#!/bin/bash set -u #============================================================================== # This script serves as a guide defining best-practice configurables for a # production environment. See documentation regarding configurables here: # https://www.perforce.com/perforce/doc.current/manuals/cmdref/Content/CmdRef/configurables.configurables.html # # Copyright and license info is available in the LICENSE file included with # the Server Deployment Package (SDP), and also available online: # https://swarm.workshop.perforce.com/projects/perforce-software-sdp/view/main/LICENSE #------------------------------------------------------------------------------ # Set P4PORT and P4USER and run p4 login before running this script. declare SpecFile= declare ProtectsFile= declare ProtectsTemplate= declare LOGFILE= declare -i ErrorCount=0 declare -i WarningCount=0 function msg () { echo -e "$*"; } function errmsg () { msg "\\nError: ${1:-Unknown Error}\\n"; ErrorCount+=1; } function warnmsg () { msg "\\nWarning: ${1:-Unknown Warning}\\n"; WarningCount+=1; } function bail () { errmsg "${1:-Unknown Error}"; exit "${2:-1}"; } # Verify instance value INSTANCE=$1 if [[ -n "$INSTANCE" ]]; then # shellcheck disable=SC1091 source /p4/common/bin/p4_vars "$INSTANCE" ||\ bail "Failed to load SDP environment." # shellcheck disable=SC1091 source /p4/common/bin/backup_functions.sh ||\ bail "Failed to load backup_functions.sh." else bail "An instance argument is required." fi LOGFILE="${LOGS:-/tmp}/configure_new_server.$(date +'%Y%m%d-%H%M').log" check_vars set_vars touch "${LOGFILE}" || bail "Couldn't touch log file [${LOGFILE}]." # Redirect stdout and stderr to a log file. exec > >(tee "${LOGFILE}") exec 2>&1 log "${0##*/} configuring $P4SERVER on $(date)." msg "Logging to: $LOGFILE" msg "See documentation regarding configurables here:\\n https://www.perforce.com/perforce/doc.current/manuals/cmdref/Content/CmdRef/configurables.configurables.html\\n" msg "Starting p4d service (if needed)." start_p4d sleep 1 if [[ "$P4PORT" =~ ^ssl[46]*: ]]; then msg "Trusting P4PORT [$P4PORT]." p4 trust -f -y > /dev/null 2>&1 || bail "Could not trust P4PORT [$P4PORT]. Aborting." fi # Generate the super user account, but only if there is only a single account # on the server. if [[ "$(p4 users|wc -l)" ]]; then SpecFile="$(mktemp)" if p4 --field User="$P4USER" --field FullName="Perforce Helix Admin" --field Email="$P4USER@${MAILFROM##*@}" user -o "$P4USER" > "$SpecFile"; then msg "Creating user '$P4USER'." if p4 -s user -f -i < "$SpecFile"; then yes "$(cat "$SDP_ADMIN_PASSWORD_FILE")" | p4 passwd "$P4CBIN"/p4login # Verify the Protections table is not initialized so we don't overwrite an existing table. # Check for any entries in the db.protect table. if [[ -z "$("$P4DBIN" -r "$P4ROOT" -k db.protect -jd - | grep ^@pv@ | head -1)" ]]; then msg "Initializing Protections table." ProtectsFile=$(mktemp) ProtectsTemplate="${0%/*}/protect.p4t" if [[ -r "$ProtectsTemplate" ]]; then if sed -e "s@__P4USER__@$P4USER@g" "$ProtectsTemplate" > "$ProtectsFile"; then if p4 -s protect -i < "$ProtectsFile"; then msg "Protections table initialized to:\\n$(p4 protect -o | grep -v '^#')\\n" else errmsg "Failed to load generated Protections file:\\n$(cat "$ProtectsFile")" fi else errmsg "Failed to generate Protections file from template. Not initializing protections." fi else warnmsg "Skipping Protections table initialization due to missing template: $ProtectsTemplate" fi else warnmsg "Skipping Protections table initialization because Protections table