# See additional documentation at the end of this file. # See documentation regarding configurables here: # https://help.perforce.com/helix-core/server-apps/cmdref/current/Content/CmdRef/configurables.alphabetical.html # Format of each entry in this file is: # Profile|Configurable|ExpectedValue|CompareStyle|Optionality|ServerIDType|SetNotes #------------------------------------------------------------------------------ # Default values. These always apply, and are combined with one user-specified # profile defined further below, e.g. 'demo' or 'hcc'. #------------------------------------------------------------------------------ always|auth.id|null|Set|Required|any|https://portal.perforce.com/s/article/11958 always|rpl.forward.login|1|Exact|Required|any|https://portal.perforce.com/s/article/11958 always|run.users.authorize|1|Exact|Required|any|None always|dm.user.hideinvalid|1|Exact|Required|any|None always|dm.user.setinitialpasswd|0|Exact|Required|any|None always|dm.user.resetpassword|1|Exact|Required|None always|server|3|AtLeast|Recommended|any|None always|server.depot.root|/p4/__SDP_INSTANCE__/depots|Exact|Required|any|https://help.perforce.com/helix-core/server-apps/cmdref/current/Content/CmdRef/configurables.alphabetical.html#server.depot.root always|journalPrefix|/p4/__SDP_INSTANCE__/checkpoints/__P4SERVER__|Exact|Required|any|https://swarm.workshop.perforce.com/view/guest/perforce_software/sdp/main/doc/SDP_Guide.Unix.html#_the_journalprefix_standard always|dm.info.hide|1|Exact|Required|any|None always|monitor|1|AtLeast|Required|any|https://help.perforce.com/helix-core/server-apps/cmdref/current/Content/CmdRef/configurables.alphabetical.html#monitor always|net.tcpsize|null|Unset|Required|any|https://portal.perforce.com/s/article/15368 always|net.autotune|null|Unset|Required|any|https://portal.perforce.com/s/article/15368 always|db.monitor.shared|4096|AtLeast|Required|any|https://help.perforce.com/helix-core/server-apps/cmdref/current/Content/CmdRef/configurables.alphabetical.html#monitor always|net.backlog|2048|AtLeast|Required|any|None always|lbr.bufsize|1M|AtLeast|Required|any|None always|filesys.bufsize|1M|AtLeast|Required|any|None always|server.commandlimits|2|Exact|Required|any|None always|rpl.checksum.auto|1|Exact|Required|any|None always|rpl.checksum.change|2|Exact|Required|any|None always|rpl.checksum.table|1|Exact|Required|any|None always|rpl.compress|4|Exact|Recommended|any|None always|dm.user.loginattempts|7|NoMoreThan|Required|any|None always|server.start.unlicensed|1|Exact|Recommended|any|https://help.perforce.com/helix-core/server-apps/cmdref/current/Content/CmdRef/configurables.alphabetical.html#server.start.unlicensed always|rejectList|P4EXP,version=2014.2|Contains|Recommended|any|None always|rt.monitorfile|monfile.mem|Exact|Recommended|any|None always|server.global.client.views|1|Exact|Recommended|any|None always|server.locks.global|1|Exact|Recommended|any|None always|server.rolechecks|1|Exact|Required|any|https://help.perforce.com/helix-core/server-apps/cmdref/current/Content/CmdRef/configurables.alphabetical.html#server.rolechecks always|proxy.monitor.level|3|AtLeast|Recommended|any|None always|submit.noretransfer|1|Exact|Optional|any|None # Best Practices for Swarm always|dm.shelve.promote|1|Exact|Recommended|any|None always|dm.keys.hide|2|Exact|Recommended|any|None always|filetype.bypasslock|1|Exact|Recommended|any|None # Extensions DISABLED|server.extensions.dir|__LOGS__/p4-extensions|Exact|Recommended|any|If extensions are used, changing this requires a restart of p4d service on all server machines in your fleet. If extenions are not yet used, this can safely be set. # Enable Partition Clients always|client.readonly.dir|client.readonly.dir|Set|Recommended|any|None always|client.sendq.dir|client.readonly.dir|Set|Recommended|any|None # Structured Logging. always|serverlog.file.3|__LOGS__/errors.csv|Exact|Recommended|any|None always|serverlog.retain.3|__KEEPLOGS__|AtLeast|Recommended|any|None always|serverlog.file.7|__LOGS__/events.csv|Exact|Recommended|any|None always|serverlog.retain.7|__KEEPLOGS__|AtLeast|Recommended|any|None always|serverlog.file.8|__LOGS__/integrity.csv|Exact|Recommended|any|None always|serverlog.retain.8|__KEEPLOGS__|AtLeast|Recommended|any|None always|serverlog.file.11|__LOGS__/triggers.csv|Exact|Recommended|any|None always|serverlog.retain.11|__KEEPLOGS__|AtLeast|Recommended|any|None # Net Keep alive Settings. always|net.keepalive.count|9|AtLeast|Recommended|any|None always|net.keepalive.disable|0|Exact|Recommended|any|None always|net.keepalive.idle|180|Set|Recommended|any|None