A few months ago, Mark Needham blogged about how to setup remote monitoring of Neo4j using YourKit. I was asked the other day about getting a few more details on how to do this on Amazon, so here is my attempt at that. The first thing we’ll do is setup Neo4j on a Virtual Private Cloud. It’s good practice to not put your databases directly on the public internet.
We’ll use the VPC Wizard and create a VPC with public and private subnets. Our application servers will go on the public subnet, our database servers will go on the private subnet.
Follow along with the defaults and we’ll have a public subnet at 10.0.0.0/24 with a private subnet at 10.0.1.0/24.
The wizard will create a NAT instance for us. Leave that alone for now, we’ll get back to it later. Next create a new EC2 instance for our Neo4j to run inside our private subnet.
We’ll configure it’s security group (sg-912300f4) to allow ssh, port 7474 (Neo4j’s port) and port 8888 where we’ll setup monitoring later.
Once the instance is running, make a note of it’s private ip.
Now before we can connect to it, we need to connect to our NAT instance… and before we can SSH into our NAT instance, we need to change the Security Group settings to allow inbound traffic over port 22. But don’t stop there. We are also going to accept all incoming traffic from the instances in the private subnet. We can point to them by the security group we just created (sg-912300f4).
Now we should be able to connect to our NAT instance. Let’s setup an ssh tunnel to our private instance:
ssh firstname.lastname@example.org -i ec2-us-west.pem -t -A -L 2222:10.0.1.185:22 'watch -n60 echo "jump"'
With that in place we can ssh to our private instance using port 2222 on localhost:
ssh -p 2222 -i ec2-us-west.pem ubuntu@localhost
If you get a prompt, then congratulations on making it this far. Now let’s get Java installed:
sudo add-apt-repository ppa:webupd8team/java sudo apt-get update sudo apt-get install oracle-java7-installer
Download and extract Neo4j:
curl -O http://dist.neo4j.org/neo4j-enterprise-2.2.0-M04-unix.tar.gz tar -xvzf neo4j-enterprise-2.2.0-M04-unix.tar.gz
…and let’s download yourkit as well.
curl -O https://www.yourkit.com/download/yjp-2014-build-14120-linux.tar.bz2 tar -xvjf yjp-2014-build-14120-linux.tar.bz2
From here, we’ll just need to update the neo4j-wrapper.conf file:
to use the yourkit agent:
Edit the neo4j-server.properties file:
…to let Neo4j listen on all IPs:
and start neo4j.
Now finally we can connect Yourkit to our remote instance:
and start profiling Neo4j:
You can use the ssh tunnel you made earlier to make requests to Neo4j. Don’t forget to lock down your NAT instance, so only you have access to it.