Configuration¶
Symbols Service configuration¶
Gunicorn configuration:
- GUNICORN_TIMEOUT¶
- Parser:
str
- Default:
“300”
- Required:
No
Specifies the timeout value.
https://docs.gunicorn.org/en/stable/settings.html#timeout
Used in bin/run_web.sh.
- GUNICORN_WORKERS¶
- Parser:
str
- Default:
“1”
- Required:
No
Specifies the number of gunicorn workers.
You should set it to
(2 x $num_cores) + 1
.https://docs.gunicorn.org/en/stable/settings.html#workers
http://docs.gunicorn.org/en/stable/design.html#how-many-workers
Used in bin/run_web.sh.
Webapp configuration:
- Configuration¶
Configuration summary:
Setting
Parser
Required?
bool
bool
bool
str
str
str
str
int
str
str
str
str
Yes
str
Yes
str
Yes
str
Yes
str
Yes
bool
bool
int
str
Yes
int
int
int
str
int
bool
bool
str
Yes
bool
ListOf(str)
dj_database_url.parse
Yes
int
int
ListOf(str)
dict_parser
ListOf(str)
ListOf(str)
ListOf(str)
str
Yes
str
Yes
Configuration options:
- LOCAL_DEV_ENV¶
- Parser:
bool
- Default:
“false”
- Required:
No
Set to true if you’re running in a local dev environment; false otherwise
- TEST_ENV¶
- Parser:
bool
- Default:
“false”
- Required:
No
Set to true if you’re running tests; false otherwise.
- TOOL_ENV¶
- Parser:
bool
- Default:
“false”
- Required:
No
Set to true if you’re running manage.py in a tool context. For example, for collectstatic.
- SENTRY_DSN¶
- Parser:
str
- Default:
“”
- Required:
No
Sentry DSN or empty string
- HOSTNAME¶
- Parser:
str
- Default:
“socket.gethostname()”
- Required:
No
Unique identifier for the host that is running Tecken. This is used in logging and metrics. The default is socket.gethostname().
- LOGGING_DEFAULT_LEVEL¶
- Parser:
str
- Default:
“INFO”
- Required:
No
Default level for logging. Should be one of INFO, DEBUG, WARNING, ERROR.
- STATSD_HOST¶
- Parser:
str
- Default:
“localhost”
- Required:
No
statsd host.
- STATSD_PORT¶
- Parser:
int
- Default:
“8125”
- Required:
No
statsd port.
- STATSD_NAMESPACE¶
- Parser:
str
- Default:
“”
- Required:
No
Namespace for statsd keys.
- FRONTEND_ROOT¶
- Parser:
str
- Default:
“os.path.join(BASE_DIR, “frontend/build/”)”
- Required:
No
Root directory for frontend files like index.html
- STATIC_ROOT¶
- Parser:
str
- Default:
“os.path.join(BASE_DIR, “frontend/build/static/”)”
- Required:
No
Root directory for static files.
- OIDC_RP_CLIENT_ID¶
- Parser:
str
- Required:
Yes
OIDC RP client id.
- OIDC_RP_CLIENT_SECRET¶
- Parser:
str
- Required:
Yes
OIDC RP client secret.
- OIDC_OP_AUTHORIZATION_ENDPOINT¶
- Parser:
str
- Required:
Yes
OIDC OP authorization endpoint.
- OIDC_OP_TOKEN_ENDPOINT¶
- Parser:
str
- Required:
Yes
OIDC OP token endpoint.
- OIDC_OP_USER_ENDPOINT¶
- Parser:
str
- Required:
Yes
OIDC OP user endpoint.
- OIDC_VERIFY_SSL¶
- Parser:
bool
- Default:
“true”
- Required:
No
Whether or not to verify SSL. This should always be True unless in a local dev environment.
- ENABLE_TOKENS_AUTHENTICATION¶
- Parser:
bool
- Default:
“true”
- Required:
No
True if API token authentication is enabled; false otherwise.
- TOKENS_DEFAULT_EXPIRATION_DAYS¶
- Parser:
int
- Default:
“365”
- Required:
No
Default expiration in days for tokens.
- REDIS_URL¶
- Parser:
str
- Required:
Yes
URL for Redis.
- S3_LOOKUP_CONNECT_TIMEOUT¶
- Parser:
int
- Default:
“5”
- Required:
No
S3 connection timeout in seconds.
- S3_LOOKUP_READ_TIMEOUT¶
- Parser:
int
- Default:
“5”
- Required:
No
S3 read timeout in seconds.
