configure_new_server.sh #8

#!/bin/bash
#==============================================================================
# This script serves as a guide defining best-practice configurables for a
# production environment.  See documentation regarding configurables here:
# https://www.perforce.com/perforce/doc.current/manuals/cmdref/Content/CmdRef/configurables.configurables.html
#
# Copyright and license info is available in the LICENSE file included with
# the Server Deployment Package (SDP), and also available online:
# https://swarm.workshop.perforce.com/projects/perforce-software-sdp/view/main/LICENSE
#------------------------------------------------------------------------------
# Set P4PORT and P4USER and run p4 login before running this script.

# Verify instance value
INSTANCE=$1
if [[ -n "$INSTANCE" ]]; then
   source /p4/common/bin/p4_vars $INSTANCE
else
    echo "Error: An instance argument is required."
    exit 1
fi

# Basic secruity features.
p4 configure set run.users.authorize=1

# The server.depot.root configurable was introduced in 2014.1.
if [[ "$P4D_VERSION" > "2014.1" ]]; then
   p4 configure set server.depot.root=$DEPOTS
fi

p4 configure set journalPrefix=$CHECKPOINTS/p4_${INSTANCE}
p4 configure set dm.user.noautocreate=2
p4 configure set dm.info.hide=1
p4 configure set filesys.P4ROOT.min=5G
p4 configure set filesys.depot.min=5G
p4 configure set filesys.P4JOURNAL.min=5G

# Note: With the SDP structure, filesys.P4LOG.min=5G and
# filesys.TEMP.min=5G don't need to be set, as they are
# stored on the same volume as the journal and are thus
# accounted for with filesys.P4JOURNAL.min.

p4 configure set server=4
p4 configure set monitor=1

# For P4D 2013.2+, setting db.reorg.disable=1, which turns off
# dynamic database reorg, has been shown to significantly improve
# performance when Perforce databases (db.* files) are stored on
# some solid state storage devices, while not making a difference
# on others.
[[ "$P4D_VERSION" > "2013.1" ]] && p4 configure set db.reorg.disable=1

# For P4D 2017.2.1594901 or greater, enable net.autotune.  For net.autotune
# to take effect, it must be enabled on both sides of a connection.  So, to
# get the full benefit, net.autotune must be enabled on all brokers, proxies,
# and clients.  See this KB article for details on fully enabling net.autotune:
# https://community.perforce.com/s/article/15368
#
# For connections in which net.autotune is net enabled, the p4d default value
# of net.tcpsize takes effect.
#
# When P4D is older than 2014.2 but less than 2017.2.1594901, set net.tcpsize
# to 512k.  In 2014.2, the default value for net.tcpsize became 512k, a
# reasonable default, so it does not need to be set.
if [[ "$P4D_VERSION" < "2014.2" ]]; then
   p4 configure set net.tcpsize=524288
elif [[ "$P4D_VERSION" > "2017.2.1594900" ]]; then
   p4 configure set net.autotune=1
   p4 configure unset net.tcpsize
else
   p4 configure unset net.tcpsize
fi

# For P4D 2016.2.1468155+, set db.monitor.shared = max value.
if [[ "$P4D_VERSION" > "2016.2.1468154" ]]; then
   # This is the number of 8k pages to set aside for monitoring,
   # which requires pre-allocation of sufficient RAM.  The default
   # is 256, or 2MB, enough for about 128 active/concurrent processes.
   # The max as of 2016.2 is 4096.  Setting db.monitor.shared=0
   # causes the db.monitor on disk to be used instead, which can
   # potentially be a bottleneck.
   p4 configure set db.monitor.shared=4096
fi

p4 configure set net.backlog=2048

p4 configure set lbr.autocompress=1
p4 configure set lbr.bufsize=1M
p4 configure set filesys.bufsize=1M
p4 configure set serverlog.file.3=$LOGS/errors.csv
p4 configure set serverlog.retain.3=$KEEPLOGS
# Commented out since we aren't selling Interset Threat Detection anymore.
# p4 configure set serverlog.file.4=$LOGS/audit.csv
# p4 configure set serverlog.retain.4=$KEEPLOGS
p4 configure set serverlog.file.7=$LOGS/events.csv
p4 configure set serverlog.retain.7=$KEEPLOGS
p4 configure set serverlog.file.8=$LOGS/integrity.csv
p4 configure set serverlog.retain.8=$KEEPLOGS