is already initialized." fi else errmsg "Failed to create $P4USER user; tried to load this generated spec file:\\n$(cat "$SpecFile")" fi rm -f "$SpecFile" else errmsg "Failed to generate spec file for $P4USER user." fi else warnmsg "Skipping $P4USER user creation; more than one user account exists." fi # Generate the Automation group with P4USER as member and owner. if [[ "$(p4 group --exists -o Automation 2>&1)" =~ ^Group\ \' ]]; then SpecFile="$(mktemp)" if p4 --field Timeout=unlimited --field PasswordTimeout=unlimited --field Owners="$P4USER" --field Users="$P4USER" group -o Automation > "$SpecFile"; then msg "Creating group 'Automation'." p4 -s group -i < "$SpecFile" ||\ errmsg "Failed to create Automation group; tried to load this generated spec file:\\n$(cat "$SpecFile")" rm -f "$SpecFile" else errmsg "Failed to generate spec file for Automation group." fi else warnmsg "Skipping Automation group creation; group already exists." fi # The server.depot.root configurable was introduced in 2014.1. # shellcheck disable=SC2072 if [[ "$P4D_VERSION" > "2014.1" ]]; then p4 configure set server.depot.root="$DEPOTS" || ErrorCount+=1 fi p4 configure set journalPrefix="$CHECKPOINTS/p4_${INSTANCE}" || ErrorCount+=1 p4 configure set dm.user.noautocreate=2 || ErrorCount+=1 p4 configure set dm.info.hide=1 || ErrorCount+=1 p4 configure set filesys.P4ROOT.min=5G || ErrorCount+=1 p4 configure set filesys.depot.min=5G || ErrorCount+=1 p4 configure set filesys.P4JOURNAL.min=5G || ErrorCount+=1 # Note: With the SDP structure, filesys.P4LOG.min=5G and # filesys.TEMP.min=5G don't need to be set, as they are # stored on the same volume as the journal and are thus # accounted for with filesys.P4JOURNAL.min. p4 configure set server=3 || ErrorCount+=1 p4 configure set monitor=2 || ErrorCount+=1 # For P4D 2013.2+, setting db.reorg.disable=1, which turns off # dynamic database reorg, has been shown to significantly improve # performance when Perforce databases (db.* files) are stored on # some solid state storage devices, while not making a difference # on others. # shellcheck disable=SC2072 [[ "$P4D_VERSION" > "2013.1" ]] && p4 configure set db.reorg.disable=1 || ErrorCount+=1 # For P4D 2017.2.1594901 or greater, enable net.autotune. For net.autotune # to take effect, it must be enabled on both sides of a connection. So, to # get the full benefit, net.autotune must be enabled on all brokers, proxies, # and clients. See this KB article for details on fully enabling net.autotune: # https://portal.perforce.com/s/article/15368 # # For connections in which net.autotune is not enabled, the p4d default value # of net.tcpsize takes effect. # # When P4D is older than 2014.2 but less than 2017.2.1594901, set net.tcpsize # to 512k. In 2014.2, the default value for net.tcpsize became 512k, a # reasonable default, so it should not be set explicitly. Also, there are # indications it can reduce performance if set when not needed. # shellcheck disable=SC2072 if [[ "$P4D_VERSION" < "2014.2" ]]; then p4 configure set net.tcpsize=524288 || ErrorCount+=1 elif [[ "$P4D_VERSION" > "2017.2.1594900" ]]; then p4 configure set net.autotune=1 || ErrorCount+=1 p4 configure unset net.tcpsize 2>/dev/null ||: else p4 configure unset net.tcpsize 2>/dev/null ||: fi # For P4D 2016.2.1468155+, set db.monitor.shared = max value. if [[ "$P4D_VERSION" > "2016.2.1468154" ]]; then # This is the number of 8k pages to set aside for monitoring, # which requires pre-allocation of sufficient RAM. The default # is 256, or 2MB, enough for about 128 active/concurrent