From 5de5822faad62b55121c99ebc836a9e6dbf2b6ce Mon Sep 17 00:00:00 2001 From: Jenny Owen Date: Tue, 11 Jun 2019 15:47:45 +0200 Subject: [PATCH 1/7] Added info about legacy releases --- neo4j/content.md | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/neo4j/content.md b/neo4j/content.md index babf99685..ad19b7bfc 100644 --- a/neo4j/content.md +++ b/neo4j/content.md @@ -1,12 +1,28 @@ # What is Neo4j? -Neo4j is a highly scalable, robust, native graph database. It is used in mission-critical apps by thousands of leading startups, enterprises, and governments around the world. You can learn more [here](http://neo4j.com/developer). +Neo4j is the world's leading graph database, with native graph storage and processing. You can learn more [here](http://neo4j.com/developer). %%LOGO%% +# Available legacy images + +As of 11th June 2019 all new Neo4j Docker images will be released with a base image of debian-slim instead of alpine linux. + +Older Neo4j images have already been released with `openjdk:8-jre-alpine` as the base image, which is no longer officially supported by `openjdk`. This means our old images can no longer be listed as "supported" on docker hub, although **they are still available for download**. + +In addition to the supported tags, we also have these legacy images of Neo4j available through docker hub: + +* `3.5.5`, `3.5.5-enterprise` and earlier patches +* `3.4.13`, `3.4.13-enterprise` and earlier patches +* `3.3`, `3.3-enterprise`, `3.3.9`, `3.3.9-enterprise` and earlier patches +* `3.2`, `3.2-enterprise`, `3.2.14`, `3.2.14-enterprise` and earlier patches + +A complete list of all available Neo4j images can be found here: +https://github.com/neo4j/docker-neo4j-publish/tree/master + # How to use this image -## Start an instance of neo4j +## Start an instance of Neo4j You can start a Neo4j container like this: From 771f8596cd58ad169cc0fbbb8e4bbc9afacca989 Mon Sep 17 00:00:00 2001 From: Jenny Owen Date: Tue, 11 Jun 2019 17:06:15 +0200 Subject: [PATCH 2/7] added help for base image changes --- neo4j/content.md | 74 +++++++++++++++++++++++++++--------------------- 1 file changed, 42 insertions(+), 32 deletions(-) diff --git a/neo4j/content.md b/neo4j/content.md index ad19b7bfc..ecc839fad 100644 --- a/neo4j/content.md +++ b/neo4j/content.md @@ -4,25 +4,7 @@ Neo4j is the world's leading graph database, with native graph storage and proce %%LOGO%% -# Available legacy images - -As of 11th June 2019 all new Neo4j Docker images will be released with a base image of debian-slim instead of alpine linux. - -Older Neo4j images have already been released with `openjdk:8-jre-alpine` as the base image, which is no longer officially supported by `openjdk`. This means our old images can no longer be listed as "supported" on docker hub, although **they are still available for download**. - -In addition to the supported tags, we also have these legacy images of Neo4j available through docker hub: - -* `3.5.5`, `3.5.5-enterprise` and earlier patches -* `3.4.13`, `3.4.13-enterprise` and earlier patches -* `3.3`, `3.3-enterprise`, `3.3.9`, `3.3.9-enterprise` and earlier patches -* `3.2`, `3.2-enterprise`, `3.2.14`, `3.2.14-enterprise` and earlier patches - -A complete list of all available Neo4j images can be found here: -https://github.com/neo4j/docker-neo4j-publish/tree/master - -# How to use this image - -## Start an instance of Neo4j +# Getting Started You can start a Neo4j container like this: @@ -39,19 +21,47 @@ This binds two ports (`7474` and `7687`) for HTTP and Bolt access to the Neo4j A By default, this requires you to login with `neo4j/neo4j` and change the password. You can, for development purposes, disable authentication by passing `--env=NEO4J_AUTH=none` to docker run. -## Note on version 2.3 - -Neo4j 3.0 introduced several major user-facing changes, primarily the new binary Bolt protocol. This is not available in 2.3 and as such, there is no need to expose the `7687` port. Due to changes made to the structure of configuration files, several environment variables used to configure the image has changed as well. Please see the [2.x specific section in the manual](http://neo4j.com/developer/docker-23/) for further details. - -You can start an instance of Neo4j 2.3 like this: - -```console -docker run \ - --publish=7474:7474 \ - --volume=$HOME/neo4j/data:/data \ - %%IMAGE%%:2.3 -``` # Documentation -For more examples and complete documentation please go [here for 2.x](http://neo4j.com/developer/docker-23/) and [here for 3.x](http://neo4j.com/docs/operations-manual/current/deployment/single-instance/docker/). +For more examples and complete documentation please go to our manual [here](https://neo4j.com/docs/operations-manual/current/docker/introduction/). + + +# Releases after 3.4.14 and 3.5.6 + +As of 11th June 2019 all new Neo4j Docker images will be released with a base image of debian-slim instead of alpine linux. This was prompted by [security concerns](https://github.com/docker-library/openjdk/issues/320), which