Light up Neo4j and Neodash in a pod with butane and ignition

Run an instance of Neo4j with neodash in a pod in a Fedora Coreos container on Google Cloud.

1. Requirements

  1. GCP account with Google cloud compute engine.

  2. Static IP for the machine in your VPC network.

  3. Gcloud cli on local machine.

  4. local neo4j instance including dashboard saved to database.

  5. ssh keypair to install (public key) on image.

  6. butane

  7. matches

  8. These instructions assume the user is on a linux box.

    No ssl is configured here.

2. Start on Google cloud web

  1. Set up firewall rules for the neo4j browser and neodash

    1. Under VPC Network/firewall Click 'Create firewall rule'

    2. Provide name for example: allow-neo4j

    3. Under Targets, select 'Specified Target Tags'

    4. Provide a target tag of your liking for example: neo4j

    5. Specify TCP ports: 7474, 7687, 5005

  2. Set up static ip to assign to the machine at build time.

    1. Under VPC Network/IP addresses

    2. Select Reserve External Static Addresses

    3. Select zone and other options.

      the IP will be attached to the machine you will create in a minute or two.

3. Continue on your machine

  1. Install gcloud cli.

    1. Make sure you can run: gcloud compute instances list

  2. Install butane

  3. Create the following neo4j.fcc file and adapt to your needs.

    1. Neo4j section

      1. At a bare minimum you will need to supply a public key for the core user.

        You will not be able to log into the machine without it.
        The private key is also practical (for the core and/or neo4j user) if you want to pull data from gitlab etc.

      2. The http and bolt listen address should be the internal ip of your cloud vm.

    2. Neodash section

      1. The external static ip of your vm MUST be indicated.

      2. You MUST change the password for the database and the dashboard name.

      3. You MUST indicate the external IP address for the standaloneHost value.

#filename: neo4j.fcc
variant: fcos
version: 1.4.0
passwd:
  users:
    - name: core
      ssh_authorized_keys:
        - ssh-ed25519 CCCBC3NzaC1lZDI1NTE5CCCBILfBrfr+iLNCXjQhcWKDFPLTOO5MPpPp6+GxmR8m5zxY keyname
    - name: neo4j
      ssh_authorized_keys:
        - ssh-ed25519 CCCBC3NzaC1lZDI1NTE5CCCBILfBrfr+iLNCXjQhcWKDFPLTOO5MPpPp6+GxmR8m5zxY keyname
      uid: 7474
storage:
  files:
    - path: /etc/hostname
      mode: 0644
      contents:
        inline: fcos-neo4j
    - path: /home/core/.ssh/id_ed25519
      mode: 0600
      user:
        name: core
      group:
        name: core
      contents:
        inline: |
          -----BEGIN OPENSSH PRIVATE KEY-----
          QyNTUxOQAAACC3wa36/oizQl40IXFigxTy0zjuTD6T6evhsZkfJuc8WCCCBJAPDFZXDwxW
          QyNTUxOQAAACC3wa36/oizQl40IXFigxTy0zjuTD6T6evhsZkfJuc8WCCCBJAPDFZXDwxW
          QyNTUxOQAAACC3wa36/oizQl40IXFigxTy0zjuTD6T6evhsZkfJuc8WCCCBJAPDFZXDwxW
          QyNTUxOQAAACC3wa36/oizQl40IXFigxTy0zjuTD6T6evhsZkfJuc8WCCCBJAPDFZXDwxW
          OO5MPpPp6+GxmR8m5zxYCCCBBmJrZWxseQECAwQFBgc=
          -----END OPENSSH PRIVATE KEY-----
    - path: /home/core/.ssh/id_ed25519.pub
      mode: 0644
      user:
        name: core
      group:
        name: core
      contents:
        inline: |
          ssh-ed25519 CCCBC3NzaC1lZDI1NTE5CCCBILfBrfr+iLNCXjQhcWKDFPLTOO5MPpPp6+GxmR8m5zxY keyname
    - path: /home/neo4j/.ssh/id_ed25519
      mode: 0600
      user:
        name: neo4j
      group:
        name: neo4j
      contents:
        inline: |
          -----BEGIN OPENSSH PRIVATE KEY-----
          QyNTUxOQAAACC3wa36/oizQl40IXFigxTy0zjuTD6T6evhsZkfJuc8WCCCBJAPDFZXDwxW
          QyNTUxOQAAACC3wa36/oizQl40IXFigxTy0zjuTD6T6evhsZkfJuc8WCCCBJAPDFZXDwxW
          QyNTUxOQAAACC3wa36/oizQl40IXFigxTy0zjuTD6T6evhsZkfJuc8WCCCBJAPDFZXDwxW
          QyNTUxOQAAACC3wa36/oizQl40IXFigxTy0zjuTD6T6evhsZkfJuc8WCCCBJAPDFZXDwxW
          OO5MPpPp6+GxmR8m5zxYCCCBBmJrZWxseQECAwQFBgc=
          -----END OPENSSH PRIVATE KEY-----
    - path: /home/neo4j/.ssh/id_ed25519.pub
      mode: 0644
      user:
        name: neo4j
      group:
        name: neo4j
      contents:
        inline: |
          ssh-ed25519 CCCBC3NzaC1lZDI1NTE5CCCBILfBrfr+iLNCXjQhcWKDFPLTOO5MPpPp6+GxmR8m5zxY keyname
    - path: /var/lib/systemd/linger/neo4j
      mode: 0644
    - path: /home/neo4j/get-go.sh
      mode: 0744
      user:
        name: neo4j
      group:
        name: neo4j
      contents:
        inline: |
          #!/usr/bin/bash
          [ -d $HOME/neo4j/data/databases/neo4j/|| { echo "Looks like there is no neo4j database.  Exiting..."; exit 1; }
          podman pod create --name neo \
              --userns=keep-id \
              -p 7474:7474 \
              -p 7687:7687 \
              -p 5005:5005

