Enabling remote backup on GCE

(Tharshy) #1

@david.allen, I would like to know, if I want the remote backup to be enabled on my google cloud launcher VM, I should be only editing neo4j.templete file with following

By default the backup service will only listen on localhost.

To enable remote backups you will have to bind to an external

network interface (e.g. for all interfaces).

dbms.backup.address=$dbms_backup_address --> instead replace with

thank you

(M. David Allen) #3

Yes, you've got it right, you can just use:


However! There are several other important things to keep in mind. What that setting actually does is just open a port on localhost. By default in GCP, the backup address is not exposed to the internet. This would be a very bad idea for security, as you don't want anyone on the internet being able to take a backup of your database. As a result, that port is only available on localhost. If you try from your work laptop to do a backup, it will fail with connection timeout errors, as GCP's firewall blocks inbound traffic on this port.

The part means the machine will listen on all interfaces, but practically speaking since yours will only have one, this means it will listen on the internet interface, probably a 10.*.*.* address inside of google.

To take a backup, you must SSH into the machine and run the backup locally, then copy the backup off machine somewhere else, like google storage.

(Tharshy) #4

thank you for the info, however If I have a script running on another server inside the google to automatic backup on my db, then I may need to consider enabling remote backup or should I give the internal ip ie:

(Tharshy) #5

yes, I think your last idea make sense , run the backup locally and transfer outside storage using scp.. however , in this case I may have to do it manually I guess, as my automation scripts are running on another vm.

(M. David Allen) #6

If your automation scripts are running on another VM, they need to be in the same virtual network -- then you can use the 10..... address and it should work. If this does not work, you can always adjust your firewall rules to permit access to that port from the specific other machine that will take the backup.

Do not expose your backup port to the entire internet.

(Tharshy) #7

thank you and this makes sense.