# See additional documentation at the end of this file. # See documentation regarding configurables here: # https://help.perforce.com/helix-core/server-apps/cmdref/current/Content/CmdRef/configurables.alphabetical.html # Format: # Profile|Configurable|ExpectedValue|CompareStyle|Optionality|ServerIDType|SetNotes #------------------------------------------------------------------------------ # Default values. These always apply, and are combined with one user-specified # profile defined further below, e.g. 'demo' or 'hcc'. #------------------------------------------------------------------------------ always|auth.id|null|Set|Required|any|EDITME_AddURLForNotes always|rpl.forward.login|1|Exact|Required|any|EDITME_AddURLForNotes always|run.users.authorize|1|Exact|Required|any|None always|dm.user.hideinvalid|1|Exact|Required|any|None always|server|3|AtLeast|Recommended|any|None always|server.depot.root|/p4/__SDP_INSTANCE__/depots|Exact|Required|any|None always|journalPrefix|/p4/__SDP_INSTANCE__/checkpoints/__P4SERVER__|Exact|Required|any|None always|dm.info.hide|1|Exact|Required|any|None always|monitor|1|AtLeast|Required|any|None always|net.tcpsize|null|Unset|Required|any|None always|net.autotune|null|Unset|Required|any|https://portal.perforce.com/s/article/15368 always|db.monitor.shared|4096|AtLeast|Required|any|None always|net.backlog|2048|AtLeast|Required|any|None always|lbr.bufsize|1M|AtLeast|Required|any|None always|filesys.bufsize|1M|AtLeast|Required|any|None always|server.commandlimits|2|Exact|Required|any|None always|rpl.checksum.auto|1|Exact|Required|any|None always|rpl.checksum.change|2|Exact|Required|any|None always|rpl.checksum.table|1|Exact|Required|any|None always|rpl.compress|4|Exact|Recommended|any|None always|dm.user.loginattempts|7|AtLeast|Recommended|any|None always|server.start.unlicensed|1|Exact|Recommended|any|None always|rejectList|P4EXP,version=2014.2|Contains|Recommended|any|None always|rt.monitorfile|monfile.mem|Exact|Recommended|any|None always|server.global.client.views|1|Exact|Recommended|any|None always|server.locks.global|1|Exact|Recommended|any|None always|proxy.monitor.level|3|AtLeast|Recommended|any|None always|submit.noretransfer|1|Exact|Recommended|any|None # Best Practices for Swarm always|dm.shelve.promote|1|Exact|Recommended|any|None always|dm.keys.hide|2|Exact|Recommended|any|None always|filetype.bypasslock|1|Exact|Recommended|any|None # Extensions always|server.extensions.dir|__LOGS__/p4-extensions|Exact|Recommended|any|None # Enable Partition Clients always|client.readonly.dir|__P4ROOT__/client.readonly.dir|Set|Recommended|any|None always|client.sendq.dir|__P4ROOT__/client.readonly.dir|Set|Recommended|any|None # Structured Logging. always|serverlog.file.3|__LOGS__/errors.csv|Exact|Recommended|any|None always|serverlog.retain.3|__KEEPLOGS__|AtLeast|Recommended|any|None always|serverlog.file.7|__LOGS__/events.csv|Exact|Recommended|any|None always|serverlog.retain.7|__KEEPLOGS__|AtLeast|Recommended|any|None always|serverlog.file.8|__LOGS__/integrity.csv|Exact|Recommended|any|None always|serverlog.retain.8|__KEEPLOGS__|AtLeast|Recommended|any|None always|serverlog.file.11|__LOGS__/triggers.csv|Exact|Recommended|any|None always|serverlog.retain.11|__KEEPLOGS__|AtLeast|Recommended|any|None # Net Keepalive Settings. always|net.keepalive.count|9|AtLeast|Recommended|any|None always|net.keepalive.disable|0|Exact|Recommended|any|None always|net.keepalive.idle|180|Set|Recommended|any|None always|net.keepalive.interval|15|AtLeast|Recommended|any|None always|lbr.autocompress|1|Exact|Required|any|None always|db.reorg.disable|1|Exact|Recommended|any|None #------------------------------------------------------------------------------ # Demo Profile Settings #------------------------------------------------------------------------------ demo|filesys.P4ROOT.min|5M|AtLeast|Recommended|any|None demo|filesys.depot.min|5M|AtLeast|Recommended|any|None demo|filesys.P4JOURNAL.min|5M|AtLeast|Recommended|any|None demo|server.maxcommands|2500|AtLeast|Required|any|None