Perforce 2003.1 System Administrator's Guide
<< Previous Chapter
Supporting Perforce:
Backup and Recovery
 Table of Contents
Index
Perforce on the Web
 Next Chapter >>
Administering Perforce:
Protections

Chapter 3
Administering Perforce:
Superuser Tasks

This chapter describes both basic tasks associated with day-to-day Perforce administration as well as setting up advanced Perforce configurations, dealing with cross-platform development issues, migrating Perforce servers from one machine to another, and setting up remote and local depots.

Each of the tasks described in this chapter requires that you be a Perforce superuser (access level super) or administrator (access level admin) as defined in the Perforce protections table. For more about controlling Perforce superuser access, and protections in general, see "Administering Perforce: Protections" on page 67.

Basic Perforce Administration

The following tasks commonly performed by Perforce administrators and superusers are:

Resetting user passwords

From time to time, it is inevitable that users forget Perforce passwords. A Perforce superuser can set a new password for any user with:

(Perforce prompts the superuser for a new password for user username.)

(The user specification form for username appears, and the new password may be entered.)

Creating new users

By default, Perforce creates a new user in its database whenever a command is issued by a username it hasn't seen before.

Superusers can use the -f (force) flag to create a new user as follows:

Fill in the form fields with the information for the user you wish to create.

The p4 user command also has an option (-i) to take its input from the standard input instead of the forms editor. If you wish to create a large number of new users at once, you can write a script which creates output in the same format as that used by the forms editor and then pipes each pre-generated "form" to p4 users -i -f username, where the username is also specified by a variable within your calling script.

Preventing creation of new users

By default, a Perforce server creates a new user in its database whenever a command is issued by a username it hasn't seen before.

To prevent Perforce from automatically creating new users, all users must be explicitly listed in the protections table. The easiest way to do this is to put all users into a Perforce group, and to configure Perforce to only permit access to members of that group.

For a more in-depth description of Perforce protections, see "Administering Perforce: Protections" on page 67.

Deleting obsolete users

Each user on the system consumes one Perforce license. A Perforce administrator can free up licenses from unused users by deleting them.

You must first revert (or submit) any open files opened by a user before deleting that user. If you attempt to delete a user who has opened files, Perforce will display an error message to that effect.

Reverting files left open by obsolete users

If files have been left open by a nonexistent or obsolete user (for instance, a departing employee), a Perforce administrator can revert the files by deleting the client spec in which they were opened.

For example, if the output of p4 opened shows:

the "stlouis" client spec can be deleted with:

Deleting a user's client spec automatically reverts all files opened by that client, and also removes that client's "have list". Note that it does not affect any files in the workspace actually used by that client; the files can still be accessed by other employees.

Reclaiming disk space by obliterating files

Warning!

Use p4 obliterate with caution. This is the only command in Perforce that actually removes file data.

The depot is always growing, and this is not always desirable: a submit might have been performed incorrectly, creating hundreds of unneeded files, or perhaps there are simply a lot of old files around that are no longer being used. Because p4 delete merely marks files as deleted in their head revisions, it can't be used to free up disk space on the server. This is where p4 obliterate can be useful.

Perforce administrators can use p4 obliterate filename to remove all traces of a file from a depot, making the file indistinguishable from one that never existed in the first place.

Note

The purpose of a software configuration management system is to allow your site to maintain a history of which operations were performed on which files.

The p4 obliterate command defeats this purpose; as such, it is only intended to be used when cleaning up messes in the depot, and not as part of your normal software development process.

By default, p4 obliterate filename does nothing; it merely reports on what it would do. To actually destroy the files, use p4 obliterate -y filename.

If you need to destroy only one revision of a file (perhaps someone inadvertently stored some line art as a 20-megabyte uncompressed TIFF in place of its 500K-long compressed equivalent), specify only the desired revision number on the command line. For instance, to destroy revision #5 of a file, use:

Revision ranges are also acceptable: To destroy revisions 5 through 7 of a file:

The p4 obliterate command has one more flag: -z. When you branch a file from one area of the depot into another, a "lazy copy" is created - the file itself isn't copied, only a record that the branch has occurred. If, for some reason, you wish to undo the "lazy copy" and create a new copy of the branched file's contents in your depot subdirectories, you could "obliterate" the lazy copy and create a new one by using p4 obliterate -y -z filename.

Removing lazy copies by using the -z flag typically increases disk space usage. The only practical use of p4 obliterate -y -z is to undo lazy copies in order to allow you to manually remove archive files without breaking any linked metadata pointing to the deleted files.