processes. # The max as of 2016.2 is 4096. Setting db.monitor.shared=0 # causes the db.monitor on disk to be used instead, which can # potentially be a bottleneck. p4 configure set db.monitor.shared=4096 || ErrorCount+=1 fi p4 configure set net.backlog=2048 || ErrorCount+=1 p4 configure set lbr.autocompress=1 || ErrorCount+=1 p4 configure set lbr.bufsize=1M || ErrorCount+=1 p4 configure set filesys.bufsize=1M || ErrorCount+=1 p4 configure set serverlog.file.3="$LOGS/errors.csv" || ErrorCount+=1 p4 configure set serverlog.retain.3="$KEEPLOGS" || ErrorCount+=1 # The following are useful if using Interset Threat Detection with Perforce, # or if P4AUDIT logs are otherwise desired. # p4 configure set serverlog.file.4="$LOGS/audit.csv" # p4 configure set serverlog.retain."4=$KEEPLOGS" # Net Keepalives p4 configure set net.keepalive.count=9 p4 configure set net.keepalive.disable=0 p4 configure set net.keepalive.idle=180 p4 configure set net.keepalive.interval=15 p4 configure set serverlog.file.7="$LOGS/events.csv" || ErrorCount+=1 p4 configure set serverlog.retain.7="$KEEPLOGS" || ErrorCount+=1 p4 configure set serverlog.file.8="$LOGS/integrity.csv" || ErrorCount+=1 p4 configure set serverlog.retain.8="$KEEPLOGS" || ErrorCount+=1 # Add a custom trigger for tracking trigger events: p4 configure set serverlog.file.11="$LOGS/triggers.csv" || ErrorCount+=1 p4 configure set serverlog.retain.11="$KEEPLOGS" || ErrorCount+=1 SpecFile="${0%/*}/spec.depot.p4s" if [[ -r "$SpecFile" ]]; then msg "Creating a depot named 'spec' of type 'spec'." p4 -s depot -i < "$SpecFile" ||\ errmsg "Failed to create spec depot." else warnmsg "Skipping spec depot creation due to missing depot spec file: $SpecFile" fi SpecFile="${0%/*}/unload.depot.p4s" if [[ -r "$SpecFile" ]]; then msg "Creating a depot named 'unload' of unload 'unload'." p4 -s depot -i < "$SpecFile" ||\ errmsg "Failed to create unload depot." else warnmsg "Skipping unload depot creation due to missing depot spec file: $SpecFile" fi # Load shedding and other performance-preserving configurable. # For p4d 2013.1+ # shellcheck disable=SC2072 if [[ "$P4D_VERSION" > "2013.1" ]]; then p4 configure set server.maxcommands=2500 || ErrorCount+=1 fi # For p4d 2013.2+ -Turn off max* commandline overrides. # shellcheck disable=SC2072 if [[ "$P4D_VERSION" > "2013.2" ]]; then p4 configure set server.commandlimits=2 || ErrorCount+=1 fi msg "See: https://portal.perforce.com/s/article/3867" p4 configure set rpl.checksum.auto=1 || ErrorCount+=1 p4 configure set rpl.checksum.change=2 || ErrorCount+=1 p4 configure set rpl.checksum.table=1 || ErrorCount+=1 # Define number of login attempts before there is a delay, to thwart # automated password crackers. Default is 3; set to a higher value to # be more friendly to humans without compromising the protection. # shellcheck disable=SC2072 if [[ "$P4D_VERSION" > "2013.1" ]]; then p4 configure set dm.user.loginattempts=7 || ErrorCount+=1 fi # For p4d 2016.1 Patch 5+ # Enable a server with an expired temp license to start, albeit with limited # functionality, so that license expiry doesn't make it impossible to perform # license management via the front-door. This configurable allows the server # to be started regardless of a bad license, though users will still be blocked # by license invalid messages. Perpetual commercial licenses never expire; # this configurable will not affect those. # shellcheck disable=SC2072 if [[ "$P4D_VERSION" > "2016.1.1408676" ]]; then p4 configure set server.start.unlicensed=1 || ErrorCount+=1 fi # Starting with