configure_new_server.bat #8 

:: ============================================================================
:: Copyright and license info is available in the LICENSE file included with
:: the Server Deployment Package (SDP), and also available online:
:: https://swarm.workshop.perforce.com/projects/perforce-software-sdp/view/main/LICENSE
:: ----------------------------------------------------------------------------
REM Set P4PORT and P4USER and run p4 login before running this script.
REM Also run p4 triggers and put in the SetDefaultDepotSpeMapField.py trigger first as well. 
SET instance=%1

p4 configure set defaultChangeType=restricted
p4 configure set run.users.authorize=1
:: The server.depot.root configurable is valid for P4D 2014.1+
p4 configure set server.depot.root=c:\p4\%instance%\depots
p4 configure set journalPrefix=c:\p4\%instance%\checkpoints\p4_%instance%
:: The db.peeking configurable is valid for P4D 2013.3+
p4 configure set db.peeking=3
p4 configure set dm.user.noautocreate=2
p4 configure set dm.user.resetpassword=1
p4 configure set filesys.P4ROOT.min=5G
p4 configure set filesys.depot.min=5G
p4 configure set filesys.P4JOURNAL.min=5G
p4 configure set monitor=1
p4 configure set server=3

:: For P4D 2013.2+, setting db.reorg.disable=1 has been shown
:: to significantly improve performance when Perforce databases (db.*
:: files) are stored on some solid state storage devices, while not
:: making a difference on others.  It should be considered.
:: p4 configure set db.reorg.disable=1

p4 configure set lbr.bufsize=1M
p4 configure set lbr.autocompress=1
p4 configure set serverlog.file.3=c:\p4\%instance%\logs\errors.csv
p4 configure set serverlog.retain.3=7
p4 configure set serverlog.file.7=c:\p4\%instance%\logs\events.csv
p4 configure set serverlog.retain.7=7
p4 configure set serverlog.file.8=c:\p4\%instance%\logs\integrity.csv
p4 configure set serverlog.retain.8=7

@echo "Create a depot named 'spec' of type 'spec'.
@echo "Create a depot named 'unload' of unload 'spec'.

:: For p4d 2013.2+ -Turn off max* commandline overrides.
p4 configure set server.commandlimits=2

@echo See http://www.perforce.com/perforce/doc.current/manuals/p4dist/chapter.replication.html#replication.verifying
@echo if you are also setting up a replica server.
p4 configure set rpl.checksum.auto=1
p4 configure set rpl.checksum.change=2
p4 configure set rpl.checksum.table=1

:: For p4d 2011.1 thru 2015.1, set rpl.compress=3.  For p4d 2015.2+, set
:: rpl.compress=4.  This setting compresses journal data only, which is
:: almost always advantageous as it compresses well, while avoiding
:: compression of archive data, which is a mixed bag in terms of performance
:: benefits, and potentially a net netagive.
p4 configure set rpl.compress=4

p4 counter SDP "%DATE%"

@echo It is recommended that you run 'p4 configure set security=3' or
@echo 'p4 configure set security=4'.
@echo See: http://www.perforce.com/perforce/doc.current/manuals/p4sag/chapter.superuser.html#DB5-49899\n"
# Change User Description Committed
#59 31481 C. Thomas Tyler Enabled auth.csv.

Normalized serverlog.* configurables across Windows/Linux.
#58 31480 C. Thomas Tyler Setting dm.user.resetpassword=1.
#57 31447 C. Thomas Tyler New best practice: dm.user.setinitialpasswd=0
#56 31419 C. Thomas Tyler New best practice: Set server.rolechecks=1.

#review-31420
#55 31391 C. Thomas Tyler Changed client.readonly.dir value from absolute to relative path.

#review-31392 @robert_cowham @roger_prince
#54 31358 C. Thomas Tyler Removed obsolete reference to discontinued product.
Brought bat script in alignment with bash script for P4AUDIT settings.
Added info in comments re: P4AUDIT not being enabled by default.
#53 31357 C. Thomas Tyler Refined guidance in configure_new_server.{bat,sh} to align with ccheck.sh.
#52 31136 C. Thomas Tyler Added content to cover scenario where P4JOURNAL is set in db.config.

