Spaces:
Sleeping
Sleeping
Commit Β·
a37ed50
1
Parent(s): cd1a891
Fix Neo4j auth: disable auth for demo deployment (NEO4J_AUTH=none), simplify entrypoint
Browse files- Dockerfile +2 -2
- backend/neo4j_setup.py +4 -2
- docker/Dockerfile +2 -2
- docker/entrypoint.sh +3 -6
- docker/supervisord.conf +3 -2
Dockerfile
CHANGED
|
@@ -68,7 +68,7 @@ RUN { \
|
|
| 68 |
echo "server.directories.data=/data/neo4j/data"; \
|
| 69 |
echo "server.directories.logs=/data/neo4j/logs"; \
|
| 70 |
echo "server.directories.plugins=/data/neo4j/plugins"; \
|
| 71 |
-
echo "dbms.security.auth_enabled=
|
| 72 |
echo "dbms.security.procedures.unrestricted=apoc.*"; \
|
| 73 |
echo "dbms.security.procedures.allowlist=apoc.*"; \
|
| 74 |
echo "server.memory.heap.initial_size=512m"; \
|
|
@@ -114,7 +114,7 @@ ENV NEO4J_USERNAME=neo4j
|
|
| 114 |
ENV NEO4J_PASSWORD=clinicalmatch2024
|
| 115 |
ENV NEO4J_DATABASE=neo4j
|
| 116 |
# NEO4J_AUTH tells Neo4j 5.x to set this password on first boot (format: user/pass)
|
| 117 |
-
ENV NEO4J_AUTH=
|
| 118 |
|
| 119 |
# LLM β OpenAI-compatible (set real values via HF Spaces secrets)
|
| 120 |
ENV OPENAI_API_KEY=""
|
|
|
|
| 68 |
echo "server.directories.data=/data/neo4j/data"; \
|
| 69 |
echo "server.directories.logs=/data/neo4j/logs"; \
|
| 70 |
echo "server.directories.plugins=/data/neo4j/plugins"; \
|
| 71 |
+
echo "dbms.security.auth_enabled=false"; \
|
| 72 |
echo "dbms.security.procedures.unrestricted=apoc.*"; \
|
| 73 |
echo "dbms.security.procedures.allowlist=apoc.*"; \
|
| 74 |
echo "server.memory.heap.initial_size=512m"; \
|
|
|
|
| 114 |
ENV NEO4J_PASSWORD=clinicalmatch2024
|
| 115 |
ENV NEO4J_DATABASE=neo4j
|
| 116 |
# NEO4J_AUTH tells Neo4j 5.x to set this password on first boot (format: user/pass)
|
| 117 |
+
ENV NEO4J_AUTH=none
|
| 118 |
|
| 119 |
# LLM β OpenAI-compatible (set real values via HF Spaces secrets)
|
| 120 |
ENV OPENAI_API_KEY=""
|
backend/neo4j_setup.py
CHANGED
|
@@ -15,9 +15,10 @@ class Neo4jConnection:
|
|
| 15 |
self._connect_with_retry()
|
| 16 |
|
| 17 |
def _connect_with_retry(self, retries: int = 10, delay: int = 6):
|
|
|
|
| 18 |
for attempt in range(retries):
|
| 19 |
try:
|
| 20 |
-
self.driver = GraphDatabase.driver(self._uri, auth=
|
| 21 |
self.driver.verify_connectivity()
|
| 22 |
print(f"[neo4j] Connected on attempt {attempt + 1}")
|
| 23 |
return
|
|
@@ -46,10 +47,11 @@ class Neo4jConnection:
|
|
| 46 |
return [record.data() for record in result]
|
| 47 |
|
| 48 |
|
|
|
|
| 49 |
neo4j_conn = Neo4jConnection(
|
| 50 |
uri=os.getenv("NEO4J_URI") or "bolt://127.0.0.1:7687",
|
| 51 |
user=os.getenv("NEO4J_USERNAME") or "neo4j",
|
| 52 |
-
