Perforce Notes

Right after you install perforce server, it’s in a sort of initialization mode where there is no password for the default “root” user. Anybody can connect and act as that root user by simply connecting as the user “root”. So, you want to lock that down a bit. “p4 protect” is how you do this.

p4 protect may seem like where you would do user permissions. I guess you *could*, but it’s intended more as a sort of global permissions layer, where you can set some hard limits. By default all “users” will have “write” permission on everything in the instance. You can then later specify different permissions in the Perforce administration app via a client.

If you comment out the line that specifies “user” permissions in p4 protect, it will actually remove the line entirely, and only the “root” user will be able to connect at that point.. So I’m thinking of p4 protect as a sort of way to lock everyone but “root” out of the instance without messing with a full p4 client, e.g. you’re at the host console and you just need to quickly do something drastic without hosing lots of stuff.

Note, to connect with p4 connect to a specific port with a specific password you need to set some environment variables really quick before running “p4 protect”:
export P4PORT=1667
export P4PASSWD=Changeme41
– these assume the user is the OS user you’re running the p4 protect command under.

Installing Perforce on CentOS 6.7

Install CentOS minimal

Start NIC
ifup eth0

yum update
yum install nano

Stop and disable firewall (I assume you have some other firewall):
service firewall stop
chkconfig firewall off

disable selinux:
nan /etc/selinux/config
-change to ‘disabled’
-reboot

Set up the Perforce repo as described here: https://www.perforce.com/perforce-packages

Install perforce server:
yum install perforce-server.x86_64

Set up a config file for an instance of perforce server that we’ll call “capnjosh1”:
cp /etc/perforce/p4dctl.conf.d/p4d.template /etc/perforce/p4dctl.conf.d/capnjosh1.conf

edit that new conf file:
replace %NAME% with “capnjosh1”
replace %ROOT% with where you want the files to be (/capnjosh1-p4root)
replace %PORT% with 1666

create the directory and make owned by the user perforce (automatically set up by the yum installation):
mkdir /capnjosh1-p4root
chown perforce:perforce /capnjosh-p4root/

Start perforce server:
service perforce-p4dctl start

Run p4 protect to set up core permissions:
p4 protect
-by default it’ll give the OS account ‘root’ full perforce access
(if you set to a different port besides 1666, you will have to set this environment variable “export P4PORT=1667”, or whatever port number you put)

If it doesn’t start, it’ll say as much… likely check your p4root folder and make sure it’s owned by the ‘perforce’ user.

Here’s what’s cool, if you want to add more perforce instances, just copy-paste that .conf file and change the name, port, and p4root path.

When you uninstall perforce, it’ll auto-rename your .conf files so they won’t get auto-loaded if you reinstall perforce again.

Configuring Confluence to Use Jira for Authentication when machines are behind a proxy

Here’s the key:

add the proxy configs to catalina.properties, just at the end, one per line. This is only mentioned in the Confluence-proxy article I found, but it works with Jira as well. Much cleaner.

/opt/atlassian/confluence/conf/catalinia.properties. Here’s what I added to the end of that file:

# Proxy Settings
http.proxyHost=10.22.1.2
http.proxyPort=8080
https.proxyHost=10.22.1.2
https.proxyPort=8080
http.nonProxyHosts=localhost\|10.22.18.45

NOTE: that nonProxyHosts doesn’t *seem* to work with wildcards, e.g. 10.*.*.*
When I did it this way I could never get Confluence to actually connect to Jira and Jira to connect to Confluence. You have to specify the entire IP address. Otherwise, you’ll get messages about “connection refused” or “the application doesn’t appear to be online”. Not very helpful at all, no sir.

Confluence setup error: Spring Application context has not been set

Here’s the error:
HTTP Status 500 – java.lang.IllegalStateException: Spring Application context has not been set

You’re trying to set up Confluence, but after “trying stuff”, you eventually get this error.

Here’s the fix:
Restart the Confluence setup wizard. How? Go to the following directory and delete the file confluence.cfg.xml:
/var/atlassian/application-data/confluence

That makes Confluenc run the setup wizard the next time you get there.

Here’s more of what you’ve likely been starting at on the error page. Hopefully this helped:

HTTP Status 500 – java.lang.IllegalStateException: Spring Application context has not been set

type Exception report

message java.lang.IllegalStateException: Spring Application context has not been set

description The server encountered an internal error that prevented it from fulfilling this request.

