Hi Team,

As part neo4j version 5.x install. We are using CALL apoc.cypher.runFile
Which is executing. But cyper commands inside that file are not executed.

These are the setting I have in apoc file
apoc.import.file.use_neo4j_config=false
apoc.import.file.enabled=true
apoc.export.file.enabled=true

In neo4j conf file I have the setting
server.config.strict_validation.enabledc=false

Request you to guide me on the same.

Are you terminating you cypher block with a semicolon?

yes am terminating the cypher with semicolon.

do you mind posting the contents of the file?

Neo4j Conf

#*****************************************************************

Neo4j configuration

For more details and a complete list of settings, please see

Configuration settings - Operations Manual

#*****************************************************************

The name of the default database

#initial.dbms.default_database=neo4j

Paths of directories in the installation.

#server.directories.data=data
#server.directories.plugins=plugins
#server.directories.logs=logs
#server.directories.lib=lib
#server.directories.run=run
#server.directories.licenses=licenses
#server.directories.transaction.logs.root=data/transactions

This setting constrains all LOAD CSV import files to be under the import directory. Remove or comment it out to

allow files to be loaded from anywhere in the filesystem; this introduces possible security problems. See the

LOAD CSV section of the manual for details.

Whether requests to Neo4j are authenticated.

To disable authentication, uncomment this line

#dbms.security.auth_enabled=false

#********************************************************************

Memory Settings

#********************************************************************

Memory settings are specified kilobytes with the 'k' suffix, megabytes with

'm' and gigabytes with 'g'.

If Neo4j is running on a dedicated server, then it is generally recommended

to leave about 2-4 gigabytes for the operating system, give the JVM enough

heap to hold all your transaction state and query context, and then leave the

rest for the page cache.

Java Heap Size: by default the Java heap size is dynamically calculated based

on available system resources. Uncomment these lines to set specific initial

and maximum heap size.

#server.memory.heap.initial_size=512m
#server.memory.heap.max_size=512m

The amount of memory to use for mapping the store files.

The default page cache memory assumes the machine is dedicated to running

Neo4j, and is heuristically set to 50% of RAM minus the Java heap size.

#server.memory.pagecache.size=10g

Limit the amount of memory that all of the running transaction can consume.

The default value is 70% of the heap size limit.

#dbms.memory.transaction.total.max=256m

Limit the amount of memory that a single transaction can consume.

By default there is no limit.

#db.memory.transaction.max=16m

Transaction state location. It is recommended to use ON_HEAP.

db.tx_state.memory_allocation=ON_HEAP

#*****************************************************************

Network connector configuration

#*****************************************************************

With default configuration Neo4j only accepts local connections.

To accept non-local connections, uncomment this line:

#server.default_listen_address=0.0.0.0

You can also choose a specific network interface, and configure a non-default

port for each connector, by setting their individual listen_address.

The address at which this server can be reached by its clients. This may be the server's IP address or DNS name, or

it may be the address of a reverse proxy which sits in front of the server. This setting may be overridden for

individual connectors below.

#server.default_advertised_address=localhost

You can also choose a specific advertised hostname or IP address, and

configure an advertised port for each connector, by setting their

individual advertised_address.

By default, encryption is turned off.

To turn on encryption, an ssl policy for the connector needs to be configured

Read more in SSL policy section in this file for how to define a SSL policy.

Bolt connector

server.bolt.enabled=true
#server.bolt.tls_level=DISABLED
#server.bolt.listen_address=:7687
#server.bolt.advertised_address=:7687

HTTP Connector. There can be zero or one HTTP connectors.

server.http.enabled=true
#server.http.listen_address=:7474
#server.http.advertised_address=:7474

HTTPS Connector. There can be zero or one HTTPS connectors.

server.https.enabled=false
#server.https.listen_address=:7473
#server.https.advertised_address=:7473

Number of Neo4j worker threads.

#server.threads.worker_count=

#*****************************************************************

SSL policy configuration

#*****************************************************************

Each policy is configured under a separate namespace, e.g.

dbms.ssl.policy..*

can be any of 'bolt', 'https', 'cluster' or 'backup'

The scope is the name of the component where the policy will be used

Each component where the use of an ssl policy is desired needs to declare at least one setting of the policy.

Allowable values are 'bolt', 'https', 'cluster' or 'backup'.

E.g if bolt and https connectors should use the same policy, the following could be declared

dbms.ssl.policy.bolt.base_directory=certificates/default

dbms.ssl.policy.https.base_directory=certificates/default

However, it's strongly encouraged to not use the same key pair for multiple scopes.

