P4 DAM configuration
The P4 DAM configuration settings are in the /var/opt/hth/shared/hth.json configuration file. It includes settings manipulated through the P4 DAM admin UI. This configuration file is also part of P4 DAM Backups, if enabled.
Every time P4 DAM is reconfigured, the configuration file is read and the configuration is applied to all P4 DAM services. Some configuration flags dictate what mode of deployment P4 DAM is running, where others simply override default P4 DAM settings.
Format
The configuration file is formatted as JSON. It is important to keep the correct format of the file, otherwise the P4 DAM reconfiguration won't work. JSONLint is a trusted open-source JSON linter option to help verify the syntax of the JSON contents.
To see the current configuration applied to the server, run the following command:
sudo hth-ctl show-config
Overriding defaults
P4 DAM comes with many sensible defaults for both service and application behavior. If the default configuration needs to be adjusted, use the dictionary provided below as a reference.
Each configuration flag has a section, for example app and nginx. These sections separate settings into logical categories. To use the dictionary, simply merge the section to the existing configuration file at /var/opt/hth/shared/hth.json with a required key and value.
Whenever changing any of the configurations, pay attention to the type of the key and where available refer to the linked documentation. Also, remember that configuration is not applied until the sudo hth-ctl reconfigure command has been run.
Section: app
Instance and general application-related settings.
| Key | Type | Default | Description |
|---|---|---|---|
backups_email
|
String | email |
Allows overriding receiver of backup related emails. |
default_company
|
String | Default company short name to use with login | |
email
|
String | support@FQDN
|
Email of the sender of all outgoing emails and links to Support team |
hostname
|
String | FQDN
|
P4 DAM application hostname |
http_proxy
|
String | Defines HTTP proxy to use with external services like hooks. Provide absolute url including possible credentials: http://user:password@proxy.com:8008. |
|
is_cluster
|
Boolean | false
|
Defines whether P4 DAM runs in Enterprise mode |
| is_https | Boolean | false
|
Defines whether P4 DAM generates URLs with https or http. |
is_ssl
|
Boolean | false
|
Defines whether P4 DAM services are running with SSL/TLS using certificates on the server instance (true) or offloaded to a load balancer (false). |
notifications_email
|
String | email |
Allows overriding sender of notification related emails. |
registrations_email
|
String | email |
Allows overriding sender of registration related emails. |
Section: audit
P4 DAM audit logging-related settings.
| Key | Type | Default | Description |
|---|---|---|---|
logrotate_frequency
|
String | daily
|
Frequency of logrotate rotation |
logrotate_rotate
|
Integer | 90
|
Number of logrotate files to keep |
logrotate_size
|
Integer | Size of logrotate rotation. Does not rotate by size by default. |
Section: backend
P4 DAM backend (APIs, P4 DAM admin UI) application-related settings.
| Key | Type | Default | Description |
|---|---|---|---|
auth_method
|
String | helix
|
Defines P4 DAM Authentication type. |
backup_s3
|
Boolean | false
|
Defines whether asset backups need to be taken offline to Amazon S3. Requires backups section configuration. |
backups
|
Boolean | false
|
Defines whether P4 DAM asset backups are enabled |
| command_timeout | Integer | 60 | Timeout for command execution, in seconds |
| company_disk_usage_calculator_queue_size | Integer | 1 | Number of workers performing company disk usage calculation jobs |
db_host
|
String | localhost
|
MongoDB hostname for Enterprise setup |
db_password
|
String | MongoDB password | |
db_pool_size
|
Integer | 10
|
MongoDB connection pool size |
db_port
|
Integer | 4002
|
MongoDB port |
db_username
|
String | MongoDB username | |
| events_queue_size | Integer | 2 | Number of workers performing event jobs |
failed_login_interval
|
Integer | 2
|
Minimum time between failed login attempts |
failed_login_limit
|
Integer | 6
|
Limit of failed login attempts in specified time frame |
failed_login_period
|
Integer | 60
|
Time frame for failed_login_limit |
| hooks_queue_size | Integer | 2 | Number of workers performing repository event jobs |
| index_queue_size | Integer | 1 | Number of workers performing code search indexing jobs |
license_expire_notify
|
String | 30,14,7,3
|
Defines the intervals (number of days) before license expiration to notify instance administrators through email |
| merge_queue_size | Integer | 2 | Number of workers performing merge jobs |
| merge_timeout | Integer | 120 | Timeout for code review merge, in seconds |
| multipart_file_limit | Integer | 128 | The maximum number of parts with a file name a request can contain. Accepting too many parts can lead to the server running out of file handles. Affects how many files can be uploaded at once. See multipart_file_limit. |
| multipart_total_part_limit | Integer | 4096 | The maximum total number of parts a request can contain of any type, including both file and non-file form fields. Affects how many files can be uploaded at once. See multipart_total_part_limit. |
| tag_files_limit | Integer | 10000 | The maximum total number of files that can be tagged and untagged at once. Setting this value too high can lead to the server out of file handles. |
password_expire_count
|
Integer | 0
|
Defines the number of previous passwords that cannot be used again. Value of 0 allows reusing previous passwords. |
password_expire_days
|
Integer | 0
|
Defines the maximum number of days a password can be used before it expires. Value of 0 means that passwords never expire. |
password_expire_notify
|
Integer | 7
|
Defines the number of days before password expiration to notify accounts |
password_validation_entropy
|
Integer | -1
|
The password_validation_entropy configuration flag defines the minimum password entropy level required related to the email, short_name, first_name, last_name field values using the Levenshtein algorithm.
