TACTIC Configuration File

The TACTIC config file stores settings such as directory locations and email server information.

Install

This section defines the hostname for the server (if different from "localhost") as well as the temp directory to be used for TACTIC. The tmp_dir is where temporary files are stored as well as the TACTIC log files.

    <install>
        <hostname>localhost</hostname>
        <server>LA</server>
        <tmp_dir>/home/tactic/tactic_temp</tmp_dir>
        <default_project>default_project_code</default_project>
        <include_js>/context/some_external_lib.js</include_js>
        <include_css>plugins/styles.cs</include_css>
        <install_dir>/home/tactic/TACTIC</install_dir>
        <site_dir>/home/tactic/tactic_sites</site_dir>
        <plugin_dir>/home/tactic/TACTIC/spt/plugins</plugin_dir>
        <shutil_fix>enabled</shutil_fix>
        <default_project>workflow</default_project>
        <base_url>portal.southpawtech.com</base_url>
        <top_class_name>tactic.ui.app.PageNavContainerWdg</top_class_name>
        <header_class_name>tactic.ui.app.PageNavContainerWdg</header_class_name>
        <first_day_of_week>6</first_day_of_week>
        <layout>fixed</layout>
        <doc_dir></doc_dir>
        <cache_mode></cache_mode>
        <log_type><log_type>
    </install>

HOSTNAME

This section defines the hostname for the server (if different from "localhost"). The hostname is what TACTIC listens to.

TMP_DIR

The temp directory to be used by TACTIC.

DEFAULT_PROJECT

Default project when the user browse the TACTIC base url.

INCLUDE_JS

You can include one or more external js files you want to make use of. Separated by ,.

SERVER

A prefix for code generation to distinguish data from different servers

INCLUDE_CSS

You can include one or more external css files you want to make use of. Separated by ,.

INSTALL_DIR

The installation directory for TACTIC

HEADER_CLASS_NAME

this value will be returned by WebEnvironment.get_header_class_name()

PLUGIN_DIR

The directory storing plugins created

DOC_DIR

The directory of tactic documents

CACHE_MODE

FIRST_DAY_OF_WEEK

A number indicates the first day of the week, for example, 6 indicates Saturday.

LOG_TYPE

Default value is None, can also be "file_with_date" and "stream". "file_with_date" separates log files by date, the default value writes all log in the same file. Useful on Windows system without Logrotate.

SHUTIL_FIX

once "enabled", disabling copystat method for windows shared folder mounted on Linux

DEFAULT_PROJECT

The default project of your user

BASE_URL

the base url of you website

TOP_CLASS_NAME

the class name of default wdg of top container, will be returned by WebEnvironment.get_top_class_name()

Services

This section defines information regarding the services external to TACTIC.

<services>
    <mailserver>smtp.googlemail.com</mailserver>
    <mail_password>password</mail_password>
    <mail_user>tactic@southpawtech.com</mail_user>
    <mail_port>587</mail_port>
    <mail_sender_disabled>true</mail_sender_disabled>
    <mail_tls_enabled>true</mail_tls_enabled>
    <mail_name>TACTIC</mail_name>
    <mail_default_admin_email>admin@southpawtech.com</mail_default_admin_email>
    <notify_user>exceptions@southpawtech.com</notify_user>
    <python>python3</python>
    <python_path>/home/apache/custom</python_path>
    <render_submit_class>sites.racoon.modules.command.CustomRenderSubmit</render_submit_class>
    <process_count>3</process_count>
    <thread_count>50</thread_count>
    <process_time_alive>30</process_time_alive>
    <system_class></system_class>
    <mail_base_url></mail_base_url>
    <notify_user_name>username<notify_user_name>
    <use_periodic_restart>true</use_periodic_restart>
    <queue_process_timeout>86400</queue_process_timeout>
    <start_port>5510</start_port>
    <ports>5510|5511|5512</ports>
    <queue_process_count>5</queue_process_count>
    <scheduler>true</scheduler>
    <scheduler_sites>admin|user|name</scheduler_sites>
    <rsync><rsync>
</services>

