By default, Syncto persists internal cache in Redis.
git clone https://github.com/mozilla-services/syncto cd syncto make serve
|note:||OSX users are warned that supplementary steps are needed to ensure proper installation of cryptographic dependencies is properly done; see dedicated note.|
If you already installed Syncto earlier and you want to recreate a
full environment (because of errors when running
make serve), please run:
make maintainer-clean serve
Syncto relies on Firefox Account BrowserID assertion to authenticate users to the Token Server.
Note that you will need to pass through a BrowserID assertion with the https://token.services.mozilla.com/ audience for Syncto to be able to read Firefox Sync server credentials.
To install them:
$ pip install httpie PyFxA
To build a Firefox Account Browser ID assertion for an existing user:
$ BID_AUDIENCE=https://token.services.mozilla.com/ \ BID_WITH_CLIENT_STATE=True \ http GET 'https://syncto.dev.mozaws.net/v1/buckets/syncto/collections/history/records' --auth-type fxa-browserid --auth "email@example.com:US3R_P4S5W0RD" -v
Once you have got a BrowserID Assertion, you can also reuse it to benefit from Syncto cache features:
$ http GET 'https://syncto.dev.mozaws.net/v1/buckets/syncto/collections/history/records' \ Authorization:"BrowserID eyJhbGciOiJSUzI1NiJ9..." \ X-Client-State:64e8bc35e90806f9a67c0ef8fef63...
On Debian / Ubuntu based systems:
apt-get install libffi-dev libssl-dev
apt-get install libffi-devel openssl-devel
Assuming brew is installed:
brew install libffi openssl pkg-config
Apple having dropped support for OpenSSL and moving to their own library recently, you have to force its usage to properly install cryptography-related dependencies:
$ env LDFLAGS="-L$(brew --prefix openssl)/lib" \ CFLAGS="-I$(brew --prefix openssl)/include" \ .venv/bin/pip install cryptography $ make serve
Running in production¶
Most default setting values in the application code base are suitable for production.
However, the set of settings mentionned below might deserve some review or adjustments:
syncto.cache_backend = cliquet.cache.redis syncto.cache_url = redis://localhost:6379/1 syncto.http_scheme = https syncto.http_host = <hostname> syncto.retry_after_seconds = 30 syncto.batch_max_requests = 25 syncto.cache_hmac_secret = <32 random bytes as hex> syncto.token_server_url = https://token.services.mozilla.com/
For an exhaustive list of available settings and their default values, refer to cliquet source code.
Enable write access¶
By default, collections are read-only. In order to enable write operations on remote Sync collections, add some settings in the configuration with the collection name:
syncto.record_tabs_put_enabled = true syncto.record_tabs_delete_enabled = true syncto.record_passwords_put_enabled = true syncto.record_passwords_delete_enabled = true syncto.record_bookmarks_put_enabled = true syncto.record_bookmarks_delete_enabled = true syncto.record_history_put_enabled = true syncto.record_history_delete_enabled = true
# Heka syncto.logging_renderer = cliquet.logs.MozillaHekaRenderer # StatsD syncto.statsd_url = udp://carbon.server:8125
Application output should go to
stdout, and message format should have no
[handler_console] class = StreamHandler args = (sys.stdout,) level = INFO formater = heka [formatter_heka] format = %(message)s
Adapt the logging configuration in order to plug Sentry:
[loggers] keys = root, sentry [handlers] keys = console, sentry [formatters] keys = generic [logger_root] level = INFO handlers = console, sentry [logger_sentry] level = WARN handlers = console qualname = sentry.errors propagate = 0 [handler_console] class = StreamHandler args = (sys.stdout,) level = INFO formater = heka [formatter_heka] format = %(message)s [handler_sentry] class = raven.handlers.logging.SentryHandler args = ('http://public:firstname.lastname@example.org/1',) level = WARNING formatter = generic [formatter_generic] format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s datefmt = %H:%M:%S
Running with uWsgi¶
To run the application using uWsgi, an app.wsgi file is provided. This command can be used to run it:
uwsgi --ini config/syncto.ini
uWsgi configuration can be tweaked in the ini file in the dedicated [uwsgi] section.
Here’s an example:
[uwsgi] wsgi-file = app.wsgi enable-threads = true socket = /run/uwsgi/syncto.sock chmod-socket = 666 cheaper-algo = busyness cheaper = 5 cheaper-initial = 9 workers = 14 cheaper-step = 1 cheaper-overload = 30 cheaper-busyness-verbose = true master = true module = syncto harakiri = 120 uid = ubuntu gid = ubuntu virtualenv = /data/venvs/syncto lazy = true lazy-apps = true single-interpreter = true buffer-size = 65535 post-buffering = 65535
To use a different ini file, the
SYNCTO_INI environment variable
should be present with a path set to it.