memgraph · kgolubic · May 23, 2024 · Apr 11, 2024 · Apr 11, 2024 · Apr 19, 2024
@@ -35,8 +35,7 @@ You can start the coordinator instance by specifying `--coordinator-id` and
 queries related to high availability, so you cannot execute any data-oriented query on it. The coordinator port is used for the Raft protocol, which
 all coordinators use to ensure the consistency of the cluster's state. Data instances are distinguished from coordinator instances by
 specifying `--management-port` flag. This port is used for RPC network communication between the coordinator and data
-instances. When started by default, the data instance is MAIN. All data instances should be started with the flag `--replication-restore-state-on-startup=true`
-so that its role (MAIN or REPLICA) is restored on restart. The coordinator will ensure that no data inconsistency can happen during and after the instance's
+instances. When started by default, the data instance is MAIN. The coordinator will ensure that no data inconsistency can happen during and after the instance's
 restart. Once all instances are started, the user can start adding data instances to the cluster.
 
 <Callout type="info">
@@ -61,6 +60,8 @@ Users only need to change the scheme which they use for connecting to coordinato
 use `neo4j://<coordinator_ip_adresss>` to get an active connection to the current MAIN instance in the cluster. You can find examples of how to 
 use bolt+routing in different programming languages [here](https://github.com/memgraph/memgraph/tree/master/tests/drivers).
 
+It is important to note that setting up the cluster (registration of data instances and coordinators, setting main) must be done using bolt connection since bolt+routing is only used for routing data-related
+queries, not coordinator-based queries.
 
 ## Starting instances
 
@@ -358,6 +359,12 @@ When choosing a new MAIN in the failover procedure from the list of available RE
 had more up-to-date data when the failover procedure was choosing a new MAIN but was down at that point when rejoining the cluster, the new MAIN instance sends a force sync RPC request to such instance. Force sync
 RPC request deletes all current data on all databases on a given instance and accepts data from the current MAIN. This way cluster will always follow the current MAIN. 
 
+
+## Actions on follower coordinators
+
+From follower coordinators you can only execute `SHOW INSTANCES`. Registration of data instance, unregistration of data instances, demoting instance, setting instance to MAIN and force reseting cluster state
+are all disabled. 
+
 ## Instances' restart
 
 ### Data instances' restart
@@ -393,32 +400,32 @@ This example will show how to set up a highly available cluster in Memgraph usin
 
 1. Start coordinator1:
 ```plaintext
-docker run  --name coord1 -p 7687:7687 -p 7444:7444 memgraph/memgraph-mage --bolt-port=7690 --log-level=TRACE --data-directory=/tmp/mg_data_coord1 --log-file=/tmp/coord1.log --also-log-to-stderr --coordinator-id=1 --coordinator-port=10111 --experimental-enabled=high-availability
+docker run  --name coord1 -p 7690:7690 -p 7444:7444 memgraph/memgraph-mage --bolt-port=7690 --log-level=TRACE --data-directory=/tmp/mg_data_coord1 --log-file=/tmp/coord1.log --also-log-to-stderr --coordinator-id=1 --coordinator-port=10111 --experimental-enabled=high-availability
 ```
 
 2. Start coordinator2:
 ```plaintext
-docker run  --name coord2 -p 7688:7688 -p 7445:7444 memgraph/memgraph-mage --bolt-port=7691 --log-level=TRACE --data-directory=/tmp/mg_data_coord2 --log-file=/tmp/coord2.log --also-log-to-stderr --coordinator-id=2 --coordinator-port=10112 --experimental-enabled=high-availability
+docker run  --name coord2 -p 7691:7691 -p 7445:7444 memgraph/memgraph-mage --bolt-port=7691 --log-level=TRACE --data-directory=/tmp/mg_data_coord2 --log-file=/tmp/coord2.log --also-log-to-stderr --coordinator-id=2 --coordinator-port=10112 --experimental-enabled=high-availability
 ```
 
 3. Start coordinator3:
 ```plaintext
-docker run  --name coord3 -p 7689:7689 -p 7446:7444 memgraph/memgraph-mage --bolt-port=7692 --log-level=TRACE --data-directory=/tmp/mg_data_coord3 --log-file=/tmp/coord3.log --also-log-to-stderr --coordinator-id=3 --coordinator-port=10113 --experimental-enabled=high-availability
+docker run  --name coord3 -p 7692:7692 -p 7446:7444 memgraph/memgraph-mage --bolt-port=7692 --log-level=TRACE --data-directory=/tmp/mg_data_coord3 --log-file=/tmp/coord3.log --also-log-to-stderr --coordinator-id=3 --coordinator-port=10113 --experimental-enabled=high-availability
 ```
 
