Installation¶
Run locally¶
Sycnto is based on top of the cliquet project, and as such, please refer to cliquet’s documentation for more details.
For development¶
By default, Sycnto persists internal cache in Redis.
git clone https://github.com/mozilla-services/syncto
cd syncto
make serve
note: | OSX users are warned that supplementary steps are needed to ensure proper installation of cryptographic dependencies is properly done; see dedicated note. |
---|
If you already installed Syncto earlier and you want to recreate a
full environment (because of errors when running make serve
), please run:
make maintainer-clean serve
Authentication¶
By default, Sycnto relies on Firefox Account OAuth2 Bearer tokens to authenticate users.
See cliquet documentation to configure authentication options.
Note that you will also need to pass through a BrowserID assertion in order for Syncto to read the Firefox Sync server.
Install and setup PostgreSQL¶
(requires PostgreSQL 9.3 or higher).
Using Docker¶
docker run -e POSTGRES_PASSWORD=postgres -p 5434:5432 postgres
Linux¶
On debian / ubuntu based systems:
apt-get install postgresql postgresql-contrib
By default, the postgres
user has no password and can hence only connect
if ran by the postgres
system user. The following command will assign it:
sudo -u postgres psql -c "ALTER USER postgres PASSWORD 'postgres';"
Cryptography libraries¶
Linux¶
On Debian / Ubuntu based systems:
apt-get install libffi-dev libssl-dev
On RHEL-derivatives:
apt-get install libffi-devel openssl-devel
OS X¶
Assuming brew is installed:
brew install libffi openssl pkg-config
Warning
Apple having dropped support for OpenSSL and moving to their own library recently, you have to force its usage to properly install cryptography-related dependencies:
$ env LDFLAGS="-L$(brew --prefix openssl)/lib" \
CFLAGS="-I$(brew --prefix openssl)/include" \
.venv/bin/pip install cryptography
$ make serve
Running in production¶
Recommended settings¶
Most default setting values in the application code base are suitable for production.
However, the set of settings mentionned below might deserve some review or adjustments:
cliquet.http_scheme = https
cliquet.paginate_by = 100
cliquet.batch_max_requests = 25
cliquet.delete_collection_enabled = false
cliquet.storage_pool_maxconn = 50
cliquet.cache_pool_maxconn = 50
fxa-oauth.cache_ttl_seconds = 3600
note: | For an exhaustive list of available settings and their default values, refer to cliquet source code. |
---|
Enable write access¶
By default, collections are read-only. In order to enable write operations on remote Sync collections, add some settings in the configuration with the collection name:
syncto.record_tabs_put_enabled = true
syncto.record_tabs_delete_enabled = true
syncto.record_passwords_put_enabled = true
syncto.record_passwords_delete_enabled = true
syncto.record_bookmarks_put_enabled = true
syncto.record_bookmarks_delete_enabled = true
syncto.record_history_put_enabled = true
syncto.record_history_delete_enabled = true
Monitoring¶
# Heka
cliquet.logging_renderer = cliquet.logs.MozillaHekaRenderer
# StatsD
cliquet.statsd_url = udp://carbon.server:8125
Application output should go to stdout
, and message format should have no
prefix string:
[handler_console]
class = StreamHandler
args = (sys.stdout,)
level = INFO
formater = heka
[formatter_heka]
format = %(message)s
Adapt the logging configuration in order to plug Sentry:
[loggers]
keys = root, sentry
[handlers]
keys = console, sentry
[formatters]
keys = generic
[logger_root]
level = INFO
handlers = console, sentry
[logger_sentry]
level = WARN
handlers = console
qualname = sentry.errors
propagate = 0
[handler_console]
class = StreamHandler
args = (sys.stdout,)
level = INFO
formater = heka
[formatter_heka]
format = %(message)s
[handler_sentry]
class = raven.handlers.logging.SentryHandler
args = ('http://public:secret@example.com/1',)
level = WARNING
formatter = generic
[formatter_generic]
format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
datefmt = %H:%M:%S
PostgreSQL setup¶
In production, it is wise to run the application with a dedicated database and user.
postgres=# CREATE USER produser;
postgres=# CREATE DATABASE proddb OWNER produser;
CREATE DATABASE
The tables needs to be created with the cliquet tool.
$ cliquet --ini config/syncto.ini migrate
note: | Alternatively the SQL initialization files can be found in the
cliquet source code (cliquet/cache/postgresql/schemal.sql and
cliquet/storage/postgresql/schemal.sql ). |
---|
Running with uWsgi¶
To run the application using uWsgi, an app.wsgi file is provided. This command can be used to run it:
uwsgi --ini config/syncto.ini
uWsgi configuration can be tweaked in the ini file in the dedicated [uwsgi] section.
Here’s an example:
[uwsgi]
wsgi-file = app.wsgi
enable-threads = true
http-socket = 127.0.0.1:8000
processes = 3
master = true
module = syncto
harakiri = 30
uid = syncto
gid = syncto
virtualenv = .
lazy = true
lazy-apps = true
To use a different ini file, the SYNCTO_INI
environment variable
should be present with a path to it.