piserver.yml configuration file
This page outlines the settings available in the IPLM Server configuration file /etc/mdx/piserver.yml.
For log rotation, see IPLM Server logging.
Common section
| Setting | Default | Description |
|---|---|---|
maxQueuedRequests |
1024 |
The maximum number of requests to queue before blocking the acceptors |
idleThreadTimeout |
1 minute |
The amount of time a worker thread can be idle before being stopped |
shutdownGracePeriod |
30 seconds |
The maximum time to wait for the server to cleanly shutdown before forcibly terminating it |
gzip sub section
| Setting | Default | Description |
|---|---|---|
enabled |
true |
If true: - requests with 'gzip' in the 'Accept-Encoding' header will have their response entities compressed - requests with 'gzip' in the 'Content-Encoding' header will have their request entities decompressed |
minimumEntitySize |
256 bytes |
Response entities under this size are not compressed |
bufferSize |
8 KiB |
The size of the buffer to use when compressing |
Application section
| Setting | Default | Description |
|---|---|---|
minThreads |
8 |
The minimum number of threads to keep alive in the thread pool |
maxThreads |
1024 |
The maximum number of threads the thread pool is allowed to grow |
ApplicationConnectors section
| Setting | Default | Description |
|---|---|---|
bindHost |
HOST |
The hostname to bind to |
idleTimeout
|
30 seconds | The maximum idle time for a connection. If the client does not send any data to the server after this period of time, the server will close its socket on its end of the connection, possibly causing a broken pipe error on the client if the client later writes to its socket. |
port |
8080 |
The TCP/IP port on which to listen for incoming connections |
acceptorThreads |
100 |
The number of worker threads dedicated to accepting connections. Can make this bigger if its ok to have queries in the wait queue, as per SLA. |
selectorThreads |
100 |
The number of worker threads dedicated to sending and receiving data. Should be tuned using traditional web-server tuning methods (make sure there is no wait queue overflow with all cores busy, increase wait queue until it breaks the SLA, then add hardware) |
Neo4j credentials section
| Setting | Default | Description |
|---|---|---|
databaseName |
None |
Specify a database name to minimize performance overhead. If no database is provided, the database driver has to send an extra request to the server to figure out what the default database is. |
httpClient section
| Setting | Default | Description |
|---|---|---|
maxconnections |
1024 | The maximum number of concurrent open connections. |
maxConnectionsPerRoute |
1024 | The maximum number of concurrent open connections per route. |
timeout |
500 ms |
The maximum idle time for a connection, once established. Recommended value: 10 minutes |
connectionTimeout |
500 ms |
The maximum time to wait for a connection to open. Recommended value: 2 seconds |
connectionRequestTimeout |
500 ms |
The maximum time to wait for a connection to be returned from the connection pool. Recommended value: 2 seconds |
timeToLive |
1 hour | The maximum time a pooled connection can stay idle (not leased to any thread) before it is shut down. |
keepAlive |
0 ms | The maximum time a connection will be kept alive before it is reconnected. If set to 0, connections will be immediately closed after every request/response. |
validateAfterInactivityPeriod |
0 ms | The maximum time before a persistent connection is checked to remain active. If set to 0, no inactivity check will be performed. |
retries |
0 | The number of times to retry failed requests. |
userAgent |
AGENT | The 'User-Agent' header to send with requests. |
gzipEnabled |
true | If true: adds an 'Accept-Encoding: gzip' header to all requests enables automatic gzip decoding of responses |
gzipEnabledForRequests |
true | If true: adds a 'Content-Encoding: gzip' header to all requests enables automatic gzip encoding of requests |
chunkedEncodingEnabled |
true | Enables the use of chunked encoding for requests |
Security section
| Setting | Default | Description |
|---|---|---|
accessTokenExpirationTime |
0 |
Time an access token can be idle before it is invalidated. If set to 0, access tokens never expire. You must change the Perforce IPLM
accessTokenExpirationTime attribute from the default setting to a setting that meets the requirements of the installing organization. The default may not be in compliance with some industry standards or best practices. |
geofencing |
false |
As a server administrator, you can globally enable or disable the enforcement of geofencing at run time. Set to true if you want geofencing enabled. When enabled, allowed/restricted geographic locations (geos) will be included when considering user permissions. |