password=os.getenv("NEO4J_PASSWORD") or "clinicalmatch2024",
|
| 53 |
database=os.getenv("NEO4J_DATABASE") or "neo4j",
|
| 54 |
)
|
| 55 |
|
|
|
|
| 15 |
self._connect_with_retry()
|
| 16 |
|
| 17 |
def _connect_with_retry(self, retries: int = 10, delay: int = 6):
|
| 18 |
+
auth = None if (self._auth == ("neo4j", "") or self._auth[1] == "") else self._auth
|
| 19 |
for attempt in range(retries):
|
| 20 |
try:
|
| 21 |
+
self.driver = GraphDatabase.driver(self._uri, auth=auth)
|
| 22 |
self.driver.verify_connectivity()
|
| 23 |
print(f"[neo4j] Connected on attempt {attempt + 1}")
|
| 24 |
return
|
|
|
|
| 47 |
return [record.data() for record in result]
|
| 48 |
|
| 49 |
|
| 50 |
+
_auth_disabled = (os.getenv("NEO4J_AUTH", "") == "none")
|
| 51 |
neo4j_conn = Neo4jConnection(
|
| 52 |
uri=os.getenv("NEO4J_URI") or "bolt://127.0.0.1:7687",
|
| 53 |
user=os.getenv("NEO4J_USERNAME") or "neo4j",
|
| 54 |
+
password="" if _auth_disabled else (os.getenv("NEO4J_PASSWORD") or "clinicalmatch2024"),
|
| 55 |
database=os.getenv("NEO4J_DATABASE") or "neo4j",
|
| 56 |
)
|
| 57 |
|
docker/Dockerfile
CHANGED
|
@@ -68,7 +68,7 @@ RUN { \
|
|
| 68 |
echo "server.directories.data=/data/neo4j/data"; \
|
| 69 |
echo "server.directories.logs=/data/neo4j/logs"; \
|
| 70 |
echo "server.directories.plugins=/data/neo4j/plugins"; \
|
| 71 |
-
echo "dbms.security.auth_enabled=
|
| 72 |
echo "dbms.security.procedures.unrestricted=apoc.*"; \
|
| 73 |
echo "dbms.security.procedures.allowlist=apoc.*"; \
|
| 74 |
echo "server.memory.heap.initial_size=512m"; \
|
|
@@ -114,7 +114,7 @@ ENV NEO4J_USERNAME=neo4j
|
|
| 114 |
ENV NEO4J_PASSWORD=clinicalmatch2024
|
| 115 |
ENV NEO4J_DATABASE=neo4j
|
| 116 |
# NEO4J_AUTH tells Neo4j 5.x to set this password on first boot (format: user/pass)
|
| 117 |
-
ENV NEO4J_AUTH=
|
| 118 |
|
| 119 |
# LLM β OpenAI-compatible (set real values via HF Spaces secrets)
|
| 120 |
ENV OPENAI_API_KEY=""
|
|
|
|
| 68 |
echo "server.directories.data=/data/neo4j/data"; \
|
| 69 |
echo "server.directories.logs=/data/neo4j/logs"; \
|
| 70 |
echo "server.directories.plugins=/data/neo4j/plugins"; \
|
| 71 |
+
echo "dbms.security.auth_enabled=false"; \
|
| 72 |
echo "dbms.security.procedures.unrestricted=apoc.*"; \
|
| 73 |
echo "dbms.security.procedures.allowlist=apoc.*"; \
|
| 74 |
echo "server.memory.heap.initial_size=512m"; \
|
|
|
|
| 114 |
ENV NEO4J_PASSWORD=clinicalmatch2024
|
| 115 |
ENV NEO4J_DATABASE=neo4j
|
| 116 |
# NEO4J_AUTH tells Neo4j 5.x to set this password on first boot (format: user/pass)
|
| 117 |
+
ENV NEO4J_AUTH=none
|
| 118 |
|
| 119 |
# LLM β OpenAI-compatible (set real values via HF Spaces secrets)
|
| 120 |
ENV OPENAI_API_KEY=""