If a user sees the following error message while trying to access files:

where path is the path of a previously-obliterated file, the user has probably encountered a problem that resulted from an earlier use of p4 obliterate from an older (pre-98.2/10314) Perforce server. Contact Perforce technical support for a workaround.

Deleting changelists and editing changelist descriptions

Perforce administrators can use the -f (force) flag with p4 change to change the description or username of a submitted changelist. The syntax is p4 change -f changenumber. This presents the standard changelist form, but allows you to edit the change time, description, and/or username.

You can also use the -f flag to delete any submitted changelists that have been emptied of files with p4 obliterate. The full syntax is p4 change -d -f changenumber.

File verification by signature

Perforce administrators can use the p4 verify filenames command to generate 128-bit MD5 signatures of each revision of the named files. The signatures created by p4 verify -u can later be used to confirm proper recovery in case of a crash: if the signatures of the recovered files match the previously saved signatures, the files were recovered accurately.

To generate signatures and store them in the Perforce database, use the -u flag. Subsequent verifications will be compared against the stored signatures; if a new signature does not match the signature in the Perforce database for that file revision, Perforce adds the characters BAD! after the signature.

If you ever see a BAD! signature during a p4 verify command, your database or versioned files may have been corrupted, and you should contact Perforce Technical Support.

Because subsequent verifications can only be performed against previously stored signatures, the p4 verify -u command should be used regularly.

A good strategy, for instance, might be to run p4 verify on a nightly basis before performing your system backups, proceeding with the backup only if the p4 verify reports no corruption. Generation and storage of new checksums (p4 verify -u) following a successful p4 verify could be performed nightly, or even weekly.

Verifying during server upgrades

It is also good practice to use p4 verify during server upgrades:

  1. Before the upgrade, run:

    to generate the new checksums.

  2. Take a checkpoint and copy the checkpoint and your versioned files to a safe place.

  3. Perform the server upgrade.

  4. After the upgrade, run:

    to verify the integrity of your system.

Defining filetypes with p4 typemap

By default, Perforce automatically determines if a file is of type text or binary based on an analysis of the first 1024 bytes of a file. If the high bit is clear in each of the first 1024 bytes, Perforce assumes it to be text; otherwise, it is assumed to be binary.

Although this default behavior can be overridden by the use of the -t filetype flag, it's easy for users to overlook this, particularly in cases where files' types are usually (but not always) detected correctly. Certain file formats, such as RTF (Rich Text Format) and Adobe PDF (Portable Document Format), can start with a series of comment fields and/or other textual data. If these comments are sufficiently long, such files may be erroneously detected by Perforce as being of type text.

The p4 typemap command solves this problem by allowing system administrators to set up a table that links Perforce file types with file name specifications. If an entry in the typemap table matches an entry in the table, it overrides the file type that would otherwise be assigned by the Perforce client program.

To tell the Perforce server to regard all PDF and RTF files as binary, use p4 typemap to modify the typemap table as follows:

Typemap:
        binary //....pdf
        binary //....rtf

The first three periods ("...") in the specification are a Perforce wildcard specifying that all files beneath the root directory are to be included in the mapping. The fourth period and the file extension specify that the specification applies to files ending in ".pdf" (or ".rtf").

The following table lists recommended Perforce file types and modifiers for common file extensions.

File Type
 Perforce file type
 Description

.asp

text

Active server page file

.avi

binary+F

Video for Windows file

.bmp

binary

Windows bitmap file

.btr

binary

Btrieve database file

.cnf

text

Conference link file

.css

text

Cascading style sheet file

.doc

binary

Microsoft Word document

.dot

binary

Microsoft Word template

.exp

binary+w

Export file (Microsoft Visual C++)

.gif

binary+F

GIF graphic file

.htm

text

HTML file

.html

text

HTML file

.ico

binary

Icon file

.inc

text

Active Server include file

.ini

text+w

Initial application settings file

.jpg

binary

JPEG graphic file

.js

text

JavaScript language source code file

.lib

binary+w

Library file (several programming languages)

.log

text+w

Log file

.mpg

binary+F

MPEG video file

.pdf

binary

Adobe PDF file

.pdm

text+w

Sybase Power Designer file

.ppt

binary

Microsoft Powerpoint file

.xls

binary+w

Microsoft Excel file

Use the following p4 typemap table to map all of the file extensions to the Perforce file types recommended in the preceding table.

