@ECHO OFF
:: ============================================================================
:: This script serves as a guide defining best-practice configurables for a
:: production environment. See documentation regarding configurables here:
:: https://www.perforce.com/perforce/doc.current/manuals/cmdref/Content/CmdRef/configurables.configurables.html
::
:: Copyright and license info is available in the LICENSE file included with
:: the Server Deployment Package (SDP), and also available online:
:: https://swarm.workshop.perforce.com/projects/perforce-software-sdp/view/main/LICENSE
:: ----------------------------------------------------------------------------
REM Set P4PORT and P4USER and run p4 login before running this script.
:: Verify instance value
if %1x==x (
echo Error: An instance argument is required.
echo .
exit /b 1
)
SET instance=%1
call C:\p4\common\bin\p4env.bat %1
@ECHO ON
p4 configure set run.users.authorize=1
:: The server.depot.root configurable is valid for P4D 2014.1+
p4 configure set server.depot.root=c:\p4\%instance%\depots
p4 configure set journalPrefix=%CHECKPOINTS_DIR%\p4_%instance%
:: The db.peeking configurable is valid for P4D 2013.3+
p4 configure set db.peeking=3
p4 configure set dm.user.noautocreate=2
p4 configure set dm.user.resetpassword=1
p4 configure set filesys.P4ROOT.min=5G
p4 configure set filesys.depot.min=5G
p4 configure set filesys.P4JOURNAL.min=5G
p4 configure set monitor=1
p4 configure set server=4
:: For P4D 2015.2+, make client views global in a commit/edge environment.
p4 configure set server.global.client.views=1
:: For P4D 2013.2+, setting db.reorg.disable=1, which turns off
:: dynamic database reorg, has been shown to significantly improve
:: performance when Perforce databases (db.* files) are stored on
:: some solid state storage devices, while not making a difference
:: on others.
p4 configure set db.reorg.disable=1
:: Set net.tcpsize to 512k when P4D is 2017.1 or less. In 2014.2
:: the default value become 512k. For newer versions of p4d, set
:: net.tcpsize explicitly to 0 to engage auto-self-tuning feature.
p4 configure set net.tcpsize=0
:: For P4D 2016.2.1468155+, set db.monitor.shared = max value.
:: This is the number of 8k pages to set aside for monitoring,
:: which requires pre-allocation of sufficient RAM. The default
:: is 256, or 2MB, enough for about 128 active/concurrent processes.
:: The max as of 2016.2 is 4096. Setting db.monitor.shared=0
:: causes the db.monitor on disk to be used instead, which can
:: potentially be a bottleneck.
p4 configure set db.monitor.shared=4096
p4 configure set net.backlog=2048
p4 configure set lbr.bufsize=1M
p4 configure set lbr.autocompress=1
p4 configure set filesys.bufsize=1M
p4 configure set serverlog.file.4=%LOGS_DIR%\audit.csv
p4 configure set serverlog.retain.4=%KEEPLOGS%
p4 configure set serverlog.maxmb.4=200
p4 configure set serverlog.file.8=%LOGS_DIR%\integrity.csv
p4 configure set serverlog.retain.8=%KEEPLOGS%
@echo "Creating a depot named 'spec' of type 'spec'.
p4 depot -i < spec.depot.p4s
@echo "Creating a depot named 'unload' of unload 'unload'.
p4 depot -i < unload.depot.p4s
:: For p4d 2013.2+ -Turn off max* commandline overrides.
p4 configure set server.commandlimits=2
@echo See http://www.perforce.com/perforce/doc.current/manuals/p4dist/chapter.replication.html#replication.verifying
@echo if you are also setting up a replica server.
p4 configure set rpl.checksum.auto=1
p4 configure set rpl.checksum.change=2
p4 configure set rpl.checksum.table=1
:: Define number of login attempts before there is a delay, to thwart
:: automated password crackers. Default is 3; set to a higher value to
:: be more friendly to humans without compromising the protection.
p4 configure set dm.user.loginattempts=7
:: For p4d 2016.1 Patch 5+
:: Enable a server with an expired temp license to start, albeit with limited
:: functionality, so that license expiry doesn't make it impossible to perform
:: license management via the front-door. This configurable allows the server
:: to be started regardless of a bad license, though users will still be blocked
:: by license invalid messages. Perpetual commercial licenses never expire;
:: this configurable will not affect those.
p4 configure set server.start.unlicensed=1
:: Starting with p4d 2015.1 Patch 5, disallow P4EXP v2014.2 (a client
:: version known to misbehave) from connecting to the server.
