Skip to content

Commit

Permalink
[bitnami/neo4j] Release 4.4.34-debian-12-r3
Browse files Browse the repository at this point in the history 
Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
  • Loading branch information
@bitnami-bot
bitnami-bot committed Jul 3, 2024
1 parent 7a53ebe commit 1c1d5d6
Show file tree
Hide file tree
Showing 6 changed files with 118 additions and 49 deletions.
4 changes: 2 additions & 2 deletions bitnami/neo4j/4/debian-12/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,11 @@ ARG TARGETARCH

LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \
org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \
org.opencontainers.image.created="2024-06-29T14:38:17Z" \
org.opencontainers.image.created="2024-07-03T11:01:34Z" \
org.opencontainers.image.description="Application packaged by Broadcom, Inc." \
org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/neo4j/README.md" \
org.opencontainers.image.licenses="Apache-2.0" \
org.opencontainers.image.ref.name="4.4.34-debian-12-r2" \
org.opencontainers.image.ref.name="4.4.34-debian-12-r3" \
org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/neo4j" \
org.opencontainers.image.title="neo4j" \
org.opencontainers.image.vendor="Broadcom, Inc." \
Expand Down
104 changes: 73 additions & 31 deletions bitnami/neo4j/4/debian-12/rootfs/opt/bitnami/scripts/libneo4j.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -169,6 +169,32 @@ neo4j_conf_set() {
echo "$entry" >>"$file"
fi
}

########################
# Set the initial password of the native user 'neo4j'
# Globals:
# NEO4J_*
# Arguments:
# None
# Returns:
# None
#########################
neo4j_create_admin_user() {
## Set initial password
## Source: https://neo4j.com/docs/operations-manual/current/configuration/set-initial-password/
info "Configuring initial password"
local -a neo4j_admin_args=("set-initial-password")
if [ "$(get_neo4j_major_version)" -ge 5 ]; then
neo4j_admin_args=("dbms" "set-initial-password")
fi

if am_i_root; then
debug_execute run_as_user "$NEO4J_DAEMON_USER" neo4j-admin "${neo4j_admin_args[@]}" "$NEO4J_PASSWORD"
else
debug_execute neo4j-admin "${neo4j_admin_args[@]}" "$NEO4J_PASSWORD"
fi
}

#########################
# Initialize NEO4J
# Globals:
Expand All @@ -183,24 +209,15 @@ neo4j_initialize() {
## The logic in this function is based on the sections here https://neo4j.com/docs/operations-manual/current/configuration/
info "Initializing Neo4j ..."

find "${NEO4J_TMP_DIR}" -type f -name "neo4j*.pid" -delete
find "${NEO4J_RUN_DIR}" -type f -name "neo4j*.pid" -delete
find "${NEO4J_LOGS_DIR}" -type f -name "neo4j*.log" -delete

## Configure permissions for read-write directories
## Source: https://neo4j.com/docs/operations-manual/current/configuration/file-locations/#file-locations-permissions
info "Configuring file permissions for Neo4j"
if am_i_root; then
for dir in "$NEO4J_LOGS_DIR" "$NEO4J_DATA_DIR" "$NEO4J_TMP_DIR" "$NEO4J_METRICS_DIR"; do
configure_permissions_ownership "$dir" -u "$NEO4J_DAEMON_USER" -g "$NEO4J_DAEMON_GROUP" -d 755 -f 644
done
fi

if ! is_dir_empty "$NEO4J_MOUNTED_CONF_DIR"; then
if ! is_mounted_dir_empty "$NEO4J_MOUNTED_CONF_DIR"; then
info "Copying mounted configuration"
cp -Lr "${NEO4J_MOUNTED_CONF_DIR}/." "$NEO4J_CONF_DIR"
fi

if ! is_dir_empty "$NEO4J_MOUNTED_PLUGINS_DIR"; then
if ! is_mounted_dir_empty "$NEO4J_MOUNTED_PLUGINS_DIR"; then
info "Copying mounted plugins"
cp -Lr "${NEO4J_MOUNTED_PLUGINS_DIR}/." "$NEO4J_PLUGINS_DIR"
fi
Expand All @@ -221,23 +238,28 @@ neo4j_initialize() {
info "Found mounted apoc.conf file in ${NEO4J_MOUNTED_CONF_DIR}/apoc.conf. The APOC plugin configuration will be skipped"
fi