- UPLOAD_FILE_UPLOAD_MAX_WORKERS¶
- Parser:
int
- Default:
“0”
- Required:
No
When we upload a .zip file, we iterate over the content and for each file within (that isn’t immediately ignorable) we kick off a function which figures out what (and how) to process the file. That function involves doing a S3 GET (technically ListObjectsV2), (possible) gzipping the payload and (possibly) a S3 PUT. All of these function calls get put in a concurrent.futures.ThreadPoolExecutor pool. This setting is about how many of these to start, max.
- UPLOAD_TEMPDIR¶
- Parser:
str
- Default:
“/tmp/uploads”
- Required:
No
The directory to use as a workspace for handling symbol uploads.
- UPLOAD_TEMPDIR_ORPHANS_CUTOFF¶
- Parser:
int
- Default:
“15”
- Required:
No
Time in minutes before we consider a file to have been orphaned and should be deleted.
- ALLOW_UPLOAD_BY_ANY_DOMAIN¶
- Parser:
bool
- Default:
“false”
- Required:
No
When doing local development, especially load testing, it’s sometimes useful to be able to bypass all URL checks for Upload by Download.
- SYNCHRONOUS_UPLOAD_FILE_UPLOAD¶
- Parser:
bool
- Default:
“false”
- Required:
No
This is only really meant for the sake of being overrideable by other setting classes; in particular when running tests.
- SECRET_KEY¶
- Parser:
str
- Required:
Yes
Django’s secret key for signing things.
- DEBUG¶
- Parser:
bool
- Default:
“false”
- Required:
No
Whether or not to enable debug mode. Don’t set this to True in server environments
- ALLOWED_HOSTS¶
- Parser:
ListOf(str)
- Default:
“”
- Required:
No
Comma-delimited list of strings of host/domain names for this site.
- DATABASE_URL¶
- Parser:
dj_database_url.parse
- Required:
Yes
The database_url to use. This gets parsed into DATABASES configuration.
- CONN_MAX_AGE¶
- Parser:
int
- Default:
“60”
- Required:
No
Maximum age in minutes for connections.
- SESSION_COOKIE_AGE¶
- Parser:
int
- Default:
“str(60 * 60 * 24 * 365)”
- Required:
No
Age in seconds for cookies. Keep it quite short because we don’t have a practical way to do OIDC ID token renewal for this AJAX and curl heavy app.
- COMPRESS_EXTENSIONS¶
- Parser:
ListOf(str)
- Default:
“sym”
- Required:
No
During upload, for each file in the archive, if the extension matches this list, the file gets gzip compressed before uploading.
- MIME_OVERRIDES¶
- Parser:
dict_parser
- Default:
“{“sym”:”text/plain”}”
- Required:
No
For specific file uploads, override the mimetype.
For .sym files, for example, if S3 knows them as ‘text/plain’ they become really handy to open in a browser and view directly.
- DISALLOWED_SYMBOLS_SNIPPETS¶
- Parser:
ListOf(str)
- Default:
“qcom/proprietary”
- Required:
No
Individual strings that can’t be allowed in any of the lines in the content of a symbols archive file.
- ALLOW_UPLOAD_BY_DOWNLOAD_DOMAINS¶
- Parser:
ListOf(str)
- Default:
“”,”.join( [ “queue.taskcluster.net”, “firefox-ci-tc.services.mozilla.com”, “stage.taskcluster.nonprod.cloudops.mozgcp.net”, “tecken-system-tests.symbols.nonprod.webservices.mozgcp.net”, ] )”
- Required:
No
When you “upload by download”, the URL’s domain needs to be in this allow list. This is to double-check that we don’t allow downloads from domains we don’t fully trust.
- DOWNLOAD_FILE_EXTENSIONS_ALLOWED¶
- Parser:
ListOf(str)
- Default:
“.sym,.dl_,.ex_,.pd_,.dbg.gz,.tar.bz2”
- Required:
No
A list of file extensions that if a file is NOT one of these extensions we can immediately return 404 and not bother to process for anything else.
It’s case sensitive and has to be lower case. As a way to get marginal optimization of this, make sure ‘.sym’ is first in the list since it’s the most common.
- UPLOAD_GCS_BUCKET¶
- Parser:
str
- Required:
Yes
The GCS bucket name for uploads and downloads.
- UPLOAD_GCS_PUBLIC_URL¶
- Parser:
str
- Required:
Yes
The base URL for downloading files from the upload bucket.