This addresses SDP-737 (Doc): In SDP Legacy Upgrade Guide, advise p4d -cunset P4JOURNAL if needed.

Also updated URL for list of configurables due to change in Perforce web site layout,
with docs moved from somewhere under www.perforce.com to somewhere under
help.perforce.com.

For example:

Old URL for configurables:
https://www.perforce.com/manuals/cmdref/Content/CmdRef/configurables.alphabetical.html

New URL for configurables:
https://help.perforce.com/helix-core/server-apps/cmdref/current/Content/CmdRef/configurables.alphabetical.html
#51 30610 C. Thomas Tyler New best practice configurable: Set rt.monitorfile.

#review-30611
#50 30500 C. Thomas Tyler New best practice configurable: dm.user.hideinvalid=1

#review-30501
#49 30283 C. Thomas Tyler New best practice: Set submit.noretransfer=1.

#review-30284
#48 30019 C. Thomas Tyler Added net.keepalive settings to best practices.

#review @robert_cowham @mwittenberg
#47 29935 C. Thomas Tyler Set filesys.atomic.rename to 0 on Windows, to override the 2023.2
default of 1, to ensure checkpoints work in all storage configurations.

#review-29936
#46 29923 C. Thomas Tyler Updated HTML hyperlinks to use 'portal.perforce.com'.

This replaces currently broken links to 'answers.perforce.com' and
currently redirected links to 'community.perforce.com'.

#review-29924
#45 29849 C. Thomas Tyler Updates to configure_new_server.sh:
* Added logic to start service so this script can now be run if the service is down at the start.
* The 'security' configurable is now set to 4 (was unset).
* Enhanced error handling.
* Added logic to more fully initialize a new/empty server:
  - Create perforce P4USER (if there is only a single user on the system).
  - Create Automation group.
  - Initialize basic Protections.

Updates to configure_new_server.bat:
* Added logic to start service so this script can now be run if the service is down at the start.
* The 'security' configurable is now set to 4 (was unset).

In mkdirs.cfg, change the default password to one good enough to be used with `security=4`.

#review-29850
#44 29600 C. Thomas Tyler Added configurables that are good for HAS deployments, and deemed
harmless for non-HAS deployments, auth.sso.allow.passwd and
auth.sso.nonldap.

Removed explicit setting of filesys.checklinks, now deferring to p4d
default.

Set reasonable defaults for net.parallel.max, net.parallel.threads,
net.parallel.sync.svrthreads.

Changed monitor from 1->2.

Removed ref to discontinued KB link.

Fixed shellcheck compliance issues with *.sh script, and added summary
of errors and warnings.

#review @andy_boutte @robert_cowham @mark_zinthefer
#43 28522 C. Thomas Tyler Changed default for server=4 to server=3.
#42 28200 C. Thomas Tyler Fixed bug where auth.id was set incorrectly on Windows.
#41 27757 C. Thomas Tyler On Windows, avoid using 'p4 admin restart', and instead use svcinst.exe to manage the service.
#40 27722 C. Thomas Tyler Refinements to @27712:
* Resolved one out-of-date file (verify_sdp.sh).
* Added missing adoc file for which HTML file had a change (WorkflowEnforcementTriggers.adoc).
* Updated revdate/revnumber in *.adoc files.
* Additional content updates in Server/Unix/p4/common/etc/cron.d/ReadMe.md.
* Bumped version numbers on scripts with Version= def'n.
* Generated HTML, PDF, and doc/gen files:
  - Most HTML and all PDF are generated using Makefiles that call an AsciiDoc utility.
  - HTML for Perl scripts is generated with pod2html.
  - doc/gen/*.man.txt files are generated with .../tools/gen_script_man_pages.sh.

#review-27712
#39 27516 C. Thomas Tyler Updated stale core doc link with KB article re: rpl.* params.

Non-functional change.

#review @d_benedict
#38 27511 C. Thomas Tyler Removed submit.allowbgtransfer as a default setting.
It requires
additional configuration when set.

