Head's Up! These forums are read-only. All users and content have migrated. Please join us at community.neo4j.com.
08-29-2018 12:22 PM
@david.allen, I would like to know, if I want the remote backup to be enabled on my google cloud launcher VM, I should be only editing neo4j.templete file with following
dbms.backup.address=$dbms_backup_address --> instead replace with 0.0.0.0:6362
thank you
Solved! Go to Solution.
08-29-2018 02:03 PM
Yes, you've got it right, you can just use:
dbms.backup.address=0.0.0.0:6362
However! There are several other important things to keep in mind. What that setting actually does is just open a port on localhost. By default in GCP, the backup address is not exposed to the internet. This would be a very bad idea for security, as you don't want anyone on the internet being able to take a backup of your database. As a result, that port is only available on localhost. If you try from your work laptop to do a backup, it will fail with connection timeout errors, as GCP's firewall blocks inbound traffic on this port.
The 0.0.0.0 part means the machine will listen on all interfaces, but practically speaking since yours will only have one, this means it will listen on the internet interface, probably a 10.*.*.*
address inside of google.
To take a backup, you must SSH into the machine and run the backup locally, then copy the backup off machine somewhere else, like google storage.
08-29-2018 02:03 PM
Yes, you've got it right, you can just use:
dbms.backup.address=0.0.0.0:6362
However! There are several other important things to keep in mind. What that setting actually does is just open a port on localhost. By default in GCP, the backup address is not exposed to the internet. This would be a very bad idea for security, as you don't want anyone on the internet being able to take a backup of your database. As a result, that port is only available on localhost. If you try from your work laptop to do a backup, it will fail with connection timeout errors, as GCP's firewall blocks inbound traffic on this port.
The 0.0.0.0 part means the machine will listen on all interfaces, but practically speaking since yours will only have one, this means it will listen on the internet interface, probably a 10.*.*.*
address inside of google.
To take a backup, you must SSH into the machine and run the backup locally, then copy the backup off machine somewhere else, like google storage.
08-29-2018 02:22 PM
yes, I think your last idea make sense , run the backup locally and transfer outside storage using scp.. however , in this case I may have to do it manually I guess, as my automation scripts are running on another vm.
08-29-2018 02:37 PM
If your automation scripts are running on another VM, they need to be in the same virtual network -- then you can use the 10..... address and it should work. If this does not work, you can always adjust your firewall rules to permit access to that port from the specific other machine that will take the backup.
Do not expose your backup port to the entire internet.
08-29-2018 02:42 PM
thank you and this makes sense.
08-29-2018 02:18 PM
thank you for the info, however If I have a script running on another server inside the google to automatic backup on my db, then I may need to consider enabling remote backup or should I give the internal ip ie: 10.0.0.1:6362?
03-23-2020 02:59 PM
@david.allen
I've referred to your blog on creating backups and storing them to Google Cloud Storage.
I've customized the container to use S3 and IBM COS. And, this container is running on the same kube cluster as of neo4j.
We've used neo4j helm chart to deploy the cluster and the conf settings are commented by default.
#dbms.backup.address=0.0.0.0:6362
#dbms.backup.enabled=true
I'm guessing these should uncommented to enable backups ?
And when we use the cluster internal DNS to take the backup, should the back up port (6362) be exposed inside the cluster using the service ?
If yes, is there an easy way to do this. I currently do not see any settings in the values.yaml
file of helm chart through which the above can be done.
Let me know if a new post is better for this
Thank you.
03-23-2020 04:05 PM
The blog that covers backup/restore on kubernetes is intended to work with this helm chart: https://github.com/neo-technology/neo4j-google-k8s-marketplace and not the public helm repo chart, which can get a bit out of date as of when this comment was written.
Indeed, backup must be enabled in the config file. Refer to the Neo4j Operations Manual for instructions on how to configure this.
Backup should not be enabled on any port external to the cluster, for security reasons.
05-17-2021 04:44 PM
@david.allen or anyone else, sorry to necro this thread but I have a small follow-up question: what protocol does the online backup port expect, UDP or TCP? I couldn't find this in the docs.
I have it set to TCP but I suspect my firewall is blocking the port. I'll start another thread to drill down more deeply once I know for sure one way or the other. Thanks!
05-17-2021 11:00 PM
Follow-up: I feel silly. It's TCP.
This bit of advice was helpful:
By default in GCP, the backup address is not exposed to the internet. This would be a very bad idea for security, as you don't want anyone on the internet being able to take a backup of your database. As a result, that port is only available on localhost . If you try from your work laptop to do a backup, it will fail with connection timeout errors, as GCP's firewall blocks inbound traffic on this port.
The 0.0.0.0 part means the machine will listen on all interfaces, but practically speaking since yours will only have one, this means it will listen on the internet interface, probably a
10.*.*.*
address inside of google.
I set my listen address explicitly to 10.x.y.z:6362 instead of 0.0.0.0:6362 and I was able to run backups from a remote machine. I'm running in AWS and not GCE, but maybe there's some other default security group rule going on that forces me to use an explicit listen address?
Edit: This is so weird. I set my backup address back to 0.0.0.0:6362 and everything works. Oh well. Hopefully this helps someone coming from a Google search in future.
All the sessions of the conference are now available online