caused the docker maintainers to pull the alpine images from the official `openjdk` images. + +Older Neo4j images have already been released with `openjdk:8-jre-alpine` as the base image. This means our old images can no longer be listed as "supported" on docker hub, although **they are still available for download**. + +In addition to the supported tags, we also have these legacy images of Neo4j available through docker hub: + +* `3.5.5`, `3.5.5-enterprise` and earlier patches +* `3.4.13`, `3.4.13-enterprise` and earlier patches +* `3.3`, `3.3-enterprise`, `3.3.9`, `3.3.9-enterprise` and earlier patches +* `3.2`, `3.2-enterprise`, `3.2.14`, `3.2.14-enterprise` and earlier patches + +A complete list of all available Neo4j images can be found here: +https://github.com/neo4j/docker-neo4j-publish/tree/master + + +## Migrating from Alpine Linux to Debian Slim + +If you have created a custom Dockerfile based off a `neo4j` image, the main change to be aware of is that debian uses the `aptitude` package manager instead of `apk`. +In most cases you can just replace uses of `apk` with `apt`, but be aware that not all packages in `apk` may be available or have the same name. + +Alpine Linux provide a more complete comparison on their documentation page: + +https://wiki.alpinelinux.org/wiki/Comparison_with_other_distros + + +## Changes to file permission requirements + +Several [security concerns](https://github.com/neo4j/docker-neo4j/issues/130) have been raised about the Neo4j image changing file access and ownership. + +By default, Neo4j runs as the user `neo4j` who only exists in the container, not on the host. That means that it's hard to set up mount folders on the host which this new user has write permissions for. +We have updated the error messaging with advice about how to fix file permission errors. We also introduced writability checks and reduced the amount of file permission changes the image will perform. This has been found to interfere with some Kubernetes setups, so is currently an opt-in feature. + +To enforce stricter file permissions checking you can pass this environment variable to the container: + `--env SECURE_FILE_PERMISSIONS=yes` + + From 427a09d5e3fccb4830835735f60c53aea928159c Mon Sep 17 00:00:00 2001 From: Jenny Owen Date: Tue, 11 Jun 2019 17:14:30 +0200 Subject: [PATCH 3/7] edited after feedback from Kurt --- neo4j/content.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/neo4j/content.md b/neo4j/content.md index ecc839fad..89fb4ca6d 100644 --- a/neo4j/content.md +++ b/neo4j/content.md @@ -56,7 +56,7 @@ https://wiki.alpinelinux.org/wiki/Comparison_with_other_distros ## Changes to file permission requirements -Several [security concerns](https://github.com/neo4j/docker-neo4j/issues/130) have been raised about the Neo4j image changing file access and ownership. +Some users have [raised concerns](https://github.com/neo4j/docker-neo4j/issues/130) that the Neo4j image changes file permissions on the host machine. By default, Neo4j runs as the user `neo4j` who only exists in the container, not on the host. That means that it's hard to set up mount folders on the host which this new user has write permissions for. We have updated the error messaging with advice about how to fix file permission errors. We also introduced writability checks and reduced the amount of file permission changes the image will perform. This has been found to interfere with some Kubernetes setups, so is currently an opt-in feature. From 46275dafbe20577880a3ef112da789372bd499cf Mon Sep 17 00:00:00 2001 From: Jenny Owen Date: Tue, 11 Jun 2019 17:15:00 +0200 Subject: [PATCH 4/7] minor typo fix --- neo4j/content.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/neo4j/content.md b/neo4j/content.md index 89fb4ca6d..ab9de7dcf 100644 --- a/neo4j/content.md +++ b/neo4j/content.md @@ -62,6 +62,7 @@ By default, Neo4j runs as the user `neo4j` who only exists in the container, not We have updated the error messaging with advice about how to fix file permission errors. We also introduced writability checks and reduced the amount of file permission changes the image will perform. This has been found to interfere with some Kubernetes setups, so is currently an opt-in feature. To enforce stricter file permissions checking you can pass this environment variable to the container: - `--env SECURE_FILE_PERMISSIONS=yes` + +`--env SECURE_FILE_PERMISSIONS=yes` From ce10f33e4a8f1980c795a8f7c4d23067bf0569d5 Mon Sep 17 00:00:00 2001 From: Jenny Owen Date: Tue, 11 Jun 2019 17:25:55 +0200 Subject: [PATCH 5/7] change a heading so the markdown test passes --- neo4j/content.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/neo4j/content.md b/neo4j/content.md index ab9de7dcf..53afde874 100644 --- a/neo4j/content.md +++ b/neo4j/content.md @@ -4,7 +4,7 @@ Neo4j is the world's leading graph database, with native graph storage and proce %%LOGO%% -# Getting Started +# How to use this image You can start a Neo4j container like this: From bb6474163f34a901bb78f68e97c327f039ee23a1 Mon Sep 17 00:00:00 2001 From: Jenny Owen Date: Tue, 11 Jun 2019 17:30:43 +0200 Subject: [PATCH 6/7] more typo fixes to pass the markdown test --- neo4j/content.