TACTIC Configuration File
The TACTIC config file stores settings such as directory locations and email server information.
Install
This section defines the hostname for the server (if different from "localhost") as well as the temp directory to be used for TACTIC. The tmp_dir is where temporary files are stored as well as the TACTIC log files.
<install>
<hostname>localhost</hostname>
<server>LA</server>
<tmp_dir>/home/tactic/tactic_temp</tmp_dir>
<default_project>default_project_code</default_project>
<include_js>/context/some_external_lib.js</include_js>
<include_css>plugins/styles.cs</include_css>
<install_dir>/home/tactic/TACTIC</install_dir>
<site_dir>/home/tactic/tactic_sites</site_dir>
<plugin_dir>/home/tactic/TACTIC/spt/plugins</plugin_dir>
<shutil_fix>enabled</shutil_fix>
<default_project>workflow</default_project>
<base_url>portal.southpawtech.com</base_url>
<top_class_name>tactic.ui.app.PageNavContainerWdg</top_class_name>
<header_class_name>tactic.ui.app.PageNavContainerWdg</header_class_name>
<first_day_of_week>6</first_day_of_week>
<layout>fixed</layout>
<doc_dir></doc_dir>
<cache_mode></cache_mode>
<log_type><log_type>
</install>
HOSTNAME |
This section defines the hostname for the server (if different from "localhost"). The hostname is what TACTIC listens to. |
TMP_DIR |
The temp directory to be used by TACTIC. |
DEFAULT_PROJECT |
Default project when the user browse the TACTIC base url. |
INCLUDE_JS |
You can include one or more external js files you want to make use of. Separated by ,. |
SERVER |
A prefix for code generation to distinguish data from different servers |
INCLUDE_CSS |
You can include one or more external css files you want to make use of. Separated by ,. |
INSTALL_DIR |
The installation directory for TACTIC |
HEADER_CLASS_NAME |
this value will be returned by WebEnvironment.get_header_class_name() |
PLUGIN_DIR |
The directory storing plugins created |
DOC_DIR |
The directory of tactic documents |
CACHE_MODE |
|
FIRST_DAY_OF_WEEK |
A number indicates the first day of the week, for example, 6 indicates Saturday. |
LOG_TYPE |
Default value is None, can also be "file_with_date" and "stream". "file_with_date" separates log files by date, the default value writes all log in the same file. Useful on Windows system without Logrotate. |
SHUTIL_FIX |
once "enabled", disabling copystat method for windows shared folder mounted on Linux |
DEFAULT_PROJECT |
The default project of your user |
BASE_URL |
the base url of you website |
TOP_CLASS_NAME |
the class name of default wdg of top container, will be returned by WebEnvironment.get_top_class_name() |
Services
This section defines information regarding the services external to TACTIC.
<services>
<mailserver>smtp.googlemail.com</mailserver>
<mail_password>password</mail_password>
<mail_user>tactic@southpawtech.com</mail_user>
<mail_port>587</mail_port>
<mail_sender_disabled>true</mail_sender_disabled>
<mail_tls_enabled>true</mail_tls_enabled>
<mail_name>TACTIC</mail_name>
<mail_default_admin_email>admin@southpawtech.com</mail_default_admin_email>
<notify_user>exceptions@southpawtech.com</notify_user>
<python>python3</python>
<python_path>/home/apache/custom</python_path>
<render_submit_class>sites.racoon.modules.command.CustomRenderSubmit</render_submit_class>
<process_count>3</process_count>
<thread_count>50</thread_count>
<process_time_alive>30</process_time_alive>
<system_class></system_class>
<mail_base_url></mail_base_url>
<notify_user_name>username<notify_user_name>
