrity": "sha512-zA3k3QOO7doqOnBgwsaXJwHKSIIl5saEdH4xxalu082WHVES4KghsG6RE2SDwjXMCIlNa1bWocbitH6bRIrmLQ==", + "version": "1.25.7", + "resolved": "https://registry.npmjs.org/isomorphic-git/-/isomorphic-git-1.25.7.tgz", + "integrity": "sha512-KE10ejaIsEpQ+I/apS33qqTjyzCXgOniEaL32DwNbXtboKG8H3cu+RiBcdp3G9w4MpOOTQfGPsWp4i8UxRfDLg==", "requires": { "async-lock": "^1.1.0", "clean-git-ref": "^2.0.1", From 6a373d2b2f85b0c67e48d171100f2a948bfa6017 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 18 Apr 2024 17:49:21 +0300 Subject: [PATCH 634/876] Add missing metric .transaction.validation_failure (#1544) --- modules/ROOT/pages/monitoring/metrics/reference.adoc | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/modules/ROOT/pages/monitoring/metrics/reference.adoc b/modules/ROOT/pages/monitoring/metrics/reference.adoc index 3d7013eef..f7a159498 100644 --- a/modules/ROOT/pages/monitoring/metrics/reference.adoc +++ b/modules/ROOT/pages/monitoring/metrics/reference.adoc @@ -188,7 +188,7 @@ By default, database metrics include: [role=label--new-5.7] [[db-state-count-metrics]] -=== Database state count metrics +=== Database state count metrics // label:new[Introduced in 5.7] @@ -202,7 +202,7 @@ By default, database metrics include: |=== [[db-data-metrics]] -=== Database data metrics +=== Database data metrics label:deprecated[Deprecated in 5.15] @@ -363,6 +363,7 @@ label:deprecated[Deprecated in 5.15] |.transaction.last_closed_tx_id|The ID of the last closed transaction. (counter) |.transaction.tx_size_heap|The transactions' size on heap in bytes. (histogram) |.transaction.tx_size_native|The transactions' size in native memory in bytes. (histogram) +|.transaction.validation_failure|The total number of multi version transaction validation failures. (counter) |=== [[db-index-metrics]] @@ -407,9 +408,9 @@ label:deprecated[Deprecated in 5.15] == Metrics specific to clustering [[catchup-metrics]] -=== CatchUp metrics +=== Catch-up metrics -.CatchUp metrics +.Catch-up metrics [options="header",cols="<3m,<4"] |=== |Name |Description @@ -432,7 +433,7 @@ label:deprecated[Deprecated in 5.15] |=== [[raft-core-metrics]] -=== Raft core metrics +=== Raft core metrics label:deprecated[Deprecated in 5.0] From bcd8121311802bd6d955a3583711e49f46bf95c2 Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Thu, 18 Apr 2024 17:56:13 +0300 Subject: [PATCH 635/876] Fix mismatches in the backup and restore section (#1535) Depends on https://github.com/neo-technology/neo4j/pull/24995, https://github.com/neo-technology/neo4j/pull/24993, and https://github.com/neo-technology/neo4j/pull/24992. --- .../ROOT/pages/backup-restore/aggregate.adoc | 8 ++--- .../pages/backup-restore/copy-database.adoc | 36 +++++++++---------- .../pages/backup-restore/restore-dump.adoc | 3 +- 3 files changed, 23 insertions(+), 24 deletions(-) diff --git a/modules/ROOT/pages/backup-restore/aggregate.adoc b/modules/ROOT/pages/backup-restore/aggregate.adoc index 89464ad09..cee5ac6c5 100644 --- a/modules/ROOT/pages/backup-restore/aggregate.adoc +++ b/modules/ROOT/pages/backup-restore/aggregate.adoc @@ -44,7 +44,7 @@ Aggregates a chain of backup artifacts into a single artifact. | Parameter | Description -| +|[] |Name of the database for which to aggregate the artifacts. Can contain `*` and `?` for globbing. |=== @@ -71,7 +71,7 @@ Aggregates a chain of backup artifacts into a single artifact. |Accepts either a path to a single artifact file or a folder containing backup artifacts. When a file is supplied, the __ parameter should be omitted. -The option to supply a file is only available in Neo4j 5.2 and later. +The option to supply a file is only available from Neo4j 5.2 onwards. | |-h, --help @@ -97,8 +97,8 @@ Consult Neo4j support before use. [NOTE] ==== As of Neo4j 5.19, the `--from-path=` option can also load backup artifacts from AWS S3 URIs. -Neo4j uses link:https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html[default AWS credentials] to access AWS S3 URIs. -==== +Neo4j uses link:https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html[default AWS credentials] to access AWS S3 URIs. +==== [[aggregate-backup-example]] diff --git a/modules/ROOT/pages/backup-restore/copy-database.adoc b/modules/ROOT/pages/backup-restore/copy-database.adoc index 94447d2d2..4b1d3831b 100644 --- a/modules/ROOT/pages/backup-restore/copy-database.adoc +++ b/modules/ROOT/pages/backup-restore/copy-database.adoc @@ -90,23 +90,23 @@ The `neo4j-admin database copy` command has the following options: |false |--copy-only-node-properties=[,...] -|A comma separated list of property keys to include in the copy for nodes with the specified label. +|A comma-separated list of property keys to include in the copy for nodes with the specified label. Any labels not explicitly mentioned will have all their properties included in the copy. Cannot be combined with `--skip-properties` or `--skip-node-properties`. | |--copy-only-nodes-with-labels=
Release notes

Sourced from nodemon's releases.

v3.0.2

3.0.2 (2023-12-01)

Bug Fixes

v3.0.1

3.0.1 (2023-07-09)

Bug Fixes

v3.0.0

3.0.0 (2023-07-08)

Bug Fixes

Features

  • always use polling on IBM i (3b58104)

BREAKING CHANGES

  • official support for node@8 dropped.

However there's no function being used in semver that breaks node 8, so it's technically still possible to run with node 8, but it will no longer be supported (or tested in CI).

v2.0.22

2.0.22 (2023-03-22)

Bug Fixes

  • remove ts mapping if loader present (f7816e4), closes #2083

v2.0.21

2.0.21 (2023-03-02)

... (truncated)