# See additional documentation at the end of this file. # See documentation regarding configurables here: # https://help.perforce.com/helix-core/server-apps/cmdref/current/Content/CmdRef/configurables.alphabetical.html # Format of each entry in this file is: # Profile|Configurable|ExpectedValue|CompareStyle|Optionality|ServerIDType|SetNotes #------------------------------------------------------------------------------ # Default values. These always apply, and are combined with one user-specified # profile defined further below, e.g. 'demo' or 'p4c'. #------------------------------------------------------------------------------ always|auth.id|null|Set|Required|any|https://portal.perforce.com/s/article/11958 always|rpl.forward.login|1|Exact|Required|any|https://portal.perforce.com/s/article/11958 always|run.users.authorize|1|Exact|Required|any|None always|dm.user.hideinvalid|1|Exact|Required|any|None always|dm.user.setinitialpasswd|0|Exact|Required|any|None always|dm.user.resetpassword|1|Exact|Required|None always|server|3|AtLeast|Recommended|any|None always|server.depot.root|/p4/__SDP_INSTANCE__/depots|Exact|Required|any|https://help.perforce.com/helix-core/server-apps/cmdref/current/Content/CmdRef/configurables.alphabetical.html#server.depot.root always|journalPrefix|/p4/__SDP_INSTANCE__/checkpoints/__P4SERVER__|Exact|Required|any|https://workshop.perforce.com/view/p4-sdp/main/doc/SDP_Guide.Unix.html#_the_journalprefix_standard always|dm.info.hide|1|Exact|Required|any|None always|monitor|1|AtLeast|Required|any|https://help.perforce.com/helix-core/server-apps/cmdref/current/Content/CmdRef/configurables.alphabetical.html#monitor always|monitor.lsof|sudo /usr/bin/lsof -F pln|Exact|Recommended|any|https://help.perforce.com/helix-core/server-apps/cmdref/current/Content/CmdRef/configurables.alphabetical.html#monitor.lsof always|net.tcpsize|null|Unset|Required|any|https://portal.perforce.com/s/article/15368 always|net.autotune|null|Unset|Required|any|https://portal.perforce.com/s/article/15368 always|db.monitor.shared|4096|AtLeast|Required|any|https://help.perforce.com/helix-core/server-apps/cmdref/current/Content/CmdRef/configurables.alphabetical.html#monitor always|net.backlog|2048|AtLeast|Required|any|None always|lbr.bufsize|1M|AtLeast|Required|any|None always|filesys.bufsize|1M|AtLeast|Required|any|None always|server.commandlimits|2|Exact|Required|any|None always|rpl.checksum.auto|1|Exact|Required|any|None always|rpl.checksum.change|2|Exact|Required|any|None always|rpl.checksum.table|1|Exact|Required|any|None always|rpl.compress|4|Exact|Recommended|any|None always|dm.user.loginattempts|7|NoMoreThan|Required|any|None always|server.start.unlicensed|1|Exact|Recommended|any|https://help.perforce.com/helix-core/server-apps/cmdref/current/Content/CmdRef/configurables.alphabetical.html#server.start.unlicensed always|rejectList|P4EXP,version=2014.2|Contains|Recommended|any|None always|rt.monitorfile|monfile.mem|Exact|Recommended|any|None always|server.global.client.views|1|Exact|Recommended|any|None always|server.locks.global|1|Exact|Recommended|any|None always|server.rolechecks|1|Exact|Required|any|https://help.perforce.com/helix-core/server-apps/cmdref/current/Content/CmdRef/configurables.alphabetical.html#server.rolechecks always|proxy.monitor.level|3|AtLeast|Recommended|any|None always|submit.noretransfer|1|Exact|Optional|any|None # Best Practices for P4 Code Review always|dm.shelve.promote|1|Exact|Recommended|any|None always|dm.keys.hide|2|Exact|Recommended|any|None always|filetype.bypasslock|1|Exact|Recommended|any|None # Extensions DISABLED|server.extensions.dir|__LOGS__/p4-extensions|Exact|Recommended|any|If extensions are used, changing this requires a restart of p4d service on all server machines in your fleet. If extenions are not yet used, this can safely be set. # Enable Partition Clients always|client.readonly.dir|client.readonly.dir|Set|Recommended|any|None always|client.sendq.dir|client.readonly.dir|Set|Recommended|any|None # Structured Logging. always|serverlog.file.3|__LOGS__/errors.csv|Exact|Recommended|any|None always|serverlog.retain.3|__KEEPLOGS__|AtLeast|Recommended|any|None always|serverlog.file.7|__LOGS__/events.csv|Exact|Recommended|any|None always|serverlog.retain.7|__KEEPLOGS__|AtLeast|Recommended|any|None always|serverlog.file.8|__LOGS__/integrity.csv|Exact|Recommended|any|None always|serverlog.retain.8|__KEEPLOGS__|AtLeast|Recommended|any|None always|serverlog.file.11|__LOGS__/triggers.csv|Exact|Recommended|any|None