p4d 2015.1 Patch 5, disallow P4EXP v2014.2 (a client # version known to misbehave) from connecting to the server. # See: http://portal.perforce.com/articles/KB/15014 # shellcheck disable=SC2072 if [[ "$P4D_VERSION" > "2015.1.1126924" ]]; then p4 configure set rejectList="P4EXP,version=2014.2" || ErrorCount+=1 fi # For p4d 2011.1 thru 2015.1, set rpl.compress=3. For p4d 2015.2+, set # rpl.compress=4. This setting compresses journal data only, which is # almost always advantageous as it compresses well, while avoiding # compression of archive data, which is a mixed bag in terms of performance # benefits, and potentially a net negative. # server.global.client.views - makes client views global in a commit/edge environment. # shellcheck disable=SC2072 if [[ "$P4D_VERSION" > "2015.2" ]]; then p4 configure set rpl.compress=4 || ErrorCount+=1 p4 configure set server.global.client.views=1 || ErrorCount+=1 elif [[ "$P4D_VERSION" > "2011.1" ]]; then p4 configure set rpl.compress=3 || ErrorCount+=1 fi # Starting with p4d 2016.2, enable these features. # shellcheck disable=SC2072 if [[ "$P4D_VERSION" > "2016.2" ]]; then p4 configure set server.locks.global=1 || ErrorCount+=1 p4 configure set proxy.monitor.level=3 || ErrorCount+=1 fi # Enable faster resubmit after failed submit. p4 configure set submit.noretransfer=1 || ErrorCount+=1 # Recommended for Swarm p4 configure set dm.shelve.promote=1 || ErrorCount+=1 p4 configure set dm.keys.hide=2 || ErrorCount+=1 p4 configure set filetype.bypasslock=1 || ErrorCount+=1 # Starting with p4d 2018.2 (as tech-preview, 2019.2 for GA), add best # practices for Extensions. # shellcheck disable=SC2072 if [[ "$P4D_VERSION" > "2018.2" ]]; then p4 configure set server.extensions.dir="$LOGS"/p4-extensions || ErrorCount+=1 fi # Set configurables to optimize for Helix Authentication Service (HAS) # deployment. These will also affect behavior of older `auth-check-sso` # triggers. # shellcheck disable=SC2072 if [[ "$P4D_VERSION" > "2018.2" ]]; then p4 configure set auth.sso.allow.passwd=1 || ErrorCount+=1 p4 configure set auth.sso.nonldap=1 || ErrorCount+=1 fi # Enable parallelization. p4 configure set net.parallel.max=10 || ErrorCount+=1 p4 configure set net.parallel.threads=4 || ErrorCount+=1 # Limit max parallel syncs. p4 configure set net.parallel.sync.svrthreads=150 || ErrorCount+=1 # Enable partitioned clients. p4 configure set client.readonly.dir="$P4ROOT/client.readonly.dir" p4 configure set client.sendq.dir="$P4ROOT/client.readonly.dir" # Starting with p4d 2016.1, use auth.id to simplify ticket handling. # After setting auth.id, login again. # shellcheck disable=SC2072 if [[ "$P4D_VERSION" > "2016.1" ]]; then p4 configure set rpl.forward.login=1 || ErrorCount+=1 p4 configure set auth.id="$P4SERVER" || ErrorCount+=1 "$P4CBIN"/p4login fi # Set SDP version identifying info. p4 counter SDP_DATE "$(date +'%Y-%m-%d')" || ErrorCount+=1 p4 counter SDP_VERSION "$SDP_VERSION" || ErrorCount+=1 msg "Restarting server to ensure all configurable changes take effect." # Basic security features. p4 configure set run.users.authorize=1 || ErrorCount+=1 p4 configure set security=4 || ErrorCount+=1 stop_p4d start_p4d msg "Logging in." "$P4CBIN"/p4login if [[ "$ErrorCount" -eq 0 && "$WarningCount" -eq 0 ]]; then msg "\\nAll processing completed successfully." elif [[ "$ErrorCount" -eq 0 ]]; then warnmsg "Processing completed with no errors but $WarningCount warnings. Review the output carefully." else errmsg "Processing completed, but with $ErrorCount errors and $WarningCount warnings. Review the output carefully." fi if [[ "$P4D_VERSION" > "2017.2.1594900" ]]; then msg "\\nThe net.autotune value has been set on the server. To get the full benefit, it must also be\\nenabled on proxies, brokers, and clients as well." fi msg "\\nLog is: $LOGFILE"
