Configuration

Symbols Service configuration

The Symbols Service covers uploading and downloading symbols.

GUNICORN_TIMEOUT
Parser

str

Default

“300”

Required

No

Specifies the timeout value.

https://docs.gunicorn.org/en/stable/settings.html#timeout

Used in bin/run_web.sh.

GUNICORN_WORKERS
Parser

str

Default

“1”

Required

No

Specifies the number of gunicorn workers.

You should set it to (2 x $num_cores) + 1.

https://docs.gunicorn.org/en/stable/settings.html#workers

http://docs.gunicorn.org/en/stable/design.html#how-many-workers

Used in bin/run_web.sh.

DJANGO_CONFIGURATION

Specifies the settings class to use. Defaults to “Prod”.

This must be set as an environment variable.

Possible values:

  • Prod: production configuration

  • Stage: stage configuration

  • Localdev: local development environment configuration

The Dockerfile sets this to Prod, but if you use docker-compose to start everything, it’ll use Localdev.

DJANGO_SECRET_KEY

You need to set a random DJANGO_SECRET_KEY. It should be predictably random and a decent length.

DJANGO_SECRET_KEY=DontusethisinproductionbutitneedsbelongforCI1234567890
ALLOWED_HOSTS

The ALLOWED_HOSTS needs to be a list of valid domains that will be used to from the outside to reach the service. If there is only one single domain, it doesn’t need to list any others. For example:

DJANGO_ALLOWED_HOSTS=symbols.mozilla.org
SENTRY_DSN, SENTRY_PUBLIC_DSN

This sets the Sentry DSN for the Python code and the JS code.

For example:

SENTRY_DSN=https://bb4e266xxx:d1c1eyyy@sentry.prod.mozaws.net/001
SENTRY_PUBLIC_DSN=https://bb4e266xxx@sentry.prod.mozaws.net/001
DJANGO_SYMBOL_URLS

Comma-separated string of urls. Each url specifies an AWS S3 bucket.

The form for the url is like this:

# If symbols are in the root of the bucket
https://s3-REGION.amazonaws.com/BUCKETNAME/

# If symbols are in a directory in the bucket
https://s3-REGION.amazonaws.com/BUCKETNAME/path/to/symbols/

For publicly available buckets, add access=public to the querystring of the url.

For example:

DJANGO_SYMBOL_URLS=https://s3-us-west-2.amazonaws.com/pubbucket/?access=public,https://s3-us-west-2.amazonaws.com/privatebucket/

Tecken looks for symbols in the buckets in the order specified by DJANGO_SYMBOL_URLS. This is used for downloading symbols and for symbolication.

DJANGO_UPLOAD_DEFAULT_URL

URL to indicates which bucket uploads go into by default.

For example:

DJANGO_UPLOAD_DEFAULT_URL=https://s3-us-west-2.amazonaws.com/pubbucket/
DJANGO_UPLOAD_URL_EXCEPTIONS

Python dictionary that maps an email address or email address glob pattern to an upload URL.

For example:

DJANGO_UPLOAD_BUCKET_EXCEPTIONS={"*example.com": "https://s3-us-west-2.amazonaws.com/privbucket/", "foo@bar.com": "https://s3-us-west-2.amazonaws.com/special/"}
DJANGO_ALLOW_UPLOAD_BY_DOWNLOAD_DOMAINS

Comma-delimited string specifying domains that we allow upload-by-download from.

For example:

DJANGO_ALLOW_UPLOAD_BY_DOWNLOAD_DOMAINS=queue.taskcluster.net,public-artifacts.taskcluster.net

Note

Note that, if you decide to add another domain, if requests to that domain trigger redirects to another domain you have to add that domain too. For example, if you have a mybigsymbolzips.example.com that redirects to cloudfront.amazonaws.net you need to add both.

AWS

The following variables need to be set for access:

AWS_ACCESS_KEY_ID

The AWS access key.

AWS_SECRET_ACCESS_KEY

The AWS Secret access key.

The account used needs to be able to read, write, and list the org.mozilla.crash-stats.symbols-public bucket which is in us-west-2.

Tecken will never create S3 buckets–they are expected to exist.

PostgreSQL

DATABASE_URL

This configures the database to use. The connection needs to be able connect in SSL mode.

For example:

DATABASE_URL="postgres://username:password@hostname/databasename"

Redis Cache

REDIS_URL

The URL to configure the Redis client.

For example:

REDIS_URL="redis://test.v8jvds.0001.usw1.cache.amazonaws.com:6379/0"
DJANGO_REDIS_IGNORE_EXCEPTIONS

The Redis cache is used for caching. Because of that, exceptions that are kicked up by django-redis are ignored. This alleviates the site from going down when AWS Elasticache is unresponsive.

