Single instances (VM-based)

This chapter describes how to launch a single instance from an image on GCP.

1. Prerequisites

2. Create a firewall rule to access your instance

Create a firewall rule to be able to access your instance when it is launched:

gcloud compute firewall-rules create allow-neo4j-bolt-https \
   --allow tcp:7473,tcp:7687 \
   --source-ranges 0.0.0.0/0 \
   --target-tags neo4j

It allows traffic on port 7473 (HTTPS for Neo4j Browser) and 7687 (Bolt protocol for clients to work with the database). The --source-ranges provided allows the entire Internet to contact your new instance. The --target-tags specifies that this rule applies only to VMs tagged neo4j. When you launch your instance, you will have to apply that tag to it.

3. Create a Google compute instance from the Neo4j public image

You launch the instance by using the following command:

gcloud config set project my-project-id
gcloud compute instances create my-neo4j-instance \
    --image neo4j-enterprise-1-3-4-9-apoc \
    --tags neo4j \
    --image-project launcher-public

The first line sets your project configuration to ensure you know where you are launching your instance. The second line launches an image found in the provided public project. The image name neo4j-enterprise-1-3-4-9-apoc corresponds to an Ubuntu-based image that contains Neo4j 1:3.3.9, with the APOC plugin.

The gcloud tool comes with many command-line options. For more details on how to deal with machine type, memory, available storage, etc., consult the Google Cloud documentation.

The --tags argument allows you to configure the correct network permissions. By default, Google blocks all external access to the network services unless you open them.

When the launch is successful, you get the following result:

Created [https://www.googleapis.com/compute/v1/projects/testbed-187316/zones/us-east1-b/instances/my-neo4j-instance].
NAME               ZONE        MACHINE_TYPE   PREEMPTIBLE  INTERNAL_IP  EXTERNAL_IP     STATUS
my-neo4j-instance  us-east1-b  n1-standard-1               10.142.0.3   35.231.125.253  RUNNING

4. Access your new instance

Navigate to https://[External_IP]:7473 and log in with the username neo4j and password neo4j. You will be prompted to change the password immediately.

Because you do not have a hostname or a valid SSL certificate configured by default, your browser will warn you that the certificate is not trusted. You can configure the certificate later.

5. Access your instance via SSH

You can run the following command to SSH into the instance:

gcloud compute ssh my-neo4j-instance

Inside the VM, you can check the status of the neo4j service:

$ sudo systemctl status neo4j
● neo4j.service - Neo4j Graph Database
   Loaded: loaded (/etc/systemd/system/neo4j.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2018-03-14 11:19:56 UTC; 15min ago
 Main PID: 1290 (pre-neo4j.sh)
    Tasks: 46
   Memory: 325.7M
      CPU: 20.690s
   CGroup: /system.slice/neo4j.service
           ├─1290 /bin/bash /etc/neo4j/pre-neo4j.sh
           └─1430 /usr/bin/java -cp /var/lib/neo4j/plugins:/etc/neo4j:/usr/share/neo4j/lib/*:/var/lib/neo4j/plugins/* -server -XX:+UseG1GC

For details on internals of Google VMs, including how to stop and start system services, configure Neo4j from the VM, etc., consult Neo4j cloud VMs.

6. Deleting the instance

You can run the following command to delete your instance:

gcloud compute instances delete my-neo4j-instance