N.B: Note that a connector must be configured to support/require

SSL/TLS for the policy to actually be utilized.

see: dbms.connector.*.tls_level

SSL settings (dbms.ssl.policy..*)

.base_directory Base directory for SSL policies paths. All relative paths within the

SSL configuration will be resolved from the base dir.

.private_key A path to the key file relative to the '.base_directory'.

.private_key_password The password for the private key.

.public_certificate A path to the public certificate file relative to the '.base_directory'.

.trusted_dir A path to a directory containing trusted certificates.

.revoked_dir Path to the directory with Certificate Revocation Lists (CRLs).

.verify_hostname If true, the server will verify the hostname that the client uses to connect with. In order

for this to work, the server public certificate must have a valid CN and/or matching

Subject Alternative Names.

.client_auth How the client should be authorized. Possible values are: 'none', 'optional', 'require'.

.tls_versions A comma-separated list of allowed TLS versions. By default only TLSv1.2 is allowed.

.trust_all Setting this to 'true' will ignore the trust truststore, trusting all clients and servers.

Use of this mode is discouraged. It would offer encryption but no security.

.ciphers A comma-separated list of allowed ciphers. The default ciphers are the defaults of

the JVM platform.

Bolt SSL configuration

#dbms.ssl.policy.bolt.enabled=true
#dbms.ssl.policy.bolt.base_directory=certificates/bolt
#dbms.ssl.policy.bolt.private_key=private.key
#dbms.ssl.policy.bolt.public_certificate=public.crt
#dbms.ssl.policy.bolt.client_auth=NONE

Https SSL configuration

#dbms.ssl.policy.https.enabled=true
#dbms.ssl.policy.https.base_directory=certificates/https
#dbms.ssl.policy.https.private_key=private.key
#dbms.ssl.policy.https.public_certificate=public.crt
#dbms.ssl.policy.https.client_auth=NONE

Cluster SSL configuration

#dbms.ssl.policy.cluster.enabled=true
#dbms.ssl.policy.cluster.base_directory=certificates/cluster
#dbms.ssl.policy.cluster.private_key=private.key
#dbms.ssl.policy.cluster.public_certificate=public.crt

Backup SSL configuration

#dbms.ssl.policy.backup.enabled=true
#dbms.ssl.policy.backup.base_directory=certificates/backup
#dbms.ssl.policy.backup.private_key=private.key
#dbms.ssl.policy.backup.public_certificate=public.crt

#*****************************************************************

Logging configuration

#*****************************************************************

To enable HTTP logging, uncomment this line

#dbms.logs.http.enabled=true

To enable GC Logging, uncomment this line

#server.logs.gc.enabled=true

GC Logging Options

see https://docs.oracle.com/en/java/javase/11/tools/java.html#GUID-BE93ABDC-999C-4CB5-A88B-1994AAAC74D5

#server.logs.gc.options=-Xlog:gc*,safepoint,age*=trace

Number of GC logs to keep.

#server.logs.gc.rotation.keep_number=5

Size of each GC log that is kept.

#server.logs.gc.rotation.size=20m

#*****************************************************************

Miscellaneous configuration

#*****************************************************************

Determines if Cypher will allow using file URLs when loading data using

LOAD CSV. Setting this value to false will cause Neo4j to fail LOAD CSV

clauses that load data from the file system.

#dbms.security.allow_csv_import_from_file_urls=true

Value of the Access-Control-Allow-Origin header sent over any HTTP or HTTPS

connector. This defaults to '*', which allows broadest compatibility. Note

that any URI provided here limits HTTP/HTTPS access to that URI only.

#dbms.security.http_access_control_allow_origin=*

Value of the HTTP Strict-Transport-Security (HSTS) response header. This header

tells browsers that a webpage should only be accessed using HTTPS instead of HTTP.

It is attached to every HTTPS response. Setting is not set by default so

'Strict-Transport-Security' header is not sent. Value is expected to contain

directives like 'max-age', 'includeSubDomains' and 'preload'.

#dbms.security.http_strict_transport_security=

Retention policy for transaction logs needed to perform recovery and backups.

#db.tx_log.rotation.retention_policy=2 days

Whether or not any database on this instance are read_only by default.

If false, individual databases may be marked as read_only using dbms.database.read_only.

If true, individual databases may be marked as writable using dbms.databases.writable.