<use_periodic_restart>true</use_periodic_restart>
<queue_process_timeout>86400</queue_process_timeout>
<start_port>5510</start_port>
<ports>5510|5511|5512</ports>
<queue_process_count>5</queue_process_count>
<scheduler>true</scheduler>
<scheduler_sites>admin|user|name</scheduler_sites>
<rsync><rsync>
</services>
MAIL_SERVER |
The URL of the SMTP mail server |
MAIL_PASSWORD |
The password for accessing the SMTP mail server that requires authentication |
MAIL_USER |
The user name for accessing the SMTP mail server that requires authentication |
MAIL_PORT |
The port for the SMTP mail server (if different that 25) |
MAIL_SENDER_DISABLED |
Set as "true" to disable using the sender name in sending of email in case the email server does not allow sender’s email not owned by the sender |
MAIL_TLS_ENABLED |
Set as "true" to enable TLS (Transport Layer Security) for the connection to email server |
MAIL_DEFAULT_ADMIN_EMAIL |
Default email for admin user is no email is set. This is used for password recovery functionality and notifications. |
NOTIFY_USER |
Email to send system exceptions and errors to. |
PYTHON |
The root path of the Python installation. If your installation is using Python3, "python3" should be set as value. |
PYTHON_PATH |
The server-side location for client files. This location can also be mounted from a shared volume if you wish to maintain stricter server access for clients. For multiple paths, separate with | .e.g. /home/apache/custom|/home/apache/custom_two |
RENDER_SUBMIT_CLASS |
The class used for render submissions. |
PROCESS_COUNT |
The number of processes the TACTIC service would spawn. It needs to match the number of ports used in the load balancing scheme in the Apache configuration. |
THREAD_COUNT |
The number of worker threads generated for each instance of the TACTIC process. If not set, it defaults to 10 which is too low to handle rapid requests.. TACTIC’s default is 50 on new installation. A good balance of process_count and thread_count can improve response time of the server. |
PROCESS_TIME_ALIVE |
The number of minutes a TACTIC process gets respawned. It helps with the memory consumption inherent with a long-running Python process. |
SYSTEM_CLASS |
Allows for an override some of the low level system functionality. For example 'mkdirs' and 'exists' |
MAIL_BASE_URL |
If base_url is not defined, expression language will use mail_base_url for expression variable. |
NOTIFY_USER_NAME |
The name of the person who receives the system exceptions and errors. |
USE_PERIODIC_RESTART |
set as 'true' to enable killing TACTIC process periodically |
QUEUE_PROCESS_TIMEOUT |
The interval for use_periodic_restart, has to be integer, unit: seconds |
START_PORT |
The first port that your TACTIC website can use. The proceeding PROCESS_COUNT number of ports will be used by TACTIC, defaulted to be 8081 |
PORTS |
the ports can be used by TACTIC, separated by "|". This config is exclusive with START_PORT and PROCESS_COUNT. When these two tags are not filled out, the PORTS config will be used to set the ports can be used by TACTIC. |
ENABLE |
The services that will used by your TACTIC website, can be tactic, job_queue, watch_folder, scheduler, etc., separated by "|". |
QUEUE_PROCESS_COUNT |
The number of processes in the job queue, has to be integer |
SCHEDULER |
set as "true" to enable the scheduler services |
SCHEDULER_SITES |
The sites the scheduler service will run on. |
rsync |
rsync executable |
Security
This section defines information regarding the services external to TACTIC.