# Perforce File Type Mapping Specifications.
#
#  TypeMap:     a list of filetype mappings; one per line.
#               Each line has two elements:
#
#               Filetype: The filetype to use on 'p4 add'.
#
#               Path:     File pattern which will use this filetype.
#
# See 'p4 help typemap' for more information.

TypeMap:

        text //....asp
        binary+F //....avi
        binary //....bmp
        binary //....btr
        text //....cnf
        text //....css
        binary //....doc
        binary //....dot
        binary+w //....exp
        binary+F //....gif
        text //....htm
        text //....html
        binary //....ico
        text //....inc
        text+w //....ini
        binary //....jpg
        text //....js
        binary+w //....lib
        text+w //....log
        binary+F //....mpg
        binary //....pdf
        text+w //....pdm
        binary //....ppt
        binary+w //....xls
        binary+F //....zip

For more information, see the p4 typemap page in the Perforce Command Reference.

Forcing operations with the -f flag

Certain commands allow Perforce administrators and superusers to use the -f flag to force certain operations unavailable to ordinary users.

Perforce administrators can use this flag with p4 branch, p4 change, p4 client, p4 job, p4 label, and p4 unlock. Perforce superusers can also use it to override the p4 user command.

The usages and meanings of this flag are as follows:

Command
 Syntax
 Function

p4 branch

p4 branch -f branchname

Allows the modification date to be changed while editing the branch specification

p4 branch -f -d branchname

Deletes the branch, ignoring ownership

p4 change

p4 change -f [changelist#]

Allows the modification date to be changed while editing the changelist specification

p4 change -f changelist#

Allows the description field and username in a committed changelist to be edited

p4 change -f -d changelist#

Deletes empty, committed changelists

p4 client

p4 client -f clientname

Allows the modification date to be changed while editing the client specification

p4 client -f -d clientname

Deletes the client, ignoring ownership, even if the client has opened files

p4 job

p4 job -f [jobname]

Allows the manual update of read-only fields

p4 label

p4 label -f labelname

Allows the modification date to be changed while editing the label specification

p4 label -f -d labelname

Deletes the label, ignoring ownership

p4 unlock

p4 unlock -c changelist -f file

Releases a lock (set with p4 lock) on an open file in a pending numbered changelist, ignoring ownership.

p4 user

p4 user -f username

Allows the update of all fields, ignoring ownership.

This command requires super access.

p4 user -f -d username

Deletes the user, ignoring ownership.

This command requires super access.

Advanced Perforce Administration

Running Perforce through a firewall

Perforce clients communicate with a Perforce server using TCP/IP. The server listens for connections at a specified port on the machine on which it's running, and clients make connections to that port.

The port on which the server listens is specified when the server is started. The number is arbitrary, so long as it does not conflict with any other networking services and is greater than 1024. The port number on the client machine is dynamically allocated.

A firewall is a network element which prevents any packets from outside a local (trusted) network from reaching that local network. This is done at a low level in the network protocol; any packets not coming from a trusted IP address are simply ignored.

In the following diagram, the Perforce client is on an untrusted part of the network. None of its connection requests reach the machine with the Perforce server. Consequently, the user running the client through the firewall is unable to use Perforce.

Secure shell

To solve this problem, you have to make the connection to the Perforce server from within the trusted network. This can be done securely using a package called secure shell (ssh).

Secure shell (ssh) is meant to be a replacement for the UNIX rsh (remote shell) command, which allows you to log into a remote system and execute commands on it. The "secure" part of "secure shell" comes from the fact that the connection is encrypted, so none of the data is visible while it passes through the untrusted network. With simple utilities like rsh, all traffic - even passwords - is unencrypted and visible to all intermediate hosts, creating an unacceptable security hazard.

Secure shell is available for free in source form for a multitude of UNIX platforms from http://www.openssh.com. This page also links to ports of ssh for OS/2 and Amiga, as well as commercial implementations for Windows and Macintosh from Data Fellows (http://www.datafellows.com) and SSH (http://www.ssh.com).

The OpenSSH FAQ (Frequently Asked Questions) can also be found online at the main site (http://www.openssh.com/faq.html).

Solving the problem

Once you have ssh up and running, the simplest thing to do is to use it to log into the firewall machine and run the Perforce client from the firewall. While it has the advantage of simplicity, it's a poor solution: you typically want your client files accessible on your local machine, and of course, there's no guarantee that your firewall machine will match your development platform.

A good solution takes advantage of ssh's ability to forward arbitrary TCP/IP connections. By using ssh, you can make your Perforce client appear as though it's connecting from the firewall machine over the local (trusted) network. In reality, your client remains on your local machine, but all packets from your local machine are first sent to the firewall through the secure channel set up by ssh.