MAIL_SERVER

The URL of the SMTP mail server

MAIL_PASSWORD

The password for accessing the SMTP mail server that requires authentication

MAIL_USER

The user name for accessing the SMTP mail server that requires authentication

MAIL_PORT

The port for the SMTP mail server (if different that 25)

MAIL_SENDER_DISABLED

Set as "true" to disable using the sender name in sending of email in case the email server does not allow sender’s email not owned by the sender

MAIL_TLS_ENABLED

Set as "true" to enable TLS (Transport Layer Security) for the connection to email server

MAIL_DEFAULT_ADMIN_EMAIL

Default email for admin user is no email is set. This is used for password recovery functionality and notifications.

NOTIFY_USER

Email to send system exceptions and errors to.

PYTHON

The root path of the Python installation. If your installation is using Python3, "python3" should be set as value.

PYTHON_PATH

The server-side location for client files. This location can also be mounted from a shared volume if you wish to maintain stricter server access for clients. For multiple paths, separate with | .e.g. /home/apache/custom|/home/apache/custom_two

RENDER_SUBMIT_CLASS

The class used for render submissions.

PROCESS_COUNT

The number of processes the TACTIC service would spawn. It needs to match the number of ports used in the load balancing scheme in the Apache configuration.

THREAD_COUNT

The number of worker threads generated for each instance of the TACTIC process. If not set, it defaults to 10 which is too low to handle rapid requests.. TACTIC’s default is 50 on new installation. A good balance of process_count and thread_count can improve response time of the server.

PROCESS_TIME_ALIVE

The number of minutes a TACTIC process gets respawned. It helps with the memory consumption inherent with a long-running Python process.

SYSTEM_CLASS

Allows for an override some of the low level system functionality. For example 'mkdirs' and 'exists'

MAIL_BASE_URL

If base_url is not defined, expression language will use mail_base_url for expression variable.

NOTIFY_USER_NAME

The name of the person who receives the system exceptions and errors.

USE_PERIODIC_RESTART

set as 'true' to enable killing TACTIC process periodically

QUEUE_PROCESS_TIMEOUT

The interval for use_periodic_restart, has to be integer, unit: seconds

START_PORT

The first port that your TACTIC website can use. The proceeding PROCESS_COUNT number of ports will be used by TACTIC, defaulted to be 8081

PORTS

the ports can be used by TACTIC, separated by "|". This config is exclusive with START_PORT and PROCESS_COUNT. When these two tags are not filled out, the PORTS config will be used to set the ports can be used by TACTIC.

ENABLE

The services that will used by your TACTIC website, can be tactic, job_queue, watch_folder, scheduler, etc., separated by "|".

QUEUE_PROCESS_COUNT

The number of processes in the job queue, has to be integer

SCHEDULER

set as "true" to enable the scheduler services

SCHEDULER_SITES

The sites the scheduler service will run on.

rsync

rsync executable

Security

This section defines information regarding the services external to TACTIC.

<security>
    <version>2</version>
    <ticket_expiry>10 hour</ticket_expiry>
    <authenticate_mode>default</authenticate_mode>
    <authenticate_class></authenticate_class>
    <authenticate_version>2</authenticate_version>
    <case_insensitive_login>>false</case_insensitive_login>
    <max_login_attempt>3</max_login_attempt>
    <account_lockout_duration>30</account_lockout_duration>
    <auto_create_user>false</auto_create_user>
    <api_require_password>true</api_require_password>
    <api_password>api password</api_password>
    <allow_guest>false</allow_guest>
    <guest_mode>restricted</guest_mode>
    <guest_url_allow>/guest_view</guest_url_allow>
    <api_method_restricted>true</api_method_restricted>
    <api_mode>query</api_mode>
    <api_cmd_restricted>true</api_cmd_restricted>
    <authenticate_encryption>drupal</authenticate_encryption>
    <ldap_server>server address</ldap_server>
    <bind_dn></bind_dn>
    <bind_password>bindDN password</bind_password>
    <base_dn></base_dn>
    <password>admin password</password>
    <site_class>pyasm.security.Site</site_class>
    <authenticate_ticket_class></authenticate_ticket_class>
    <inactive_ticket_expiry>2 days</inactive_ticket_expiry>
    <protocol>http</protocol>
    <hosts></hosts>