#review @robert_cowham
#37 26920 C. Thomas Tyler Added setting for server.extensions.dir.
#36 26688 C. Thomas Tyler Removed 'Operating System' value from rejectList, per advice of
Engineering and Support.
#35 26158 C. Thomas Tyler Enable 'p4 submit -b' by setting submit.allowbgtransfer=1 for
P4D 2019.1+.
#34 25802 C. Thomas Tyler Comment clarity improvements.
No functional change.
#33 25004 C. Thomas Tyler Committing Rusy's shelved change after merging with other changes.

#review-28411
#32 24875 C. Thomas Tyler Added setting of dm.info.hide=1, to hide P4ROOT and other
sensitivie info from output of 'p4 info' from a non-authenticated
user.

Removed setting of dm.user.resetpassword, which was already
commented out in the Unix version. This is not really a
general best practice to have set, as most accounts use some
form of LDAP integration.  And even when not, having this
set imposes a certaion workflow on Perforce-managed passwords
that is often better handled in other ways.
#31 24587 C. Thomas Tyler Added net.autotune=1 setting and related comments.

Corrected misinformation in comments related to net.tcpsize configurable, and tweaked logic slightly.

Added more info in README and changed format to Markdown (renaming from .txt to .md).

Enhanced gen_default_broker_cfg.sh to detect whether net.autotune is enabled, and if so, add net.autotune to the broker configuration.

#review-24207 @nick_poole
#30 24222 C. Thomas Tyler Enhanced rejectList value for P4EXP to also reject versions of
P4EXP that impersonate the version string from Windows Explorer.
The 'Operating System' also blocks the versions that impersonate.
#29 24145 C. Thomas Tyler Added comment for why filesys.P4LOG.main and filesys.TEMP.min aren't set.
Comment tweak only, no functional change.
#28 23679 C. Thomas Tyler Added comment indicating that these scripts serve as a guide defining
best practices configurables for a production environment.  Also
added a handy URL to bookmark documenting many configurables:

https://www.perforce.com/perforce/doc.current/manuals/cmdref/Content/CmdRef/configurables.configurables.html

No functional change.
#27 23442 C. Thomas Tyler Fixed issue with super user not being logged in after the restart
that occurs after setting auth.id.
#26 23316 C. Thomas Tyler Added filetype.bypasslock=1 configurable, recommended for Swarm.

This is needed to allow reviews of exclusively locked files.  It
allows Swarm to unshelve such files for review, by doing:
p4 unshelve --bypass-exclusive-lock -s <shelved_changelist>
#25 23001 C. Thomas Tyler Added comment re: net.tcpsize to match lastest change to configure_new_servers.sh.
#24 22977 C. Thomas Tyler For P4D 2016.2/1468155+ servers, added configurable setting.
p4 configure set db.monitor.shared=4096

Also added notes describing why we set it and other how it works.
#23 22520 C. Thomas Tyler Updated configure_new_server.* scripts, which reflect SDP best
practices for enterprise environments.

Taking out the setting to disable autologinpromt, upon discovery
that it has a safety feature of going interactive only in an
interactive terminal shell.  It will still wreak havoc with
non-interactive commands that do things like 'ssh' with '-t' (to
simulate a interactive terminal shell, as is sometimes
necessary in automation).  But as that is somewhat obscure,
the most widely applicable best practice is to use the default
p4d behavior, i.e. with autologinprompt enabled.

#review @sven_erik_knop @nick_poole
#22 22031 C. Thomas Tyler Bumped up dm.user.loginattempts from 3 to 7, to be more friendly to
humans who mistype passwords.
#21 21883 C. Thomas Tyler Added new configurable setting: 'filesys.bufsize=1M'.
#20 21630 C. Thomas Tyler Configurables for best results with Swarm in particular, but
a generally better overall experience.
p4 configure set dm.shelve.promote=1
p4 configure set dm.keys.hide=2

Note that setting dm.shelve.promote=1 will slow down shelving
operations on an edge server, but will make the shelves globally
available.  On balance, dm.shelve.promote=1 is recommended,
though admins should be aware of the trade off (a simpler global
view and cross-site code reviews, at some cost for performance
of shelving at edge sites).
#19 21454 C. Thomas Tyler For p4d 2016.1 Patch 5+ servers, enable a server with an expired temp license to
start, albeit with limited functionality, so that license expiry doesn't make it
impossible to perform license management via the front-door.  This configurable
allows the server to be started regardless of a bad license, though users will
still be blocked by license invalid messages.  Perpetual commercial licenses never
expire; this configurable will not affect those.