if is_dir_empty "$NEO4J_DATA_DIR"; then
local -r app_name="neo4j"
if ! is_app_initialized "$app_name"; then
info "Deploying Neo4j from scratch"
## Set initial password
## Source: https://neo4j.com/docs/operations-manual/current/configuration/set-initial-password/
info "Configuring initial password"
local -a neo4j_admin_args=("set-initial-password")
if [ "$(get_neo4j_major_version)" -ge 5 ]; then
neo4j_admin_args=("dbms" "set-initial-password")
fi
if am_i_root; then
debug_execute run_as_user "$NEO4J_DAEMON_USER" neo4j-admin "${neo4j_admin_args[@]}" "$NEO4J_PASSWORD"
else
debug_execute neo4j-admin "${neo4j_admin_args[@]}" "$NEO4J_PASSWORD"
fi
neo4j_create_admin_user
else
info "Deploying Neo4j with persisted data"
fi

# When running as 'root' user, ensure the Neo4j user has ownership and minimum permissions are set
if am_i_root; then
info "Configuring file permissions for Neo4j"
## Directories that should have read-only permissions
for dir in "$NEO4J_IMPORT_DIR" "${NEO4J_BASE_DIR}/lib" "$NEO4J_CERTIFICATES_DIR" "$NEO4J_MOUNTED_CONF_DIR" "$NEO4J_MOUNTED_PLUGINS_DIR" "$NEO4J_INITSCRIPTS_DIR" "$NEO4J_PLUGINS_DIR" "$NEO4J_CONF_DIR"; do
ensure_dir_exists "$dir"
configure_permissions_ownership "$dir" -u "$NEO4J_DAEMON_USER" -g "$NEO4J_DAEMON_GROUP" -d 500 -f 400
done
## Directories that should have write permissions
for dir in "$NEO4J_LOGS_DIR" "$NEO4J_DATA_DIR" "$NEO4J_RUN_DIR" "$NEO4J_METRICS_DIR"; do
ensure_dir_exists "$dir"
configure_permissions_ownership "$dir" -u "$NEO4J_DAEMON_USER" -g "$NEO4J_DAEMON_GROUP" -d 700 -f 600
done
fi
}