Suppose the Perforce server is on p4dbox.bigcorp.com, and the firewall machine is called firewall.bigcorp.com. In our example, we'll arbitrarily choose local port 4242, and assume that the Perforce server is listening on port 3710.

Packets ultimately destined for your client's port 4242 are first sent to the firewall, and ssh forwards them securely to your client. Likewise, connections made to port 4242 of the firewall machine will end up being routed to port 3710 of the Perforce server.

On UNIX, the ssh command on your own machine to set up and forward the TCP/IP connection would be:

At this point, it may be necessary to provide a password to log into firewall.bigcorp.com. Once the connection is established, ssh listens at port 4242 on the local machine, and forwards packets over its encrypted connection to firewall.bigcorp.com; the firewall then forwards them by normal channels to port 3710 on p4dbox.bigcorp.com.

All that remains is to tell the Perforce client to use port 4242 by setting the environment variable P4PORT to 4242.

Normally, setting P4PORT=4242 would normally indicate that we are trying to connect to a Perforce server on the local machine listening at port 4242. In this case, ssh takes the role of the Perforce server. Anything a client sends to port 4242 of the local machine is forwarded by ssh to the firewall, which passes it to the real Perforce server at p4dbox.bigcorp.com. Since all of this is transparent to the Perforce client, it doesn't matter whether the client is talking to an instance of ssh that's forwarding traffic from port 4242 of the local machine, or if it's talking to a real Perforce server residing on the local machine.

The only glitch is that there's a login session you don't normally want on the firewall machine.

This can be solved by running

on the remote system.

This tells ssh on firewall.bigcorp.com to fork a long-running sleep command in the background after the password prompt. Effectively, this sets up the ssh link and keeps it up; there is no login session to terminate.

Finally, ssh can be configured to "do the right thing" so that it is unnecessary to type such a long command with each session. The Windows version of ssh, for instance, has a GUI to configure this.

One final concern: with port 4242 on the local machine now forwarded to a supposedly secure server, your local machine is part of the trusted network; it is prudent to make sure the local machine really is secure. The Windows version of ssh has an option to only allow local connections to the forwarded port, which is a wise precaution; your machine will be able to use port 4242, but a third party's machine will be ignored.

Specifying IP addresses in P4PORT

Under most circumstances, your Perforce server's P4PORT setting consists solely of a port number.

If, however, you specify both an IP address and a port number in P4PORT when starting p4d, the Perforce server takes the IP address into account, and ignores requests from any IP addresses other than the one specified in P4PORT.

Although this isn't the default behavior, it can be useful. For instance, if you want to tell p4d to listen only to a specific network interface or IP address, you can make your Perforce server ignore all non-local connection requests by setting P4PORT=localhost:port.

Running from inetd on UNIX

Under a normal installation, the Perforce server is run on UNIX as a background process which waits for connections from clients. It is possible, however, to have p4d start up only when connections are made to it, using inetd and p4d -i.

If you wish to do this, add the following line to /etc/inetd.conf:

and add the following to /etc/services:

where:

Note the "extra" p4d on the /etc/inetd.conf line must be there; inetd passes this to the OS as argv[0]. The first argument, then, is the -i flag, which causes p4d not to run in the background as a daemon, but rather to serve the single client connected to it on stdin/stdout. (This is the convention used for services started by inetd.)

This method is an alternative to running p4d from a startup script. It can also be useful for providing special services; for example, at Perforce, we have a number of test servers running on UNIX, each defined as an inetd service with its own port number.

There are caveats with this method:

Case sensitivity and multi-platform development

Early (pre-97.2) releases of the Perforce server treated all filenames, pathnames, and database entity names with case significance, whether the server was running on UNIX or Windows.

For example, //depot/main/foo.c and //depot/MAIN/FOO.C were treated as two completely different files. This caused problems where users on UNIX were connecting to a Perforce server running on Windows, because the filesystem underlying the server could not store files with the case-variant names submitted by UNIX users.

In release 97.3, the behavior was changed, and only the UNIX server supports case-sensitive names. However, there are still some case-sensitivity problems which users can run into when sharing development projects across UNIX and Windows.

If you are running a pre-97.2 server on Windows, please contact [email protected] to discuss upgrading your server and database.

For current releases of the server:

The following table summarizes these rules:

Case-sensitive
 UNIX server
 Windows server

Pathnames and filenames

Yes

No

Database entities (clients, labels, etc.)