# | Change | User | Description | Committed | |
---|---|---|---|---|---|
#61 | 30610 | C. Thomas Tyler |
New best practice configurable: Set rt.monitorfile. #review-30611 |
||
#60 | 30500 | C. Thomas Tyler |
New best practice configurable: dm.user.hideinvalid=1 #review-30501 |
||
#59 | 30428 | C. Thomas Tyler |
Fixed bug in determining threshhold for setting 5G vs. 20M safety values for filesys.*.min configurables. |
||
#58 | 30304 | C. Thomas Tyler |
Tweaked configure_new_server.sh to be easier to work with in lab scale environments. |
||
#57 | 30303 | C. Thomas Tyler | Handle missing required parameter. | ||
#56 | 30283 | C. Thomas Tyler |
New best practice: Set submit.noretransfer=1. #review-30284 |
||
#55 | 30019 | C. Thomas Tyler |
Added net.keepalive settings to best practices. #review @robert_cowham @mwittenberg |
||
#54 | 29923 | C. Thomas Tyler |
Updated HTML hyperlinks to use 'portal.perforce.com'. This replaces currently broken links to 'answers.perforce.com' and currently redirected links to 'community.perforce.com'. #review-29924 |
||
#53 | 29849 | C. Thomas Tyler |
Updates to configure_new_server.sh: * Added logic to start service so this script can now be run if the service is down at the start. * The 'security' configurable is now set to 4 (was unset). * Enhanced error handling. * Added logic to more fully initialize a new/empty server: - Create perforce P4USER (if there is only a single user on the system). - Create Automation group. - Initialize basic Protections. Updates to configure_new_server.bat: * Added logic to start service so this script can now be run if the service is down at the start. * The 'security' configurable is now set to 4 (was unset). In mkdirs.cfg, change the default password to one good enough to be used with `security=4`. #review-29850 |
||
#52 | 29600 | C. Thomas Tyler |
Added configurables that are good for HAS deployments, and deemed harmless for non-HAS deployments, auth.sso.allow.passwd and auth.sso.nonldap. Removed explicit setting of filesys.checklinks, now deferring to p4d default. Set reasonable defaults for net.parallel.max, net.parallel.threads, net.parallel.sync.svrthreads. Changed monitor from 1->2. Removed ref to discontinued KB link. Fixed shellcheck compliance issues with *.sh script, and added summary of errors and warnings. #review @andy_boutte @robert_cowham @mark_zinthefer |
||
#51 | 28522 | C. Thomas Tyler | Changed default for server=4 to server=3. | ||
#50 | 27854 | C. Thomas Tyler |
Correction to comments in configure_new_server.sh. This is a non-functional change. |
||
#49 | 27722 | C. Thomas Tyler |
Refinements to @27712: * Resolved one out-of-date file (verify_sdp.sh). * Added missing adoc file for which HTML file had a change (WorkflowEnforcementTriggers.adoc). * Updated revdate/revnumber in *.adoc files. * Additional content updates in Server/Unix/p4/common/etc/cron.d/ReadMe.md. * Bumped version numbers on scripts with Version= def'n. * Generated HTML, PDF, and doc/gen files: - Most HTML and all PDF are generated using Makefiles that call an AsciiDoc utility. - HTML for Perl scripts is generated with pod2html. - doc/gen/*.man.txt files are generated with .../tools/gen_script_man_pages.sh. #review-27712 |
||
#48 | 27516 | C. Thomas Tyler |
