Upgrade a Causal Cluster to a 4.x patch release
This section describes how to upgrade a Neo4j cluster to a newer
PATCH
release within the sameMAJOR
andMINOR
version.
You can upgrade your existing Neo4j Causal Cluster by either performing a rolling upgrade, or by upgrading it offline.
The prerequisites and the upgrade steps must be completed for each cluster member. |
When upgrading from an earlier patch release, you might need to upgrade the |
Offline upgrade
This variant is suitable for cases where a rolling upgrade is not possible.
It is recommended to perform a test upgrade on a production-like environment to get information on the duration of the downtime. |
Prerequisites
Ensure that you have completed all the tasks on the Upgrade checklist for each cluster member.
Prepare for the upgrade
-
Shut down all the cluster members (Cores and Read Replicas).
-
Perform
neo4j-admin unbind
on each cluster member to remove cluster state data. -
Install the Neo4j version that you want to upgrade to on each instance. For more information on how to install the distribution that you are using, see the Operations Manual → Installation section of the version that you want to install.
-
Replace the neo4j.conf file with the one that you have prepared for each instance in section Prepare a new neo4j.conf file to be used by the new installation.
-
Copy all the files used for encryption, such as private key, public certificate, and the contents of the trusted and revoked directories (located in <neo4j-home>/certificates/).
-
Restore each of your backed-up databases and transactions on each cluster member, including the
system
database, by either usingneo4j-admin restore
(online) orneo4j-admin load
(offline), depending on your backup approach. If you are running a Debian/RPM distribution, you can skip this step.If your old installation has modified configurations starting with
dbms.directories.*
or the settingdbms.default_database
, verify that the newneo4j.conf
file is configured properly to find these directories.
Upgrade your cluster
-
Start Neo4j by running the following command from
<neo4j-home>
:bin/neo4j start
The upgrade takes place during startup.
-
Monitor the neo4j.log file for information on how many steps the upgrade will involve and how far it has progressed.
-
Verify that the cluster forms and the upgraded Neo4j DBMS deployment comes online.
-
Start each Read Replica and wait for it to catch up with the rest of the cluster members.
-
Verify that the Read Replicas join the cluster.
Rolling upgrade
Rolling upgrade is a zero-downtime method for upgrading a Causal Cluster. You upgrade one member at a time, while the rest of the members are running. However, if during a rolling upgrade the cluster loses quorum and cannot be recovered, then downtime may be required to do a disaster recovery.
- Recommendations
-
-
The critical point during the upgrade is knowing when it is safe to switch off the original member.
It is highly recommended to monitor the status endpoint before each removal, in order to decide which member to switch off and when it is safe to do so. -
To reduce the risk of failure during a rolling upgrade, make sure the cluster is not under any heavy load during the upgrade. If possible, the safest would be to disable writes entirely.
-
There should be no changes to database administration during a rolling upgrade. For more information, see Operations Manual → Manage databases.
-
Rolling upgrade for a fixed number of servers
This variant is suitable for deployments where there is a fixed number of servers and they have to be updated in-place.
When performing a rolling upgrade for a fixed number of servers, it is not possible to increase the cluster size. Therefore, the cluster fault tolerance level will be reduced while replacing the members. |
Prerequisites
-
Ensure that you have completed all the tasks on the Upgrade checklist for each cluster member.
-
Verify that all databases are online by running
SHOW DATABASES
in Cypher® Shell or Neo4j Browser. Offline databases can be started usingSTART DATABASE [database-name]
.All databases must be started before you start a rolling upgrade. If you have to keep а database inaccessible during the rolling upgrade, you can disable access to it by using one of following ways:
You must never run
DENY ACCESS ON DATABASE system TO PUBLIC
orDENY ACCESS ON DATABASE * TO PUBLIC
because you will lock yourself out of thesystem
database. If you do lock yourself out, follow the disable authentication steps in the Operations Manual to recover and prevent outside access to the instance or cluster.ForPATCH
upgrades within 4.0 version-
Deny all roles access to each database except the
system
database. You can query all available roles withSHOW ROLES
.DENY ACCESS ON DATABASE [database-name] TO [role1],[role2]
-
Ensure that the databases cannot be stopped during the rolling upgrade by using the following command:
DENY STOP ON DATABASE * TO admin
This must be done for the
admin
role and all other roles that have the privilege to stop databases. For more information about listing privileges, see Cypher Manual → Managing privileges.
ForPATCH
upgrades within a 4.x version::-
Deny the
PUBLIC
role access to each database except thesystem
database.DENY ACCESS ON DATABASE [database-name] TO PUBLIC
-
Ensure that the databases cannot be stopped, created, or dropped during the rolling upgrade by using the following command:
DENY STOP ON DATABASE * TO PUBLIC DENY DATABASE MANAGEMENT ON DBMS TO PUBLIC
-
Upgrade the cluster
You upgrade one cluster member at a time, while the rest of the members are running.
If during a rolling upgrade the cluster loses quorum and cannot be recovered, then downtime may be required to do disaster recovery. |
- For each cluster member
-
-
(Recommended) Use the process described in the status endpoint to evaluate whether it is safe to remove the old instance.
-
Shut down the instance.
-
Install the Neo4j version that you want to upgrade to. For more information on how to install the distribution that you are using, see the Operations Manual → Installation section of the version that you want to install.
-
Replace the neo4j.conf file with the one that you have prepared for this instance in section Prepare a new neo4j.conf file to be used by the new installation.
-
Start the new instance and wait for it to catch up with the rest of the cluster members.
-
Verify that the new instance has successfully joined the cluster and caught up with the rest of the members, by using the status endpoint.
-
Because Read Replicas are not part of the cluster consensus group, their replacement during an upgrade does not affect the cluster availability and fault tolerance level. However, it is still recommended to incrementally add Read Replicas for a structured and maintainable upgrade process. |
Post-upgrade steps
The following steps must be performed after a rolling upgrade.
- For
PATCH
upgrades within 4.0 version -
-
Restore the privilege of the
admin
role to stop databases.REVOKE DENY STOP ON DATABASE * FROM admin
This must be done for all roles for which the privilege to stop databases has been denied (see step 6 of Rolling upgrade for a fixed number of servers). For more information about listing privileges, see Cypher Manual 4.0 → Graph and sub-graph access control.
-
(Optional) If you have started offline databases and denied some access rights during the preparation phase for a rolling upgrade, you should also restore them to the original state:
-
Stop each of the databases by running the following command:
STOP DATABASE [database-name]
-
Re-enable access to the databases by running the following command:
REVOKE DENY ACCESS ON DATABASE [database-name] FROM [role1],[role2]
-
-
- For
PATCH
upgrades within a 4.x version -
-
Restore the privilege of the
PUBLIC
role to stop databases:REVOKE DENY STOP ON DATABASE * FROM PUBLIC
-
Restore the privilege of the
PUBLIC
role to create and drop databases:REVOKE DENY DATABASE MANAGEMENT ON DBMS FROM PUBLIC
-
(Optional) If you have started offline databases during the preparation phase for a rolling upgrade, you stop each of them to restore them to the original state:
STOP DATABASE [database-name]
-
Rolling upgrade for cloud infrastructure
This variant is suitable for deployments that use replaceable cloud or container resources. It follows the same steps as for the fixed number of servers, but you can add the new members before you shut down the old ones, thus preserving the cluster fault tolerance level. Because Read Replicas are not part of the cluster consensus group, their replacement during the upgrade will not affect the cluster availability and fault tolerance level. However, it is still recommended to incrementally add Read Replicas for a structured and maintainable upgrade process.