always|serverlog.retain.11|__KEEPLOGS__|AtLeast|Recommended|any|None # Net Keep alive Settings. always|net.keepalive.count|9|AtLeast|Recommended|any|None always|net.keepalive.disable|0|Exact|Recommended|any|None always|net.keepalive.idle|180|Set|Recommended|any|None always|net.keepalive.interval|15|AtLeast|Recommended|any|None always|lbr.autocompress|1|Exact|Required|any|None always|db.reorg.disable|1|Exact|Recommended|any|None # Performance Tracking as required by P4Promtheus. always|track|1|Exact|Recommended|any|None #------------------------------------------------------------------------------ # Demo Profile Settings #------------------------------------------------------------------------------ demo|security|4|Exact|Required|any|Standard demo|filesys.P4ROOT.min|5M|AtLeast|Recommended|any|Ensure sufficient disk space is available on metadata volume. demo|filesys.depot.min|5M|AtLeast|Recommended|any|Ensure sufficient disk space is available on depots volume. demo|filesys.P4JOURNAL.min|5M|AtLeast|Recommended|any|Ensure sufficient disk space is available on logs volume. demo|server.maxcommands|2500|AtLeast|Required|any|None demo|net.parallel.max|10|AtLeast|Recommended|any|None demo|net.parallel.threads|4|AtLeast|Recommended|any|None demo|net.parallel.sync.svrthreads|300|NoMoreThan|Recommended|any|None # P4 Cloud p4c|security|4|Exact|Required|any|Standard p4c|dm.user.noautocreate|2|Exact|Recommended|any|None p4c|filesys.P4ROOT.min|5M|AtLeast|Recommended|any|Ensure sufficient disk space is available on metadata volume. p4c|filesys.depot.min|5M|AtLeast|Recommended|any|Ensure sufficient disk space is available on depots volume. p4c|filesys.P4JOURNAL.min|5M|AtLeast|Exact|Recommended|any|Ensure sufficient disk space is available on logs volume. p4c|server.maxcommands|1000|AtLeast|Required|any|None p4c|net.parallel.max|4|AtLeast|Recommended|any|None p4c|net.parallel.threads|4|AtLeast|Recommended|any|None p4c|net.parallel.sync.svrthreads|300|NoMoreThan|Recommended|any|None # Profile Settings for Commercial Production prod|security|4|AtLeast|Required|any|Standard prod|filesys.P4ROOT.min|5G|AtLeast|Recommended|any|Ensure sufficient disk space is available on metadata volume. prod|filesys.depot.min|5G|AtLeast|Recommended|any|Ensure sufficient disk space is available on depots volume. prod|filesys.P4JOURNAL.min|5G|AtLeast|Recommended|any|Ensure sufficient disk space is available on logs volume. prod|dm.user.noautocreate|2|Exact|Recommended|any|None prod|server.maxcommands|2500|AtLeast|Required|any|None prod|net.parallel.max|10|AtLeast|Recommended|any|None prod|net.parallel.threads|4|AtLeast|Recommended|any|None prod|net.parallel.sync.svrthreads|3000|NoMoreThan|Recommended|any|None # Profile Settings for Commercial Production at Enterprise Scale prodent|security|4|AtLeast|Required|any|Standard prodent|filesys.P4ROOT.min|30G|AtLeast|Recommended|any|Ensure sufficient disk space is available on metadata volume. prodent|filesys.depot.min|500G|AtLeast|Recommended|any|Ensure sufficient disk space is available on depots volume. prodent|filesys.P4JOURNAL.min|30G|AtLeast|Recommended|any|Ensure sufficient disk space is available on logs volume. prodent|dm.user.noautocreate|2|Exact|Recommended|any|None prodent|server.maxcommands|5000|AtLeast|Required|any|None prodent|net.parallel.max|10|AtLeast|Recommended|any|None prodent|net.parallel.threads|4|AtLeast|Recommended|any|None prodent|net.parallel.sync.svrthreads|3500|NoMoreThan|Recommended|any|None # Public Server Profile Settings pub|security|0|Exact|Required|any|Standard pub|filesys.P4ROOT.min|1G|AtLeast|Recommended|any|Ensure sufficient disk space is available on metadata volume. pub|filesys.depot.min|1G|AtLeast|Recommended|any|Ensure sufficient disk space is available on depots volume. pub|filesys.P4JOURNAL.min|1G|AtLeast|Recommended|any|Ensure sufficient disk space is available on logs volume. pub|server.maxcommands|2500|AtLeast|Required|any|None pub|net.parallel.max|10|AtLeast|Recommended|any|None pub|net.parallel.threads|4|AtLeast|Recommended|any|None pub|net.parallel.sync.svrthreads|400|NoMoreThan|Recommended|any|None #------------------------------------------------------------------------------ # Overview # # This data file, intended for use with the ccheck.sh script, defines best # practices for various configurables for a P4 Server. The best practices are # categorized by profiles of P4 Servers. For example, the 'pub' profile is for # a public server, which would be expected to have security=0. The 'prod' # profile for