#dbms.databases.default_to_read_only=false

Comma separated list of JAX-RS packages containing JAX-RS resources, one

package name for each mountpoint. The listed package names will be loaded

under the mountpoints specified. Uncomment this line to mount the

org.neo4j.examples.server.unmanaged.HelloWorldResource.java from

neo4j-server-examples under /examples/unmanaged, resulting in a final URL of

http://localhost:7474/examples/unmanaged/helloworld/{nodeId}

#server.unmanaged_extension_classes=org.neo4j.examples.server.unmanaged=/examples/unmanaged

A comma separated list of procedures and user defined functions that are allowed

full access to the database through unsupported/insecure internal APIs.

#dbms.security.procedures.unrestricted=my.extensions.example,my.procedures.*

A comma separated list of procedures to be loaded by default.

Leaving this unconfigured will load all procedures found.

#dbms.security.procedures.allowlist=apoc.coll.,apoc.load.,gds.*

#********************************************************************

JVM Parameters

#********************************************************************

G1GC generally strikes a good balance between throughput and tail

latency, without too much tuning.

server.jvm.additional=-XX:+UseG1GC

Have common exceptions keep producing stack traces, so they can be

debugged regardless of how often logs are rotated.

server.jvm.additional=-XX:-OmitStackTraceInFastThrow

Make sure that initmemory is not only allocated, but committed to

the process, before starting the database. This reduces memory

fragmentation, increasing the effectiveness of transparent huge

pages. It also reduces the possibility of seeing performance drop

due to heap-growing GC events, where a decrease in available page

cache leads to an increase in mean IO response time.

Try reducing the heap memory, if this flag degrades performance.

server.jvm.additional=-XX:+AlwaysPreTouch

Trust that non-static final fields are really final.

This allows more optimizations and improves overall performance.

NOTE: Disable this if you use embedded mode, or have extensions or dependencies that may use reflection or

serialization to change the value of final fields!

server.jvm.additional=-XX:+UnlockExperimentalVMOptions
server.jvm.additional=-XX:+TrustFinalNonStaticFields

Disable explicit garbage collection, which is occasionally invoked by the JDK itself.

server.jvm.additional=-XX:+DisableExplicitGC

Restrict size of cached JDK buffers to 1 KB

server.jvm.additional=-Djdk.nio.maxCachedBufferSize=1024

More efficient buffer allocation in Netty by allowing direct no cleaner buffers.

server.jvm.additional=-Dio.netty.tryReflectionSetAccessible=true

Exits JVM on the first occurrence of an out-of-memory error. Its preferable to restart VM in case of out of memory errors.

server.jvm.additional=-XX:+ExitOnOutOfMemoryError

Expand Diffie Hellman (DH) key size from default 1024 to 2048 for DH-RSA cipher suites used in server TLS handshakes.

This is to protect the server from any potential passive eavesdropping.

server.jvm.additional=-Djdk.tls.ephemeralDHKeySize=2048

This mitigates a DDoS vector.

server.jvm.additional=-Djdk.tls.rejectClientInitiatedRenegotiation=true

Enable remote debugging

#server.jvm.additional=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005

This filter prevents deserialization of arbitrary objects via java object serialization, addressing potential vulnerabilities.

By default this filter whitelists all neo4j classes, as well as classes from the hazelcast library and the java standard library.

These defaults should only be modified by expert users!

For more details (including filter syntax) see: JEP 290: Filter Incoming Serialization Data

#server.jvm.additional=-Djdk.serialFilter=java.;org.neo4j.;com.neo4j.;com.hazelcast.;net.sf.ehcache.Element;com.sun.proxy.;org.openjdk.jmh.**;!

Increase the default flight recorder stack sampling depth from 64 to 256, to avoid truncating frames when profiling.

server.jvm.additional=-XX:FlightRecorderOptions=stackdepth=256

Allow profilers to sample between safepoints. Without this, sampling profilers may produce less accurate results.

server.jvm.additional=-XX:+UnlockDiagnosticVMOptions
server.jvm.additional=-XX:+DebugNonSafepoints

Open modules for neo4j to allow internal access

server.jvm.additional=--add-opens=java.base/java.nio=ALL-UNNAMED
server.jvm.additional=--add-opens=java.base/java.io=ALL-UNNAMED
server.jvm.additional=--add-opens=java.base/sun.nio.ch=ALL-UNNAMED

Disable logging JMX endpoint.

server.jvm.additional=-Dlog4j2.disable.jmx=true

Limit JVM metaspace and code cache to allow garbage collection. Used by cypher for code generation and may grow indefinitely unless constrained.