########################
Expand Down Expand Up @@ -304,20 +326,40 @@ configure_neo4j_connector_settings() {
if [ "$neo4j_major_version" -eq 4 ]; then
## Connector configuration
## Source: https://neo4j.com/docs/operations-manual/current/configuration/connectors/
# Listen address configuration settings
neo4j_conf_set "dbms.default_listen_address" "$NEO4J_BIND_ADDRESS"
neo4j_conf_set "dbms.connector.bolt.advertised_address" ":${NEO4J_BOLT_PORT_NUMBER}"
neo4j_conf_set "dbms.connector.http.advertised_address" ":${NEO4J_HTTP_PORT_NUMBER}"
neo4j_conf_set "dbms.connector.https.advertised_address" ":${NEO4J_HTTPS_PORT_NUMBER}"
neo4j_conf_set "dbms.connector.bolt.listen_address" ":${NEO4J_BOLT_PORT_NUMBER}"
neo4j_conf_set "dbms.connector.http.listen_address" ":${NEO4J_HTTP_PORT_NUMBER}"
neo4j_conf_set "dbms.connector.https.listen_address" ":${NEO4J_HTTPS_PORT_NUMBER}"
# Advertised address configuration settings
neo4j_conf_set "dbms.default_advertised_address" "$host"
neo4j_conf_set "dbms.connector.bolt.advertised_address" ":${NEO4J_BOLT_ADVERTISED_PORT_NUMBER}"
neo4j_conf_set "dbms.connector.http.advertised_address" ":${NEO4J_HTTP_ADVERTISED_PORT_NUMBER}"
neo4j_conf_set "dbms.connector.https.advertised_address" ":${NEO4J_HTTPS_ADVERTISED_PORT_NUMBER}"
# TLS settings
neo4j_conf_set "dbms.connector.bolt.tls_level" "${NEO4J_BOLT_TLS_LEVEL}"
[[ "$NEO4J_BOLT_TLS_LEVEL" == "REQUIRED" || "$NEO4J_BOLT_TLS_LEVEL" == "OPTIONAL" ]] && neo4j_conf_set "dbms.ssl.policy.bolt.enabled" "true"
neo4j_conf_set "dbms.connector.https.enabled" "${NEO4J_HTTPS_ENABLED}"
neo4j_conf_set "dbms.ssl.policy.https.enabled" "${NEO4J_HTTPS_ENABLED}"
## Upgrade configuration (This is for allowing automatic schema upgrades)
## Source: https://neo4j.com/docs/upgrade-migration-guide/current/upgrade/upgrade-4.3/deployment-upgrading/
neo4j_conf_set "dbms.allow_upgrade" "$NEO4J_ALLOW_UPGRADE"
elif [ "$neo4j_major_version" -ge 5 ]; then
# Listen address configuration settings
neo4j_conf_set "server.default_listen_address" "$NEO4J_BIND_ADDRESS"
neo4j_conf_set "server.bolt.advertised_address" ":${NEO4J_BOLT_PORT_NUMBER}"
neo4j_conf_set "server.http.advertised_address" ":${NEO4J_HTTP_PORT_NUMBER}"
neo4j_conf_set "server.https.advertised_address" ":${NEO4J_HTTPS_PORT_NUMBER}"
neo4j_conf_set "server.bolt.listen_address" ":${NEO4J_BOLT_PORT_NUMBER}"
neo4j_conf_set "server.http.listen_address" ":${NEO4J_HTTP_PORT_NUMBER}"
neo4j_conf_set "server.https.listen_address" ":${NEO4J_HTTPS_PORT_NUMBER}"
# Advertised address configuration settings
neo4j_conf_set "server.default_advertised_address" "$host"
neo4j_conf_set "server.bolt.advertised_address" ":${NEO4J_BOLT_ADVERTISED_PORT_NUMBER}"
neo4j_conf_set "server.http.advertised_address" ":${NEO4J_HTTP_ADVERTISED_PORT_NUMBER}"
neo4j_conf_set "server.https.advertised_address" ":${NEO4J_HTTPS_ADVERTISED_PORT_NUMBER}"
# TLS settings
neo4j_conf_set "server.bolt.tls_level" "${NEO4J_BOLT_TLS_LEVEL}"
[[ "$NEO4J_BOLT_TLS_LEVEL" == "REQUIRED" || "$NEO4J_BOLT_TLS_LEVEL" == "OPTIONAL" ]] && neo4j_conf_set "dbms.ssl.policy.bolt.enabled" "true"
neo4j_conf_set "server.https.enabled" "${NEO4J_HTTPS_ENABLED}"
neo4j_conf_set "dbms.ssl.policy.https.enabled" "${NEO4J_HTTPS_ENABLED}"
else
error "Neo4j branch ${neo4j_major_version} not supported"
fi
Expand Down
15 changes: 13 additions & 2 deletions bitnami/neo4j/4/debian-12/rootfs/opt/bitnami/scripts/neo4j-env.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,11 @@ neo4j_env_vars=(
NEO4J_BOLT_PORT_NUMBER
NEO4J_HTTP_PORT_NUMBER
NEO4J_HTTPS_PORT_NUMBER
NEO4J_BOLT_ADVERTISED_PORT_NUMBER
NEO4J_HTTP_ADVERTISED_PORT_NUMBER
NEO4J_HTTPS_ADVERTISED_PORT_NUMBER
NEO4J_HTTPS_ENABLED
NEO4J_BOLT_TLS_LEVEL
)
for env_var in "${neo4j_env_vars[@]}"; do
file_env_var="${env_var}_FILE"
Expand All @@ -51,11 +56,12 @@ unset neo4j_env_vars
export NEO4J_BASE_DIR="${BITNAMI_ROOT_DIR}/neo4j"
export NEO4J_VOLUME_DIR="/bitnami/neo4j"
export NEO4J_DATA_DIR="$NEO4J_VOLUME_DIR/data"
export NEO4J_TMP_DIR="${NEO4J_BASE_DIR}/run"
export NEO4J_RUN_DIR="${NEO4J_BASE_DIR}/run"
export NEO4J_LOGS_DIR="${NEO4J_BASE_DIR}/logs"
export NEO4J_LOG_FILE="${NEO4J_LOGS_DIR}/neo4j.log"
export NEO4J_PID_FILE="${NEO4J_TMP_DIR}/neo4j.pid"
export NEO4J_PID_FILE="${NEO4J_RUN_DIR}/neo4j.pid"
export NEO4J_CONF_DIR="${NEO4J_BASE_DIR}/conf"
export NEO4J_DEFAULT_CONF_DIR="${NEO4J_BASE_DIR}/conf.default"
export NEO4J_PLUGINS_DIR="${NEO4J_BASE_DIR}/plugins"
export NEO4J_METRICS_DIR="${NEO4J_VOLUME_DIR}/metrics"
export NEO4J_CERTIFICATES_DIR="${NEO4J_VOLUME_DIR}/certificates"
Expand Down Expand Up @@ -84,6 +90,11 @@ export NEO4J_APOC_IMPORT_FILE_USE_NEO4J_CONFIG="${NEO4J_APOC_IMPORT_FILE_USE_NEO
export NEO4J_BOLT_PORT_NUMBER="${NEO4J_BOLT_PORT_NUMBER:-7687}"
export NEO4J_HTTP_PORT_NUMBER="${NEO4J_HTTP_PORT_NUMBER:-7474}"
export NEO4J_HTTPS_PORT_NUMBER="${NEO4J_HTTPS_PORT_NUMBER:-7473}"
export NEO4J_BOLT_ADVERTISED_PORT_NUMBER="${NEO4J_BOLT_ADVERTISED_PORT_NUMBER:-$NEO4J_BOLT_PORT_NUMBER}"
export NEO4J_HTTP_ADVERTISED_PORT_NUMBER="${NEO4J_HTTP_ADVERTISED_PORT_NUMBER:-$NEO4J_HTTP_PORT_NUMBER}"
export NEO4J_HTTPS_ADVERTISED_PORT_NUMBER="${NEO4J_HTTPS_ADVERTISED_PORT_NUMBER:-$NEO4J_HTTPS_PORT_NUMBER}"
export NEO4J_HTTPS_ENABLED="${NEO4J_HTTPS_ENABLED:-false}"
export NEO4J_BOLT_TLS_LEVEL="${NEO4J_BOLT_TLS_LEVEL:-DISABLED}"

