January 13, 2011

Great uses for the p4broker (2010.2 release)

What's New
Integration
Product Branding
Traceability

You may or may not have heard of p4broker. It has been around as an unsupported tool for awhile now, but as of 2010.2, it is an officially supported product now. So, you ask, what is it? The broker is a program that you run in front of your Perforce server to allow you to do things like:

  1. Post a message when the server is down for maintenance instead of users getting the usual can't connect to port error.
  2. Block admin users from running the obliterate command.
  3. Redirect read only traffic to a replica server.

and the list goes on. For the first few items, I will show you what the config file entries look like. You can find a very good knowledge base article on using the broker for redirection here: http://kb.perforce.com/article/1354/using-p4broker-with-replica-servers

So, now for the sample config file. You can generate an initial sample config file by running:

p4broker -C > p4broker.cfg

There are some site specific settings that you have to set at the top of the config file, but after that, you might set up something like this:

# Allow the p4admin user to run the protect command.
command: protect
{
  user        = p4admin;
  action      = pass;
}

# Block all other users from running protect
command: protect
{
  action      = reject;
  message     = "You are not allowed to run this command.";
}

# Allow unfiltered files command for p4admin
command: files
{
  user        = p4admin;
  action      = pass;
}

# Allow unfiltered changes command for p4admin
command: changes
{
  user        = p4admin;
  action      = pass;
}

# Run a filter script (shown below) to block users from
# running files on //depot/...
command: files
{
  action      = filter;
  execute     = /p4/1/bin/widedepotfilter.pl;
}

# Run a filter script to block people from running changes
# on //depot/...
command: changes
{
  action      = filter;
  execute     = /p4/1/bin/widedepotfilter.pl;
}

# Block all users from running the obliterate command
# p4admin runs commands against an offline server and
# replays the journal to the primary server.
command: obliterate
{
  action      = reject;
  message     = "You are not allowed to run this command.";
}

So now, the filter script mentioned above looks like this:

#! /usr/bin/perl
use strict;
use warnings;

my %cmd_info = map { /(.*?):(.*)/; ( $1, $2 ) } <STDIN>;

my $msg = "Command argument too wide.";

print "action: REJECT\nmessage: $msg\n" and exit 1
    if map { $cmd_info{ $_ } =~ /\/\/depot\/\.\.\./ }
        grep { /Arg\d+/ } keys %cmd_info;

print "action: PASS\n";

exit 0;

This simple script just checks the arguments for any form of //depot/...

And finally, when you are doing maintenance on the server, you can switch out your main config file for one that contains this entry:

command: *
{
  action      = reject;
  message     = "The server is currently down for maintenance.";
}

Then, when the maintenance is complete, you just switch the broker config back to the normal one.