<security>
<version>2</version>
<ticket_expiry>10 hour</ticket_expiry>
<authenticate_mode>default</authenticate_mode>
<authenticate_class></authenticate_class>
<authenticate_version>2</authenticate_version>
<case_insensitive_login>>false</case_insensitive_login>
<max_login_attempt>3</max_login_attempt>
<account_lockout_duration>30</account_lockout_duration>
<auto_create_user>false</auto_create_user>
<api_require_password>true</api_require_password>
<api_password>api password</api_password>
<allow_guest>false</allow_guest>
<guest_mode>restricted</guest_mode>
<guest_url_allow>/guest_view</guest_url_allow>
<api_method_restricted>true</api_method_restricted>
<api_mode>query</api_mode>
<api_cmd_restricted>true</api_cmd_restricted>
<authenticate_encryption>drupal</authenticate_encryption>
<ldap_server>server address</ldap_server>
<bind_dn></bind_dn>
<bind_password>bindDN password</bind_password>
<base_dn></base_dn>
<password>admin password</password>
<site_class>pyasm.security.Site</site_class>
<authenticate_ticket_class></authenticate_ticket_class>
<inactive_ticket_expiry>2 days</inactive_ticket_expiry>
<protocol>http</protocol>
<hosts></hosts>
</security>
TICKET_EXPIRY | The number of hours a login ticket expires after |
---|---|
AUTHENTICATE_MODE |
default: This basically just looks at the tactic database for information. autocreate: This autocreates the first time and then leaves the information alone. cache: This caches the information to the tactic database on every login |
AUTHENTICATE_CLASS |
A full class path to override the default class "pyasm.security.TacticAuthenticate". Note: Your custom class needs to override the method verify() which takes two arguments: login and password. |
AUTHENTICATE_VERSION |
1 is the old way of authentication. 2 is the new way. |
CASE_INSENSITIVE_LOGIN |
If set to 'true', it allows case insensitive login name. When autocreate mode is used, all login entries created will have a lowercase login name. It can be used in combination with Active Directory setup. |
MAX_LOGIN_ATTEMPT |
Number of times login attempt can fail before account is locked out. |
ACCOUNT_LOCKOUT_DURATION |
Number of minutes a user account is locked out for failed login attempt if specified. |
AUTO_CREATE_USER |
Auto create user in TACTIC during authentication phase if it does not exist. (Deprecated: use "authenticate_mode" in new way of authentication) |
API_REQUIRE_PASSWORD |
Client API script requires password to login or not |
API_PASSWORD |
A generic Client API password can be set here |
ALLOW_GUEST |
true or false can be set to allow guest to access without login |
GUEST_MODE |
full or restricted can be set. In restricted mode, a /guest relative URL is expected to be defined in Custom URL to restrict the guest to only see a particular view |
GUEST_URL_ALLOW |
In full mode, one can have multiple relative URLs predefined for guest, separated by |. |
API_METHOD_RESTRICTED |
set as "true" to restrict all API methods access. Certain users can access specific API methods by setting the access rules. |
API_MODE |
can be "open", "closed", and "query". API's can be accessed by all users if "open"; API's can only be accessed by admin user if "closed"; API's access is specified by access rule if "query". |
API_CMD_RESTRICTED |
set as "true" to disable command execution through API's, admin is the only user that can execute commands through API's. |
AUTHENTICATE_ENCRYPTION |
set as "drupal" to enable Drupal encryption method for user information. It will use md5 encryption by default. |
LDAP_SERVER |
LDAP server |
BIND_DN |
BindDN for LDAP |
BIND_PASSWORD |
The corresponding password for bindDN in LDAP |
FORCE_LOWERCASE_LOGIN |
set as "true" to restrict login names to be lowercase. |
VERSION |
The security version of TACTIC |
PASSWORD |
The default password for admin |
SITE_CLASS |
the class name for site objects |
AUTHENTICATE_TICKET_CLASS |
The class of an external tickets source, which is used to get the key when ticket doesn't exists |
INACTIVE_TICKET_EXPIRY |
Life expectency of a ticket when user is inactive. Need to specify the time metric using, and time metrics can be "day", "week", "year". Time metric is defaulted to be "day". Sample input: "1 day" |
PROTOCOL |
the base url protocol, defaulted to be "http" |
SESSION_KEY |
key for login tickets |
AUTHENTICATE_DOMAINS |
(DEPRECATED) Used for active directory/ldap authentication. Use active_directory, domains instead. |
HOSTS |
the hosts for your website, separated by "|". |
BASE_DN |
BaseDN for LDAP |
Database
<database>
<vendor>PostgreSQL</vendor>
<server>localhost</server>
<port></port>
<user>postgres</user>
<password>none</password>
<sobject_database>sthpw</sobject_database>
<pool_max_connections>0</pool_max_connections>
<sqlite_db_dir>/home/tactic_data/sql_lite</sqlite_db_dir>
<join>false</join>
<ORACLE_HOME>/home/tactic_data/oracle</ORACLE_HOME>
<NLS_LANG></NLS_LANG>
<sslmode></sslmode>
<encoding>utf8</encoding>