:: See: http://answers.perforce.com/articles/KB/15014
p4 configure set "rejectList=P4EXP,version=2014.2"
:: For p4d 2011.1 thru 2015.1, set rpl.compress=3. For p4d 2015.2+, set
:: rpl.compress=4. This setting compresses journal data only, which is
:: almost always advantageous as it compresses well, while avoiding
:: compression of archive data, which is a mixed bag in terms of performance
:: benefits, and potentially a net netagive.
p4 configure set rpl.compress=4
:: Starting with p4d 2016.2, enable these features.
p4 configure set filesys.checklinks=2
p4 configure set server.locks.global=1
p4 configure set proxy.monitor.level=3
:: Recommended for Swarm
p4 configure set dm.shelve.promote=1
p4 configure set dm.keys.hide=2
p4 configure set filetype.bypasslock=1
:: Starting with p4d 2016.1, use auth.id to simplify ticket handling.
:: After setting auth.id, login again.
p4 configure set rpl.forward.login=1
p4 configure set auth.id=p4_%SDP_INSTANCE%
p4login.bat
:: Set SDP version identifing info.
p4 counter SDP "%DATE%"
:: Restart to ensure all configurable changes take effect.
p4 admin restart
p4login.bat
@echo It is recommended that you run 'p4 configure set security=3' or
@echo 'p4 configure set security=4'.
@echo See: http://www.perforce.com/perforce/doc.current/manuals/p4sag/chapter.superuser.html#DB5-49899\n"
| # | Change | User | Description | Committed | |
|---|---|---|---|---|---|
| #1 | 23960 | noe_gonzalez | "Forking branch Dev of perforce-software-sdp to noe_gonzalez-sdp." | ||
| //guest/perforce_software/sdp/dev/Server/setup/configure_new_server.bat | |||||
| #28 | 23679 | C. Thomas Tyler |
Added comment indicating that these scripts serve as a guide defining best practices configurables for a production environment. Also added a handy URL to bookmark documenting many configurables: https://www.perforce.com/perforce/doc.current/manuals/cmdref/Content/CmdRef/configurables.configurables.html No functional change. |
||
| #27 | 23442 | C. Thomas Tyler |
Fixed issue with super user not being logged in after the restart that occurs after setting auth.id. |
||
| #26 | 23316 | C. Thomas Tyler |
Added filetype.bypasslock=1 configurable, recommended for Swarm. This is needed to allow reviews of exclusively locked files. It allows Swarm to unshelve such files for review, by doing: p4 unshelve --bypass-exclusive-lock -s <shelved_changelist> |
||
| #25 | 23001 | C. Thomas Tyler | Added comment re: net.tcpsize to match lastest change to configure_new_servers.sh. | ||
| #24 | 22977 | C. Thomas Tyler |
For P4D 2016.2/1468155+ servers, added configurable setting. p4 configure set db.monitor.shared=4096 Also added notes describing why we set it and other how it works. |
||
| #23 | 22520 | C. Thomas Tyler |
Updated configure_new_server.* scripts, which reflect SDP best practices for enterprise environments. Taking out the setting to disable autologinpromt, upon discovery that it has a safety feature of going interactive only in an interactive terminal shell. It will still wreak havoc with non-interactive commands that do things like 'ssh' with '-t' (to simulate a interactive terminal shell, as is sometimes necessary in automation). But as that is somewhat obscure, the most widely applicable best practice is to use the default p4d behavior, i.e. with autologinprompt enabled. #review @sven_erik_knop @nick_poole |
||
| #22 | 22031 | C. Thomas Tyler |
Bumped up dm.user.loginattempts from 3 to 7, to be more friendly to humans who mistype passwords. |
||
| #21 | 21883 | C. Thomas Tyler | Added new configurable setting: 'filesys.bufsize=1M'. | ||
| #20 | 21630 | C. Thomas Tyler |
Configurables for best results with Swarm in particular, but a generally better overall experience. p4 configure set dm.shelve.promote=1 p4 configure set dm.keys.hide=2 Note that setting dm.shelve.promote=1 will slow down shelving operations on an edge server, but will make the shelves globally available. On balance, dm.shelve.promote=1 is recommended, though admins should be aware of the trade off (a simpler global view and cross-site code reviews, at some cost for performance of shelving at edge sites). |
||
| #19 | 21454 | C. Thomas Tyler |