|
docker/entrypoint.sh
CHANGED
|
@@ -3,8 +3,9 @@ set -e
|
|
| 3 |
|
| 4 |
log() { echo "[entrypoint] $*"; }
|
| 5 |
|
| 6 |
-
# ββ Persistent data dirs
|
| 7 |
-
mkdir -p /data/neo4j/data /data/neo4j/logs /data/neo4j/plugins
|
|
|
|
| 8 |
|
| 9 |
# Symlink Neo4j dirs to persistent volume
|
| 10 |
if [ ! -L /opt/neo4j/data ]; then
|
|
@@ -16,9 +17,5 @@ if [ ! -L /opt/neo4j/logs ]; then
|
|
| 16 |
ln -sf /data/neo4j/logs /opt/neo4j/logs
|
| 17 |
fi
|
| 18 |
|
| 19 |
-
# Neo4j 5.x reads NEO4J_AUTH=neo4j/<password> on first boot to set credentials.
|
| 20 |
-
# No manual cypher-shell bootstrap needed.
|
| 21 |
-
export NEO4J_AUTH="neo4j/clinicalmatch2024"
|
| 22 |
-
|
| 23 |
log "Starting all services via supervisord..."
|
| 24 |
exec /usr/bin/supervisord -c /app/docker/supervisord.conf
|
|
|
|
| 3 |
|
| 4 |
log() { echo "[entrypoint] $*"; }
|
| 5 |
|
| 6 |
+
# ββ Persistent data dirs βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
|
| 7 |
+
mkdir -p /data/neo4j/data /data/neo4j/logs /data/neo4j/plugins \
|
| 8 |
+
/tmp/nginx-cache /tmp/nginx-body /tmp/nginx-run
|
| 9 |
|
| 10 |
# Symlink Neo4j dirs to persistent volume
|
| 11 |
if [ ! -L /opt/neo4j/data ]; then
|
|
|
|
| 17 |
ln -sf /data/neo4j/logs /opt/neo4j/logs
|
| 18 |
fi
|
| 19 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 20 |
log "Starting all services via supervisord..."
|
| 21 |
exec /usr/bin/supervisord -c /app/docker/supervisord.conf
|
docker/supervisord.conf
CHANGED
|
@@ -19,7 +19,7 @@ command=/opt/neo4j/bin/neo4j console
|
|
| 19 |
environment=
|
| 20 |
NEO4J_HOME=/opt/neo4j,
|
| 21 |
JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64,
|
| 22 |
-
NEO4J_AUTH="
|
| 23 |
autostart=true
|
| 24 |
autorestart=true
|
| 25 |
startsecs=45
|
|
@@ -35,8 +35,9 @@ directory=/app/backend
|
|
| 35 |
environment=
|
| 36 |
NEO4J_URI="bolt://127.0.0.1:7687",
|
| 37 |
NEO4J_USERNAME="neo4j",
|
| 38 |
-
NEO4J_PASSWORD="
|
| 39 |
NEO4J_DATABASE="neo4j",
|
|
|
|
| 40 |
OPENAI_API_KEY="%(ENV_OPENAI_API_KEY)s",
|
| 41 |
OPENAI_BASE_URL="%(ENV_OPENAI_BASE_URL)s",
|
| 42 |
OPENAI_MODEL="%(ENV_OPENAI_MODEL)s"
|
|
|
|
| 19 |
environment=
|
| 20 |
NEO4J_HOME=/opt/neo4j,
|
| 21 |
JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64,
|
| 22 |
+
NEO4J_AUTH="none"
|
| 23 |
autostart=true
|
| 24 |
autorestart=true
|
| 25 |
startsecs=45
|
|
|
|
| 35 |
environment=
|
| 36 |
NEO4J_URI="bolt://127.0.0.1:7687",
|
| 37 |
NEO4J_USERNAME="neo4j",
|
| 38 |
+
NEO4J_PASSWORD="",
|
| 39 |
NEO4J_DATABASE="neo4j",
|
| 40 |
+
NEO4J_AUTH="none",
|
| 41 |
OPENAI_API_KEY="%(ENV_OPENAI_API_KEY)s",
|
| 42 |
OPENAI_BASE_URL="%(ENV_OPENAI_BASE_URL)s",
|
| 43 |
OPENAI_MODEL="%(ENV_OPENAI_MODEL)s"
|