You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: modules/ROOT/pages/configuration/neo4j-conf.adoc
+2-90Lines changed: 2 additions & 90 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -94,95 +94,7 @@ LIMIT 3;
94
94
----
95
95
====
96
96
97
-
See also xref:configuration/dynamic-settings.adoc[Dynamic settings] for information about dynamic settings.
98
-
99
-
100
-
[[neo4j-conf-expand-commands]]
101
-
== Command expansion
102
-
103
-
Command expansion provides an additional capability to configure Neo4j by allowing you to specify scripts that set values sourced from external files.
104
-
This is especially useful for:
105
-
106
-
* avoiding setting sensitive information, such as usernames, passwords, keys, etc., in the _neo4j.conf_ file in plain text.
107
-
* handling the configuration settings of instances running in environments where the file system is not accessible.
108
-
109
-
=== How it works
110
-
111
-
The scripts are specified in the _neo4j.conf_ file with a `$` prefix and the script to execute within brackets (), i.e., `dbms.setting=$(script_to_execute)`. +
112
-
The configuration accepts any command that can be executed within a child process by the user who owns and executes the Neo4j server.
113
-
This also means that, in the case of Neo4j set as a service, the commands are executed within the service.
By providing such a configuration in the _neo4j.conf_ file upon server start with command expansion enabled, Neo4j will evaluate the script and retrieve the value of the configuration settings prior to the instantiation of Neo4j.
123
-
The values are then passed to the starting Neo4j instance and kept in memory, in the running instance.
124
-
125
-
[NOTE]
126
-
====
127
-
You can also use the `curl` (https://curl.se/docs/manpage.html) command to fetch a token or value for a configuration setting.
128
-
For example, you can apply an extra level of security by replacing any sensitive information in your _neo4j.conf_ file with a secured reference to a provider of some sort.
129
-
====
130
-
131
-
Scripts are run by the Neo4j process and are expected to exit with code `0` within a reasonable time.
132
-
The script output should be of a valid type for the setting.
133
-
Failure to do so will prevent Neo4j from starting.
134
-
135
-
[NOTE]
136
-
====
137
-
Scripts and their syntax differ between operating systems.
138
-
====
139
-
140
-
=== Enabling
141
-
142
-
The Neo4j startup script and the `neo4j` service can expand and execute the external commands by using the argument `--expand-commands`.
143
-
144
-
[source, shell]
145
-
----
146
-
bin/neo4j start --expand-commands
147
-
----
148
-
149
-
If the startup script does not receive the `--expand-commands` argument, commands in the configuration file will be treated as invalid settings.
150
-
151
-
Neo4j performs the following basic security checks on the _neo4j.conf_ file.
152
-
If they fail, Neo4j will not evaluate the script commands in _neo4j.conf_, and the Neo4j process will not start.
153
-
154
-
On Unix (both Linux and Mac OS)::
155
-
156
-
* The _neo4j.conf_ file must, at least, be readable by its owner or by the user-group to which the owner belongs.
157
-
* The Neo4j process must run as a user who is either the owner of the _neo4j.conf_ file or in the user-group which owns the _neo4j.conf_ file.
158
-
159
-
[NOTE]
97
+
[TIP]
160
98
====
161
-
The Linux permissions bitmask for the least restrictive permissions is `640`.
162
-
More restrictive Linux permissions are also allowed.
163
-
For example, the _neo4j.conf_ file can have no group permissions and only be readable by its owner (`400` bitmask).
99
+
For information about dynamic settings, see xref:configuration/dynamic-settings.adoc[Update dynamic settings].
164
100
====
165
-
166
-
On Windows::
167
-
168
-
* The _neo4j.conf_ file must, at least, be readable by the user that the Neo4j process runs as.
169
-
170
-
=== Logging
171
-
172
-
The execution of scripts is logged in _neo4j.log_.
173
-
For each setting that requires the execution of an external command, Neo4j adds an entry into the log file that contains information, for example:
174
-
175
-
[source, role=noheader]
176
-
----
177
-
… Executing the external script to retrieve the value of <setting>...
178
-
----
179
-
180
-
=== Error Handling
181
-
182
-
The scripts' execution may generate two types of errors:
183
-
184
-
* Errors during the execution -- These errors are reported in the _debug.log_, with a code returned from the external execution.
185
-
In this case, the execution will stop and the server will not start.
186
-
187
-
* Errors for incorrect values -- The returned value is not the one expected for the setting.
0 commit comments