Installation¶

Run locally¶

Sycnto is based on top of the cliquet project, and as such, please refer to cliquet’s documentation for more details.

For development¶

By default, Sycnto persists internal cache in Redis.

git clone https://github.com/mozilla-services/syncto
cd syncto
make serve

note:	OSX users are warned that supplementary steps are needed to ensure proper installation of cryptographic dependencies is properly done; see dedicated note.

If you already installed Syncto earlier and you want to recreate a full environment (because of errors when running make serve), please run:

make maintainer-clean serve

Authentication¶

By default, Sycnto relies on Firefox Account OAuth2 Bearer tokens to authenticate users.

See cliquet documentation to configure authentication options.

Note that you will also need to pass through a BrowserID assertion in order for Syncto to read the Firefox Sync server.

Install and setup PostgreSQL¶

(requires PostgreSQL 9.3 or higher).

Using Docker¶

docker run -e POSTGRES_PASSWORD=postgres -p 5434:5432 postgres

Linux¶

On debian / ubuntu based systems:

apt-get install postgresql postgresql-contrib

By default, the postgres user has no password and can hence only connect if ran by the postgres system user. The following command will assign it:

sudo -u postgres psql -c "ALTER USER postgres PASSWORD 'postgres';"

OS X¶

Assuming brew is installed:

brew update
brew install postgresql

Create the initial database:

initdb /usr/local/var/postgres

Cryptography libraries¶

Linux¶

On Debian / Ubuntu based systems:

apt-get install libffi-dev libssl-dev

On RHEL-derivatives:

apt-get install libffi-devel openssl-devel

OS X¶

Assuming brew is installed:

brew install libffi openssl pkg-config

Warning

Apple having dropped support for OpenSSL and moving to their own library recently, you have to force its usage to properly install cryptography-related dependencies:

$ env LDFLAGS="-L$(brew --prefix openssl)/lib" \
      CFLAGS="-I$(brew --prefix openssl)/include" \
          .venv/bin/pip install cryptography
$ make serve

Running in production¶

Recommended settings¶

Most default setting values in the application code base are suitable for production.

However, the set of settings mentionned below might deserve some review or adjustments:

cliquet.http_scheme = https
cliquet.paginate_by = 100
cliquet.batch_max_requests = 25
cliquet.delete_collection_enabled = false
cliquet.storage_pool_maxconn = 50
cliquet.cache_pool_maxconn = 50
fxa-oauth.cache_ttl_seconds = 3600

note:	For an exhaustive list of available settings and their default values, refer to cliquet source code.

Enable write access¶

By default, collections are read-only. In order to enable write operations on remote Sync collections, add some settings in the configuration with the collection name:

syncto.record_tabs_put_enabled = true
syncto.record_tabs_delete_enabled = true
syncto.record_passwords_put_enabled = true
syncto.record_passwords_delete_enabled = true
syncto.record_bookmarks_put_enabled = true
syncto.record_bookmarks_delete_enabled = true
syncto.record_history_put_enabled = true
syncto.record_history_delete_enabled = true

Monitoring¶

# Heka
cliquet.logging_renderer = cliquet.logs.MozillaHekaRenderer

# StatsD
cliquet.statsd_url = udp://carbon.server:8125

Application output should go to stdout, and message format should have no prefix string:

[handler_console]
class = StreamHandler
args = (sys.stdout,)
level = INFO
formater = heka

[formatter_heka]
format = %(message)s

Adapt the logging configuration in order to plug Sentry:

[loggers]
keys = root, sentry

[handlers]
keys = console, sentry

[formatters]
keys = generic

[logger_root]
level = INFO
handlers = console, sentry

[logger_sentry]
level = WARN
handlers = console
qualname = sentry.errors
propagate = 0

[handler_console]
class = StreamHandler
args = (sys.stdout,)
level = INFO
formater = heka

[formatter_heka]
format = %(message)s

[handler_sentry]
class = raven.handlers.logging.SentryHandler
args = ('http://public:secret@example.com/1',)
level = WARNING
formatter = generic

[formatter_generic]
format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
datefmt = %H:%M:%S

PostgreSQL setup¶

In production, it is wise to run the application with a dedicated database and user.

postgres=# CREATE USER produser;
postgres=# CREATE DATABASE proddb OWNER produser;
CREATE DATABASE

The tables needs to be created with the cliquet tool.

$ cliquet --ini config/syncto.ini migrate

note:	Alternatively the SQL initialization files can be found in the cliquet source code (`cliquet/cache/postgresql/schemal.sql` and `cliquet/storage/postgresql/schemal.sql`).

Running with uWsgi¶

To run the application using uWsgi, an app.wsgi file is provided. This command can be used to run it:

uwsgi --ini config/syncto.ini

uWsgi configuration can be tweaked in the ini file in the dedicated [uwsgi] section.

Here’s an example:

[uwsgi]
wsgi-file = app.wsgi
enable-threads = true
http-socket = 127.0.0.1:8000
processes =  3
master = true
module = syncto
harakiri = 30
uid = syncto
gid = syncto
virtualenv = .
lazy = true
lazy-apps = true

To use a different ini file, the SYNCTO_INI environment variable should be present with a path to it.