a commercial production server would be expected to have security # set to at least 4. #------------------------------------------------------------------------------ # Profile # # Each configurable and expected value is associated with a profile: # * always - This is a special profile that always applies; other profiles # specified will add to or override values defined in this profile. # # * prod - For commercial production P4 Servers (closed source, secure) # This is the default profile. This is for production usage at small # small-to-medium scale. # # * prodent - Production at large enterprise scale. # # * demo - For demo and evaluation servers, with no security needs. # # * open - For public/open source servers, with open read access (security=0). #------------------------------------------------------------------------------ # ExpectedValue: # # The expected value of the configurable. (See also: CompareStyle) # Expected values can have substitutions. Values to be substituted use a # double-underscore as a prefix and suffix, e.g. __SDP_INSTANCE__ will be # substituted with the SDP Instance Name. The following substitutions are # done: # # __SDP_INSTANCE__ SDP Instance name, e.g. '1'. # __P4ROOT__ Server root, e.g. /p4/N/root. # __P4SERVER__ SDP Instance name, e.g. 'p4_1'. # __KEEPLOGS__ KEEPLOGS setting defined in SDP shell env. # __LOGS__ Logs dir, e.g. '/p4/1/logs'. #------------------------------------------------------------------------------ # CompareStyle: # # This determines how actual and expected Value are matched. # * Exact - Actual value matches expected exactly, numeric or string. # * Set - Actual value is set to anything, just not null/unset. # * Unset - Value must not be explicitly set with 'p4 configure'. # There may be a default value for the current p4d version. # * AtLeast - Actual is as big or bigger than expected. This is a # numeric comparison. The value must be an integer or a size # e.g. 20K, 4G (ending in B, K, M, G, T, P, or E). # * NoMoreThan - Actual is as no more than expected; opposite of AtLeast. # * Contains - Actual value contains the expected value (string compare). # #------------------------------------------------------------------------------ # Optionality: # # This indicates whether the given setting is required, recommended. Values # are: # # Required - If the value is not set to the expected value, validations fail. # The summary grade is reported as FAIL. # # Recommended - If the value is not set to the expected value, validations # succeed with a warning. The summary grade is reduced to B. # # Optional - The value has a suggested value, but validations against the # suggested value do not affect grading. This is used to highlight certain # configurables that warrant consideration but for which there may not be # a broadly accepted best practice. #------------------------------------------------------------------------------ # ServerIDType # # This can be one of: # # * any - For the global default 'any' config. # * commit - Setting for the singular ServerID of the commit server, as defined # by the P4MASTER_ID setting. # * replica - For a non-standby replica # * standby - For a standby/journalcopy replica # * edge - For an edge server #------------------------------------------------------------------------------ # SetNotes: # # This column contains a reference to info to be displayed if it is determined # that the configurable needs to be changed. For example, setting auth.id will # invalidate all tickets, and thus requires planning to roll out # non-disruptively in an enterprise environment. # # This has the value None for configurables that can safely be set in real-time # without further contemplation. For settings that require a planning and # possibly maintenance windows, e.g. due to a service restart and/or require # awareness of impact to users to change, this field contains a link to a # URL with details, or a line of text to be displayed literally. This is used # for configurables like auth.id, security, and rpl.forward.login that have # details to be aware of when changing them. #------------------------------------------------------------------------------ # Security Focused Checks: # If ccheck.sh is run with '-sec', it tries to use 'p4 configure help' to # ask p4d which configurables are security-related. If the p4d version being # checked is too old to have implemented the 'p4 configure help' command, # then the following entries are scanned from this config file to provide # a list of security-related configurables. DO NOT REMOVE THE FOLLWOING # COMMENTS. #SEC:auth.id|Security #SEC:dm.info.hide|Security #SEC:dm.keys.hide|Security #SEC:dm.user.hideinvalid|Security #SEC:dm.user.loginattempts|Security #SEC:dm.user.noautocreate|Security #SEC:dm.user.resetpassword|Security #SEC:dm.user.setinitialpasswd|Security #SEC:rejectList|Security #SEC:rpl.forward.login|Security #SEC:run.users.authorize|Security #SEC:security|Security #SEC:server.rolechecks|Security
| # | Change | User | Description | Committed | |