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/neo4j/content.md b/neo4j/content.md index 53afde874..0f3e780bb 100644 --- a/neo4j/content.md +++ b/neo4j/content.md @@ -1,4 +1,4 @@ -# What is Neo4j? +# What is neo4j? Neo4j is the world's leading graph database, with native graph storage and processing. You can learn more [here](http://neo4j.com/developer). From e12eed4aac4196d5d300d166c92ffa565fcbae3a Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Tue, 11 Jun 2019 12:48:32 -0700 Subject: [PATCH 7/7] Fix markdown formatting to satisfy Travis --- neo4j/content.md | 23 +++++++---------------- 1 file changed, 7 insertions(+), 16 deletions(-) diff --git a/neo4j/content.md b/neo4j/content.md index 0f3e780bb..c3be4b969 100644 --- a/neo4j/content.md +++ b/neo4j/content.md @@ -21,12 +21,10 @@ This binds two ports (`7474` and `7687`) for HTTP and Bolt access to the Neo4j A By default, this requires you to login with `neo4j/neo4j` and change the password. You can, for development purposes, disable authentication by passing `--env=NEO4J_AUTH=none` to docker run. - # Documentation For more examples and complete documentation please go to our manual [here](https://neo4j.com/docs/operations-manual/current/docker/introduction/). - # Releases after 3.4.14 and 3.5.6 As of 11th June 2019 all new Neo4j Docker images will be released with a base image of debian-slim instead of alpine linux. This was prompted by [security concerns](https://github.com/docker-library/openjdk/issues/320), which caused the docker maintainers to pull the alpine images from the official `openjdk` images. @@ -35,34 +33,27 @@ Older Neo4j images have already been released with `openjdk:8-jre-alpine` as the In addition to the supported tags, we also have these legacy images of Neo4j available through docker hub: -* `3.5.5`, `3.5.5-enterprise` and earlier patches -* `3.4.13`, `3.4.13-enterprise` and earlier patches -* `3.3`, `3.3-enterprise`, `3.3.9`, `3.3.9-enterprise` and earlier patches -* `3.2`, `3.2-enterprise`, `3.2.14`, `3.2.14-enterprise` and earlier patches - -A complete list of all available Neo4j images can be found here: -https://github.com/neo4j/docker-neo4j-publish/tree/master +- `3.5.5`, `3.5.5-enterprise` and earlier patches +- `3.4.13`, `3.4.13-enterprise` and earlier patches +- `3.3`, `3.3-enterprise`, `3.3.9`, `3.3.9-enterprise` and earlier patches +- `3.2`, `3.2-enterprise`, `3.2.14`, `3.2.14-enterprise` and earlier patches +A complete list of all available Neo4j images can be found here: https://github.com/neo4j/docker-neo4j-publish/tree/master ## Migrating from Alpine Linux to Debian Slim -If you have created a custom Dockerfile based off a `neo4j` image, the main change to be aware of is that debian uses the `aptitude` package manager instead of `apk`. -In most cases you can just replace uses of `apk` with `apt`, but be aware that not all packages in `apk` may be available or have the same name. +If you have created a custom Dockerfile based off a `neo4j` image, the main change to be aware of is that debian uses the `aptitude` package manager instead of `apk`. In most cases you can just replace uses of `apk` with `apt`, but be aware that not all packages in `apk` may be available or have the same name. Alpine Linux provide a more complete comparison on their documentation page: https://wiki.alpinelinux.org/wiki/Comparison_with_other_distros - ## Changes to file permission requirements Some users have [raised concerns](https://github.com/neo4j/docker-neo4j/issues/130) that the Neo4j image changes file permissions on the host machine. -By default, Neo4j runs as the user `neo4j` who only exists in the container, not on the host. That means that it's hard to set up mount folders on the host which this new user has write permissions for. -We have updated the error messaging with advice about how to fix file permission errors. We also introduced writability checks and reduced the amount of file permission changes the image will perform. This has been found to interfere with some Kubernetes setups, so is currently an opt-in feature. +By default, Neo4j runs as the user `neo4j` who only exists in the container, not on the host. That means that it's hard to set up mount folders on the host which this new user has write permissions for. We have updated the error messaging with advice about how to fix file permission errors. We also introduced writability checks and reduced the amount of file permission changes the image will perform. This has been found to interfere with some Kubernetes setups, so is currently an opt-in feature. To enforce stricter file permissions checking you can pass this environment variable to the container: `--env SECURE_FILE_PERMISSIONS=yes` - -