Updated stale core doc link with KB article re: rpl.* params. Non-functional change. #review @d_benedict |
||
#47 | 27511 | C. Thomas Tyler |
Removed submit.allowbgtransfer as a default setting. It requires additional configuration when set. #review @robert_cowham |
||
#46 | 26920 | C. Thomas Tyler | Added setting for server.extensions.dir. | ||
#45 | 26689 | C. Thomas Tyler |
Fixed typo in output. No functional change. |
||
#44 | 26688 | C. Thomas Tyler |
Removed 'Operating System' value from rejectList, per advice of Engineering and Support. |
||
#43 | 26571 | C. Thomas Tyler |
Fixed bug resulting in failure due to undefined LOGFILE variable. Addressed shellcheck compliances issues. #review-26572 |
||
#42 | 26400 | C. Thomas Tyler |
Added refresh_P4ROOT_from_offline_db.sh. Updated backup_functions.sh to support functionality for db refresh. Upgrade start_p4d() and stop_p4d() to use systemd if available, else use the underlying SysV init scripts. Updated verify_sdp.sh to be called from other scripts (sans its own logging). Added many checks to verify_sdp.sh to support P4ROOT/offline_db swap. Logic in P4ROOT/offline_db swap is more careful about what gets swapped. Added start_p4broker() and stop_p4broker() that behave similarly. More shellcheck compliance. #review-26401 |
||
#41 | 26158 | C. Thomas Tyler |
Enable 'p4 submit -b' by setting submit.allowbgtransfer=1 for P4D 2019.1+. |
||
#40 | 25802 | C. Thomas Tyler |
Comment clarity improvements. No functional change. |
||
#39 | 25004 | C. Thomas Tyler |
Committing Rusy's shelved change after merging with other changes. #review-28411 |
||
#38 | 24875 | C. Thomas Tyler |
Added setting of dm.info.hide=1, to hide P4ROOT and other sensitivie info from output of 'p4 info' from a non-authenticated user. Removed setting of dm.user.resetpassword, which was already commented out in the Unix version. This is not really a general best practice to have set, as most accounts use some form of LDAP integration. And even when not, having this set imposes a certaion workflow on Perforce-managed passwords that is often better handled in other ways. |
||
#37 | 24587 | C. Thomas Tyler |
Added net.autotune=1 setting and related comments. Corrected misinformation in comments related to net.tcpsize configurable, and tweaked logic slightly. Added more info in README and changed format to Markdown (renaming from .txt to .md). Enhanced gen_default_broker_cfg.sh to detect whether net.autotune is enabled, and if so, add net.autotune to the broker configuration. #review-24207 @nick_poole |
||
#36 | 24222 | C. Thomas Tyler |
Enhanced rejectList value for P4EXP to also reject versions of P4EXP that impersonate the version string from Windows Explorer. The 'Operating System' also blocks the versions that impersonate. |
||
#35 | 24145 | C. Thomas Tyler |
Added comment for why filesys.P4LOG.main and filesys.TEMP.min aren't set. Comment tweak only, no functional change. |
||
#34 | 23679 | C. Thomas Tyler |
Added comment indicating that these scripts serve as a guide defining best practices configurables for a production environment. Also added a handy URL to bookmark documenting many configurables: https://www.perforce.com/perforce/doc.current/manuals/cmdref/Content/CmdRef/configurables.configurables.html No functional change. |
||
#33 | 23442 | C. Thomas Tyler |
Fixed issue with super user not being logged in after the restart that occurs after setting auth.id. |
||
#32 | 23316 | C. Thomas Tyler |