</security>
TICKET_EXPIRY The number of hours a login ticket expires after

AUTHENTICATE_MODE

default: This basically just looks at the tactic database for information.

autocreate: This autocreates the first time and then leaves the information alone.

cache: This caches the information to the tactic database on every login

AUTHENTICATE_CLASS

A full class path to override the default class "pyasm.security.TacticAuthenticate". Note: Your custom class needs to override the method verify() which takes two arguments: login and password.

AUTHENTICATE_VERSION

1 is the old way of authentication. 2 is the new way.

CASE_INSENSITIVE_LOGIN

If set to 'true', it allows case insensitive login name. When autocreate mode is used, all login entries created will have a lowercase login name. It can be used in combination with Active Directory setup.

MAX_LOGIN_ATTEMPT

Number of times login attempt can fail before account is locked out.

ACCOUNT_LOCKOUT_DURATION

Number of minutes a user account is locked out for failed login attempt if specified.

AUTO_CREATE_USER

Auto create user in TACTIC during authentication phase if it does not exist. (Deprecated: use "authenticate_mode" in new way of authentication)

API_REQUIRE_PASSWORD

Client API script requires password to login or not

API_PASSWORD

A generic Client API password can be set here

ALLOW_GUEST

true or false can be set to allow guest to access without login

GUEST_MODE

full or restricted can be set. In restricted mode, a /guest relative URL is expected to be defined in Custom URL to restrict the guest to only see a particular view

GUEST_URL_ALLOW

In full mode, one can have multiple relative URLs predefined for guest, separated by |.

API_METHOD_RESTRICTED

set as "true" to restrict all API methods access. Certain users can access specific API methods by setting the access rules.

API_MODE

can be "open", "closed", and "query". API's can be accessed by all users if "open"; API's can only be accessed by admin user if "closed"; API's access is specified by access rule if "query".

API_CMD_RESTRICTED

set as "true" to disable command execution through API's, admin is the only user that can execute commands through API's.

AUTHENTICATE_ENCRYPTION

set as "drupal" to enable Drupal encryption method for user information. It will use md5 encryption by default.

LDAP_SERVER

LDAP server

BIND_DN

BindDN for LDAP

BIND_PASSWORD

The corresponding password for bindDN in LDAP

FORCE_LOWERCASE_LOGIN

set as "true" to restrict login names to be lowercase.

VERSION

The security version of TACTIC

PASSWORD

The default password for admin

SITE_CLASS

the class name for site objects

AUTHENTICATE_TICKET_CLASS

The class of an external tickets source, which is used to get the key when ticket doesn't exists

INACTIVE_TICKET_EXPIRY

Life expectency of a ticket when user is inactive. Need to specify the time metric using, and time metrics can be "day", "week", "year". Time metric is defaulted to be "day". Sample input: "1 day"

PROTOCOL

the base url protocol, defaulted to be "http"

SESSION_KEY

key for login tickets

AUTHENTICATE_DOMAINS

(DEPRECATED) Used for active directory/ldap authentication. Use active_directory, domains instead.

HOSTS

the hosts for your website, separated by "|".

BASE_DN

BaseDN for LDAP

Database

<database>
    <vendor>PostgreSQL</vendor>
    <server>localhost</server>
    <port></port>
    <user>postgres</user>
    <password>none</password>
    <sobject_database>sthpw</sobject_database>
    <pool_max_connections>0</pool_max_connections>
    <sqlite_db_dir>/home/tactic_data/sql_lite</sqlite_db_dir>
    <join>false</join>
    <ORACLE_HOME>/home/tactic_data/oracle</ORACLE_HOME>
    <NLS_LANG></NLS_LANG>
    <sslmode></sslmode>
    <encoding>utf8</encoding>
    <charset>utf8</charset>
</database>

VENDOR

The database vendor (software) the database will be installed on.