          podman run -d \
              --pod neo \
              --name neo4j \
              --security-opt label=disable \
              -v $HOME/neo4j/data:/var/lib/neo4j/data \
              -v $HOME/neo4j/logs:/var/lib/neo4j/logs \
              -v $HOME/neo4j/import:/var/lib/neo4j/import \
              -v $HOME/neo4j/plugins:/var/lib/neo4j/plugins \
              --env NEO4J_dbms_connector_bolt_enabled=true \
              --env NEO4J_dbms_connector_http_advertised__address=10.240.0.17:7474 \
              --env NEO4J_dbms_connector_bolt_advertised__address=10.240.0.17:7687 \
              docker.io/library/neo4j:5.3.0-community

          podman run -d \
              --pod neo \
              --name neodash \
              --security-opt label=disable \
              -e ssoEnabled=false \
              -e standalone=true \
              -e standaloneProtocol="bolt" \
              -e standaloneHost="IP_ADDRESS" \
              -e standalonePort="7687" \
              -e standaloneDatabase="neo4j" \
              -e standaloneUsername="neo4j" \
              -e standalonePassword="YOUR_PASSWORD_HERE" \
              -e standaloneDashboardName="REPLACE_THIS_WITH_YOUR_DASHBOARD_NAME" \
              -e standaloneDashboardDatabase="neo4j" \
              docker.io/nielsdejong/neodash
          pushd $HOME/.config/systemd/user || exit
          podman generate systemd -n -f neo
          popd
          systemctl --user enable pod-neo
  directories:
    - path: /home/neo4j/.config
      mode: 0755
      user:
        name: neo4j
      group:
        name: neo4j
    - path: /home/neo4j/.config/systemd
      mode: 0755
      user:
        name: neo4j
      group:
        name: neo4j
    - path: /home/neo4j/.config/systemd/user
      mode: 0755
      user:
        name: neo4j
      group:
        name: neo4j
  1. Edit the following file as ignite.sh and save in the same directory as neo4j.fcc above.

    • Pay particular attention to the TAGS; these MUST correspond to the tag assigned to the firewall rule allowing access to the machine on TCP ports 7474 and 5005.

    • The IP_ADDRESS is your static IP as configured in Google Cloud.

    • Pick your ZONE and VM_NAME

#!/bin/bash
#filename: ignite.sh
STREAM=stable
VM_NAME=fcos-neo4j
CONFIG=neo4j.ign
TAGS=neo4j
IP_ADDRESS=35.211.65.234
ZONE=us-east1-b
butane -p -r neo4j.fcc > neo4j.ign

gcloud compute instances create --metadata-from-file "user-data=${CONFIG}" \
  --image-project "fedora-coreos-cloud" \
  --image-family "fedora-coreos-${STREAM}" "${VM_NAME}" \
  --zone ${ZONE} \
  --tags ${TAGS} \
  --address ${IP_ADDRESS} \
  --no-service-account \
  --no-scopes \
  --preemptible
preemptible allows Google to shut down your vm anytime it sees fit. Remove this or create a cron job to restart it when Google shuts it off.
  1. Install butane (dnf install butane)

  2. Light it up! ./ignite.sh

If all goes to plan and you had the corresponding private key on your computer, you should be able to ssh into your machine.

Its now up to you to get your neo4j database (including the saved neodash dashboard) on the box.

  1. stop the database

  2. rsync -avupzr /var/lib/neo4j [email protected]_ADDRESS:~/ (or scp)

4. On your new vm

  1. Pull in the container images

    • podman pull docker.io/library/neo4j:5.3.0-community

    • podman pull docker.io/nielsdejong/neodash

  2. Let’s do this:

    • ./get-go.sh

      This will set up and start both neo4j and neodash.

Check running state with podman pod ps

You can start and stop with:

systemctl --user status|start|stop pod-neo

podman pod start|stop neo

Connect to the database and Neodash: