Helix TeamHub Testdrive Guide (2020.1 Testdrive)

Operating System

The Helix TeamHub Testdrive instance is provided as a native operating system package (.deb) for Ubuntu 16.04.

In addition to the operating system, the following preparations are required.

Ports

Helix TeamHub binds to a number of ports that must be free before proceeding with installations. In some cases, the Linux distribution may already have an installed package that uses the ports Helix TeamHub needs. Therefore, make sure the ports listed in Inbound and Inter-server connections are available. The following command can be executed to check if anything is listening on port 80:

netstat -tulpn | grep :80

Local Firewall

In addition to the company wide firewall, the local firewall may also be installed by default, for example iptables. Make sure it's either disabled or configured to accept the ports listed in Inbound and Inter-server connections.

UID and GID

When Helix TeamHub is installed, the new hth user account and system group are created with predefined UID and GID of 21212, so make sure they are not reserved.

Locale

Make sure en_US.UTF-8 locale is installed and no errors are reported when running export LC_ALL=en_US.UTF-8.

OpenSSH and repository SSH access

TeamHub supports accessing repositories over SSH protocol. OpenSSH version 6.9 or later is required with support for AuthorizedKeysCommand with arguments. Repository SSH access can be enabled after installing TeamHub by either using the system or bundled OpenSSH. It’s recommended to use system OpenSSH, but the bundled OpenSSH can be used if upgrading OpenSSH is not otherwise possible.

Use system OpenSSH

Append following configuration to the end of the sshd configuration file (/etc/ssh/sshd_config) and reload sshd:

Match User hth
    AuthorizedKeysCommand /usr/bin/hth-ssh-auth %t %k
    AuthorizedKeysCommandUser hth

Use bundled OpenSSH

When using the bundled OpenSSH, it is important that automatic updates are configured to skip OpenSSH package. OpenSSH updates can be disabled as follows:

sudo apt-mark hold openssh-server

When using systemd, change the service configuration file (usually in /etc/systemd/system/sshd.service) to use simple type under [Service] section:

Type=simple

Reload systemd configuration after changing service configuration:

systemctl daemon-reload

To use the bundled OpenSSH, merge the following configuration to /var/opt/hth/shared/hth.json, run sudo hth-ctl reconfigure and reload sshd: Note: this will symlink the existing sshd to the bundled sshd.

{
    "opensshp": {
        "enable": true
    }
}

SSH Optimization

For TeamHub setups that are relatively large, we found that setting the following parameters for SSHD helps with security and efficiency of the system overall:

MaxStartups 100
ClientAliveInterval 60
ClientAliveCountMax 3

You can add those parameters manually to /etc/ssh/sshd_config.

Memory Optimization

TeamHub requires Redis and MongoDB to be installed. To avoid latencies and memory usage issues in these services, we recommend disabling Transparent Huge Pages (THP) in the kernel.

Network Optimization

Depending on the load on your installation, it is recommended to increase the limit of the backlog for connections (somaxconn) to higher value. We suggest setting it to 512 at minimum.