Single instances (VM-based)
Prerequisites
-
You know how to run and operate Neo4j locally.
-
You know how to access cloud-hosted Neo4j from your application. See the Driver Manual.
-
You have installed and set up Google Cloud SDK to be able to use the
gcloud
command-line tool. -
You have authenticated your gcloud CLI, to interact with your GCP projects.
Create a firewall rule to access your instance
Create a firewall rule to be able to access your instance when it is launched:
gcloud compute firewall-rules create allow-neo4j-bolt-http-https \ (1)
--allow tcp:7473,tcp:7474,tcp:7687 \ (2)
--source-ranges 0.0.0.0/0 \ (3)
--target-tags neo4j (4)
1 | Create a firewall rule with the name allow-neo4j-bolt-http-https . |
2 | Allow traffic on ports:
|
3 | The ranges, provided with the --source-ranges argument, allow the entire Internet to contact your new instance. |
4 | The --target-tags argument specifies that this rule applies only to VMs tagged with neo4j .When you launch your instance, you have to apply that tag to it. |
Create a Google compute instance from the Neo4j public image
-
List all available Neo4j public images.
The images are published in a GCP project called
launcher-public
, so by listing images in that project, you can see what is available.launcher-public
imagesgcloud compute images list --project launcher-public
launcher-public
images — filtered on Neo4j 4.X versionsgcloud compute images list --project launcher-public | grep --extended-regexp "neo4j-(community|enterprise)-1-4-.*"
For example, the image
neo4j-enterprise-1-4-2-2-apoc
includes Neo4j Enterprise 4.2.2 with the APOC plugin. -
Create a new instance.
You create and launch an instance by using the following
gcloud
commands:gcloud config set project <project-id> (1) gcloud compute instances create my-neo4j-instance --image-project launcher-public \ (2) --image <neo4j-image-name> \ (3) --tags neo4j (4)
1 Set your project configuration to ensure you know where you are launching your instance. 2 Launch an image found in the provided public project launcher-public
.3 Replace <neo4j-image-name>
with the image name you want to launch.4 The --tags
argument allows you to configure the correct network permissions.
By default, Google blocks all external access to the network services unless you open them. -
Note the
EXTERNAL_IP
.When the launch is successful, you get the following result:
Example outputCreated [https://www.googleapis.com/compute/v1/projects/testbed-187316/zones/us-east1-b/instances/my-neo4j-instance]. NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS my-neo4j-instance europe-north1-a n1-standard-1 192.0.2.0 203.0.113.0 RUNNING
Note the IP address[1] in the
EXTERNAL_IP
column, this is for the Neo4j server.
The |
Access your new instance
Navigate to http://[EXTERNAL_IP]:7474/browser
or https://[EXTERNAL_IP]:7473/browser
, log in with the default username neo4j
and password neo4j
, and change the password, when prompted.
Neo4j 3.X versions include a self-signed certificate for TLS. Because you do not have a hostname or a valid SSL certificate configured by default, your browser will warn you that the certificate is not trusted. Neo4j 4.X versions do not include any certificate for TLS. You can configure the certificate later. |
Access your instance via SSH
You can run the following command to SSH into the instance:
gcloud compute ssh my-neo4j-instance
Inside the VM, you can check the status of the neo4j
service:
sudo systemctl status neo4j
● neo4j.service - Neo4j Graph Database
Loaded: loaded (/etc/systemd/system/neo4j.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2021-01-01 13:01:02 UTC; 40min ago
Main PID: 937 (java)
Tasks: 62 (limit: 4401)
CGroup: /system.slice/neo4j.service
└─937 /usr/bin/java -cp /var/lib/neo4j/plugins:/etc/neo4j:/usr/share/neo4j/lib/*:/var/lib/neo4j/plugins/* -XX:+UseG1GC -XX:-OmitStackTraceInFastThrow