Yes

No

Job search keywords

No

No

To find out what platform your Perforce server runs on, use p4 info.

Perforce server on UNIX

If your Perforce server is on UNIX, and you have users on both UNIX and Windows, your UNIX users must be very careful not to submit files whose names differ only by case. Although the UNIX server can support these files, when Windows users sync their workspaces, they'll find files overwriting each other.

Conversely, Windows users will have to be careful to use case consistently in file and path names when adding new files. They may not realize that files added as //depot/main/foo.c and //depot/MAIN/bar.c will appear in two different directories in a UNIX user's workspace.

The UNIX Perforce server always respects case in client names, label names, branch view names, and so on. Windows users connecting to a UNIX server should be aware that the lowercased workstation names are used as the default names for new client workspaces. For examples, if a new user creates a client spec on a Windows machine named ROCKET, his client workspace is named rocket by default. If he later sets P4CLIENT to ROCKET (or Rocket), Perforce will tell him his client is undefined. He must set P4CLIENT to rocket (or unset it) to use the client workspace he defined.

Perforce server on Windows

If your Perforce server is running on Windows, your UNIX users must be aware that their Perforce server will store case-variant files in the same namespace.

For example, users who try something like this:

should be aware that all three files will be stored in the same depot directory. The depot path and filenames assigned to the Windows server will be those first referenced. (In this case, the depot path name would be foo, and not FOO.)

Monitoring server activity

Perforce Servers at 2003.1 or higher support the p4 monitor command. Use the p4 monitor command to list what Perforce-related processes are currently running on the Perforce server machine.

Enabling server process monitoring

You must enable server process monitoring for p4 monitor to work. To enable server process monitoring, set the monitor counter as follows:

Then stop and restart the Perforce Server.

Server process monitoring requires minimal system resources.

Listing running processes

To list the processes running on the Perforce server, use the command:

Each line of p4 monitor output looks like this:

where pid is the UNIX process ID (or Windows thread ID), status is R or T depending on whether the process is running or marked for termination, owner is the Perforce user name of the user who invoked the command, hh:mm:ss is the time elapsed since the command was called, and command and args are the command and arguments as received by the Perforce server.

By default, p4 monitor show lists only the name of the running command. To show arguments with which the command was called, use the -a (arguments, truncated at 80 characters per line, user names at 10 characters) or -l (long-form, no truncation) options.

$ p4 monitor show
74612 R qatool     00:00:47 job
78143 R edk        00:00:01 filelog
78207 R p4admin    00:00:00 monitor

$ p4 monitor show -a
74612 R qatool     00:00:48 job job004836
78143 R edk        00:00:02 filelog //depot/main/src/proj/file1.c //dep
78208 R p4admin    00:00:00 monitor show -l

$ p4 monitor show -l
74612 R qatool     00:00:50 job job004836
78143 R edk        00:00:04 filelog //depot/main/src/proj/file1.c //dep
pot/main/src/file1.mpg
78209 R p4admin    00:00:00 monitor show -l

Only Perforce administrators and superusers may use the -a and -l options.

Marking processes for termination

If a process on a Perforce Server is consuming excessive resources, administrators and superusers can mark it for termination with p4 monitor terminate.

Once marked for termination, the process is terminated by the Perforce server within 50000 scan rows or lines of output. Only processes that have been running for at least ten seconds can be marked for termination. Users of terminated processes are notified with the following message:

Processes that involve the use of interactive forms (such as p4 job or p4 user) can also be marked for termination, but data entered by the user into the form is preserved.

Clearing entries in the process table

Under some circumstances (for example, a Windows machine is rebooted while certain Perforce commands are running), entries may remain in the process table even after the process has terminated.

Perforce administrators and superusers can remove these erroneous entries from the process table altogether with p4 monitor clear pid, where pid is the erroneous process ID. To clear all processes from the table (running or not), use p4 monitor clear all.

Running processes removed from the process table with p4 monitor clear continue to run to completion.

Perforce server trace flags

You can turn on command tracing in the Perforce server by adding the -v server=1 flag to the p4d startup command. Use P4LOG or the -L logfile flag to name a log file. For example:

Trace output appears in the specified log file, and shows the date, time, username, IP address, and command for each request processed by the server. Before turning on logging, you should make sure that you have adequate disk space.

Windows

Prior to Release 98.1, you could not set this trace flag when running Perforce as a service; you could set this flag (on Windows only) when running p4d.exe a server process from the MS-DOS command line.

As of Release 98.1, you can use the p4 set command to set P4DEBUG as a registry variable to "server=1" and thereby use this trace flag with Perforce installed as a service on Windows.