SERVER

The hostname of the server. This is localhost if TACTIC and the database are on the same server

PORT

The database connection port

USER

The user name for the database connection

PASSWORD

The password for the database connection.

SOBJECT_DATABASE

The database where SObject definitions will be stores

POOL_MAX_CONNECTIONS

The pool of connections available for connecting to the database. 0 is recommended for PostgreSQL implementation

SQLITE_DB_DIR

the directory of sqlite database

JOIN

set as "false" to disable multi-database join

ORACLE_HOME

The oracle home directory path

NLS_LANG

The NLS_LANG for Oracle

SSLMODE

The sslmode for postgreSQL

ENCODING

The encoding of the MySQL database

CHARSET

The charset of the MySQL database

Perforce

<perforce>
    <web_dir>perforce</web_dir>
    <p4>p4</p4>
    <port>1666</port>
    <depot>book</depot>
</perforce>

WEB_DIR

The webdir for the perforce connection.

P4

PORT

The port to be used for connection to perforce.

depot

The depot of perforce

Look

This setting provides a method of setting the TACTIC skin in the server for all users. In this example, the 'BON_NOCHE' palette specified:

<look>
    <palette>BON_NOCHE</palette>
    <kiosk_mode>true</kiosk_mode>
</look>

Other available palettes are 'AQUA', 'DARK', 'BRIGHT', 'DEFAULT', 'SILVER', 'AVIATOR', and 'ORIGAMI'. Alternatively, the whole palette can be customized as follows:

<look>
     <palette>{
             'color':        '#000000',         # main font color
             'color2':       '#FFFFFF',         # secondary font color
             'color3':       '#FFFFFF',         # tertiary font color
             'background':   '#FDEEA7',         # main background color
             'background2':  '#1A9481',         # secondary background color
             'background3':  '#003D5c',         # tertiary background color
             'border':       '#666666'          # main border color
    }</palette>
</palette>
</look>

The side bar color may not change right away until the next TACTIC service restart.

PALETTE

The default palette setting for all TACTIC users.

kiosk_mode

set as "true" to disable spt.alert function, default is false

Portal

<portal>
    <auto_upgrade>true</auto_upgrade>
    <enabled>true</enabled>
</portal>

AUTO_UPGRADE

This config is default to be false. Set as "true" to allow the site to auto-upgrade databases and plugins to the newest version when loading the project. Set as "false" or remove the config to disable the auto-upgrade.

ENABLED

set as "true" to indicate this is a portal website

Schedule

<schedule>
    <mode>from_end_date</mode>
</schedule>

MODE

can be 'even', 'even_day', and 'from_end_date'. "even" mode creates tasks with the same duration that measured by hours; "even_day" mode creates tasks with the same duration that measured by days; "from_end_date" creates tasks with durations according to its "bid_start_date" and "bid_end_date"

Async

<async>
    <process_count>3</process_count>
</async>

process_count

The number of processes for the aSync queue service, has to be integer.

Load

<load>
    <loader_use_namespace></loader_use_namespace>
</load>

LOADER_USE_NAMESPACE

User by MayaFileLoaderCmd

Master

<master>
    <enabled>true</enabled>
    <project_code>workflow</project_code>
    <url></url>
    <forwarding_type>xmlrpc_only</forwarding_type>
    <site>user</site>
</master>

enabled

Enables functionality required for multi-site database replication.

project_code

project_code used in master server authentication

url

master server URL

forwarding_type

default none, option "xmlrpc_only" disables javascript API get_master function.