demo|net.parallel.max|10|AtLeast|Recommended|any|None demo|net.parallel.threads|4|AtLeast|Recommended|any|None demo|net.parallel.sync.svrthreads|300|NoMoreThan|Recommended|any|None # Helix Core Cloud hcc|security|4|Exact|Required|any|Standard hcc|dm.user.noautocreate|2|Exact|Recommended|any|None hcc|filesys.P4ROOT.min|5M|AtLeast|Recommended|any|None hcc|filesys.depot.min|5M|AtLeast|Recommended|any|None hcc|filesys.P4JOURNAL.min|5M|AtLeast|Exact|Recommended|any|None hcc|server.maxcommands|2500|AtLeast|Required|any|None hcc|net.parallel.max|8|AtLeast|Recommended|any|None hcc|net.parallel.threads|4|AtLeast|Recommended|any|None hcc|net.parallel.sync.svrthreads|300|NoMoreThan|Recommended|any|None # Production Commercial Profile Settings prod|security|4|AtLeast|Required|any|Standard prod|filesys.P4ROOT.min|5G|AtLeast|Recommended|any|None prod|filesys.depot.min|5G|AtLeast|Recommended|any|None prod|filesys.P4JOURNAL.min|5G|AtLeast|Recommended|any|None prod|dm.user.noautocreate|2|Exact|Recommended|any|None prod|server.maxcommands|2500|AtLeast|Required|any|None prod|auth.sso.allow.passwd|1|Exact|Recommended|any|None prod|auth.sso.nonldap|1|Exact|Recommended|any|None prod|net.parallel.max|10|AtLeast|Recommended|any|None prod|net.parallel.threads|4|AtLeast|Recommended|any|None prod|net.parallel.sync.svrthreads|3000|NoMoreThan|Recommended|any|None # Public Server Profile Settings pub|security|0|Exact|Required|any|Standard pub|filesys.P4ROOT.min|1G|AtLeast|Recommended|any|None pub|filesys.depot.min|1G|AtLeast|Recommended|any|None pub|filesys.P4JOURNAL.min|1G|AtLeast|Recommended|any|None pub|server.maxcommands|2500|AtLeast|Required|any|None pub|net.parallel.max|10|AtLeast|Recommended|any|None pub|net.parallel.threads|4|AtLeast|Recommended|any|None pub|net.parallel.sync.svrthreads|400|NoMoreThan|Recommended|any|None #------------------------------------------------------------------------------ # Overview # # This data file, intended for use with the ccheck.sh script, defines best # practices for various configurables for a Helix Core server. The best # practices are categorized by profiles of Helix Core servers. For example, # the 'pub' profile is for a public server, which would be expected to have # security=0. The 'prod' profile for a commercial production server would be # expected to have security set to at least 4. #------------------------------------------------------------------------------ # Profile # # Each configurable and expected value is associated with a profile: # * always - This is a special profile that always applies; other profiles # specified will add to or override values defined in this profile. # # * prod - For commercial production Helix Core servers (closed source, secure) # This is the default profile. This is for production usage at small # small-to-medium scale. # # * prodent - Production at large enterprise scale. # # * demo - For demo and evaluation servers, with no security needs. # # * open - For public/open source servers, with open read access (security=0). #------------------------------------------------------------------------------ # ExpectedValue: # # The expected value of the configurable. (See also: CompareStyle) # Expected values can have substitutions. Values to be substituted use a # double-underscore as a prefix and suffix, e.g. __SDP_INSTANCE__ will be # substitued with the SDP Instance Name. The follwoing substitutsions are # done: # # __SDP_INSTANCE__ SDP Instance name, e.g. '1'. # __P4ROOT__ Server root, e.g. /p4/N/root. # __P4SERVER__ SDP Instance name, e.g. 