# Default JVM configuration
export JAVA_HOME="${BITNAMI_ROOT_DIR}/java"
Expand Down
6 changes: 6 additions & 0 deletions bitnami/neo4j/4/debian-12/rootfs/opt/bitnami/scripts/neo4j/entrypoint.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,12 @@ set -o pipefail

print_welcome_page

# We add the copy from default config in the entrypoint to not break users
# bypassing the setup.sh logic. If the file already exists do not overwrite (in
# case someone mounts a configuration file in /opt/bitnami/neo4j/config)
debug "Copying files from $NEO4J_DEFAULT_CONF_DIR to $NEO4J_CONF_DIR"
cp -nr "$NEO4J_DEFAULT_CONF_DIR"/. "$NEO4J_CONF_DIR"

if [[ "$1" = "/opt/bitnami/scripts/neo4j/run.sh" ]]; then
/opt/bitnami/scripts/neo4j/setup.sh
info "** Neo4j setup finished! **"
Expand Down
6 changes: 5 additions & 1 deletion bitnami/neo4j/4/debian-12/rootfs/opt/bitnami/scripts/neo4j/postunpack.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ done

## Directories that should have write permissions
## NOTE: We need the configuration and plugins folder to have write permissions to create or import the configuration file
for dir in "$NEO4J_CONF_DIR" "$NEO4J_PLUGINS_DIR" "$NEO4J_LOGS_DIR" "$NEO4J_DATA_DIR" "$NEO4J_TMP_DIR" "$NEO4J_METRICS_DIR"; do
for dir in "$NEO4J_CONF_DIR" "$NEO4J_DEFAULT_CONF_DIR" "$NEO4J_PLUGINS_DIR" "$NEO4J_LOGS_DIR" "$NEO4J_DATA_DIR" "$NEO4J_RUN_DIR" "$NEO4J_METRICS_DIR"; do
ensure_dir_exists "$dir"
configure_permissions_ownership "$dir" -u "root" -g "root" -d 775 -f 664
done
Expand Down Expand Up @@ -64,3 +64,7 @@ configure_permissions_ownership "$NEO4J_APOC_CONF_FILE" -u "root" -g "root" -f 6
## Create a hidden directory where the cypher-shell executable can write cache and history data
ensure_dir_exists "$NEO4J_BASE_DIR/.home"
configure_permissions_ownership "$NEO4J_BASE_DIR/.home" -u "root" -g "root" -d 775

# Copy all initially generated configuration files to the default directory
# (this is to avoid breaking when entrypoint is being overridden)
cp -r "$NEO4J_CONF_DIR"/* "$NEO4J_DEFAULT_CONF_DIR"
32 changes: 19 additions & 13 deletions bitnami/neo4j/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,17 +140,22 @@ docker-compose up -d

