Operating system requirements

P4 DAM is built on top of Perforce TeamHub. To install P4 DAM, use the Perforce TeamHub packages. To administer P4 DAM, use the web-based TeamHub admin UI.

As mentioned in System overview, P4 DAM is provided as a native operating system package, such as .rpm and .deb for one of our supported 64-bit architecture Linux platforms:

  • Red Hat Enterprise Linux 8, 9
  • Rocky 8, 9
  • CentOS 8
  • Ubuntu 22.04, 24.04

Some distributions have several minor versions, only the 2 latest minor releases are supported. For example, as of writing this document, the latest two releases of Red Hat Enterprise Linux 8 family are 8.9 and 8.10. To benefit from the OS level security updates, performance optimizations, and compatibility with P4 DAM, closely follow the release cycle of the operating system in use and upgrade in a timely manner.

In addition to the operating system, the following preparations are required:

Ports

The P4 DAM application binds to several ports that must be free before proceeding with installations. Sometimes, the Linux distribution might already have an installed package that uses the ports P4 DAM needs. Therefore, ensure all the ports listed in Firewall requirements are available. Execute the following command to check if anything is listening on port 80:

netstat -tulpn | grep :80

Local firewall

In addition to the company-wide firewall, the local firewall might also be installed by default, for example iptables. Ensure it is either disabled or configured to accept the ports listed in Firewall requirements.

UID and GID

When P4 DAM is installed, the new hth user account and system group are created with predefined UID and GID of 21212, so ensure they are not reserved.

You can change the UID and GID values, but they must be changed before you configure P4 DAM for the first time.

To change the UID and GID values, merge the following configuration to the /var/opt/hth/shared/hth.json file. Where <value> is the new UID and GID value you want to use: 

{
  ... (snipped)
  "user": {
    "uid": <value>,
    "gid": <value>
  }
  ... (snipped)
}

Locale

Ensure en_US.UTF-8 locale is installed and no errors are reported when running export LC_ALL=en_US.UTF-8.

Linux security modules

LSMs (Linux Security Modules) such as SELinux can also prevent P4 DAM from running. To disable LSMs:

RHEL and CentOS

Edit /etc/selinux/config and ensure that SELINUX is either in disabled or permissive mode. To avoid restarting the server for changes to come into effect, run the command below to immediately disable SELinux:

setenforce 0

Ubuntu

Does not need any changes.

OpenSSH and repository SSH access

P4 DAM supports accessing repositories over SSH protocol. OpenSSH version 6.9 or later is required with support for AuthorizedKeysCommand with arguments. Repository SSH access can be enabled after installing P4 DAM by either using the system or bundled OpenSSH. Use system OpenSSH. Use system OpenSSH if possible, but if upgrading system OpenSSH is not possible, bundled OpenSSH can be used .

Use system OpenSSH

Append following configuration to the end of the sshd configuration file (/etc/ssh/sshd_config) and reload sshd:

Match User hth
    AuthorizedKeysCommand /usr/bin/hth-ssh-auth %t %k
    AuthorizedKeysCommandUser hth

Use bundled OpenSSH

When using the bundled OpenSSH, it is important that automatic updates are configured to skip OpenSSH package. OpenSSH updates can be disabled as follows:

RHEL and CentOS

Open /etc/yum.conf and add the following line under the [main] section:

exclude=openssh*

Ubuntu

sudo apt-mark hold openssh-server

When using systemd, change the service configuration file (usually in /etc/systemd/system/sshd.service) to use simple type under the [Service] section:

Type=simple

Reload systemd configuration after changing service configuration:

systemctl daemon-reload

In order to use the bundled OpenSSH, merge the following configuration to /var/opt/hth/shared/hth.json, run sudo hth-ctl reconfigure, and reload sshd. This symlinks the existing sshd to the bundled sshd: 

{
    "opensshp": {
        "enable": true
    }
}

SSH optimization

For P4 DAM setups that are relatively large, setting the following parameters for SSHD helps with security and efficiency of the system overall:

MaxStartups 100
ClientAliveInterval 60
ClientAliveCountMax 3

You can add those parameters manually to /etc/ssh/sshd_config on either the Standard node or the hth-web node.

Memory optimization

P4 DAM requires Redis and MongoDB to be installed. To avoid latencies and memory usage issues in these services, consider disabling Transparent Huge Pages (THP) in the kernel for Standard installation and Enterprise DB nodes.

Network optimization

Network optimization depends on the load on your installation. Consider increasing the limit of the backlog for connections (somaxconn) to higher value to improve network optimization. This should be set to a minimum of 512.