Added filetype.bypasslock=1 configurable, recommended for Swarm. This is needed to allow reviews of exclusively locked files. It allows Swarm to unshelve such files for review, by doing: p4 unshelve --bypass-exclusive-lock -s <shelved_changelist> |
||
#31 | 23000 | Russell C. Jackson (Rusty) | net.tcpsize=0 should only be set on 2017.1 and later. | ||
#30 | 22977 | C. Thomas Tyler |
For P4D 2016.2/1468155+ servers, added configurable setting. p4 configure set db.monitor.shared=4096 Also added notes describing why we set it and other how it works. |
||
#29 | 22520 | C. Thomas Tyler |
Updated configure_new_server.* scripts, which reflect SDP best practices for enterprise environments. Taking out the setting to disable autologinpromt, upon discovery that it has a safety feature of going interactive only in an interactive terminal shell. It will still wreak havoc with non-interactive commands that do things like 'ssh' with '-t' (to simulate a interactive terminal shell, as is sometimes necessary in automation). But as that is somewhat obscure, the most widely applicable best practice is to use the default p4d behavior, i.e. with autologinprompt enabled. #review @sven_erik_knop @nick_poole |
||
#28 | 22393 | C. Thomas Tyler |
Enhanced to search for the *.depot.p4s spec files in whatever dir the configure_new_server.sh script is in when the script is exectued, so that you don't have to run it from the directory it lives in. #review-22391 |
||
#27 | 22031 | C. Thomas Tyler |
Bumped up dm.user.loginattempts from 3 to 7, to be more friendly to humans who mistype passwords. |
||
#26 | 21883 | C. Thomas Tyler | Added new configurable setting: 'filesys.bufsize=1M'. | ||
#25 | 21630 | C. Thomas Tyler |
Configurables for best results with Swarm in particular, but a generally better overall experience. p4 configure set dm.shelve.promote=1 p4 configure set dm.keys.hide=2 Note that setting dm.shelve.promote=1 will slow down shelving operations on an edge server, but will make the shelves globally available. On balance, dm.shelve.promote=1 is recommended, though admins should be aware of the trade off (a simpler global view and cross-site code reviews, at some cost for performance of shelving at edge sites). |
||
#24 | 21454 | C. Thomas Tyler |
For p4d 2016.1 Patch 5+ servers, enable a server with an expired temp license to start, albeit with limited functionality, so that license expiry doesn't make it impossible to perform license management via the front-door. This configurable allows the server to be started regardless of a bad license, though users will still be blocked by license invalid messages. Perpetual commercial licenses never expire; this configurable will not affect those. Also added +x file type modifier to the *.bat file. |
||
#23 | 21369 | C. Thomas Tyler |
Configured to re-login after setting auth.id, and restart p4d at the end of the script. |
||
#22 | 21232 | C. Thomas Tyler |
Define auth.id for P4D 2016.1+ servers to "p4_<instance>". The value doesn't really affect behavior for auth.id, so long as it's defined. |
||
#21 | 21173 | C. Thomas Tyler | Taking advantage of new 2016.2 configurables. | ||
#20 | 20332 | C. Thomas Tyler |
A few configurable tweaks: * Setting server=4 logging as the default. * Setting net.backlog=2048, per Support. * Setting net.tcpsize=0 to engage 'auto-self-tuning' magic. |
||
#19 | 20305 | Russell C. Jackson (Rusty) | Commented out the audit log. | ||
#18 | 20248 | Russell C. Jackson (Rusty) |
Commented the line about passwordreset. I find myself commenting that out all the time now because people want AD integration. |
||
#17 | 19837 | C. Thomas Tyler |