<charset>utf8</charset>
</database>
VENDOR |
The database vendor (software) the database will be installed on. |
SERVER |
The hostname of the server. This is localhost if TACTIC and the database are on the same server |
PORT |
The database connection port |
USER |
The user name for the database connection |
PASSWORD |
The password for the database connection. |
SOBJECT_DATABASE |
The database where SObject definitions will be stores |
POOL_MAX_CONNECTIONS |
The pool of connections available for connecting to the database. 0 is recommended for PostgreSQL implementation |
SQLITE_DB_DIR |
the directory of sqlite database |
JOIN |
set as "false" to disable multi-database join |
ORACLE_HOME |
The oracle home directory path |
NLS_LANG |
The NLS_LANG for Oracle |
SSLMODE |
The sslmode for postgreSQL |
ENCODING |
The encoding of the MySQL database |
CHARSET |
The charset of the MySQL database |
Perforce
<perforce>
<web_dir>perforce</web_dir>
<p4>p4</p4>
<port>1666</port>
<depot>book</depot>
</perforce>
WEB_DIR |
The webdir for the perforce connection. |
P4 |
|
PORT |
The port to be used for connection to perforce. |
depot |
The depot of perforce |
Look
This setting provides a method of setting the TACTIC skin in the server for all users. In this example, the 'BON_NOCHE' palette specified:
<look>
<palette>BON_NOCHE</palette>
<kiosk_mode>true</kiosk_mode>
</look>
Other available palettes are 'AQUA', 'DARK', 'BRIGHT', 'DEFAULT', 'SILVER', 'AVIATOR', and 'ORIGAMI'. Alternatively, the whole palette can be customized as follows:
<look>
<palette>{
'color': '#000000', # main font color
'color2': '#FFFFFF', # secondary font color
'color3': '#FFFFFF', # tertiary font color
'background': '#FDEEA7', # main background color
'background2': '#1A9481', # secondary background color
'background3': '#003D5c', # tertiary background color
'border': '#666666' # main border color
}</palette>
</palette>
</look>
The side bar color may not change right away until the next TACTIC service restart.
PALETTE |
The default palette setting for all TACTIC users. |
kiosk_mode |
set as "true" to disable spt.alert function, default is false |
Portal
<portal>
<auto_upgrade>true</auto_upgrade>
<enabled>true</enabled>
</portal>
AUTO_UPGRADE |
This config is default to be false. Set as "true" to allow the site to auto-upgrade databases and plugins to the newest version when loading the project. Set as "false" or remove the config to disable the auto-upgrade. |
ENABLED |
set as "true" to indicate this is a portal website |
Schedule
<schedule>
<mode>from_end_date</mode>
</schedule>
MODE |
can be 'even', 'even_day', and 'from_end_date'. "even" mode creates tasks with the same duration that measured by hours; "even_day" mode creates tasks with the same duration that measured by days; "from_end_date" creates tasks with durations according to its "bid_start_date" and "bid_end_date" |
Async
<async>
<process_count>3</process_count>
</async>
process_count |
The number of processes for the aSync queue service, has to be integer. |
Load
<load>
<loader_use_namespace></loader_use_namespace>
</load>
LOADER_USE_NAMESPACE |
User by MayaFileLoaderCmd |
Master
<master>
<enabled>true</enabled>
<project_code>workflow</project_code>
<url></url>
<forwarding_type>xmlrpc_only</forwarding_type>
<site>user</site>
</master>
enabled |
Enables functionality required for multi-site database replication. |
project_code |
project_code used in master server authentication |
url |
master server URL |
forwarding_type |
default none, option "xmlrpc_only" disables javascript API get_master function. |
site |
Site used in master server authentication |
Active Directory
<active_directory>
<domains>d1|d2|d3</domains>
<hosts>h1|h2|h3</hosts>
<require_domain>true</require_domain>
<domain_component>dc</domain_component>
<allow_script>AD/validate</allow_script>
<default_groups>group1|group2</default_groups>
<handle_groups>false</handle_groups>
<default_license_type>license</default_license_type>
</active_directory>
domains |
Domains for active directory/ldap authentication, separated by "|", need to match the number of hosts |
hosts |
Hosts for active directory/ldap authentication, separated by "|", need to match the number of domains |
require_domain |
set as "true" to make domain required. |
domain_component |
the domain component for LDAP, represents the top of an LDAP tree that uses DNS to define its namespace |
allow_script |
The path to the python script that sets the flag |
default_groups |
groups for users that are groupless, separated by "|" |
handle_groups |
set as "false" to check if any user is groupless, and set users to default_groups if they are groupless |
default_license_type |
the default license type for active_directory. When user has no defined groups in Active Directory, they will be set as the default license type |
Checkin
TACTIC uses the following directory and path settings for internal and client interaction. They are included in the tag (for checkins).