Prior to Release 97.3, the server trace flag was unavailable on any server platform.

The server trace flags and their meanings are as follows:

Trace flag
 Meaning

server=1

Logs server commands to the server log file.

(Requires server at release 98.1 or higher)

server=2

In addition to data logged at level 1, logs server command completion.

(Requires server at release 2001.1 or higher)

server=3

In addition to data logged at level 2, adds basic information on server CPU time used.

(Requires server at release 2001.2 or higher)

In most cases, the Perforce server trace flags are useful only to administrators working with Perforce Technical Support to diagnose or investigate a problem.

Migrating to a new machine

The procedure for moving an existing Perforce installation from one machine to another depends on whether or not you're moving between machines

There are also additional considerations if the new machine has a different IP address or hostname.

The Perforce server stores two types of data under the Perforce root directory: versioned files and a database containing metadata describing those files. Your versioned files are the ones created and maintained by your users, and your database is a set of Perforce-maintained binary files holding the history and present state of the versioned files. In order to move a Perforce server to a new machine, both the versioned files and the database must be successfully migrated from the old machine to the new machine.

For more about the distinction between versioned files and database, as well as for an overview of backup and restore procedures in general, see "Backup and Recovery Concepts" on page 25.

Moving your versioned files and Perforce database

Between machines of the same architecture

If the architecture of the two machines is the same (e.g., SPARC/SPARC, x86/x86), the versioned files and database can be copied directly between the machines, and you only need to move the server root directory tree to the new machine. You can use tar, cp, xcopy.exe, or any other method. Copy everything in and under the P4ROOT directory - the db.* files (your database) as well as the depot subdirectories (your versioned files).

  1. Back up your server (including a p4 verify before the backup) and take a checkpoint.

  2. On the old machine, stop p4d.

  3. Copy the contents of your old server root (P4ROOT) and all its subdirectories on the old machine into the new server root directory on the new machine.

  4. Start p4d on the new machine with the desired flags.

  5. Run p4 verify on the new machine to ensure that the database and your versioned files were transferred correctly to the new machine.

(Although the backup, checkpoint, and subsequent p4 verify are not strictly necessary in this case, it's always good practice to verify, checkpoint, and back up your system before any migration, and likewise to perform a subsequent verification after migration.)

Between different architectures using the same text format

If the internal data representation (big-endian vs. little-endian) convention differs between the two machines (e.g., Linux-on-x86/SPARC, NT-on-Alpha/NT-on-x86), but their operating systems use the same CR/LF text file conventions, you can still simply move the server root directory tree to the new machine.

Although the versioned files are portable across architectures, the database, as stored in the db.* files, is not. To transfer the database, you will need to create a checkpoint of your Perforce server on the old machine and use that checkpoint to recreate the database on the new machine. The checkpoint is a text file which can be read by a Perforce server on any architecture. For more details, see "Creating a checkpoint" on page 26.

After creating the checkpoint, you can use tar, cp, xcopy.exe, or any other method to copy the checkpoint file and the depot directories to the new machine. (You don't need to copy the db.* files, because they will be recreated from the checkpoint you took.)

  1. On the old machine, use p4 verify to ensure that the database is in a consistent state.

  2. On the old machine, stop p4d.

  3. On the old machine, create a checkpoint:

  4. Copy the contents of your old server root (P4ROOT) and all its subdirectories on the old machine into the new server root directory on the new machine.

    (To be precise, you don't need to copy the db.* files, just the checkpoint and the depot subdirectories. The db.* files will be recreated from the checkpoint. If it's more convenient to copy everything, then copy everything.)

  5. On the new machine, if you copied the db.* files, be sure to remove them from the new P4ROOT before continuing.

  6. Recreate a new set of db.* files suitable for your new machine's architecture from the checkpoint you created:

  7. Start p4d on the new machine with the desired flags.

  8. Run p4 verify on the new machine to ensure that the database and your versioned files were transferred correctly to the new machine.

Between Windows and UNIX

In this case, both the architecture of the system and the CR/LF text file convention may be different. You still have to create a checkpoint, copy it, and recreate the database on the new platform, but when you move the depot subdirectories containing your versioned files, you will also have to address the issue of the differing linefeed convention between the two platforms.

Depot subdirectories can contain both text and binary files. The text files (in RCS format, ending with ",v") and binary files (directories of individual binary files, each directory ending with ",d") will need to be transferred differently in order to translate the line endings on the text files while leaving the binary files unchanged.

As with all other migrations, be sure to run p4 verify after your migration.

Contact Perforce Technical Support for assistance when migrating a Perforce server from Windows to UNIX or vice-versa.

Changing the IP address of your server

If the IP address of the new machine is not the same as that of the old machine, you may need to update any IP-address-based protections in your protections table. See "Administering Perforce: Protections" on page 67 for information on setting protections for your Perforce server.

If you are a licensed Perforce customer, you will also need a new license file to reflect the new IP address. Contact Perforce technical support to obtain an updated license.

Changing the hostname of your server

If the hostname of the new machine serving Perforce is different from that of its predecessor, your users will need to change their P4PORT settings. If the old machine is being retired or renamed, consider setting an alias for the new machine to match that of the old machine, so that your users won't have to change their P4PORT settings.

Using Multiple Depots

Just as Perforce servers can host multiple depots, Perforce client programs can access files from multiple depots. These other depots may reside within the Perforce server normally accessed by the Perforce client, or they may reside within other, remote, Perforce servers.

When using local depots, the user's Perforce client program communicates with the Perforce server specified by the user's P4PORT environment variable or equivalent setting.

When using remote depots, the user's Perforce client program uses the Perforce server specified by the user's P4PORT environment variable or equivalent setting as a means to access a second, remote, Perforce server. The local Perforce server communicates with the remote Perforce server in order to access a subset of its files. Remote depots are primarily used to facilitate the sharing of code (that is, "code drops") between separate organizations, and are discussed in "Remote depots and distributed development" on page 60.

Remote depots are not a generalized solution for load-balancing or network access problems. To support shared development or to deal with load-balancing or network access problems, see "Perforce Proxy" on page 119.

Defining new depots

New depots (local or remote) in a server namespace are defined with the command p4 depot depotname. Depots may be defined as either local or remote depots.

Defining local depots

To define a new local depot (that is, a new depot in the current Perforce server namespace), call p4 depot with the new depot name, and edit only the Map: field in the resulting form.

For example, to create a new depot called book with the files stored in the local Perforce server namespace in a root subdirectory called book (that is, $P4ROOT/book), enter the command p4 depot book, and fill in the resulting form as follows:

Depot:       book
Type:        local
Address:     subdir
Map:         book/...

By default, the Map: field on a local depot points to a depot directory matching the depot name, relative to the server root (P4ROOT) setting for your server. To store a depot's versioned files on another volume or drive, specify an absolute path in the Map: field.

Other depot operations

The following operations apply to both local and remote depots.

Naming depots

Depot names share the same namespace as branches, client workspaces, and labels. For example, //foo refers uniquely to one of the depot foo, the workspace foo, the branch foo, or the label foo; you can't simultaneously have both a depot and a label named foo.

Listing depots

You can list all depots known to the current Perforce server with the p4 depots command.

Deleting depots

You can delete depots with p4 depot -d depotname.

To delete a depot, it must be empty; you must first obliterate all files in the depot with p4 obliterate.

For local depots, p4 obliterate deletes the versioned files as well as all their associated metadata. For remote depots, p4 obliterate erases only the locally held client and label records; the files and metadata still residing on the remote server remain intact.

Before using p4 obliterate, and especially if you're about to use it to obliterate all files in a depot, read and understand the warnings in "Reclaiming disk space by obliterating files" on page 42.

Remote depots and distributed development

Remote depots are designed to support shared code, not shared development. They enable independent organizations with separate Perforce installations to integrate changes between Perforce installations. Briefly:

When to use remote depots

Perforce is designed to cope with the latencies of large networks and inherently supports users with client workspaces at remote sites. A single Perforce installation is ready, out of the box, to support a shared development project, regardless of the geographic distribution of its contributors.

Partitioning joint development projects into separate Perforce installations will not improve throughput, and usually only complicates administration. If your site is doing distributed development (that is, developers in multiple sites working on the same body of code), you probably want to use a single Perforce installation, with all code in depots resident on one Perforce server, and (optionally) cached with one or more instances of Perforce Proxy.

If, however, your organization regularly imports or exports material from other organizations, you may wish to consider using Perforce's remote depot functionality to streamline your code drop procedures.

How remote depots work

The following diagram illustrates how Perforce client programs use a user's default Perforce server to access files in a depot hosted on another Perforce server.

In this example, an administrator of a Perforce server at oak:1234 is retrieving a file from a remote server at pine:1818.

Although it is possible to allow individual developers to sync files from remote depots into their client workspaces, this is generally an inefficient use of resources.