|
password_validation_format
|
String | /(?=.*[[:upper:]])(?=.*[[:lower:]])(?=.*[[:digit:]]).*/
|
Defines the password format requirements for account password validation. By default, password validation requires a minimum of one uppercase letter, one lowercase letter, and one digit. To remove the requirement for a specific password validation format, set password_validation_format to |
password_validation_range
|
String | 8..100
|
Defines the minimum and maximum length for account password validation |
redis_host
|
String | localhost
|
Redis hostname for Enterprise setup |
redis_password
|
String | Redis password | |
redis_port
|
Integer | 6379
|
Redis port |
| repository_gc_queue_size | Integer | 1 | Number of workers performing garbage collection jobs |
|
search_engine |
String |
null |
Supported value:
|
Section: backups
Backups and restoration-related settings.
| Key | Type | Default | Description |
|---|---|---|---|
keep
|
Integer | 30
|
How many backups to keep before oldest backup gets removed (Archival method only) |
s3_access_key
|
String | Amazon S3 access key for offline backups | |
s3_bucket
|
String | Amazon S3 bucket name for offline backups | |
s3_key_id
|
String | Amazon S3 key ID for offline backups | |
s3_region
|
String | Amazon S3 region for offline backups |
Section: helix
P4 Server connection settings.
| Key | Type | Default | Description |
|---|---|---|---|
| charset | String | utf8 | Character set encoding on the P4 Server. For example, utf8or none. |
|
groups_exclude_regex |
String |
Names of groups to exclude from mirroring between P4 Server and P4 DAM, specified as a comma-delimited list of Ruby regular expressions. Example: ^swarm-group$ The specified groups do not appear in the P4 DAM UI. By default, P4 DAM ignores all groups starting with HTH- and all legacy Perforce product groups in P4 Server, such as P4 Code Review groups. |
|
|
groups_include_regex |
String |
Names of groups to include when mirroring between P4 Server and P4 DAM, specified as a comma-delimited list of Ruby regular expressions. Example: ^swarm-group$ The specified groups appear in the P4 DAM UI. |
|
| p4port | String | null | Hostname or IP address and port for the P4 Server, in the form of: host:port |
| password | String | null | Password or ticket for the P4 Server super user |
| sync_interval | String | */5 * * * * | Interval to sync with the P4 Server. Set in Cron format. Default is every 5 minutes. |
| timeout | Integer | 55 | P4 Server request timeout, in seconds |
| user | String | null | An existing P4 Server user with super level privileges. This user must have unlimited ticket timeout. |
|
users_exclude_regex |
String |
|
Names of users exclude from mirroring between P4 Server and P4 DAM, specified as a comma-delimited list of Ruby regular expressions. Example: ^(user1|user2)$ The specified users do not appear in the P4 DAM UI. |
|
users_from_groups_exclude_regex |
String |
Names of groups to exclude users from when mirroring between P4 Server and P4 DAM, specified as a comma-delimited list of Ruby regular expressions. Example: ^perforce-group$ The users from the specified groups do not appear in the P4 DAM UI. |
|
|
users_from_groups_include_regex |
String |
|
Names of groups to include users from when mirroring between P4 Server and P4 DAM, specified as a comma-delimited list of Ruby regular expressions. Example: ^perforce-group$ The users from the specified groups appear in the P4 DAM UI. |
|
users_include_regex |
String |
Names of users to include when mirroring between P4 Server and P4 DAM, specified as a comma-delimited list of Ruby regular expressions.Example: ^(user1|user2)$ The specified users appear in the P4 DAM UI. |
Section: logging
P4 DAM logging-related settings.
| Key | Type | Default | Description |
|---|---|---|---|
logrotate_frequency
|
String | daily
|
Frequency of logrotate rotation |
logrotate_rotate
|
Integer | 30
|
Number of logrotate files to keep |
logrotate_size
|
Integer | Size of logrotate rotation. Does not rotate by size by default. | |
svlogd_num
|
Integer | 30
|
Number of SV log files to keep |
svlogd_size
|
Integer | 209715200
|
The maximum size when SV rotation should happen (200MB) |
svlogd_timeout
|
Integer | 86400
|
Number of seconds when SV rotation should happen (24 hours) |
Section: mongodb
P4 DAM MongoDB database related settings, which are usually required for tools such as P4 DAM Backups accessing MongoDB database.