VERSIONLESS_MODE |
COPY or SYMLINK: Turn on versionless mode for checkins for all projects. To set the versionless mode per project, go to PROJECT ADMIN → PROJECT SETTINGS and add a the key VERSIONLESS_MODE and the value: COPY or SYMLINK. |
ASSET_BASE_DIR |
The directory where the assets are stored in the TACTIC server. |
WEB_BASE_DIR |
The root URL that maps the 'asset_base_dir' directory |
WIN32_LOCAL_BASE_DIR |
The base directory in Windows client machines |
LINUX_LOCAL_BASE_DIR |
The base directory in Linux client machines |
WIN32_SANDBOX_DIR |
The default sandbox directory in the Windows client machines (it can be overridden by Remote Repo) |
LINUX_SANDBOX_DIR |
The default sandbox directory in the Linux client machines (it can be overridden by Remote Repo) |
WIN32_CLIENT_REPO_DIR |
Maps the asset_base_dir directory as seen by the Windows client. For example, if asset_base_dir is on a Linux server with a path like "/home/apache/assets" but from the Windows client, it is mapped as "Z:/assets", then "Z:/assets" should be the value for this setting. By default, this path is empty because the system assumes the client and server are on the same Windows machine. |
LINUX_CLIENT_REPO_DIR |
Same as 'win32_client_repo_dir' except it is from the perspective of a Linux client machine |
WIN32_CLIENT_HANDOFF_DIR |
Windows client-side handoff directory for Client API transactions. (Find out more about the handoff directory below.) |
WIN32_SERVER_HANDOFF_DIR |
Windows server-side handoff directory for Client API transactions |
LINUX_CLIENT_HANDOFF_DIR |
Linux client-side handoff directory for Client API transactions |
LINUX_SERVER_HANDOFF_DIR |
Linux server-side handoff directory for Client API transactions |
SUDO_NO_PASSWORD |
It controls whether sudo can be run to change the user id and group id of the files checked in. It is particularly important if you want to ensure files checked in to the TACTIC repository are owned by TACTIC and not overwritable by just any users. If set to true, "no password" should be enabled for the user TACTIC is run as in the OS. e.g. For Fedora, assuming you have sudo installed: In the file /etc/sudoers, the following line should be uncommented: %wheel ALL=(ALL) NOPASSWD: ALL In the file /etc/group, apache should be added to the group wheel wheel:x:10:root,apache |
VERSION_PADDING |
padding of 3 or more can be set for checked-in files |
DEFAULT_NAMING_VERSION |
The default version for checkin |
WIN32_LOCAL_REPO_DIR |
The repo base directory in Windows client machines |
LINUX_LOCAL_REPO_DIR |
The repo base directory in Linux client machines |
BASE_DIR_ALIAS |
the alias of asset_base_dir |
APP_ASSET_BASE_DIR |
asset_base_dir for maya |
LDAP_PATH |
LDAP(Active Directory) Path |
LDAP_SERVER |
LDAP server |
COPY_BASE_URL |
the base url for SobjectUploadWdg in copy mode |
USE_APPLET |
determines whether the applet should be used for local file operations, can only be "true" or "false" |
win32_dropbox_dir |
a directory used when the base_dir is not defined when getting the transactions |
REPO_TYPE |
|
CLIENT_DIR_MAP |
maps server directories to client directories |
The Handoff Directories
Handoff directories can be seen by both the server and the client machines. They are used for 3D checkins and client API interactions, and are important for specifying how the client and server sides see the same location.
