Configuration

Config options are used to enable or disable certain features or behaviour in ftrack. After updating configuration the service must be restarted, for the changes to apply. Configuration options are added to your ftrack.yml file.

Webhooks

To enable and use the webhooks feature in ftrack studio 24.6+, the automations feature must be enabled, and a private and public key must be set. The keys are used internally to communicate between the services. The keys can be generated with the following commands:

openssl genrsa -out private_key.pem 2048
openssl rsa -pubout -in private_key.pem -out public_key.pem

Then update your ftrack.yaml config:

automations:
enabled: true
publicKey: |
-----BEGIN PUBLIC KEY-----
The content of your public key
-----END PUBLIC KEY-----
privateKey: |
-----BEGIN PRIVATE KEY-----
The content of your private key
-----END PRIVATE KEY-----

Please keep your private key safe and do not share it with anyone.

If you change the keys, you must manually delete the ftrack-event-parser and ftrack-webhook-executor pods to ensure they use the new keys.

Once automations are enabled you should be able to see a new Webhooks section in systems settings under advanced. The first time a webhook is triggered by the system, it may take up to a minute before it is sent.

Email

Email settings should be configured to allow the ftrack server to send out notifications via email.

config:
mail.on: true
mail.transport: smtp
mail.smtp.server: YOUR-SMTP-SERVER_URL:PORT
mail.encoding: utf-8
mail.smtp.username: USERNAME
mail.smtp.password: PASSWORD
mail.message.author: ftrack <someaddress@mydomain.com>

If your mail server uses an SSL connection (typically port 465) it may be necessary to also set:

config:
mail.smtp.tls: ssl

Note: username and password must always be set, if you are not using a username/password set them to an empty string or emails will not be sent.

To enable debug logs for email sending, enable the following config:

config:
mail.smtp.debug: true

2-factor authentication

2FA is enabled by default on local installations, but to be able to use it a secret key must be configured. If this key changes after users have configured 2FA on their accounts, their time based 2FA codes will no longer work and must be reconfigured. Generate a secret using the following command:

python -c 'import uuid;print uuid.uuid4()'

Then add it to your ftrack.yaml file in the config section:

config:
ftrack.2fa_secret: SOME_SECRET

Do not use the same key for 2FA as for the service secret, they should be unique.

SAML

To enable SAML, add the following to the config section:

config:
ftrack.enable_saml: true

Sentry

To enable Sentry for error tracking, add the following to the config section:

config:
ftrack.sentry: true
ftrack.sentry_dsn: {YOUR_SENTRY_DSN}

Override the default create project behavior

You can override the default behavior when a user chooses to create a new project to invoke an action instead of displaying the default dialog:

config:
ftrack.create_project_action_identifier: test.company.create-project

An minimal example action which creates a project is available here: create_project_action.py.

If you need to override the default create project behaviour, but are running in a cloud hosted environment, please let us know at support@ftrack.com.

Video encoding

Video encoding resolution and bitrate can be configured. Default max resolution is 720 and bitrate is 2000. Both settings are integers.

config:
ftrack.ffmpeg_video_resolution: 1080
ftrack.ffmpeg_video_bitrate: 3000

Disable login with username and password

If using SAML or Google Workspace login only, you can disable the ability to login with username and password. Users will then only see the button to login with SAML or Google.

config:
ftrack.enable_ftrack_login: false

Automatic cleanup of historical data

When changes to data are made in ftrack historical data is stored, such as events of what happened, activities that show up in the activities feed, and notifications. Over time the database will grow and require more memory to operate efficiently. You can enable a setting to delete old historical data.  

config:
ftrack.enable_history_data_cleanup: true
ftrack.history_data_months: 24

The above config will delete all historical data older than 24 months. Just so you know, the delete jobs run in the background very carefully to not affect database performance. It will therefore take some time before all historical data has been deleted. It's only historical data that is being deleted, not project data such as tasks that are old.

This feature was added in ftrack 4.9

Enable extended audit logs

To enable extended audit logs you have to update your configuration ftrack.yml:

config:
ftrack.enable_audit_logs: true

What they contain

The extended audit logs will contain username and IP for:

  • User authentication, successful and failed, including API.
  • Changes to security roles
  • Changes to project access
  • Changes to settings made on System Settings
  • Changes to projects
  • Synchronizing accounts with LDAP or Google.

Logs for attempted logins to LDAP, Google, or SAML must be configured at the specific provider.

Where to find them

The extended audit logs are located in your server logs:

kubectl logs -f deployment/server

Object storage (S3) server location

It is possible to connect an object storage server like amazon S3 and handle all files uploaded or downloaded from the ftrack server location. This is beneficial as it separates file upload/download from the ftrack server and allows scaling out the object storage server separately. The only requirement for the object storage server to work with ftrack is that it is compatible with the Amazon S3 API such as Amazon S3.

Important: To use object storage you must first disable other storages like this:

localPersistentVolume:
enabled: false
nfsPersistentVolume:
enabled: false

The following config options are available:

  • ftrack.server_storage_service - Enable object storage by setting to oss.
  • ftrack.serveruuid - Prefix for files in the bucket.
  • ftrack.oss_access_key - Access key
  • ftrack.oss_access_secret - Access secret
  • ftrack.oss_bucket - Name of the bucket
  • ftrack.oss_calling_format - Can be used to force ordinary calling format instead of via subdomain.
  • ftrack.oss_host - Hostname
  • ftrack.oss_is_secure - Can be set to 0 to allow non https connections.
  • ftrack.oss_port - The port
  • ftrack.s3_accelerated_transfer - Enable https://aws.amazon.com/s3/transfer-acceleration/
  • ftrack.s3_signature_version - Can be set to "v4" to use the V4 signature instead of V2. (Available in 4.12.4)

Use AWS S3:

config:
ftrack.server_storage_service: oss
ftrack.serveruuid: my-ftrack-data
ftrack.oss_access_key: AWSKEY
ftrack.oss_access_secret: AWSSECRET
ftrack.oss_bucket: my-bucket
ftrack.oss_host: s3.amazonaws.com

Note: To use Amazon S3 with ftrack the bucket must be configured to allow CORS requests.

Troubleshooting

The easiest way to debug any errors while configuring object storage is either using the ftrack python API client to do the uploading or drag/drop files in the versions tab in the web interface while having the network tab open. Files will be uploaded and downloaded directly from the object storage, and the ftrack server is only responsible for generating the signed URLs.

Migrate existing data to S3

Note that you can run the sync command several times and it will only copy changes, making it ideal to do a first sync and then another one when ready to switch.

# Download and install https://aws.amazon.com/cli/.

# Configure it with your credentials.
aws configure

# And sync the data from your local storage
aws s3 sync {YOUR_DATA_STORAGE_LOCATION} s3://{bucket-name}/{serveruuid}/storage/
Was this article helpful?
1 out of 1 found this helpful

Articles in this section

See more