always|net.keepalive.interval|15|AtLeast|Recommended|any|None always|lbr.autocompress|1|Exact|Required|any|None always|db.reorg.disable|1|Exact|Recommended|any|None #------------------------------------------------------------------------------ # Demo Profile Settings #------------------------------------------------------------------------------ demo|security|4|Exact|Required|any|Standard demo|filesys.P4ROOT.min|5M|AtLeast|Recommended|any|Ensure sufficient disk space is available on metadata volume. demo|filesys.depot.min|5M|AtLeast|Recommended|any|Ensure sufficient disk space is available on depots volume. demo|filesys.P4JOURNAL.min|5M|AtLeast|Recommended|any|Ensure sufficient disk space is available on logs volume. demo|server.maxcommands|2500|AtLeast|Required|any|None demo|net.parallel.max|10|AtLeast|Recommended|any|None demo|net.parallel.threads|4|AtLeast|Recommended|any|None demo|net.parallel.sync.svrthreads|300|NoMoreThan|Recommended|any|None # Helix Core Cloud hcc|security|4|Exact|Required|any|Standard hcc|dm.user.noautocreate|2|Exact|Recommended|any|None hcc|filesys.P4ROOT.min|5M|AtLeast|Recommended|any|Ensure sufficient disk space is available on metadata volume. hcc|filesys.depot.min|5M|AtLeast|Recommended|any|Ensure sufficient disk space is available on depots volume. hcc|filesys.P4JOURNAL.min|5M|AtLeast|Exact|Recommended|any|Ensure sufficient disk space is available on logs volume. hcc|server.maxcommands|1000|AtLeast|Required|any|None hcc|net.parallel.max|4|AtLeast|Recommended|any|None hcc|net.parallel.threads|4|AtLeast|Recommended|any|None hcc|net.parallel.sync.svrthreads|300|NoMoreThan|Recommended|any|None # Profile Settings for Commercial Production prod|security|4|AtLeast|Required|any|Standard prod|filesys.P4ROOT.min|5G|AtLeast|Recommended|any|Ensure sufficient disk space is available on metadata volume. prod|filesys.depot.min|5G|AtLeast|Recommended|any|Ensure sufficient disk space is available on depots volume. prod|filesys.P4JOURNAL.min|5G|AtLeast|Recommended|any|Ensure sufficient disk space is available on logs volume. prod|dm.user.noautocreate|2|Exact|Recommended|any|None prod|server.maxcommands|2500|AtLeast|Required|any|None prod|net.parallel.max|10|AtLeast|Recommended|any|None prod|net.parallel.threads|4|AtLeast|Recommended|any|None prod|net.parallel.sync.svrthreads|3000|NoMoreThan|Recommended|any|None # Profile Settings for Commercial Production at Enterprise Scale prodent|security|4|AtLeast|Required|any|Standard prodent|filesys.P4ROOT.min|30G|AtLeast|Recommended|any|Ensure sufficient disk space is available on metadata volume. prodent|filesys.depot.min|500G|AtLeast|Recommended|any|Ensure sufficient disk space is available on depots volume. prodent|filesys.P4JOURNAL.min|30G|AtLeast|Recommended|any|Ensure sufficient disk space is available on logs volume. prodent|dm.user.noautocreate|2|Exact|Recommended|any|None prodent|server.maxcommands|5000|AtLeast|Required|any|None prodent|net.parallel.max|10|AtLeast|Recommended|any|None prodent|net.parallel.threads|4|AtLeast|Recommended|any|None prodent|net.parallel.sync.svrthreads|3500|NoMoreThan|Recommended|any|None # Public Server Profile Settings pub|security|0|Exact|Required|any|Standard pub|filesys.P4ROOT.min|1G|AtLeast|Recommended|any|Ensure sufficient disk space is available on metadata volume. pub|filesys.depot.min|1G|AtLeast|Recommended|any|Ensure sufficient disk space is available on depots volume. pub|filesys.P4JOURNAL.min|1G|AtLeast|Recommended|any|Ensure sufficient disk space is available on logs volume. pub|server.maxcommands|2500|AtLeast|Required|any|None pub|net.parallel.max|10|AtLeast|Recommended|any|None pub|net.parallel.threads|4|AtLeast|Recommended|any|None pub|net.parallel.sync.svrthreads|400|NoMoreThan|Recommended|any|None #------------------------------------------------------------------------------ # Overview # # This data file, intended for use with the ccheck.sh script, defines best # practices for various configurables for a Helix Core server. The best # practices are categorized by profiles of Helix Core servers. For example, # the 'pub' profile is for a public server, which would be expected to have # security=0. The 'prod' profile for a commercial production server would be # expected to have security set to at least 4. #------------------------------------------------------------------------------ # Profile # # Each configurable and expected value is associated with a profile: # * always - This is a special profile that always applies; other profiles # specified will add to or override values defined in this profile. # # * prod - For commercial production Helix Core servers (closed source, secure) # This is the default profile. This is for production usage at small # small-to-medium scale. # # * prodent - Production at large enterprise scale. # # * demo - For demo and evaluation servers, with no security needs. # # * open - For public/open source servers, with open read access (security=0). #------------------------------------------------------------------------------ # ExpectedValue: # # The expected value of the configurable. (See also: CompareStyle) # Expected values can have substitutions. Values to be substituted use a # double-underscore as a prefix and suffix, e.g. __SDP_INSTANCE__ will be # substituted with the SDP Instance Name. The following substitutions are # done: # # __SDP_INSTANCE__ SDP Instance name, e.g. '1'. # __P4ROOT__ Server root, e.g. /p4/N/root. # __P4SERVER__ SDP Instance name, e.g. 'p4_1'. # __KEEPLOGS__ KEEPLOGS setting defined in SDP shell env. # __LOGS__ Logs dir, e.g. '/p4/1/logs'. #------------------------------------------------------------------------------ # CompareStyle: # # This determines how actual and expected Value are matched. # * Exact - Actual value matches expected exactly, numeric or string. # * Set - Actual value is set to anything, just not null/unset. # * Unset - Value must not be explicitly set with 'p4 configure'. # There may be a default value for the current p4d version. # * AtLeast - Actual is as big or bigger than expected. This is a # numeric comparison. The value must be an integer or a size # e.g. 20K, 4G (ending in B, K, M, G, T, P, or E). # * NoMoreThan - Actual is as no more than expected; opposite of AtLeast. # * Contains - Actual value contains the expected value (string compare). # #------------------------------------------------------------------------------ # Optionality: # # This indicates whether the given setting is required, recommended. Values # are: # # Required - If the value is not set to the expected value, validations fail. # The summary grade is reported as FAIL. # # Recommended - If the value is not set to the expected value, validations # succeed with a warning. The summary grade is reduced to B. # # Optional - The value has a suggested value, but validations against the # suggested value do not affect grading. This is used to highlight certain # configurables that warrant consideration but for which there may not be # a broadly accepted best practice. #------------------------------------------------------------------------------ # ServerIDType # # This can be one of: # # * any - For the global default 'any' config. # * commit - Setting for the singular ServerID of the commit server, as defined # by the P4MASTER_ID setting. # * replica - For a non-standby replica # * standby - For a standby/journalcopy replica # * edge - For an edge server #------------------------------------------------------------------------------ # SetNotes: # # This column contains a reference to info to be displayed if it is determined # that the configurable needs to be changed. For example, setting auth.id will # invalidate all tickets, and thus requires planning to roll out # non-disruptively in an enterprise environment. # # This has the value None for configurables that can safely be set in real-time # without further contemplation. For settings that require a planning and # possibly maintenance windows, e.g. due to a service restart and/or require # awareness of impact to users to change, this field contains a link to a # URL with details, or a line of text to be displayed literally. This is used # for configurables like auth.id, security, and rpl.forward.login that have # details to be aware of when changing them. #------------------------------------------------------------------------------ # Security Focused Checks: # If ccheck.sh is run with '-sec', it tries to use 'p4 configure help' to # ask p4d which configurables are security-related. If the p4d version being # checked is too old to have implemented the 'p4 configure help' command, # then the following entries are scanned from this config file to provide # a list of security-related configurables. DO NOT REMOVE THE FOLLWOING # COMMENTS. #SEC:auth.id|Security #SEC:dm.info.hide|Security #SEC:dm.keys.hide|Security #SEC:dm.user.hideinvalid|Security #SEC:dm.user.loginattempts|Security #SEC:dm.user.noautocreate|Security #SEC:dm.user.resetpassword|Security #SEC:dm.user.setinitialpasswd|Security #SEC:rejectList|Security #SEC:rpl.forward.login|Security #SEC:run.users.authorize|Security #SEC:security|Security #SEC:server.rolechecks|Security