Added defense against known-misbehaving client versions using rejectList configurable, availabe starting with P4D 2015.1 Patch 5. See: http://answers.perforce.com/articles/KB/15014 |
||
#16 | 19661 | C. Thomas Tyler |
Change to best-practice configurables. For p4d 2016.1 Patch 2+ (2016.1.1395783+), disable auto prompting for a password, as this can cause 'p4' commands to go interactive that wouldn't normally, wreaking havoc with automation. Fix with: p4 configure set auth.autologinprompt=0. |
||
#15 | 19302 | C. Thomas Tyler |
Adjusted setting of db.reorg.disable to go with the block comments made previously to receive a setting for db.reorg.disable. In those comments, setting of the value had been commented out, but now are not. This impact has no functional change other than adding the safety feature of avoiding setting db.reorg.disable for older versions of p4d that don't support it. support it. |
||
#14 | 19112 | Russell C. Jackson (Rusty) |
Turn off database reorg per best practice recommendation from Anton and Michael S. Stop running weekly_backup.sh automatically since a compact database actually causes a performance hit. Added note to occasionally run weekly_backup.sh to recapture free space. |
||
#13 | 18937 | C. Thomas Tyler |
Removed configurables for 'errors' and 'events' structured logs. Added 'maxmb' setting of 200MB for the structured audit log. Enhanced Windows version work like Unix version: * Added a check for the 'instance' paramter. * Loads SDP environment from p4env.bat (equiv of p4_vars). * Uses SDP environment to set various things. * Now creates 'spec' and 'unload' depots. Changed both Unix and Windows versions to use KEEPLOGS setting defiend in standard SDP enviornment file to apply to 'retain' setting of structured server logs. Removed obsolete comment relationg to the SetDepotSpecMapField trigger, which was obsoleted with server.depot.root in 2014.1. Changed mechanism for creating 'spec' and 'unload' depots to one that works the same for Windows and Linux. Removed defaultChangeType setting. The impact on Swarm and performance may not be worth the security benefit for. It is still a good practice for some environments, but I'm not sure it's a clear best practice to set it. |
||
#12 | 16805 | Russell C. Jackson (Rusty) |
#review-16795 Added the audit log as a default structured log and set the rotation to keep 31 days. |
||
#11 | 16460 | C. Thomas Tyler |
Routine Merge Down to dev from main using: p4 merge -b perforce_software-sdp-dev |
||
#10 | 16335 | C. Thomas Tyler |
Routine Merge Down to dev from main using: p4 merge -b perforce_software-sdp-dev |
||
#9 | 16029 | C. Thomas Tyler |
Routine merge to dev from main using: p4 merge -b perforce_software-sdp-dev |
||
#8 | 15554 | C. Thomas Tyler | Routine merge-down from main. | ||
#7 | 12116 | Russell C. Jackson (Rusty) | Update dev from main. | ||
#6 | 12107 | C. Thomas Tyler |
Routine merge down from 'main' to 'dev', resolved with 'p4 resolve -as'. |
||
#5 | 12030 | C. Thomas Tyler | Merged down from main to refresh dev branch for SDP. | ||
#4 | 12028 | C. Thomas Tyler | Refreshed SDP dev branch, merging down from main. | ||
#3 | 11465 | Russell C. Jackson (Rusty) | Added monitor and lbr.autocompress. | ||
#2 | 11463 | Russell C. Jackson (Rusty) | Updated dev to prepare for Summit agreed changes. | ||
#1 | 10638 | C. Thomas Tyler | Populate perforce_software-sdp-dev. | ||
//guest/perforce_software/sdp/main/Server/setup/configure_new_server.sh | |||||
#1 | 10148 | C. Thomas Tyler | Promoted the Perforce Server Deployment Package to The Workshop. |