Useful for memory constrained environments

#server.jvm.additional=-XX:MaxMetaspaceSize=1024m
#server.jvm.additional=-XX:ReservedCodeCacheSize=512m

Allow big methods to be JIT compiled.

Useful for big queries and big expressions where cypher code generation can create large methods.

#server.jvm.additional=-XX:-DontCompileHugeMethods

#********************************************************************

Wrapper Windows NT/2000/XP Service Properties

#********************************************************************

WARNING - Do not modify any of these properties when an application

using this configuration file has been installed as a service.

Please uninstall the service before modifying this section. The

service can then be reinstalled.

Name of the service

server.windows_service_name=neo4j

#********************************************************************

Other Neo4j system properties

#********************************************************************
dbms.security.procedures.unrestricted=apoc.*

db.tx_log.rotation.retention_policy=100M size

server.default_listen_address=0.0.0.0

server.config.strict_validation.enabled=false

dbms.security.log_successful_authentication=false

db.recovery.fail_on_missing_files=false

apoc.import.file.use_neo4j_config=false

apoc.import.file.enabled=true

apoc.export.file.enabled=true
usps.api.userid=MDQ3SVJPTk02Mzk3
usps.api.target=https://secure.shippingapis.com
usps.api.endpoint=ShippingAPI.dll
server.memory.pagecache.size=2g
server.directories.logs=/logs
server.directories.import=/import
google.maps.api.key=QUl6YVN5RDdWNnRZUVNxcWxya3JFV1dvNnVJLVp2QW83RUlhd0Jr
gitlab.username=UHJvamVjdF9Ub2tlbg==
gitlab.access.token=Z2xwYXQtZFA2R1Vtc1hMNC1ubnNqN3dLLXg=
dbms.unmanaged_extension_classes=com.ims.insight.mdm.neo4j.extension=/mdm
dbms.memory.pagecache.size=2g
dbms.memory.heap.max_size=2g
dbms.memory.heap.initial_size=1g
dbms.jvm.additional=-Xss1G
dbms.allow_upgrade=true

apoc.import.file.use_neo4j_config=false
apoc.import.file.enabled=true
apoc.export.file.enabled=true
apoc.initializer.neo4j.0=CALL apoc.cypher.runFile("file:////var/lib/neo4j/db_init/graphileon_customization_scripts.cypher");

graphileon_customization_scripts.cypher consist below below runfile

CALL apoc.cypher.runFile("file:////var/lib/neo4j/db_init/01_initial_feature_graphileon.cypher");
CALL apoc.cypher.runFile("file:////var/lib/neo4j/db_init/02_custom_style.cypher");
CALL apoc.cypher.runFile("file:////var/lib/neo4j/db_init/03_schema_config.cypher");

Are you trying to set neo4j config properties in your cypher queries? If so, are you using the setConfigValue procedure?

I am facing the below issue when I run the query manually. It suggests me to add this setting in conf file server.jvm.additional=-Xss2M.
But when I check the neo4j conf file there are many entries with the same key. Can you please guide me on the same?

Memory Settings I have
dbms.memory.pagecache.size=2g
dbms.memory.heap.max_size=2g
dbms.memory.heap.initial_size=1g
dbms.jvm.additional=-Xss1G

Which one do I need to change?

Neo4j conf file setting

server.config.strict_validation.enabled=false

server.jvm.additional=-XX:+UseG1GC
server.jvm.additional=-XX:-OmitStackTraceInFastThrow
server.jvm.additional=-XX:+AlwaysPreTouch
server.jvm.additional=-XX:+UnlockExperimentalVMOptions
server.jvm.additional=-XX:+TrustFinalNonStaticFields
server.jvm.additional=-XX:+DisableExplicitGC
server.jvm.additional=-Djdk.nio.maxCachedBufferSize=1024
server.jvm.additional=-Dio.netty.tryReflectionSetAccessible=true
server.jvm.additional=-Djdk.tls.ephemeralDHKeySize=2048
server.jvm.additional=-Djdk.tls.rejectClientInitiatedRenegotiation=true
server.jvm.additional=-XX:FlightRecorderOptions=stackdepth=256
server.jvm.additional=-XX:+UnlockDiagnosticVMOptions
server.jvm.additional=-XX:+DebugNonSafepoints
server.jvm.additional=--add-opens=java.base/java.nio=ALL-UNNAMED
server.jvm.additional=--add-opens=java.base/java.io=ALL-UNNAMED
server.jvm.additional=--add-opens=java.base/sun.nio.ch=ALL-UNNAMED
server.jvm.additional=-Dlog4j2.disable.jmx=true