Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 63 additions & 3 deletions pages/advanced-algorithms/install-mage.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,9 @@ import { Callout } from 'nextra/components'

# Install MAGE graph algorithm library

Use MAGE with an instance installed within a [Docker container](#docker) or on
[Linux](#linux).
Use MAGE with an instance installed within a [Docker container](#docker), from a
prebuilt [package](#install-from-a-package) on Ubuntu or CentOS, or [built from
source](#build-from-source-linux).

## Docker

Expand Down Expand Up @@ -52,7 +53,66 @@ discontinued as of `3.2` onwards.

</Callout>

## Linux
## Install from a package

On Ubuntu 24.04 (DEB `x86_64` and `aarch64`) and CentOS 9 / CentOS 10 (RPM, `x86_64` only), MAGE is
available as a prebuilt `memgraph-mage` package, so you don't have to build it
from source.

<Steps>

{<h3 className="custom-header">Install Memgraph</h3>}

Install the Memgraph package first — the `memgraph-mage` package depends on a
matching `memgraph` package of the same version. Follow the
[Ubuntu](/getting-started/install-memgraph/ubuntu) or
[CentOS](/getting-started/install-memgraph/centos) installation guide.

{<h3 className="custom-header">Download the MAGE package</h3>}

Download the `memgraph-mage` package that matches your Memgraph version and distro
from the [direct download
links](/getting-started/install-memgraph/direct-download-links). For example:

```shell
# Ubuntu 24.04
wget https://download.memgraph.com/memgraph-mage/v3.12.0/ubuntu-24.04/memgraph-mage_3.12.0-1_amd64.deb
# CentOS 9
wget https://download.memgraph.com/memgraph-mage/v3.12.0/centos-9/memgraph-mage-3.12.0-1.centos-9.x86_64.rpm
```

CUDA and cuGraph variants are also available for Ubuntu — see the download links page.

{<h3 className="custom-header">Install MAGE</h3>}

Install the package with your distribution's package manager so its dependencies
are resolved:

```shell
# Ubuntu (DEB)
sudo apt install ./memgraph-mage_3.12.0-1_amd64.deb
# CentOS (RPM)
sudo dnf install ./memgraph-mage-3.12.0-1.centos-9.x86_64.rpm
```

<Callout type="info">

During installation the package downloads and installs the Python dependencies
the MAGE query modules need, so the machine needs network access.

</Callout>

{<h3 className="custom-header">Restart Memgraph</h3>}

Restart Memgraph so the newly installed modules are loaded:

```shell
sudo systemctl restart memgraph
```

</Steps>

## Build from source (Linux)

Follow the steps if you want to use the MAGE library with [installed Linux based
Memgraph package](/getting-started/install-memgraph).
Expand Down
27 changes: 6 additions & 21 deletions pages/clustering/high-availability/best-practices.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -109,22 +109,6 @@ coordinator’s RPC messages.
**Example:**
`--management-port=10000`

#### `--instance-health-check-frequency-sec` (deprecated)

<Callout type="warning">
**Deprecated in Memgraph 3.10.** This startup flag is now ignored. Use the
`instance_health_check_frequency_sec` [coordinator runtime setting](#coordinator-runtime-settings)
instead.
</Callout>

#### `--instance-down-timeout-sec` (deprecated)

<Callout type="warning">
**Deprecated in Memgraph 3.10.** This startup flag is now ignored. Use the
`instance_down_timeout_sec` [coordinator runtime setting](#coordinator-runtime-settings)
instead.
</Callout>

### Health check behavior

Coordinator health checks follow this pattern:
Expand Down Expand Up @@ -234,11 +218,12 @@ SET COORDINATOR SETTING 'instance_down_timeout_sec' TO '5' ;
**Default:** `5`

<Callout type="warning">
**Upgrade note (3.10):** Values previously set via the
`--instance-down-timeout-sec` and `--instance-health-check-frequency-sec`
startup flags are **not** automatically migrated. After upgrading, the settings
revert to their defaults (`5` and `1`). If you had customized these flags, run
`SET COORDINATOR SETTING` queries to re-apply your values.
**Upgrade note:** The `--instance-down-timeout-sec` and
`--instance-health-check-frequency-sec` startup flags were deprecated in 3.10
and **removed in 3.12**. Values previously set via these flags are **not**
automatically migrated. After upgrading, the settings revert to their defaults
(`5` and `1`). If you had customized these flags, run `SET COORDINATOR SETTING`
queries to re-apply your values.
</Callout>

### `enabled_reads_on_main`
Expand Down
46 changes: 46 additions & 0 deletions pages/clustering/high-availability/setup-ha-cluster-k8s.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -621,6 +621,49 @@ Although many configuration options exist, especially for networking, the workfl
5. Install auxiliary components for external access, such as `ingress-nginx` (optional).
6. Update Bolt server addresses if clients will connect from outside the cluster (optional).

### Customize the cluster-setup Job

After `helm install`, the chart runs a `cluster-setup` Job as a Helm
`post-install` hook. This Job registers all coordinators and data instances via
`mgconsole`, producing a fully connected cluster.

You can customize the labels and security context applied to this Job through
the `clusterSetup` block:

- `clusterSetup.labels` - custom labels applied to both the Job and its pod
template. Useful for matching network policies, cost-allocation, or
observability selectors that target the setup Job.
- `clusterSetup.podSecurityContext` - pod-level security context for the
`cluster-setup` pod.
- `clusterSetup.containerSecurityContext` - container-level security context for
the `cluster-setup` container.