|---|---|---|---|---|---|
| #4 | 31723 | C. Thomas Tyler | Merge Down dev -> dev_rebrand. | ||
| #3 | 31689 | C. Thomas Tyler | Merge Down in //p4-sdp dev -> dev_rebrand. | ||
| #2 | 31615 | C. Thomas Tyler |
First pass at rebranding changes, including: * Changes to remove 'swarm.' from Workshop URLS, so swarm.workshop -> workshop. * Changed URL for Copyright. * Renamed get_helix_binaries.sh -> get_p4_binaries.sh, with associated directory and doc changes. * Accounted for rename of HAS -> P4AS. * Changed HMS references to P4MS. * Replaced "Helix" and "Helix Core" references. * Renamed variables to reduce tech debt buildup induced by rebranding. * Changed default mount points: /hxdepots[-1,N] -> /p4depots[-1,N] /hxmetadata[1,2] -> /p4db[-1,2] /hxlogs -> /p4logs Also made some changes related to rebranding going out with r25.1. |
||
| #1 | 31591 | C. Thomas Tyler | Populate stream //p4-sdp/dev_rebrand from //p4-sdp/dev. | ||
| //p4-sdp/dev/Server/Unix/p4/common/config/configurables.cfg | |||||
| #2 | 31574 | C. Thomas Tyler |
Merged SDP 2024.2 Patch 4 from Classic to Streams. p4 merge -b SDP_Classic_to_Streams |
||
| #1 | 31397 | C. Thomas Tyler | Populate -b SDP_Classic_to_Streams -s //guest/perforce_software/sdp/...@31368. | ||
| //guest/perforce_software/sdp/dev/Server/Unix/p4/common/config/configurables.cfg | |||||
| #12 | 31350 | C. Thomas Tyler |
Refine cchech.sh and config file to allow specification of 'Unset' to be required, in which case we pass the check if the value is unset regardless of the default value. We already allow checking the default value and consider it to comply if the default value matches expected. This new change will support some values being defined as required to be unset. Add examples and descriptive text in configurables.cfg. Fix ShellCheck compliance issues. Changed '-v' so required values having expected values show as GREAT rather than GOOD. Recommended values having expected values still show as GOOD. For values *not* matching expectations, required values show as BAD, while recommended values now show as WARN. The word FAIL is now used only in the summary, and appears only if there are any BAD indications (required values not matching) or else any system errors checking configurables. #review-31351 |
||
| #11 | 31136 | C. Thomas Tyler |
Added content to cover scenario where P4JOURNAL is set in db.config. This addresses SDP-737 (Doc): In SDP Legacy Upgrade Guide, advise p4d -cunset P4JOURNAL if needed. Also updated URL for list of configurables due to change in Perforce web site layout, with docs moved from somewhere under www.perforce.com to somewhere under help.perforce.com. For example: Old URL for configurables: https://www.perforce.com/manuals/cmdref/Content/CmdRef/configurables.alphabetical.html New URL for configurables: https://help.perforce.com/helix-core/server-apps/cmdref/current/Content/CmdRef/configurables.alphabetical.html |
||
| #10 | 30610 | C. Thomas Tyler |
New best practice configurable: Set rt.monitorfile. #review-30611 |
||
| #9 | 30500 | C. Thomas Tyler |
New best practice configurable: dm.user.hideinvalid=1 #review-30501 |
||
| #8 | 30443 | C. Thomas Tyler | Corrected guidance for net.autotune; it should be unset. | ||
| #7 | 30283 | C. Thomas Tyler |
New best practice: Set submit.noretransfer=1. #review-30284 |
||
| #6 | 30254 | C. Thomas Tyler |
ccheck.sh: Completed doc and code changes to establish 'prod' as the default profile. Now use '-p none' to use only the default profile. |
||
| #5 | 30035 | C. Thomas Tyler | Corrected configurable name. | ||
| #4 | 30034 | C. Thomas Tyler | Adjusted net.keepalive.interval valie. | ||
| #3 | 30019 | C. Thomas Tyler |
Added net.keepalive settings to best practices. #review @robert_cowham @mwittenberg |
||
| #2 | 30016 | C. Thomas Tyler | Refined configurables. | ||
| #1 | 29994 | C. Thomas Tyler |
Added ccheck.sh script to compare configurables current vs. best practices, and corresponding configurbles data file. #review-29995 |
||