#### Customizable environment variables

| Name | Description | Default Value |
|-------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------|---------------|
| `NEO4J_HOST` | Hostname used to configure Neo4j advertised address. It can be either an IP or a domain. If left empty, it will be resolved to the machine IP | `nil` |
| `NEO4J_BIND_ADDRESS` | Neo4j bind address | `0.0.0.0` |
| `NEO4J_ALLOW_UPGRADE` | Allow automatic schema upgrades | `true` |
| `NEO4J_PASSWORD` | Neo4j password. | `bitnami1` |
| `NEO4J_APOC_IMPORT_FILE_ENABLED` | Allow importing files using the apoc library | `true` |
| `NEO4J_APOC_IMPORT_FILE_USE_NEO4J_CONFIG` | Use neo4j configuration with the apoc library | `false` |
| `NEO4J_BOLT_PORT_NUMBER` | Port used for the bolt protocol. | `7687` |
| `NEO4J_HTTP_PORT_NUMBER` | Port used for the http protocol. | `7474` |
| `NEO4J_HTTPS_PORT_NUMBER` | Port used for the https protocol. | `7473` |
| Name | Description | Default Value |
|-------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------|----------------------------|
| `NEO4J_HOST` | Hostname used to configure Neo4j advertised address. It can be either an IP or a domain. If left empty, it will be resolved to the machine IP | `nil` |
| `NEO4J_BIND_ADDRESS` | Neo4j bind address | `0.0.0.0` |
| `NEO4J_ALLOW_UPGRADE` | Allow automatic schema upgrades | `true` |
| `NEO4J_PASSWORD` | Neo4j password. | `bitnami1` |
| `NEO4J_APOC_IMPORT_FILE_ENABLED` | Allow importing files using the apoc library | `true` |
| `NEO4J_APOC_IMPORT_FILE_USE_NEO4J_CONFIG` | Use neo4j configuration with the apoc library | `false` |
| `NEO4J_BOLT_PORT_NUMBER` | Port used for the bolt protocol. | `7687` |
| `NEO4J_HTTP_PORT_NUMBER` | Port used for the http protocol. | `7474` |
| `NEO4J_HTTPS_PORT_NUMBER` | Port used for the https protocol. | `7473` |
| `NEO4J_BOLT_ADVERTISED_PORT_NUMBER` | Advertised port for the bolt protocol. | `$NEO4J_BOLT_PORT_NUMBER` |
| `NEO4J_HTTP_ADVERTISED_PORT_NUMBER` | Advertised port for the http protocol. | `$NEO4J_HTTP_PORT_NUMBER` |
| `NEO4J_HTTPS_ADVERTISED_PORT_NUMBER` | Advertised port for the https protocol. | `$NEO4J_HTTPS_PORT_NUMBER` |
| `NEO4J_HTTPS_ENABLED` | Enables the HTTPS connector. | `false` |
| `NEO4J_BOLT_TLS_LEVEL` | The encryption level to be used to secure communications with Bolt connector. Allowed values: REQUIRED, OPTIONAL, DISABLED | `DISABLED` |

#### Read-only environment variables

Expand All @@ -159,11 +164,12 @@ docker-compose up -d
| `NEO4J_BASE_DIR` | Neo4j installation directory. | `${BITNAMI_ROOT_DIR}/neo4j` |
| `NEO4J_VOLUME_DIR` | Neo4j volume directory. | `/bitnami/neo4j` |
| `NEO4J_DATA_DIR` | Neo4j volume directory. | `$NEO4J_VOLUME_DIR/data` |
| `NEO4J_TMP_DIR` | Neo4j temp directory. | `${NEO4J_BASE_DIR}/run` |
| `NEO4J_RUN_DIR` | Neo4j temp directory. | `${NEO4J_BASE_DIR}/run` |
| `NEO4J_LOGS_DIR` | Neo4j logs directory. | `${NEO4J_BASE_DIR}/logs` |
| `NEO4J_LOG_FILE` | Neo4j log file. | `${NEO4J_LOGS_DIR}/neo4j.log` |
| `NEO4J_PID_FILE` | Neo4j PID file. | `${NEO4J_TMP_DIR}/neo4j.pid` |
| `NEO4J_PID_FILE` | Neo4j PID file. | `${NEO4J_RUN_DIR}/neo4j.pid` |
| `NEO4J_CONF_DIR` | Configuration dir for Neo4j. | `${NEO4J_BASE_DIR}/conf` |
| `NEO4J_DEFAULT_CONF_DIR` | Neo4j default configuration directory. | `${NEO4J_BASE_DIR}/conf.default` |
| `NEO4J_PLUGINS_DIR` | Plugins dir for Neo4j. | `${NEO4J_BASE_DIR}/plugins` |
| `NEO4J_METRICS_DIR` | Metrics dir for Neo4j. | `${NEO4J_VOLUME_DIR}/metrics` |
| `NEO4J_CERTIFICATES_DIR` | Certificates dir for Neo4j. | `${NEO4J_VOLUME_DIR}/certificates` |
Expand Down

0 comments on commit 1c1d5d6

Please sign in to comment.