For p4d 2016.1 Patch 5+ servers, enable a server with an expired temp license to start, albeit with limited functionality, so that license expiry doesn't make it impossible to perform license management via the front-door. This configurable allows the server to be started regardless of a bad license, though users will still be blocked by license invalid messages. Perpetual commercial licenses never expire; this configurable will not affect those. Also added +x file type modifier to the *.bat file. |
||
| #18 | 21369 | C. Thomas Tyler |
Configured to re-login after setting auth.id, and restart p4d at the end of the script. |
||
| #17 | 21232 | C. Thomas Tyler |
Define auth.id for P4D 2016.1+ servers to "p4_<instance>". The value doesn't really affect behavior for auth.id, so long as it's defined. |
||
| #16 | 21173 | C. Thomas Tyler | Taking advantage of new 2016.2 configurables. | ||
| #15 | 20332 | C. Thomas Tyler |
A few configurable tweaks: * Setting server=4 logging as the default. * Setting net.backlog=2048, per Support. * Setting net.tcpsize=0 to engage 'auto-self-tuning' magic. |
||
| #14 | 19837 | C. Thomas Tyler |
Added defense against known-misbehaving client versions using rejectList configurable, availabe starting with P4D 2015.1 Patch 5. See: http://answers.perforce.com/articles/KB/15014 |
||
| #13 | 19661 | C. Thomas Tyler |
Change to best-practice configurables. For p4d 2016.1 Patch 2+ (2016.1.1395783+), disable auto prompting for a password, as this can cause 'p4' commands to go interactive that wouldn't normally, wreaking havoc with automation. Fix with: p4 configure set auth.autologinprompt=0. |
||
| #12 | 19302 | C. Thomas Tyler |
Adjusted setting of db.reorg.disable to go with the block comments made previously to receive a setting for db.reorg.disable. In those comments, setting of the value had been commented out, but now are not. This impact has no functional change other than adding the safety feature of avoiding setting db.reorg.disable for older versions of p4d that don't support it. support it. |
||
| #11 | 19112 | Russell C. Jackson (Rusty) |
Turn off database reorg per best practice recommendation from Anton and Michael S. Stop running weekly_backup.sh automatically since a compact database actually causes a performance hit. Added note to occasionally run weekly_backup.sh to recapture free space. |
||
| #10 | 18937 | C. Thomas Tyler |
Removed configurables for 'errors' and 'events' structured logs. Added 'maxmb' setting of 200MB for the structured audit log. Enhanced Windows version work like Unix version: * Added a check for the 'instance' paramter. * Loads SDP environment from p4env.bat (equiv of p4_vars). * Uses SDP environment to set various things. * Now creates 'spec' and 'unload' depots. Changed both Unix and Windows versions to use KEEPLOGS setting defiend in standard SDP enviornment file to apply to 'retain' setting of structured server logs. Removed obsolete comment relationg to the SetDepotSpecMapField trigger, which was obsoleted with server.depot.root in 2014.1. Changed mechanism for creating 'spec' and 'unload' depots to one that works the same for Windows and Linux. Removed defaultChangeType setting. The impact on Swarm and performance may not be worth the security benefit for. It is still a good practice for some environments, but I'm not sure it's a clear best practice to set it. |
||
| #9 | 16805 | Russell C. Jackson (Rusty) |
#review-16795 Added the audit log as a default structured log and set the rotation to keep 31 days. |
||
| #8 | 16460 | C. Thomas Tyler |
Routine Merge Down to dev from main using: p4 merge -b perforce_software-sdp-dev |
||
| #7 | 16335 | C. Thomas Tyler |
Routine Merge Down to dev from main using: p4 merge -b perforce_software-sdp-dev |
||
| #6 | 16029 | C. Thomas Tyler |
Routine merge to dev from main using: p4 merge -b perforce_software-sdp-dev |
||
| #5 | 15554 | C. Thomas Tyler | Routine merge-down from main. | ||
| #4 | 12030 | C. Thomas Tyler | Merged down from main to refresh dev branch for SDP. | ||
| #3 | 12028 | C. Thomas Tyler | Refreshed SDP dev branch, merging down from main. | ||
| #2 | 11463 | Russell C. Jackson (Rusty) | Updated dev to prepare for Summit agreed changes. | ||
| #1 | 10638 | C. Thomas Tyler | Populate perforce_software-sdp-dev. | ||
| //guest/perforce_software/sdp/main/Server/setup/configure_new_server.bat | |||||
| #1 | 10148 | C. Thomas Tyler | Promoted the Perforce Server Deployment Package to The Workshop. | ||