'p4_1'. # __KEEPLOGS__ KEEPLOGS setting defined in SDP shell env. # __LOGS__ Logs dir, e.g. '/p4/1/logs'. #------------------------------------------------------------------------------ # CompareStyle: # # This determines how actual and expected Value are matched. # * Exact - Actual value matches expected exactly, numeric or string. # * Set - Actual value is set to anything, just not null/unset. # * Unset - Value must not be explicitly set with 'p4 configure'. # * AtLeast - Actual is as big or bigger than expected. This is a # numeric comparison. The value must be an integer or a size # e.g. 20K, 4G (ending in B, K, M, G, T, P, or E). # * NoMoreThan - Actual is as no more than expected; opposite of AtLeast. # * Contains - Actual value contains the expected value (string compare). # #------------------------------------------------------------------------------ # Optionality: # # This indicates whether the given setting is required or recommended. Values # are: # # Required - If the value is not set to the expected value, validations fail. # # Recommended - If the value is not set to the expected value, validations # succeed with a warning. #------------------------------------------------------------------------------ # ServerIDType # # This can be one of: # # * any - For the global default 'any' config. # * commit - Setting for the singular ServerID of the commit server, as defined # by the P4MASTER_ID setting. # * replica - For a non-standby replica # * standby - For a standby/journalcopy replica # * edge - For an edge server #------------------------------------------------------------------------------ # SetNotes: # # This column contains a reference to info to be displayed if it is determined # that the configurable needs to be changed. For example, setting auth.id will # invalidate all tickets, and thus may require planning to roll out in an # enterprise environment. # # This is empty or has the value None for configurables that can safely be set # in real-time without further contemplation. For settings that require a # maintenance windows (due to a service restart), or possibly require planning # and awareness of impact to users to change, this field contains a link to a # URL with details. This is used for configurables like auth.id, security, and # rpl.forward.login that have details to be aware of when changing them.
| # | Change | User | Description | Committed | |
|---|---|---|---|---|---|
| #25 | 31536 | C. Thomas Tyler |
Configurables tweaks; these now require -FIX to change and have guidance: server.rolechecks - Standard configurables doc page for server.rolechecks journalPrefix - Guidance is The SDP jouranlPrefix Standard. server.depot.root - Standard configurables doc page for server.depot.root server.start.unlicensed - Standard configurables doc page for server.start.unlicensed monitor - Standard configurables doc page for monitor db.monitor.shared - Standard configurables doc page for db.monitor.shared server.extensions.dir checks have been disabled for new. net.autotune KB net.tcpsize - KB #review-31537 @jclucas |
||
| #24 | 31506 | C. Thomas Tyler |
Enhanced ccheck.sh to work on p4d servers prior to r23.2, before the advent fo the 'p4 configure help' command. If run on older servers, the list of security-related configurables is extracted from a new section on the config file. |
||
| #23 | 31503 | C. Thomas Tyler | Added 'security=4' to 'demo' profile to better demo best practices. | ||
| #22 | 31498 | C. Thomas Tyler |
Disabled the check for server.extensions.dir due to issues changing this value once it is set and extensions are already in use, e.g. by P4AS or P4 Code Review. |
||
| #21 | 31492 | C. Thomas Tyler |
More ccheck.sh enhancements. Added code to mitigate the impact of setting auth.id. If the changes advised include setting auth.id, a warning is displayed indicating a series of p4login commands to run immediately after. If '-FIX' is used, the script will execute those commands on the current server and advise they be used on other servers. Added logic so that changing security from 3 -> 4 can be done with '-fix', but going from 0-2 -> 4 requires -FIX due to risk of impact. Added special checks not related to the data file: * Add as a required check: Report error if client.readonly.dir is an absolute path. * Add as a recommended check: Report error if client.readonly.dir is defined and client.sendq.dir has a different value. Added 'prodent' profile to configuration file (already mentioned in docs). Changed config so filesys.*.min settings require manual intervention (as they can quickly break the server). Tweaked so data file supports raw text in the config file as well as URLs for providing guidance. #review-31493 |