 4. Start instance1:
 ```plaintext
-docker run  --name instance1 -p 7690:7690 -p 7447:7444 memgraph/memgraph-mage --bolt-port=7687 --log-level=TRACE --data-directory=/tmp/mg_data_instance1 --log-file=/tmp/instance1.log --also-log-to-stderr --replication-restore-state-on-startup=true --management-port=10011 --experimental-enabled=high-availability
+docker run  --name instance1 -p 7687:7687 -p 7447:7444 memgraph/memgraph-mage --bolt-port=7687 --log-level=TRACE --data-directory=/tmp/mg_data_instance1 --log-file=/tmp/instance1.log --also-log-to-stderr --management-port=10011 --experimental-enabled=high-availability
 ```
 
 5. Start instance2:
 ```plaintext
-docker run --name instance2 -p 7691:7691 -p 7448:7444 memgraph/memgraph-mage --bolt-port=7688 --log-level=TRACE --data-directory=/tmp/mg_data_instance2 --log-file=/tmp/instance2.log --also-log-to-stderr --replication-restore-state-on-startup=true --management-port=10012 --experimental-enabled=high-availability
+docker run --name instance2 -p 7688:7688 -p 7448:7444 memgraph/memgraph-mage --bolt-port=7688 --log-level=TRACE --data-directory=/tmp/mg_data_instance2 --log-file=/tmp/instance2.log --also-log-to-stderr --management-port=10012 --experimental-enabled=high-availability
 ```
 
 6. Start instance3:
 ```plaintext
-docker run --name instance3 -p 7692:7692  -p 7449:7444 memgraph/memgraph-mage --bolt-port=7689 --log-level=TRACE --data-directory=/tmp/mg_data_instance3 --log-file=/tmp/instance3.log --also-log-to-stderr --replication-restore-state-on-startup=true --management-port=10013 --experimental-enabled=high-availability
+docker run --name instance3 -p 7689:7689  -p 7449:7444 memgraph/memgraph-mage --bolt-port=7689 --log-level=TRACE --data-directory=/tmp/mg_data_instance3 --log-file=/tmp/instance3.log --also-log-to-stderr --management-port=10013 --experimental-enabled=high-availability
 ```
 
 ### Register instances
@@ -470,14 +477,13 @@ SET INSTANCE instance_3 TO MAIN;
 Let's say that the current MAIN instance is down for some reason. After `--instance-down-timeout-sec` seconds, the coordinator will realize
 that and automatically promote the first alive REPLICA to become the new MAIN. The output of running `SHOW INSTANCES` on the leader coordinator could then look like:
 
-
 | name          | bolt_server    | coordinator_server | management_server | health | role        | last_succ_resp_ms |
 | ------------- | -------------- | ------------------ | ----------------- | ------ | ----------- | ------------------|
 | coordinator_1 | 0.0.0.0:7690   | 127.0.0.1:10111    |        ""         | up     | coordinator |  0                |
 | coordinator_2 | 127.0.0.1:7691 | 127.0.0.1:10112    |        ""         | up     | coordinator |  34               |
 | coordinator_3 | 127.0.0.1:7692 | 127.0.0.1:10113    |        ""         | up     | coordinator |  28               |
 | instance_1    | 127.0.0.1:7687 |       ""           | 127.0.0.1:10011   | up     | main        |  61               |
 | instance_2    | 127.0.0.1:7688 |       ""           | 127.0.0.1:10012   | up     | replica     |  74               |
-| instance_3    | 127.0.0.1:7689 |       ""           | 127.0.0.1:10013   | down   | unknown     |  72               |
+| instance_3    | 127.0.0.1:7689 |       ""           | 127.0.0.1:10013   | down   | unknown     |  71222            |
 
 </Steps>
@@ -7,10 +7,7 @@ import { Callout } from 'nextra/components'
 
 # Replication
 
-<Callout type="warning">
-
-Memgraph 2.9 introduced a new configuration flag
-`--replication-restore-state-on-startup`, which is `false` by default.
+<Callout>
 
 Instances need to remember their role and configuration details in a replication
 cluster upon restart, and the `--replication-restore-state-on-startup` needs to be
@@ -132,10 +129,9 @@ cluster](#set-up-a-replication-cluster).
 Each Memgraph instance has the role of the MAIN instance when it is first
 started.
 
