Installation

Run locally

Syncto is based on top of the cliquet project, and as such, you may wanto to refer to cliquet’s documentation for more details.

For development

By default, Syncto persists internal cache in Redis.

git clone https://github.com/mozilla-services/syncto
cd syncto
make serve
note:OSX users are warned that supplementary steps are needed to ensure proper installation of cryptographic dependencies is properly done; see dedicated note.

If you already installed Syncto earlier and you want to recreate a full environment (because of errors when running make serve), please run:

make maintainer-clean serve

Authentication

Syncto relies on Firefox Account BrowserID assertion to authenticate users to the Token Server.

Note that you will need to pass through a BrowserID assertion with the https://token.services.mozilla.com/ audience for Syncto to be able to read Firefox Sync server credentials.

This can be made using HTTPie and PyFxA.

To install them:

$ pip install httpie PyFxA

To build a Firefox Account Browser ID assertion for an existing user:

$ BID_AUDIENCE=https://token.services.mozilla.com/ \
    BID_WITH_CLIENT_STATE=True \
      http GET 'https://syncto.dev.mozaws.net/v1/buckets/syncto/collections/history/records'
        --auth-type fxa-browserid --auth "user@email.com:US3R_P4S5W0RD" -v

Once you have got a BrowserID Assertion, you can also reuse it to benefit from Syncto cache features:

$ http GET 'https://syncto.dev.mozaws.net/v1/buckets/syncto/collections/history/records' \
    Authorization:"BrowserID eyJhbGciOiJSUzI1NiJ9..." \
    X-Client-State:64e8bc35e90806f9a67c0ef8fef63...

Cryptography libraries

Linux

On Debian / Ubuntu based systems:

apt-get install libffi-dev libssl-dev

On RHEL-derivatives:

apt-get install libffi-devel openssl-devel

OS X

Assuming brew is installed:

brew install libffi openssl pkg-config

Warning

Apple having dropped support for OpenSSL and moving to their own library recently, you have to force its usage to properly install cryptography-related dependencies:

$ env LDFLAGS="-L$(brew --prefix openssl)/lib" \
      CFLAGS="-I$(brew --prefix openssl)/include" \
          .venv/bin/pip install cryptography
$ make serve

Running in production

Enable write access

By default, collections are read-only. In order to enable write operations on remote Sync collections, add some settings in the configuration with the collection name:

syncto.record_tabs_put_enabled = true
syncto.record_tabs_delete_enabled = true
syncto.record_passwords_put_enabled = true
syncto.record_passwords_delete_enabled = true
syncto.record_bookmarks_put_enabled = true
syncto.record_bookmarks_delete_enabled = true
syncto.record_history_put_enabled = true
syncto.record_history_delete_enabled = true

Monitoring

# Heka
syncto.logging_renderer = cliquet.logs.MozillaHekaRenderer

# StatsD
syncto.statsd_url = udp://carbon.server:8125

Application output should go to stdout, and message format should have no prefix string:

[handler_console]
class = StreamHandler
args = (sys.stdout,)
level = INFO
formater = heka

[formatter_heka]
format = %(message)s

Adapt the logging configuration in order to plug Sentry:

[loggers]
keys = root, sentry

[handlers]
keys = console, sentry

[formatters]
keys = generic

[logger_root]
level = INFO
handlers = console, sentry

[logger_sentry]
level = WARN
handlers = console
qualname = sentry.errors
propagate = 0

[handler_console]
class = StreamHandler
args = (sys.stdout,)
level = INFO
formater = heka

[formatter_heka]
format = %(message)s

[handler_sentry]
class = raven.handlers.logging.SentryHandler
args = ('http://public:secret@example.com/1',)
level = WARNING
formatter = generic

[formatter_generic]
format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
datefmt = %H:%M:%S

Running with uWsgi

To run the application using uWsgi, an app.wsgi file is provided. This command can be used to run it:

uwsgi --ini config/syncto.ini

uWsgi configuration can be tweaked in the ini file in the dedicated [uwsgi] section.

Here’s an example:

[uwsgi]
wsgi-file = app.wsgi
enable-threads = true
socket = /run/uwsgi/syncto.sock
chmod-socket = 666
cheaper-algo = busyness
cheaper = 5
cheaper-initial = 9
workers = 14
cheaper-step = 1
cheaper-overload = 30
cheaper-busyness-verbose = true
master = true
module = syncto
harakiri = 120
uid = ubuntu
gid = ubuntu
virtualenv = /data/venvs/syncto
lazy = true
lazy-apps = true
single-interpreter = true
buffer-size = 65535
post-buffering = 65535

To use a different ini file, the SYNCTO_INI environment variable should be present with a path set to it.