#Add a custom trigger for tracking trigger events:
p4 configure set serverlog.events.11=11
p4 configure set serverlog.file.11=$LOGS/triggers.csv
p4 configure set serverlog.retain.11=$KEEPLOGS

echo "Creating a depot named 'spec' of type 'spec'."
p4 depot -i < ${0%/*}/spec.depot.p4s

echo "Creating a depot named 'unload' of unload 'unload'."
p4 depot -i < ${0%/*}/unload.depot.p4s

# Load shedding and other performance-preserving configurable.
# See: http://answers.perforce.com/articles/KB/1272
# For p4d 2013.1+
[[ "$P4D_VERSION" > "2013.1" ]] && p4 configure set server.maxcommands=2500

# For p4d 2013.2+ -Turn off max* commandline overrides.
[[ "$P4D_VERSION" > "2013.2" ]] && p4 configure set server.commandlimits=2

echo See http://www.perforce.com/perforce/doc.current/manuals/p4dist/chapter.replication.html#replication.verifying
echo if you are also setting up a replica server.
p4 configure set rpl.checksum.auto=1
p4 configure set rpl.checksum.change=2
p4 configure set rpl.checksum.table=1

# Define number of login attempts before there is a delay, to thwart
# automated password crackers.  Default is 3; set to a higher value to
# be more friendly to humans without compromising the protection.
if [[ "$P4D_VERSION" > "2013.1" ]]; then
   p4 configure set dm.user.loginattempts=7
fi

# For p4d 2016.1 Patch 5+
# Enable a server with an expired temp license to start, albeit with limited
# functionality, so that license expiry doesn't make it impossible to perform
# license management via the front-door.  This configurable allows the server
# to be started regardless of a bad license, though users will still be blocked
# by license invalid messages.  Perpetual commercial licenses never expire;
# this configurable will not affect those.
if [[ "$P4D_VERSION" > "2016.1.1408676" ]]; then
   p4 configure set server.start.unlicensed=1
fi

# Starting with p4d 2015.1 Patch 5, disallow P4EXP v2014.2 (a client
# version known to misbehave) from connecting to the server.
# See:  http://answers.perforce.com/articles/KB/15014
if [[ "$P4D_VERSION" > "2015.1.1126924" ]]; then
   p4 configure set rejectList="P4EXP,version=2014.2,Operating System"
fi

# For p4d 2011.1 thru 2015.1, set rpl.compress=3.  For p4d 2015.2+, set
# rpl.compress=4.  This setting compresses journal data only, which is
# almost always advantageous as it compresses well, while avoiding
# compression of archive data, which is a mixed bag in terms of performance
# benefits, and potentially a net netagive.
# server.global.views - makes client views global in a commit/edge or cluster environment.
if [[ "$P4D_VERSION" > "2015.2" ]]; then
   p4 configure set rpl.compress=4
   p4 configure set server.global.client.views=1
elif [[ "$P4D_VERSION" > "2011.1" ]]; then
   p4 configure set rpl.compress=3
fi

# Starting with p4d 2016.2, enable these features.
if [[ "$P4D_VERSION" > "2016.2" ]]; then
   p4 configure set filesys.checklinks=2
   p4 configure set server.locks.global=1
   p4 configure set proxy.monitor.level=3
fi

# Recommended for Swarm
p4 configure set dm.shelve.promote=1
p4 configure set dm.keys.hide=2
p4 configure set filetype.bypasslock=1

# Starting with p4d 2016.1, use auth.id to simplify ticket handling.
# After setting auth.id, login again.
if [[ "$P4D_VERSION" > "2016.1" ]]; then
   p4 configure set rpl.forward.login=1
   p4 configure set auth.id=$P4SERVER
   $P4CBIN/p4login
fi

# Set SDP version identifing info.
p4 counter SDP_DATE `date "+%Y-%m-%d"`
p4 counter SDP_VERSION "$SDP_VERSION"

# Restart to ensure all configurable changes take effect.
/p4/${INSTANCE}/bin/p4d_${INSTANCE}_init restart
$P4CBIN/p4login

echo -e "\nIt is recommended that you run 'p4 configure set security=3' or\n'p4 configure set security=4'.\nSee: http://www.perforce.com/perforce/doc.current/manuals/p4sag/chapter.superuser.html#DB5-49899\n"

if [[ "$P4D_VERSION" > "2017.2.1594900" ]]; then
   echo -e "The net.autotune value has been set on the server.  To get the full benefit, it must also be\nenabled on proxies, brokers, and clients as well."
fi