Also added +x file type modifier to the *.bat file.
#18 21369 C. Thomas Tyler Configured to re-login after setting auth.id, and restart p4d at the
end of the script.
#17 21232 C. Thomas Tyler Define auth.id for P4D 2016.1+ servers to "p4_<instance>".

The value doesn't really affect behavior for auth.id, so long as it's defined.
#16 21173 C. Thomas Tyler Taking advantage of new 2016.2 configurables.
#15 20332 C. Thomas Tyler A few configurable tweaks:
* Setting server=4 logging as the default.
* Setting net.backlog=2048, per Support.
* Setting net.tcpsize=0 to engage 'auto-self-tuning' magic.
#14 19837 C. Thomas Tyler Added defense against known-misbehaving client versions
using rejectList configurable, availabe starting with P4D
2015.1 Patch 5.

See: http://answers.perforce.com/articles/KB/15014
#13 19661 C. Thomas Tyler Change to best-practice configurables.

For p4d 2016.1 Patch 2+ (2016.1.1395783+), disable auto
prompting for a password, as this can cause 'p4' commands
to go interactive that wouldn't normally, wreaking havoc
with automation.

Fix with: p4 configure set auth.autologinprompt=0.
#12 19302 C. Thomas Tyler Adjusted setting of db.reorg.disable to go with the block comments
made previously to receive a setting for db.reorg.disable.  In those
comments, setting of the value had been commented out, but now are
not.

This impact has no functional change other than adding the safety
feature of avoiding setting db.reorg.disable for older versions of
p4d that don't support it.
support it.
#11 19112 Russell C. Jackson (Rusty) Turn off database reorg per best practice recommendation from Anton and Michael S.
Stop running weekly_backup.sh automatically since a compact database actually causes
a performance hit. Added note to occasionally run weekly_backup.sh to recapture free space.
#10 18937 C. Thomas Tyler Removed configurables for 'errors' and 'events' structured logs.
Added 'maxmb' setting of 200MB for the structured audit log.

Enhanced Windows version work like Unix version:
* Added a check for the 'instance' paramter.
* Loads SDP environment from p4env.bat (equiv of p4_vars).
* Uses SDP environment to set various things.
* Now creates 'spec' and 'unload' depots.

Changed both Unix and Windows versions to use KEEPLOGS setting
defiend in standard SDP enviornment file to apply to 'retain'
setting of structured server logs.

Removed obsolete comment relationg to the SetDepotSpecMapField
trigger, which was obsoleted with server.depot.root in 2014.1.

Changed mechanism for creating 'spec' and 'unload' depots
to one that works the same for Windows and Linux.

Removed defaultChangeType setting.  The impact on Swarm and
performance may not be worth the security benefit for.  It
is still a good practice for some environments, but I'm not
sure it's a clear best practice to set it.
#9 16805 Russell C. Jackson (Rusty) #review-16795

Added the audit log as a default structured log and set the rotation to keep 31 days.
#8 16460 C. Thomas Tyler Routine Merge Down to dev from main using:
p4 merge -b perforce_software-sdp-dev
#7 16335 C. Thomas Tyler Routine Merge Down to dev from main using:
p4 merge -b perforce_software-sdp-dev
#6 16029 C. Thomas Tyler Routine merge to dev from main using:
p4 merge -b perforce_software-sdp-dev
#5 15554 C. Thomas Tyler Routine merge-down from main.
#4 12030 C. Thomas Tyler Merged down from main to refresh dev branch for SDP.
#3 12028 C. Thomas Tyler Refreshed SDP dev branch, merging down from main.
#2 11463 Russell C. Jackson (Rusty) Updated dev to prepare for Summit agreed changes.
#1 10638 C. Thomas Tyler Populate perforce_software-sdp-dev.
//guest/perforce_software/sdp/main/Server/setup/configure_new_server.bat
#1 10148 C. Thomas Tyler Promoted the Perforce Server Deployment Package to The Workshop.