exception

com.atlassian.util.concurrent.LazyReference$InitializationException: java.lang.IllegalStateException: Spring Application context has not been set
com.atlassian.util.concurrent.LazyReference.getInterruptibly(LazyReference.java:149)
com.atlassian.util.concurrent.LazyReference.get(LazyReference.java:112)
com.atlassian.confluence.setup.webwork.ConfluenceXWorkTransactionInterceptor.getTransactionManager(ConfluenceXWorkTransactionInterceptor.java:34)
com.atlassian.xwork.interceptors.XWorkTransactionInterceptor.intercept(XWorkTransactionInterceptor.java:56)
com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
com.atlassian.confluence.xwork.SetupIncompleteInterceptor.intercept(SetupIncompleteInterceptor.java:40)
com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
com.atlassian.confluence.security.interceptors.NosniffSecurityHeaderInterceptor.intercept(NosniffSecurityHeaderInterceptor.java:21)
com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
com.atlassian.confluence.security.interceptors.XXSSSecurityHeaderInterceptor.intercept(XXSSSecurityHeaderInterceptor.java:21)
com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35)
com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
com.atlassian.confluence.setup.actions.SetupCheckInterceptor.intercept(SetupCheckInterceptor.java:32)
com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
com.opensymphony.xwork.DefaultActionProxy.execute(DefaultActionProxy.java:115)
com.atlassian.confluence.servlet.ConfluenceServletDispatcher.serviceAction(ConfluenceServletDispatcher.java:58)
com.opensymphony.webwork.dispatcher.ServletDispatcher.service(ServletDispatcher.java:199)
javax.servlet.http.HttpServlet.service(HttpServlet.java:727)

Splunk – forwarding to a receiver that forwards to an indexer

Setup:
– Splunk Universal Forwarder on a server
– Pointed at a Splunk Enterprise instance that’s configured for receiving and forwarding (yeah, very easy)
– Receiver/Forwarder is pointed at another Splunk Enterprise instance that does the actual indexing

Note, if you have anything in props.conf on your indexer, you will have to put that on the receiver/forwarder. Otherwise it won’t work, and you’ll get the unclean rows. As soon as you put the same props.conf file on the receiver/forwarder instance, all is well again.

Figured I’d share. It could be a bit of a gotcha.

I’m linking to a Raph Koster post, as I’m sure all self-respecting gaming blogger should.  It’s entitled “A brief SF tale“.  It’s a short historical fiction on the nature of human ingenuity, a recurring theme for me over the past months.

Once Upon A Time, there were many sites dedicated to sharing photos, and videos, and for listening to music. But there was a war on, so the military blocked access to those sites because the traffic was huge, and soldiers kept leaking info they weren’t supposed to, and so on.
But soldiers, being trained to be smart and clever about working around limitations, found that for every Photobucket, there was a Flickr, and for every Pandora there was a private podcast, and so on.

I’d recommend reading the post in its entirety (it’s a quick read).  To me, the interestingly-worded theme is that when humans want something, like, actively want it, not just a passive “that would be nice”, generally, they figure out how to get it.  And when that something they want seems to them to be perfectly fine, there is very little that can get in their way.  So, those people in charge who make decisions on what is to be restricted.

This is not meant to be any sort of critique on the war in Iraq.  It’s not even meant to be a critique on war in general, though it’s included.  Incidentally, I bet most conflicts could be boiled down to a handful of people on one side of the conflict being pissed at the handful of people on the other side who are pissed at them.  When at least one of those two handfuls of people are top political “leaders” of their respective society, that’s when you get a war.  But that’s another topic entirely.

When a person wants something that makes perfect sense and is not blatantly, intrinsically wrong (like stealing a car or mugging someone), then not only can I guarantee you there will be many others wanting that thing, but I can promise you one of those people will figure out a way to get it.  The more obvious “things” today are music, movies, games, information-sharing, etc.  If the roadblock to getting said desired things is from some dictate, then those handing down that dicate need to revisit the entire situation.

In the case of online media distribution I think it’s the case of traditional distribution models being rendered obsolete, and the assumption such an event would be more bad than good, that prevents the wholesale embrace of online distribution.  Personal relationships figure in there to an unknown degree of course.  But the fact remains that people want music, tv shows, and movies online and what they want is not being made available in some way.  I think it’s likely a price issue, but that’s beyond the scope of this post.

In the case of soldiers inadvertently sharing sensitive intelligence, I’d argue the issue is a whole level of abstraction deeper.  Here’s what I mean.  If a person understands the situation in which they are in is of critical, immediate importance to their own well-being, then they will not share information that could compromise it. If there is a consistent problem of soldiers sharing sensitive information, then I think it’s obvious there is a general lack of conviction of the importance of the immediate situation in which those soldiers find themselves.  I think it’s quite possible this is due to the motivations, goals, and leadership of the war, and I am talking about the top political “leaders” that triggered and encourage the war, not the so much the military members.  And I think this points out what I think is a fact that most conflicts, whether wars or arguments between coworkers, are unnecessary.  They usually boil down to one or both sides refusing to swallow their pride, apologize for their part, and make it easy for the other side to do the same.  If caught early on, it’s relatively easy.  If left to fester for a while, it gets pretty difficult.  Didn’t we learn that in Kindergarten along with looking both ways before crossing the street?

this is not quite working…. .I’m getting distracted by all the aspects that seem directly relevant.