logUsername |
false |
The logging option controls if user names are included in logging output or not. Default is false, which means that the user names will be obscured from log events. Where possible, a user ID will be displayed instead. Otherwise, “…” will be shown in place of the user name. |
passwordValidationPattern |
none |
Set the password policy via a regular expression. Define the minimum length of the password and the minimum number of types of characters (special, upper and lower case letters, numbers). The pattern must be included within single quotes as shown in the example. Double quotes can be used but any backslashes need an additional backslash added (\\d instead of \d). Patterns are interpreted by Example: passwordValidationPattern: '^(?=.*[\d])(?=.*[!@#$%^&*])[\w!@#$%^&*]{12,32}$' |
passwordValidationDescription |
none |
Enter a description that describes the password policy to the user. Example: passwordValidationDescription: Must contain upper and lower case, digits and special characters, between 12 and 32 characters long. |
External security subsection
| Setting | Default | Description |
|---|---|---|
script |
SCRIPT |
External authentication script |
scriptTimeout |
10 seconds | External authentication script timeout |
External synchronization subsection
| Setting | Default | Description |
|---|---|---|
script |
SCRIPT |
External synchronization script |
scriptTimeout |
10 seconds | External synchronization script timeout |
Helix authentication service
| Setting | Default | Description |
|---|---|---|
name |
none | Assign a name. IPLM Web provides this name when calling the server API. |
statusUrl |
none |
The URL the server calls to check the authentication status of the user. IPLM Web provides a IPLM Web provides a requestId to the server when logging in via SSO. This requestId is used in a URL to call HAS as follows: <statusUrl>/requests/status/<requestId> |
executionTimeout
|
none | The time the server will wait before canceling the status call and reporting that the log in failed. |
userIdentifier
|
nameID | The name of the element checked for in the JSON response from the Perforce Authentication Service status call to match on a user in IPLM. |
Redis section
| Setting | Default | Description |
|---|---|---|
hosts |
"demo2:6379" |
Redis hosts. |
sentinelMaster |
MASTER |
Redis Sentinel master. |
timeout |
2 seconds |
Redis timeout. |
Prometheus metrics section
| Setting | Default | Description |
|---|---|---|
enabled |
false |
Whether or not to enable the Prometheus exporter server |
port |
2002 |
Port of the Prometheus exporter server |
Validation section
| Setting | Type | Description | Default value |
|---|---|---|---|
| mdx.repo_path_validation_enabled | boolean |
If true, repo paths must not overlap across all the IPs Example: /workspaces/abc and /workspaces/abc/xyz cannot both exist |
true |
| mdx.hook_script | string |
Absolute path to the server hook script The server hook script will be executed before some operations. It is useful to implement custom validation rules. Example: /methodicsiplm/bin/server-hook.sh |
n/a |
| mdx.hook_execution_timeout | integer |
Server hook execution timeout (in ms, must be >= 0) If executing the server hook script takes longer than this time, it is aborted and the operation fails. |
5000 |
| mdx.hook_lock_wait_timeout | integer |
Server hook lock wait timeout (in ms, must be >= 0) At most one instance of the server hook script is executed for any given object (Library, IP, etc.). |
3000 |
API section
| Setting | Type | Description | Default value |
|---|---|---|---|
| mdx.pagination_cli_page_size | integer |
Page size used by the CLI (0 means unlimited, must be >= 0) Set to a value greater than 1000. |
5000 |
| mdx.pagination_cli_concurrent_requests | integer |
Number of concurrent requests for pages made by the CLI (must be > 0) Set to the number of slave servers in the Neo4j cluster. |
5 |
Janitor section
| Setting | Type | Description | Default value |
|---|---|---|---|
| mdx.janitor_initial_delay | integer |
Delay before the first execution of the janitor (in seconds, must be >= 0) This delay helps prevent the janitor from running during the initial startup of Neo4j. |
60 |
| mdx.janitor_period | integer | Time between executions of the janitor (in seconds, must be > 0) | 24h |
| mdx.file_list_compressor_threads | integer |
Number of threads used for background file list compression (must be >= 0) It is recommended to set this setting to the number of cores of the server. |
1 |
| mdx.file_list_compressor_batch_size | integer |
Maximum number of uncompressed file lists scheduled for compression during one janitor execution (must be > 0) The janitor compresses file lists in batches. |
50000 |
IPLM Server logging levels
The logging output becomes more verbose with each option.