||
| #20 | 31488 | C. Thomas Tyler |
Added logic to display guidance for those configurables that have guidance information available. Bumped major version to 2.0 to reflect significant changes since last released version. Fixed typo in configuration that prevent dm.user.setinitailpassword from being reported on (fix to unreleased dev branch version). Commented out P4AS (fka HAS) configurables; they're required if P4AS is used but not otherwise. |
||
| #19 | 31484 | C. Thomas Tyler | Adjusted Comparison style for dm.loginattempts. | ||
| #18 | 31480 | C. Thomas Tyler | Setting dm.user.resetpassword=1. | ||
| #17 | 31470 | C. Thomas Tyler | Added support for new 'Optionality' value of 'Optional'. | ||
| #16 | 31460 | C. Thomas Tyler | Cleaned up some comments for clarity. | ||
| #15 | 31447 | C. Thomas Tyler | New best practice: dm.user.setinitialpasswd=0 | ||
| #14 | 31419 | C. Thomas Tyler |
New best practice: Set server.rolechecks=1. #review-31420 |
||
| #13 | 31391 | C. Thomas Tyler |
Changed client.readonly.dir value from absolute to relative path. #review-31392 @robert_cowham @roger_prince |
||
| #12 | 31350 | C. Thomas Tyler |
Refine cchech.sh and config file to allow specification of 'Unset' to be required, in which case we pass the check if the value is unset regardless of the default value. We already allow checking the default value and consider it to comply if the default value matches expected. This new change will support some values being defined as required to be unset. Add examples and descriptive text in configurables.cfg. Fix ShellCheck compliance issues. Changed '-v' so required values having expected values show as GREAT rather than GOOD. Recommended values having expected values still show as GOOD. For values *not* matching expectations, required values show as BAD, while recommended values now show as WARN. The word FAIL is now used only in the summary, and appears only if there are any BAD indications (required values not matching) or else any system errors checking configurables. #review-31351 |
||
| #11 | 31136 | C. Thomas Tyler |
Added content to cover scenario where P4JOURNAL is set in db.config. This addresses SDP-737 (Doc): In SDP Legacy Upgrade Guide, advise p4d -cunset P4JOURNAL if needed. Also updated URL for list of configurables due to change in Perforce web site layout, with docs moved from somewhere under www.perforce.com to somewhere under help.perforce.com. For example: Old URL for configurables: https://www.perforce.com/manuals/cmdref/Content/CmdRef/configurables.alphabetical.html New URL for configurables: https://help.perforce.com/helix-core/server-apps/cmdref/current/Content/CmdRef/configurables.alphabetical.html |
||
| #10 | 30610 | C. Thomas Tyler |
New best practice configurable: Set rt.monitorfile. #review-30611 |
||
| #9 | 30500 | C. Thomas Tyler |
New best practice configurable: dm.user.hideinvalid=1 #review-30501 |
||
| #8 | 30443 | C. Thomas Tyler | Corrected guidance for net.autotune; it should be unset. | ||
| #7 | 30283 | C. Thomas Tyler |
New best practice: Set submit.noretransfer=1. #review-30284 |
||
| #6 | 30254 | C. Thomas Tyler |
ccheck.sh: Completed doc and code changes to establish 'prod' as the default profile. Now use '-p none' to use only the default profile. |
||
| #5 | 30035 | C. Thomas Tyler | Corrected configurable name. | ||
| #4 | 30034 | C. Thomas Tyler | Adjusted net.keepalive.interval valie. | ||
| #3 | 30019 | C. Thomas Tyler |
Added net.keepalive settings to best practices. #review @robert_cowham @mwittenberg |
||
| #2 | 30016 | C. Thomas Tyler | Refined configurables. | ||
| #1 | 29994 | C. Thomas Tyler |
Added ccheck.sh script to compare configurables current vs. best practices, and corresponding configurbles data file. #review-29995 |