site

Site used in master server authentication

Active Directory

<active_directory>
    <domains>d1|d2|d3</domains>
    <hosts>h1|h2|h3</hosts>
    <require_domain>true</require_domain>
    <domain_component>dc</domain_component>
    <allow_script>AD/validate</allow_script>
    <default_groups>group1|group2</default_groups>
    <handle_groups>false</handle_groups>
    <default_license_type>license</default_license_type>
</active_directory>

domains

Domains for active directory/ldap authentication, separated by "|", need to match the number of hosts

hosts

Hosts for active directory/ldap authentication, separated by "|", need to match the number of domains

require_domain

set as "true" to make domain required.

domain_component

the domain component for LDAP, represents the top of an LDAP tree that uses DNS to define its namespace

allow_script

The path to the python script that sets the flag

default_groups

groups for users that are groupless, separated by "|"

handle_groups

set as "false" to check if any user is groupless, and set users to default_groups if they are groupless

default_license_type

the default license type for active_directory. When user has no defined groups in Active Directory, they will be set as the default license type

Checkin

TACTIC uses the following directory and path settings for internal and client interaction. They are included in the tag (for checkins).

VERSIONLESS_MODE

COPY or SYMLINK: Turn on versionless mode for checkins for all projects. To set the versionless mode per project, go to PROJECT ADMIN → PROJECT SETTINGS and add a the key VERSIONLESS_MODE and the value: COPY or SYMLINK.

ASSET_BASE_DIR

The directory where the assets are stored in the TACTIC server.

WEB_BASE_DIR

The root URL that maps the 'asset_base_dir' directory

WIN32_LOCAL_BASE_DIR

The base directory in Windows client machines

LINUX_LOCAL_BASE_DIR

The base directory in Linux client machines

WIN32_SANDBOX_DIR

The default sandbox directory in the Windows client machines (it can be overridden by Remote Repo)

LINUX_SANDBOX_DIR

The default sandbox directory in the Linux client machines (it can be overridden by Remote Repo)

WIN32_CLIENT_REPO_DIR

Maps the asset_base_dir directory as seen by the Windows client. For example, if asset_base_dir is on a Linux server with a path like "/home/apache/assets" but from the Windows client, it is mapped as "Z:/assets", then "Z:/assets" should be the value for this setting.

By default, this path is empty because the system assumes the client and server are on the same Windows machine.

LINUX_CLIENT_REPO_DIR

Same as 'win32_client_repo_dir' except it is from the perspective of a Linux client machine

WIN32_CLIENT_HANDOFF_DIR

Windows client-side handoff directory for Client API transactions. (Find out more about the handoff directory below.)

WIN32_SERVER_HANDOFF_DIR

Windows server-side handoff directory for Client API transactions

LINUX_CLIENT_HANDOFF_DIR

Linux client-side handoff directory for Client API transactions

LINUX_SERVER_HANDOFF_DIR

Linux server-side handoff directory for Client API transactions

SUDO_NO_PASSWORD

It controls whether sudo can be run to change the user id and group id of the files checked in. It is particularly important if you want to ensure files checked in to the TACTIC repository are owned by TACTIC and not overwritable by just any users. If set to true, "no password" should be enabled for the user TACTIC is run as in the OS. e.g. For Fedora, assuming you have sudo installed:

In the file /etc/sudoers, the following line should be uncommented: %wheel ALL=(ALL) NOPASSWD: ALL

In the file /etc/group, apache should be added to the group wheel wheel:x:10:root,apache

VERSION_PADDING

padding of 3 or more can be set for checked-in files

DEFAULT_NAMING_VERSION

The default version for checkin

WIN32_LOCAL_REPO_DIR

The repo base directory in Windows client machines

LINUX_LOCAL_REPO_DIR

The repo base directory in Linux client machines

BASE_DIR_ALIAS

the alias of asset_base_dir

APP_ASSET_BASE_DIR

asset_base_dir for maya

LDAP_PATH

LDAP(Active Directory) Path

LDAP_SERVER

LDAP server

COPY_BASE_URL

the base url for SobjectUploadWdg in copy mode

USE_APPLET

determines whether the applet should be used for local file operations, can only be "true" or "false"

win32_dropbox_dir

a directory used when the base_dir is not defined when getting the transactions

REPO_TYPE

CLIENT_DIR_MAP

maps server directories to client directories

The Handoff Directories

Handoff directories can be seen by both the server and the client machines. They are used for 3D checkins and client API interactions, and are important for specifying how the client and server sides see the same location.