-
WARN logs warning messages.
-
INFO logs info messages.
-
DEBUG logs messages helpful for debugging.
piserver.yml example
# --------------------------------------------------
# Pi Server configuration
# --------------------------------------------------
# --------------------------------------------------
# IMPORTANT:
# This file was migrated from a legacy configuration file
# This notice should be removed when this file is modified manually
# --------------------------------------------------
# --------------------------------------------------
# Server
# --------------------------------------------------
server:
# --------------------------------------------------
# Common
# --------------------------------------------------
# The maximum number of requests to queue before blocking the acceptors
maxQueuedRequests: 1024
# The amount of time a worker thread can be idle before being stopped
idleThreadTimeout: 1 minute
# The maximum time to wait for the server to cleanly shutdown before forcibly terminating it
shutdownGracePeriod: 30 seconds
gzip:
# If true:
# - requests with 'gzip' in the 'Accept-Encoding' header will have their response entities compressed
# - requests with 'gzip' in the 'Content-Encoding' header will have their request entities decompressed
enabled: true
# Response entities under this size are not compressed
minimumEntitySize: 256 bytes
# The size of the buffer to use when compressing
bufferSize: 8 KiB
# --------------------------------------------------
# Application
# --------------------------------------------------
# The minimum number of threads to keep alive in the thread pool
minThreads: 8
# The maximum number of threads the thread pool is allowed to grow
maxThreads: 1024
applicationConnectors:
- type: http
# The hostname to bind to
#bindHost: HOST
# The TCP/IP port on which to listen for incoming connections
port: 8080
# The number of worker threads dedicated to accepting connections
#acceptorThreads: N
# The number of worker threads dedicated to sending and receiving data
#selectorThreads: N
# The size of the TCP/IP accept queue for the listening socket
#acceptQueueSize: N
# The size of the header field cache
#headerCacheSize: 512 bytes
# The size of the buffer into which response content is aggregated before being sent to the client
#outputBufferSize: 32 KiB
# The maximum size of a request header
#maxRequestHeaderSize: 8 KiB
# The maximum size of a response header
#maxResponseHeaderSize: 8 KiB
# The size of the per-connection input buffer
#inputBufferSize: 8 KiB
# The maximum idle time for a connection
#idleTimeout: 30 seconds
# The minimum size of the buffer pool
#minBufferPoolSize: 64 bytes
# The maximum size of the buffer pool
#maxBufferPoolSize: 64 KiB
# The increment by which the buffer pool should be increased
#bufferPoolIncrement: 1 KiB
# Whether or not SO_REUSEADDR is enabled on the listening socket
#reuseAddress: true
# Whether or not to add the 'Server' header to each response
#useServerHeader: false
# Whether or not to add the 'Date' header to each response
#useDateHeader: true
# --------------------------------------------------
# Admin
# --------------------------------------------------
adminMinThreads: 1
adminMaxThreads: 64
adminConnectors:
- type: http
port: 8081
# --------------------------------------------------
# Neo4j
# --------------------------------------------------
neo4j:
# URI of the Neo4j server/proxy
uri: "http://localhost:7474/pi" # Neo4j credentials
#username: USERNAME
#password: PASSWORD
httpClient:
# The maximum number of concurrent open connections
#maxConnections: 1024
# The maximum number of concurrent open connections per route
#maxConnectionsPerRoute: 1024
# The maximum idle time for a connection, once established
#timeout: 500 ms
# The maximum time to wait for a connection to open
#connectionTimeout: 500 ms
# The maximum time to wait for a connection to be returned from the connection pool
#connectionRequestTimeout: 500 ms
# The maximum time a pooled connection can stay idle (not leased to any thread) before it is shut down
#timeToLive: 1 hour