If you want to disable this and have all Redis Cache exceptions result in an HTTP 500 an an error sent to Sentry, set the variable to False.

For example:

DJANGO_REDIS_IGNORE_EXCEPTIONS=False
DJANGO_REDIS_SOCKET_CONNECT_TIMEOUT

Defaults to 1 second.

DJANGO_REDIS_SOCKET_TIMEOUT

Defaults to 2 seconds.

Redis Store

The Redis Store points to a second Redis instance used for caching the output of parsing symbols files.

REDIS_STORE_URL

The URL to configure the Redis client for the Redis Store.

For example:

REDIS_STORE_URL="redis://store.deef34.0001.usw1.cache.amazonaws.com:6379/0"
DJANGO_REDIS_STORE_SOCKET_CONNECT_TIMEOUT

Defaults to 1 second.

DJANGO_REDIS_STORE_SOCKET_TIMEOUT

Defaults to 2 seconds.

This cache is very large and needs to keep running even at max memory capacity. It needs to be configured to have a maxmemory-policy config set to the value allkeys-lru.

In Docker (development) this is automatically set at start-up time but in AWS ElastiCache config is not a valid command. So this needs to be configured once in AWS by setting up an ElastiCache Redis Parameter Group. In particular the expected config is: maxmemory-policy=allkeys-lru.

Expected version is 3.2 or higher.

StatsD and metrics

DJANGO_STATSD_HOST

Defaults to "localhost".

DJANGO_STATSD_PORT

Defaults to 8125.

DJANGO_STATSD_NAMESPACE

Defaults to "" (empty string).

Try builds

Try build symbols are symbols that come from builds with a much more relaxed access policy. That’s why it’s important that these kinds of symbols don’t override the non-Try build symbols. Also, the nature of them is much more short-lived and when stored in S3 they should have a much shorter expiration time than all other symbols.

DJANGO_UPLOAD_TRY_SYMBOLS_URL

URL to indicates which bucket Try symbol uploads go into by default.

For example:

DJANGO_UPLOAD_TRY_SYMBOLS_URL=https://s3-us-west-2.amazonaws.com/pubbucket/try/

If this isn’t set, it defaults to the value of DJANGO_UPLOAD_DEFAULT_URL with try added just after the bucket name.

Authentication

In the production and stage environments, Tecken uses Mozilla SSO which is a self-hosted Auth0 instance that integrates with Mozilla’s LDAP system.

DJANGO_OIDC_RP_CLIENT_ID
DJANGO_OIDC_RP_CLIENT_SECRET
DJANGO_OIDC_OP_AUTHORIZATION_ENDPOINT
DJANGO_OIDC_OP_TOKEN_ENDPOINT
DJANGO_OIDC_OP_USER_ENDPOINT
DJANGO_OIDC_VERIFY_SSL
DJANGO_ENABLE_AUTH0_BLOCKED_CHECK

To use the provider in local development:

  1. Load http://localhost:3000

  2. Click “Sign In” to start an OpenID Connect session on oidcprovider

  3. Click “Sign up” to create an oidcprovider account:
    • Username: A non-email username, like username

    • Email: Your email address

    • Password: Any password, like password

  4. Click “Authorize” to authorize Tecken to use your oidcprovider account

  5. You are returned to http://localhost:3000. If needed, a parallel Tecken User will be created, with default permissions and identified by email address.

You’ll remain logged in to oidcprovider, and the account will persist until the oidcprovider container is stopped. You can visit http://oidc.127.0.0.1.nip.io:8081/account/logout to manually log out.

Symbolication Service configuration (Eliot)

Webapp

The Symbolication Service (aka Eliot) is run as worker processes by Gunicorn which is run by Honcho.

Gunicorn configuration:

ELIOT_GUNICORN_WORKERS
Parser

str

Default

“1”

Required

No

Specifies the number of gunicorn workers.

Gunicorn docs suggest to set it to (2 x $num_cores) + 1.

https://docs.gunicorn.org/en/stable/settings.html#workers

https://docs.gunicorn.org/en/stable/design.html#how-many-workers

Used in bin/run_eliot_web.sh.

ELIOT_GUNICORN_TIMEOUT
Parser

str

Default

“300”

Required

No

Specifies the timeout value.

https://docs.gunicorn.org/en/stable/settings.html#timeout

Used in bin/run_eliot_web.sh.

ELIOT_GUNICORN_PORT
Parser

str

Default

“8000”

Required

No

Specifies the port to listen to.