The preferred technique for using remote depots is for your organization's build or handoff administrator to integrate files from a remote depot into an area of your local depot. After the integration, your developers can access copies of the files from the local depot into which the files were integrated.

To accept a code drop from a remote depot, create a branch in a local depot from files in a remote depot, and then integrate changes from the remote depot into the local branch. This integration is a one-way operation; you cannot make changes in the local branch and integrate them back into the remote depot. The copies of the files integrated into your Perforce installation become the responsibility of your site's development team; the files on the depot remain under the control of the development team at the other Perforce installation.

Restrictions on remote depots

Remote depots may be accessed only by Perforce servers running at the same release levels.

Remote depots facilitate the sharing of code between organizations (as opposed to the sharing of development within a single organization). Consequently, access to remote depots is restricted to read-only operations, and server metadata (information about client workspaces, changelists, labels, and so on) cannot be accessed using remote depots.

Using remote depots for code drops

Performing a code drop requires coordination between two organizations, namely the site receiving the code drop, and the site providing the code drop. In most cases, the following three things must be configured:

This is described in "Defining remote depots" on page 63.

This is described in "Restricting access to remote depots" on page 64.

This is described in "Receiving a code drop" on page 65.

Defining remote depots

To define a new remote depot:

  1. Create the depot with p4 depot depotname.

  2. Set the Type: to remote.

  3. Direct your Perforce server to contact the remote Perforce server by providing the remote server's name and listening port in the Address: field.

    A remote server's host and port are specified in the Address: field just as though it were a P4PORT setting.

  4. Set the Map: field to map into the desired portion of the remote server's namespace.

    For remote depots, the mapping contains a subdirectory relative to the remote depot namespace. For example, //depot/outbound/... maps to the outbound subdirectory of the depot named depot hosted on the remote server.

    The Map: field must contain a single line pointing to this subdirectory, specified in depot syntax, and containing the "..." wildcard on its right side.

    If you are unfamiliar with client views and mappings, see the Perforce User's Guide for general information about how Perforce mappings work.

In order for anyone on your site to access files in the remote depot, the administrator of the remote server must grant read access to user remote to the depot(s) and subdirectories within the depots specified in the Map: field.

Restricting access to remote depots

Remote depots are always accessed by a virtual user named remote. This virtual user does not consume a Perforce license.

By default, all the files on any Perforce server may be accessed remotely. To limit or eliminate remote access to a particular server, use p4 protect to set permissions for user remote on that server. Perforce recommends that administrators eliminate remote access to all files in all depots. Add the following permission line in the p4 protect table:

Since remote depots can only be used for read access, it is not necessary to remove write or super access to user remote.

Example security configuration

Using the two organizations described in "Receiving a code drop" on page 65, a basic set of security considerations for each site would include:

On the local (oak) site:

To accomplish this, the oak Perforce administrator should include the following lines to the p4 protect table:

list user * -//from-pine/...
read user adm * //from-pine/...

On the remote (pine) site, access to code residing on pine is entirely the responsibility of the pine server's administrator. At a minimum, this administrator should:

Adding these lines to the p4 protect table is sound practice for any Perforce installation whether its administrator intends to use remote depots or not.

Receiving a code drop

The following steps and accompanying diagram outline the processes involved in using a remote depot to perform a handoff and/or code drop between two Perforce installations:

  1. Developers on pine:1818 complete work on a body of code for delivery.

  2. The build or release manager on pine:1818 branches the deliverable code into an area of pine:1818 intended for outbound code drops. In this example, the released code is branched to //depot/outbound/...

  3. A Perforce administrator at oak:1234 configures a remote depot called //from-pine on the oak server. This remote depot contains a Map: field that directs the oak server to the //depot/outbound area of pine:1818.

  4. Upon notification of the release's availability, a build or release manager at oak:1234 performs the code drop by integrating files in the //from-pine/... remote depot into a suitable area of the local depot, such as //depot/codedrops/pine.

  5. Developers at oak:1234 may now use the pine organization's code, now hosted locally under //depot/codedrops/pine. Should patches be required to pine's code, oak developers can make such patches under //depot/codedrops/pine. The pine group retains control over its code.

Perforce 2003.1 System Administrator's Guide
<< Previous Chapter
Supporting Perforce:
Backup and Recovery
 Table of Contents
Index
Perforce on the Web
 Next Chapter >>
Administering Perforce:
Protections
Please send comments and questions about this manual to [email protected].
Copyright 1999-2003 Perforce Software. All rights reserved.
Last updated: 07/07/03