# The maximum time a connection will be kept alive before it is reconnected
# If set to 0, connections will be immediately closed after every request/response
#keepAlive: 0 ms
# The maximum time before a persistent connection is checked to remain active
# If set to 0, no inactivity check will be performed
#validateAfterInactivityPeriod: 0 ms
# The number of times to retry failed requests
#retries: 0
# The 'User-Agent' header to send with requests
#userAgent: AGENT
# If true:
# - adds an 'Accept-Encoding: gzip' header to all requests
# - enables automatic gzip decoding of responses
#gzipEnabled: true
# If true:
# - adds a 'Content-Encoding: gzip' header to all requests
# - enables automatic gzip encoding of requests
#gzipEnabledForRequests: true
# Enables the use of chunked encoding for requests
#chunkedEncodingEnabled: true
# --------------------------------------------------
# Security
# --------------------------------------------------
security:
# Time an access token can be idle before it is invalidated
# If set to 0, access tokens never expire
accessTokenExpirationTime: 0 seconds
externalSecurity:
# External authentication script
#script: SCRIPT
# External authentication script timeout
scriptTimeout: 10 seconds
externalSync:
# External synchronization script
#script: SCRIPT
# External synchronization script timeout
scriptTimeout: 30 seconds
helixAuthenticationService:
# name: myName
# statusUrl: https://authen.doc
# executionTimeout: 30 seconds
# userIdentifier: nameID
# --------------------------------------------------
# Redis (events)
# --------------------------------------------------
redis:
# Redis hosts
hosts: "demo2:6379" # Redis Sentinel master
#sentinelMaster: MASTER
# Redis timeout
timeout: 2 seconds
# --------------------------------------------------
# Prometheus metrics
# --------------------------------------------------
prometheus:
# Whether or not to enable the Prometheus exporter server
enabled: true
# Port of the Prometheus exporter server
port: 2002
# --------------------------------------------------
# Access log
# --------------------------------------------------
accessLogFile: "/var/log/mdx-piserver/piserver-access.log"
# --------------------------------------------------
# Logging
# --------------------------------------------------
logging:
level: INFO
appenders:
- type: file
currentLogFilename: /var/log/mdx-piserver/piserver.log
archive: true
archivedLogFilenamePattern: /var/log/mdx-piserver/piserver-%d.log
archivedFileCount: 5
# ------------------------------------------------------------------------------
# Validation
# ------------------------------------------------------------------------------
#validation:
# If true, the P4 repo paths of IPVs on different lines must not overlap (if they have the same host)
#checkP4RepoPathOverlap: true
# ------------------------------------------------------------------------------
# Hook
# ------------------------------------------------------------------------------
#hook:
# The absolute location of the hook file (must be executable)
#file: FILE
# The charset used by the input of the hook
#inputCharset: UTF-8
# The charset used by the output of the hook
#outputCharset: UTF-8
# The hook execution timeout
#executionTimeout: 5 seconds
# The hook lock acquisition timeout
#lockAcquisitionTimeout: 3 seconds
# ------------------------------------------------------------------------------
# API
# ------------------------------------------------------------------------------
#api:
#publicPaginationPageSize: 10000
#cliPaginationPageSize: 10000
#cliPaginationConcurrentRequests: 5
#prettyJson: true
# ------------------------------------------------------------------------------
# Janitor
# ------------------------------------------------------------------------------
#janitor:
#initialDelay: 60
#fileListCompressorThreads: 1 - NO LONGER NEEDED
#fileListCompressorBatchSize: 50000 - NO LONGER NEEDED
#fileListCompressionPeriod: 3600 seconds - NO LONGER NEEDED
#licensingCheckPeriod: 20 seconds
# ------------------------------------------------------------------------------
# neo4jdriver
# ------------------------------------------------------------------------------
#neo4jdriver
#maxTransactionRetryTime: 30 seconds