For example, if you have the location //192.168.0.105/handoff available on your network and it is mounted as /home/apache/handoff on a server, then it would be important to include the following entries:
<win32_client_handoff_dir>//192.168.0.105/handoff</win32_client_handoff_dir>
<win32_server_handoff_dir></win32_server_handoff_dir>
<linux_client_handoff_dir></linux_client_handoff_dir>
<linux_server_handoff_dir>/home/apache/handoff</linux_server_handoff_dir>
Directory Configuration Examples
Example 1
The assets directory is located on the TACTIC server and allows for read-only access from client machines in the local subnet.
-
The assets directory is located on the TACTIC server and allows for read-only access from client machines in the local subnet.
-
The handoff directory is located on the TACTIC server and allows for read/write access from client machines in the local subnet
-
The Windows and Linux 'client_repo_dir' looks directly to the server for the available "assets" share
-
The Windows and Linux 'client_handoff_dir' looks directly to the server for the available "handoff" share
<checkin> <asset_base_dir>/home/apache/assets</asset_base_dir> <web_base_dir>/assets</web_base_dir> <win32_local_base_dir>C:/sthpw</win32_local_base_dir> <linux_local_base_dir>/tmp/sthpw</linux_local_base_dir> <win32_sandbox_dir>C:/sthpw/sandbox</win32_sandbox_dir> <linux_sandbox_dir>/tmp/sthpw/sandbox</linux_sandbox_dir> <win32_client_repo_dir>//192.168.0.105/apache/assets</win32_client_repo_dir> <linux_client_repo_dir>/usr/assets</linux_client_repo_dir> <win32_client_handoff_dir>//192.168.0.105/apache/handoff<win32_client_handoff_dir> <win32_server_handoff_dir></win32_server_handoff_dir> <linux_client_handoff_dir>/home/apache/handoff</linux_client_handoff_dir> <linux_server_handoff_dir>/home/apache/handoff</linux_server_handoff_dir> <version_padding>3</version_padding> </checkin>
Example 2
-
The assets directory is located on another server and mounted locally on the TACTIC server to /mnt1/assets.
-
The Windows and Linux 'client_repo_dir' is mapped/mounted to the TACTIC 'asset_base_dir'
-
The Windows and Linux 'client_handoff_dir' is mapped/mounted to the TACTIC 'server_handoff_dir'
<checkin> <asset_base_dir>/mnt1/assets</asset_base_dir> <web_base_dir>/assets</web_base_dir> <win32_local_base_dir>C:/sthpw</win32_local_base_dir> <linux_local_base_dir>/tmp/sthpw</linux_local_base_dir> <win32_sandbox_dir>C:/sthpw/sandbox</win32_sandbox_dir> <linux_sandbox_dir>/tmp/sthpw/sandbox</linux_sandbox_dir> <win32_client_repo_dir>z:/assets</win32_client_repo_dir> <linux_client_repo_dir>/assets</linux_client_repo_dir> <win32_client_handoff_dir>z:/tactic_handoff<win32_client_handoff_dir> <win32_server_handoff_dir></win32_server_handoff_dir> <linux_client_handoff_dir>/tactic_handoff</linux_client_handoff_dir> <linux_server_handoff_dir>/home/apache/tactic_handoff</linux_server_handoff_dir> <version_padding>3</version_padding> </checkin>