-Also, by default, each crashed instance restarts as a MAIN instance disconnected
-from any replication cluster. To change this behavior, set the
-`--replication-restore-state-on-startup` to `true` when first initializing the
-instance.
+Also, by default, each crashed instance restarts with its previous role (MAIN as MAIN, REPLICA as REPLICA). 
+To change this behavior, set the `--replication-restore-state-on-startup` to `false` when
+first initializing the instance. In this way, all instances will get restarted as MAIN.
 
 ### Assigning the REPLICA role
 
@@ -324,19 +320,19 @@ you need expose different ports for each instance.
 The MAIN instance:
 
 ```
-docker run -p 7687:7687 memgraph/memgraph-mage
+docker run -p 7687:7687 memgraph/memgraph-mage --data-recovery-on-startup=true
 ```
 
 REPLICA instance 1:
 
 ```
-docker run -p 7688:7687 memgraph/memgraph-mage
+docker run -p 7688:7687 memgraph/memgraph-mage --data-recovery-on-startup=true
 ```
 
 REPLICA instance 2:
 
 ```
-docker run -p 7689:7687 memgraph/memgraph-mage
+docker run -p 7689:7687 memgraph/memgraph-mage --data-recovery-on-startup=true
 ```
 
 You can connect to each instance using the Memgraph Lab desktop application, or any

@@ -2,6 +2,7 @@
   "authentication-and-authorization": "Authentication and authorization",
   "backup-and-restore": "Backup and restore",
   "configuration": "Configuration",
+  "debugging": "Debugging",
   "enabling-memgraph-enterprise": "Enabling Memgraph Enterprise",
   "logs": "Logs",
   "monitoring": "Monitoring",

@@ -13,8 +13,8 @@ might have different access levels than an employee's role. Through RBAC,
 organizations efficiently ensure that users only access data relevant to their
 role, enhancing security and minimizing risks.
 
-With role-based access control, database administrator can assign various
-priviledges to roles, but for even more control over who can access certain
+With role-based access control, a database administrator can assign various
+privileges to roles, but for even more control over who can access certain
 data, Memgraph Enterprise offers [fine-grained access
 control](/database-management/authentication-and-authorization/role-based-access-control#fine-grained-access-control). 
 
@@ -23,10 +23,10 @@ control](/database-management/authentication-and-authorization/role-based-access
 Each user can be assigned at most one user role. User roles are abstractions
 that capture the privilege levels of a set of users. 
 
-For example, suppose that `Dominik` and `Marko` belong to upper management of a
+For example, suppose that `Dominik` and `Marko` belong to the upper management of a
 certain company. It makes sense to grant them a set of privileges that other
 users are not entitled to so, instead of granting those privileges to each of
-them, we can create a role with those privileges called `manager` which we
+them, we can create a role with those privileges called `manager`, which we
 assign to `Dominik` and `Marko`.
 
 In other words, each privilege that is granted to a user role is automatically
@@ -35,13 +35,15 @@ to that user). Similarly, each privilege that is denied to a user role is
 automatically denied to all users with that role (even if it has been
 explicitly granted to that user).
 
-To creat a user role, run the following query:
+To create a user role, run the following query:
 
 ```cypher
-CREATE ROLE role_name;
+CREATE ROLE [IF NOT EXISTS] role_name;
 ```
 
-To assigning a user with a certain user role, run the following query:
+If a role already exists, you can use `IF NOT EXISTS` to only create new roles.
+
+To assign a user with a certain user role, run the following query:
 
 ```cypher
 SET ROLE FOR user_name TO role_name;
@@ -74,7 +76,7 @@ SHOW ROLES;
 ## Privileges
 
 At the moment, privileges are confined to users' abilities to perform certain
-`OpenCypher` queries. Namely users can be given permission to execute a subset
+`OpenCypher` queries. Namely, users can be given permission to execute a subset
 of the following commands:
 
 | Privilege description | Clause |
@@ -110,7 +112,7 @@ role are denied that privilege. Otherwise, Memgraph will not execute that
 specific query. Note that `DENY` is a stronger operation than `GRANT`. This is
 also notable from the fact that if neither the user nor its role are explicitly
 granted or denied a certain privilege, that user will not be able to perform
-that specific query. This effect also is known as a silent deny. The information
+that specific query. This effect is also known as a silent deny. The information
 above is neatly condensed in the following table:
 
 User Status | Role Status | Effective Status
@@ -125,7 +127,7 @@ NULL        | GRANT       | GRANT
 NULL        | DENY        | DENY
 NULL        | NULL        | DENY
 
-Once the privilages are changed, they take full effect once the user reconnects
+Once the privileges are changed, they take full effect once the user reconnects
 to the database. 
 
 #### Grant privileges
@@ -172,12 +174,12 @@ raised by using `REVOKE`. For instance, if a user has been denied the `INDEX`
 privilege, but the role it belongs to is granted that privilege, the user is
 unable to use indexing features.
 
-If the user's `INDEX` privilege is revoked, they will be able to do use indexing
-features because his role is granted that privilege.
+If the user's `INDEX` privilege is revoked, they will be able to use indexing
+features because the role is granted that privilege.
 
 #### Manage all privileges at once
 
-To grant, deny or revoke all privileges use the `ALL PRIVILEGES` construct:
+To grant, deny or revoke all privileges, use the `ALL PRIVILEGES` construct:
 