| Key | Type | Default | Description |
|---|---|---|---|
backup_s3
|
Boolean | false
|
Defines whether MongoDB backups need to be taken offline to Amazon S3. Requires backups section configuration. |
backups
|
Boolean | false
|
Defines whether P4 DAM MongoDB backups are enabled |
password
|
String | MongoDB password | |
port
|
Integer | 4002
|
MongoDB port |
username
|
String | MongoDB username |
Section: nginx
P4 DAM Nginx-related settings.
| Key | Type | Default | Description |
|---|---|---|---|
|
admin_allowed_ips |
Array |
[] |
Limit access to the administrator UI to specified IP addresses or CIDR (Classless Inter-Domain Routing). |
|
allowed_hosts |
Array |
[] |
Specify the hosts that can connect to P4 DAM, this mitigates host header injection attacks.
|
|
cors_allowed_domains |
String or an array of strings |
"*" |
Cross-Origin Resource Sharing (CORS) controls the external domains that can be used with P4 DAM.
|
|
csp_header |
String |
default-src 'self'; style-src 'self' 'unsafe-inline'; img-src * data: blob: |
Content-Security-Policy header. An empty value omits the header. To use the Content-Security-Policy header with the Safari browser, an additional connect-src policy directive is needed. For example, for the example.com domain:
|
|
enable_sslv3 |
Boolean |
false |
Whether SSLv3 should be enabled. See Poodle vulnerability. |
|
keepalive_timeout |
Integer |
65 |
Number of seconds for keep-alive connection |
|
max_body_size |
String | 4G | Maximum size of client request body |
| proxy_read_timeout |
Integer |
120 |
Number of seconds for reading a response from backend services |
|
proxy_send_timeout |
Integer |
120 |
Number of seconds for sending a request to backend services |
|
request_limit_burst |
Integer |
50 |
Number of requests a client can make over the rate specified in request_limit_rate |
|
request_limit_enable |
Boolean |
false |
Enable or disable request limiting. To learn more about rate limiting, see Rate Limiting with NGINX. |
|
request_limit_nodelay |
Boolean |
true |
Indicates whether to space out forwarding of queued requests |
|
request_limit_rate |
Integer |
20 |
Maximum number of requests to perform per second |
|
request_limit_whitelist |
Array |
[] |
List of IP addresses to exclude from rate limiting |
|
server_names |
String |
_ |
Server names nginx listens on |
|
ssl_ciphers |
String |
See default nginx ciphers below [1] |
Specifies enabled ciphers in the format understood by the OpenSSL library |
|
ssl_protocols |
String |
TLSv1.2 TLSv1.3 |
SSL/TLS protocols to enable |
|
worker_connections |
Integer |
1024 |
Number of Nginx simultaneous worker connections |
|
worker_processes |
Integer |
2 |
Number of Nginx worker processes to start |
[1] Default nginx ciphers:
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
Section: p4search
Elasticsearch instance settings used by P4 Search.
| Key | Type | Default | Description |
|---|---|---|---|
| es_hosts | Array | [] | Array of Elasticsearch host hashes. Supported keys are: host, port, scheme, user, password. |
| es_index | String | null | Defines the Elasticsearch index name used by P4 Search. |
| es_ssl_verify | Boolean | true | Defines whether to validate the Elasticsearch host certificate. |
| es_timeout | Integer | 55 | Elasticsearch request timeout, in seconds. |
| ssl_verify | Boolean | true | Defines whether to validate the P4 Search host certificate. |
Section: postfix
P4 DAM local Postfix MTA mailing settings.
| Key | Type | Default | Description |
|---|---|---|---|
masquerade_domain
|
String | Domain of the email key | Masquerade domain |
message_size_limit
|
Integer | 20000000
|
Max size of the message in bytes |
password
|
String | Password for SASL authentication | |
relay_host
|
String | Relay hostname | |
relay_port
|
Integer | 25 |
Relay port |
sasl_auth_enable
|
Boolean | false
|
Whether SASL authentication is enabled |
tls_auth_enable
|
Boolean | false
|
Whether TLS is used |
tls_ca_crt_bundle
|
String | TLS CA certificates file | |
user_name
|
String | Username for SASL authentication |
Section: redis
Redis-related settings.
| Key | Type | Default | Description |
|---|---|---|---|
| password | string | Redis server password | |
| port | Integer | 6379 | Redis server port |
Section: unicorn_backend
P4 DAM backend (APIs, P4 DAM admin UI) Unicorn server-related settings.
| Key | Type | Default | Description |
|---|---|---|---|
| backlog_socket | Integer | 64 | Unicorn socket backlog size |
worker_processes
|
Integer | 4
|
Number of Unicorn worker processes to start |
worker_timeout
|
Integer | 60
|
Number of seconds Unicorn worker times out |