Search code examples
neo4jcypherkubernetes-helmneo4j-apoc

Cypher queries fails with Neo4jError: Unknown function 'apoc.convert.fromJsonMap' but apoc should be installed

I deployed Neo4j in my AKS cluster using the standalone Helm chart. It all gets deployed and my Node.js server connects to Neo4j correctly.

However queries throw the Neo4jError: Unknown function 'apoc.convert.fromJsonMap' error, so apoc is clearly missing.

I followed the procedure described here https://neo4j.com/docs/operations-manual/current/kubernetes/configuration/#operations-installing-plugins and my Values are here below.

The only difference I find is that in the guide apoc core is actually enabled afterwards by upgrading the helm chart, while I'm installing it with the option enabled already.

Looking at https://neo4j.com/docs/apoc/current/config/ I saw

As of Neo4j v.5.0, APOC config settings are no longer supported in the neo4j.conf file. Please move all apoc.* settings to apoc.conf. It is also possible to set the config settings using environment variables.

so as neo4j-standalone is using version 4.4.16 I moved the apoc configurations from apoc.config to neo4.config but still apoc procedures are not found by the queries.

Is there something I'm missing out to configure in order to enable apoc? Thank you very much.

neo4j-db:
# neo4j-standalone:
  nameOverride: "neo4j"
  fullnameOverride: 'neo4j'
  neo4j:
   # Name of your cluster
    name: "fixit-neo4j" # this will be the label: app: value for the service selector
    password: "password"
    ##
    passwordFromSecret: ""
    passwordFromSecretLookup: false
    edition: "community"
    acceptLicenseAgreement: "yes"
    offlineMaintenanceModeEnabled: false 
    resources:
      cpu: "1000m"
      memory: "2Gi"

  volumes:
    data:

      mode: 'volumeClaimTemplate'
      volumeClaimTemplate:
        accessModes:
          - ReadWriteOnce
        storageClassName: neo4j-sc-data
        resources:
          requests:
            storage: 4Gi


    backups:
      mode: 'share' # share an existing volume (e.g. the data volume)
      share:
        name: 'logs'

    logs:

      mode: 'volumeClaimTemplate'
      volumeClaimTemplate:
        accessModes:
          - ReadWriteOnce
        storageClassName: neo4j-sc-logs
        resources:
          requests:
            storage: 4Gi


  services:
    # A ClusterIP service with the same name as the Helm Release name should be used for Neo4j Driver connections originating inside the
    # Kubernetes cluster.
    default:
      # Annotations for the K8s Service object
      annotations: { }

  # A LoadBalancer Service for external Neo4j driver applications and Neo4j Browser
    neo4j:
    ### this would create cluster-neo4j svc
      enabled: false
 # env:
 #   NEO4J_PLUGINS: '["graph-data-science"]'
  config:
     
    server.bolt.enabled : "true"
    server.bolt.tls_level: "REQUIRED"
    server.bolt.listen_address: "0.0.0.0:7687"
    dbms.ssl.policy.bolt.client_auth: "NONE"
    dbms.ssl.policy.bolt.enabled: "true"
    
    server.directories.plugins: "/var/lib/neo4j/labs" 
    dbms.security.procedures.unrestricted: "apoc.*"
    server.config.strict_validation.enabled: "false"
    dbms.security.procedures.allowlist: "gds.*,apoc.*"
  apoc_config:
    apoc.trigger.enabled: "true"
    apoc.jdbc.neo4j.url: "jdbc:foo:bar"
    apoc.import.file.enabled: "true"


  
  startupProbe:
    failureThreshold: 1000
    periodSeconds: 50

  ssl:
  # setting per "connector" matching neo4j config
    bolt:
      privateKey:
        secretName: tls-secret 
        subPath:  tls.key 
      publicCertificate:
        secretName: tls-secret 
        subPath:  tls.crt 
      trustedCerts:
        sources: [ ] 
      revokedCerts:
        sources: [ ]
Solution

  • OK after a bit of looking at quite a few issues on the same subject, I found that some solutions for this problem was to add dbms.directories.plugins: "/var/lib/neo4j/labs" and dbms.config.strict_validation: "false" in the config section which, as I understand it, mirrors these settings both for server and dbms. It indeed worked, but it's weird that in the official guide it's not mentioned. I mean, these mirrored settings make sense, tell both the server and the dbms where to look for plugins, but still it should be mentioned. I see so many post about this, which means the documentation is not clear enough. It's easy to take things for granted and in fact because this mirrored plugin location both for the server AND dbms need is just not stated anywhere in the docs, I as many others thought that dbms was already configured with the same location as server.directories.plugins: "/var/lib/neo4j/labs" ( which the docs say to configure ) and haven't added it, but hey.. ain't nobody's perfect I guess. Hope they change the docs then for future devs' sake, but meanwhile this answer could be helpful.

    So the correct configuration is

      env:
    NEO4J_PLUGINS: '["graph-data-science"]'
  config:
    server.bolt.enabled: 'true'
    server.bolt.tls_level: 'REQUIRED'
    server.bolt.listen_address: '0.0.0.0:7687'
    dbms.ssl.policy.bolt.client_auth: 'NONE'
    dbms.ssl.policy.bolt.enabled: 'true'

    ## apoc
    server.directories.plugins: '/var/lib/neo4j/labs'
    server.config.strict_validation.enabled: 'false'
    dbms.security.procedures.unrestricted: 'apoc.*'
    dbms.security.procedures.allowlist: 'gds.*,apoc.*'

    ### additional needed dbms config mirroring server config
    dbms.directories.plugins: "/var/lib/neo4j/labs"
    dbms.config.strict_validation: "false"

  apoc_config:
    apoc.trigger.enabled: "true"
    apoc.jdbc.neo4j.url: "jdbc:foo:bar"
    apoc.import.file.enabled: "true"