For example, if you have the location //192.168.0.105/handoff available on your network and it is mounted as /home/apache/handoff on a server, then it would be important to include the following entries:

<win32_client_handoff_dir>//192.168.0.105/handoff</win32_client_handoff_dir>
<win32_server_handoff_dir></win32_server_handoff_dir>
<linux_client_handoff_dir></linux_client_handoff_dir>
<linux_server_handoff_dir>/home/apache/handoff</linux_server_handoff_dir>

Directory Configuration Examples

Example 1

The assets directory is located on the TACTIC server and allows for read-only access from client machines in the local subnet.

  • The assets directory is located on the TACTIC server and allows for read-only access from client machines in the local subnet.

  • The handoff directory is located on the TACTIC server and allows for read/write access from client machines in the local subnet

  • The Windows and Linux 'client_repo_dir' looks directly to the server for the available "assets" share

  • The Windows and Linux 'client_handoff_dir' looks directly to the server for the available "handoff" share

    <checkin>
        <asset_base_dir>/home/apache/assets</asset_base_dir>
        <web_base_dir>/assets</web_base_dir>
        <win32_local_base_dir>C:/sthpw</win32_local_base_dir>
        <linux_local_base_dir>/tmp/sthpw</linux_local_base_dir>
        <win32_sandbox_dir>C:/sthpw/sandbox</win32_sandbox_dir>
        <linux_sandbox_dir>/tmp/sthpw/sandbox</linux_sandbox_dir>
        <win32_client_repo_dir>//192.168.0.105/apache/assets</win32_client_repo_dir>
        <linux_client_repo_dir>/usr/assets</linux_client_repo_dir>
        <win32_client_handoff_dir>//192.168.0.105/apache/handoff<win32_client_handoff_dir>
        <win32_server_handoff_dir></win32_server_handoff_dir>
        <linux_client_handoff_dir>/home/apache/handoff</linux_client_handoff_dir>
        <linux_server_handoff_dir>/home/apache/handoff</linux_server_handoff_dir>
        <version_padding>3</version_padding>
    </checkin>
    

Example 2

  • The assets directory is located on another server and mounted locally on the TACTIC server to /mnt1/assets.

  • The Windows and Linux 'client_repo_dir' is mapped/mounted to the TACTIC 'asset_base_dir'

  • The Windows and Linux 'client_handoff_dir' is mapped/mounted to the TACTIC 'server_handoff_dir'

    <checkin>
        <asset_base_dir>/mnt1/assets</asset_base_dir>
        <web_base_dir>/assets</web_base_dir>
        <win32_local_base_dir>C:/sthpw</win32_local_base_dir>
        <linux_local_base_dir>/tmp/sthpw</linux_local_base_dir>
        <win32_sandbox_dir>C:/sthpw/sandbox</win32_sandbox_dir>
        <linux_sandbox_dir>/tmp/sthpw/sandbox</linux_sandbox_dir>
        <win32_client_repo_dir>z:/assets</win32_client_repo_dir>
        <linux_client_repo_dir>/assets</linux_client_repo_dir>
        <win32_client_handoff_dir>z:/tactic_handoff<win32_client_handoff_dir>
        <win32_server_handoff_dir></win32_server_handoff_dir>
        <linux_client_handoff_dir>/tactic_handoff</linux_client_handoff_dir>
        <linux_server_handoff_dir>/home/apache/tactic_handoff</linux_server_handoff_dir>
        <version_padding>3</version_padding>
    </checkin>