Used in bin/run_eliot_web.sh.

ELIOT_GUNICORN_CMD_PREFIX
Parser

str

Default

“”

Required

No

Specifies a command prefix to run the gunicorn process in.

Used in bin/run_eliot_web.sh.

Webapp configuration:

Configuration

Configuration summary:

Setting

Parser

Required?

ELIOT_LOCAL_DEV_ENV

bool

ELIOT_HOST_ID

str

ELIOT_LOGGING_LEVEL

str

ELIOT_STATSD_HOST

str

ELIOT_STATSD_PORT

int

ELIOT_STATSD_NAMESPACE

str

ELIOT_SECRET_SENTRY_DSN

str

ELIOT_SYMBOLS_CACHE_DIR

str

ELIOT_SYMBOLS_URLS

<ListOf(str)>

Configuration options:

ELIOT_LOCAL_DEV_ENV
Parser

bool

Default

“False”

Required

No

Whether or not this is a local development environment.

ELIOT_HOST_ID
Parser

str

Default

“”

Required

No

Identifier for the host that is running Eliot. This identifies this Eliot instance in the logs and makes it easier to correlate Eliot logs with other data. For example, the value could be a public hostname, an instance id, or something like that. If you do not set this, then socket.gethostname() is used instead.

ELIOT_LOGGING_LEVEL
Parser

str

Default

“INFO”

Required

No

The logging level to use. DEBUG, INFO, WARNING, ERROR or CRITICAL

ELIOT_STATSD_HOST
Parser

str

Default

“localhost”

Required

No

Hostname for statsd server.

ELIOT_STATSD_PORT
Parser

int

Default

“8124”

Required

No

Port for statsd server.

ELIOT_STATSD_NAMESPACE
Parser

str

Default

“”

Required

No

Namespace for statsd metrics.

ELIOT_SECRET_SENTRY_DSN
Parser

str

Default

“”

Required

No

Sentry DSN to use. If this is not set an unhandled exception logging middleware will be used instead. See https://docs.sentry.io/quickstart/#configure-the-dsn for details.

ELIOT_SYMBOLS_CACHE_DIR
Parser

str

Default

“/tmp/cache”

Required

No

Location for caching symcache files.

ELIOT_SYMBOLS_URLS
Parser

<ListOf(str)>

Default

https://symbols.mozilla.org/try/

Required

No

Comma-separated list of urls to pull symbols files from.

Disk cache manager

The disk cache manager is run as a single process by Honcho.

Configuration

Configuration summary:

Setting

Parser

Required?

ELIOT_LOCAL_DEV_ENV

bool

ELIOT_HOST_ID

str

ELIOT_LOGGING_LEVEL

str

ELIOT_STATSD_HOST

str

ELIOT_STATSD_PORT

int

ELIOT_STATSD_NAMESPACE

str

ELIOT_SECRET_SENTRY_DSN

str

ELIOT_SYMBOLS_CACHE_DIR

str

ELIOT_SYMBOLS_CACHE_MAX_SIZE

int

Configuration options:

ELIOT_LOCAL_DEV_ENV
Parser

bool

Default

“False”

Required

No

Whether or not this is a local development environment.

ELIOT_HOST_ID
Parser

str

Default

“”

Required

No

Identifier for the host that is running Eliot. This identifies this Eliot instance in the logs and makes it easier to correlate Eliot logs with other data. For example, the value could be a public hostname, an instance id, or something like that. If you do not set this, then socket.gethostname() is used instead.

ELIOT_LOGGING_LEVEL
Parser

str

Default

“INFO”

Required

No

The logging level to use. DEBUG, INFO, WARNING, ERROR or CRITICAL

ELIOT_STATSD_HOST
Parser

str

Default

“localhost”

Required

No

Hostname for statsd server.

ELIOT_STATSD_PORT
Parser

int

Default

“8124”

Required

No

Port for statsd server.

ELIOT_STATSD_NAMESPACE
Parser

str

Default

“”

Required

No

Namespace for statsd metrics.

ELIOT_SECRET_SENTRY_DSN
Parser

str

Default

“”

Required

No

Sentry DSN to use. If this is not set an unhandled exception logging middleware will be used instead.

See https://docs.sentry.io/quickstart/#configure-the-dsn for details.

ELIOT_SYMBOLS_CACHE_DIR
Parser

str

Default

“/tmp/cache”

Required

No

Location for caching symcache files.

ELIOT_SYMBOLS_CACHE_MAX_SIZE
Parser

int

Default

“1073741824”

Required

No

Max size (bytes) of symbols cache. You can use _ to group digits for legibility.