For this part, we refer you to Chapter 5 "Clustering" of the pdf documentation (or online ). Section 5.3 is the practical part of the chapter.
Before continuing, it is strongly recommended that you have read and understood the previous section on Setting up a single Neo4j database because most settings are common.
Beforehand shut down each Neo4j server before making any changes. Depending on the type of installation, you must execute the command:
systemctl stop neo4j.service
In this section, we detail only the configuration items to be modified or added to properly configure a Neo4j cluster for use by SECollab. Take the following example:
The parameters to add to the configuration file for Server 1 would be:
# Server mode dbms.mode=CORE dbms.default_listen_address=0.0.0.0 dbms.default_advertised_address=neo-01.domain.local:5000 # Cluster settings causal_clustering.minimum_core_cluster_size_at_formation=3 causal_clustering.minimum_core_cluster_size_at_runtime=3 causal_clustering.initial_discovery_members=neo-01.domain.local:5000,neo-02.domain.local:5000,neo-03.domain.local:5000
dbms.mode=CORE: setting to configure the server as a member (CORE type) of a cluster.
causal_clustering.initial_discovery_members=neo-01.domain.local:5000,neo-02.domain.local:5000,neo-03.domain.local:5000: list of servers that make up the cluster when it is created.
The configuration for server 2 and 3 is the same as the parameter dbms.default_advertised_address which changes. So this one becomes:
The configurations detailed in the previous section (connector, memory, etc.) apply here as well.
By default, intra-cluster communications are not encrypted, but Neo4j provides mechanisms to fix this problem. Please refer to sections 5.5 (or online) and 9.2 of the documentation (or online) before continuing.
It is your responsibility to create a certificate for each cluster server using your enterprise PKI. Here is an example configuration to add to the "neo4j.conf" file:
# SSL Policy - cluster dbms.ssl.policy.cluster.enabled=true dbms.ssl.policy.cluster.base_directory=/var/lib/neo4j/certificates/cluster dbms.ssl.policy.cluster.private_key=/var/lib/neo4j/certificates/cluster/neo-01.domain.local.key dbms.ssl.policy.cluster.public_certificate=/var/lib/neo4j/certificates/cluster/neo-01.domain.local.crt dbms.ssl.policy.cluster.trusted_dir=/var/lib/neo4j/certificates/cluster/trusted dbms.ssl.policy.cluster.revoked_dir=/var/lib/neo4j/certificates/cluster/revoked dbms.ssl.policy.cluster.verify_hostname=true dbms.ssl.policy.cluster.tls_versions=TLSv1.2 dbms.ssl.policy.cluster.ciphers=TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA dbms.ssl.policy.cluster.client_auth=require
# Enable this to be able to upgrade a store from an older version. dbms.allow_upgrade=true
Make sure your have properly created a backup of your database and before upgrading your 3.5.x database. That means creating a copy of the directory configured with
To apply the changes made and start the cluster, restart each Neo4j database. Depending on the type of installation, you must execute the command :
systemctl start neo4j.service
When a cluster is created, the first server started usually becomes the LEADER of the cluster. To monitor the state of the cluster (creation, synchronization ...), you can follow the logs on each server. Depending on your installation, you must execute the command:
journalctl -e --follow --unit neo4j.service
tail -n 100 -f NEO4J_HOME/logs/neo4j.log
Get-Content NEO4J_HOME/logs/neo4j.log -Wait