#-------------------------------------------------------------------------------
# Sample p4broker configuration file
#
# The following paragraphs illustrate the configuration of the Perforce
# Broker by example. Change the values and configuration to suit your
# environment and requirements.
#
# Note that by default this broker will simply allow all commands to pass
# through, and be executed against the target server. Uncomment and edit
# the examples below to get started.
#-------------------------------------------------------------------------------
target = {{ perforce_p4broker_target_port }};
listen = {{ perforce_p4broker_port }};
directory = /p4/common/bin;
logfile = /p4/{{ perforce_id }}/logs/p4broker.log;
debug-level = server=1;
admin-name = "Perforce Admins";
admin-phone = 999/911;
admin-email = {{ perforce_mailto_email}};
server.id = {{ perforce_master_id }}-broker;
# Compress broker <-> server connection. If the broker is across a slow link
# such as a WAN, compression can increase performance. If the broker is near
# the server (such as on the same machine,) then avoiding recompressing the
# client's protocol stream saves work.
compress = false;
# Optional user account to authenticate the broker to the target server with.
#service-user = "svc-user-broker";
# Optional alternate P4TICKETS location.
#ticket-file = "/p4/broker/.p4tickets";
#
# Redirection mode. Pedantic redirection always redirects a command when it
# matches a rule in the broker config. Selective redirection permits
# redirection of commands within a single TCP/IP connection until a command
# has been executed against the master server, at which point all commands
# for the connection are sent to the master server. Selective redirection is
# the default as it gives GUI users a better experience when replication
# delays might otherwise cause incorrect results to be returned.
redirection = selective;
#redirection = pedantic;
#-------------------------------------------------------------------------------
# Definitions of all altservers in the environment.
#-------------------------------------------------------------------------------
# Note that the altserver name can not be 'random' as that is reserved for use
# in the destination field of command handlers to specify that the altserver
# should be chosen randomly.
#
#altserver: {{ perforce_replica_id }}
#{
# Address of target server. Note that target servers must be configured
# to use P4AUTH to ensure that login tickets are valid for all servers in
# the brokered environment. I.e. the target and alternate servers must
# share their authentication.
#
# target = perforce_standby_dnsname :{{ perforce_p4_port }};
#}
#-------------------------------------------------------------------------------
# Command policies
#-------------------------------------------------------------------------------
#
# The general syntax is:
#
# command: <regex pattern>
# {
# # Conditions for the command to meet (optional)
# # Note that with the exception of 'flags', these are regex patterns.
# # See 'p4 help grep' for an explanation of the regex syntax.
# flags = <required flags>;
# args = <required arguments>;
# user = <required user>;
# workspace = <required client workspace>;
# prog = <required client program>;
# version = <required version of client program>;
#
# # What to do with matching commands (required)
# action = pass | reject | redirect | filter ;
#
# # How to go about it
# destination = <altserver>; # Required for action = redirect
# execute = <path to filter program>; # Required for action = filter
# message = <rejection message>; # Required for action = reject
#}
#
# Note that when specifying regex patterns, bare strings like 'integ' will also
# match 'integrate'. To match an exact string, append the beginning/end of line
# anchors. E.g. '^integ$'.
#
# Uncomment the lines below to block all access to the server during
# periods of maintenance.
#
#command: .*
#{
# action = reject;
# message = "Server down for maintenance. Back soon";
#}
#
# Use of the 'p4 changes' command is filtered. The script might decide
# that requests for information about older changes can be served by
# an alternate server.
#
#command: changes
#{
# action = filter;
# execute = ./check_changes.rb;
#}
# Redirect read only commands to the standby server.
# When the destination is 'random', the altserver is chosen arbitrarily.
#
# By pass commands coming from a proxy.
#command: .*
#{
# action = filter;
# execute = "perl /p4/common/config/broker_proxy_filter.pl";
#}
#command: ^(branches|clients|counters|depots|dirs|discover|filelog|files|fstat|groups|interchanges|jobs|labels|opened|sizes|fixes|where|workspaces|users)$
#{
# action = redirect;
# destination = random;
#}
# Specifications using the -o flag to output to STDOUT also do not
# write to the DB except "p4 resolve -o", "p4 integrate -o" and "p4
# print -o" which should pass to the production server because those
# flags have a different meaning on those commands.
#command: ^(change|resolve|integ|integrate|print)$
#{
# flags = -o;
# action = pass;
#}
#command: .*
#{
# flags = -o;
# action = redirect;
# destination = random;
#}
#command: ^(annotate|diff2|grep|print)$
#{
# action = redirect;
# destination = random;
#}
# Read/Write Commands with Read-Only flags:
#
# sync -p does not write anything to db.have, so it goes to the replica:
#command: ^sync$
#{
# flags = -p;
# action = redirect;
# destination = random;
#}
# Catch all command for the proxy by pass script.
#command: .*
#{
# action = pass;
#}
#
# The combination of the following two command handlers lets you create two
# classes of super user - one with full 'super' privileges, and another that
# can only run a subset of the full 'super' command set. This separation is
# only effective if all user requests are passing through the broker.
#
# The first rule assumes a naming scheme where full super users have names
# prefixed by 'super-'. The second one rejects all requests for the 'super'
# commands that we don't want the rest of the super users (or anyone else)
# to run. Note that we're specifically not matching 'protects' since P4V
# requires it to log in.
#
#command: admin|protect|obliterate
#{
# user = ^super-;
# action = pass;
#}
#
#command: admin|^protect$|obliterate
#{
# action = reject;
# message = "permission denied.";
#}