By default the Job runs hardened: as the non-root `memgraph` user
(`runAsUser: 101`, `runAsGroup: 103`), with a read-only root filesystem, all
Linux capabilities dropped, no privilege escalation, and the `RuntimeDefault`
seccomp profile. Override these values when deploying to a restricted
environment such as Red Hat OpenShift, where the allowed UID/GID range differs:

```yaml
clusterSetup:
labels:
app.kubernetes.io/component: cluster-setup
podSecurityContext:
runAsUser: 1000680000
runAsGroup: 1000680000
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
```

### Update bolt server

This step is required only when:
Expand Down Expand Up @@ -1433,6 +1476,9 @@ and their default values.
| `labels.data.podLabels` | Enables you to set labels on a pod level for data instances. | `{}` |
| `labels.data.statefulSetLabels` | Enables you to set labels on a stateful set level for data instances. | `{}` |
| `labels.data.serviceLabels` | Enables you to set labels on a service level for data instances. | `{}` |
| `clusterSetup.labels` | Custom labels applied to both the post-install `cluster-setup` Job and its pod template. | `{}` |
| `clusterSetup.podSecurityContext` | Pod-level security context for the `cluster-setup` Job pod. See [Customize the cluster-setup Job](#customize-the-cluster-setup-job). | `runAsUser: 101`, `runAsGroup: 103`, `runAsNonRoot: true`, `seccompProfile.type: RuntimeDefault` |
| `clusterSetup.containerSecurityContext` | Container-level security context for the `cluster-setup` container. See [Customize the cluster-setup Job](#customize-the-cluster-setup-job). | `allowPrivilegeEscalation: false`, `capabilities.drop: ["ALL"]`, `readOnlyRootFilesystem: true`, `runAsNonRoot: true`, `seccompProfile.type: RuntimeDefault` |
| `updateStrategy.type` | Update strategy for StatefulSets. Possible values are `RollingUpdate` and `OnDelete` | `RollingUpdate` |
| `extraEnv.data` | Env variables that users can define and are applied to data instances | `[]` |
| `extraEnv.coordinators` | Env variables that users can define and are applied to coordinators | `[]` |
Expand Down
2 changes: 0 additions & 2 deletions pages/database-management/configuration.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -442,8 +442,6 @@ This section contains the list of flags that are used to configure highly availa
| `--coordinator-id` | Raft server id on coordinator instance. | `[int32]` |
| `--coordinator-port` | Raft server's port on coordinator instance. | `[uint32]` |
| `--management-port` | Port on which replication instances receive messages from coordinator . | `[uint32]` |
| ~~`--instance-health-check-frequency-sec`~~ | **Deprecated in 3.10.** This flag is ignored. Use `SET COORDINATOR SETTING 'instance_health_check_frequency_sec' TO '<value>'` instead. See [Coordinator runtime settings](/clustering/high-availability/best-practices#coordinator-runtime-settings). | `[uint32]` |
| ~~`--instance-down-timeout-sec`~~ | **Deprecated in 3.10.** This flag is ignored. Use `SET COORDINATOR SETTING 'instance_down_timeout_sec' TO '<value>'` instead. See [Coordinator runtime settings](/clustering/high-availability/best-practices#coordinator-runtime-settings). | `[uint32]` |
| `--nuraft-log-file` | Path to the file where NuRaft logs are saved. | `[string]` |
| `--coordinator-hostname` | Coordinator's instance hostname. Used only in `SHOW INSTANCES` query. | `[string]` |
| `--cluster-cert-file` | Certificate file used for [intra-cluster TLS](/clustering/high-availability/how-high-availability-works#intra-cluster-tls) communication. Must be set together with `--cluster-key-file` and `--cluster-ca-file`. | `[string]` |
Expand Down
33 changes: 33 additions & 0 deletions pages/fundamentals/data-durability.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,39 @@ via `--storage-snapshot-retention-count`.
enforces periodic snapshots when WAL is enabled and will fail to start if WAL is
enabled with snapshot interval set to zero.

<h4 className="custom-header">WAL data integrity</h4>

<Callout type="info">
Per-transaction WAL checksums were introduced in Memgraph v3.12.

WAL files written by older versions do not contain checksums and are recovered
without integrity verification. Checksum verification applies only to WAL files
written by Memgraph v3.12 or newer.
</Callout>

To guard against silent on-disk corruption, Memgraph protects WAL files with
[CRC32](https://en.wikipedia.org/wiki/Cyclic_redundancy_check) checksums:

- The **WAL file header** (offsets and metadata such as the UUID, epoch ID and
sequence number) is protected by its own checksum.
- **Each transaction** is protected by a 4-byte checksum covering the
transaction's bytes (transaction start, deltas and transaction end).

Checksums are verified automatically during recovery. If a transaction's stored
checksum does not match the recomputed value, the WAL is considered corrupted at
that point and recovery stops, so corrupted data is never applied to the
database. A mismatch in the WAL header causes recovery from that file to fail.

The same checksums protect WAL files that are buffered on disk on a replica
before being applied, so corruption introduced between the main and the replica
is detected before the data is committed. Deltas streamed during the commit
(`PrepareCommitRpc`) are not checksummed because the TCP transport already
provides integrity guarantees.

<Callout type="info">
Snapshots are not yet protected by checksums.
</Callout>

### Snapshots
Snapshots provide a faster way to restore the states of your database. Snapshots
are created periodically based on the value defined with the
Expand Down
Loading