 ```cypher
 GRANT ALL PRIVILEGES TO <user>;

@@ -20,8 +20,9 @@ and [auth system integrations](/database-management/authentication-and-authoriza
 Creating a user can be done by executing the following command:
 
 ```cypher
-CREATE USER user_name [IDENTIFIED BY 'password'];
+CREATE USER [IF NOT EXISTS] user_name [IDENTIFIED BY 'password'];
 ```
+If the user already exists, you can use `IF NOT EXISTS` to only create new users.
 
 If the username is an email address, you need to enclose it in backticks (``` ` ```):
 
@@ -35,22 +36,22 @@ the `--auth-user-or-role-regex` flag to include spaces. For example,
 
 If the user should authenticate themselves on each session, i.e. provide their
 password on each session, the part within the brackets is mandatory. Otherwise,
-the password is set to `null` and the user will be allowed to log-in using
+the password is set to `null`, and the user will be allowed to log-in using
 any password, provided that they use the correct username.
 
-To set or alter a user's password run the following command:
+To set or alter a user's password, run the following command:
 
 ```cypher
 SET PASSWORD FOR user_name TO 'new_password';
 ```
 
-Setting the users's password to null removes the password, allowing the user to
+Setting the user's password to null removes the password, allowing the user to
 log-in using any password:
 
 ```cypher
 SET PASSWORD FOR user_name TO null;
 ```
-To delete a user run the following command:
+To delete a user, run the following command:
 
 ```cypher
 DROP USER user_name;
@@ -68,7 +69,7 @@ appropriate values of `bcrypt`, `sha256` or `sha256-multiple`.
 
 **BCrypt**
 This algorithm is the default algorithm for password encryption. It's the most secure algorithm and has the best
-protection against brute-force attack. However, if you're running connecting multiple concurrent enterprise users with
+protection against brute-force attacks. However, if you're connecting multiple concurrent enterprise users with
 passwords at the same time, it may not be the best choice for you as you might experience slower performance. The performance
 is slower only during authentication of the users, and should not degrade once the connection has been established.
 

@@ -501,7 +501,7 @@ This section contains the list of all other releant flags used within Memgraph.
 | --monitoring-port=7444                        | Port on which the Memgraph's monitoring WebsScket server should listen.                                                                                                                                                                                                                                                                                      | `[int32]`  |
 | --password-encryption-algorithm=bcrypt        | Algorithm used for password encryption. Defaults to BCrypt. Allowed values: `bcrypt`, `sha256`, `sha256-multiple` (SHA256 with multiple iterations)                                                                                                                                                                                                          | `[string]` |
 | --replication-replica-check-frequency-sec     | The time duration in seconds between two replica checks/pings. If < 1, replicas will not be checked at all and the replica will never be recovered. The MAIN instance allocates a new thread for each REPLICA.                                                                                                                                               | `[uint64]` |
-| --replication-restore-state-on-startup        | Set to `true` when initializing an instance to restore the replication role and configuration upon restart.                                                                                                                                                                                                                                                  | `[bool]`   |
+| --replication-restore-state-on-startup=true   | Set to `true` when initializing an instance to restore the replication role and configuration upon restart.                                                                                                                                                                                                                                                  | `[bool]`   |
 | --telemetry-enabled=true                      | Set to true to enable telemetry. We collect information about the running system (CPU and memory information), information about the database runtime (vertex and edge counts and resource usage), and aggregated statistics about some features of the database (e.g. how many times a feature is used) to allow for an easier improvement of the product.  | `[bool]`   |
 | --version                                     | Show version and build info and exit. The default values is `false`.                                                                                                                                                                                                                                                                                         | `[bool]`   |