Configuration

Symbols Service configuration

The Symbols Service covers uploading and downloading symbols.

GUNICORN_TIMEOUT

To specify the timeout value.

https://docs.gunicorn.org/en/stable/settings.html#timeout

GUNICORN_WORKERS

To specify the number of gunicorn workers. The default is 4.

You should set it to (2 x $num_cores) + 1.

https://docs.gunicorn.org/en/stable/settings.html#workers

http://docs.gunicorn.org/en/stable/design.html#how-many-workers

DJANGO_CONFIGURATION

Determines the settings class to use.

Options:

  • Prod: production configuration

  • Stage: stage configuration

  • Localdev: local development environment configuration

The Dockerfile sets this to Prod, but if you use docker-compose to start everything, it’ll pick up Localdev.

DJANGO_CONFIGURATION=Localdev
DJANGO_SECRET_KEY

You need to set a random DJANGO_SECRET_KEY. It should be predictably random and a decent length.

DJANGO_SECRET_KEY=DontusethisinproductionbutitneedsbelongforCI1234567890
ALLOWED_HOSTS

The ALLOWED_HOSTS needs to be a list of valid domains that will be used to from the outside to reach the service. If there is only one single domain, it doesn’t need to list any others. For example:

DJANGO_ALLOWED_HOSTS=symbols.mozilla.org
SENTRY_DSN, SENTRY_PUBLIC_DSN

This sets the Sentry DSN for the Python code and the JS code.

For example:

SENTRY_DSN=https://bb4e266xxx:d1c1eyyy@sentry.prod.mozaws.net/001
SENTRY_PUBLIC_DSN=https://bb4e266xxx@sentry.prod.mozaws.net/001
DJANGO_SYMBOL_URLS

Comma-separated string of urls. Each url specifies an AWS S3 bucket.

The form for the url is like this:

# If symbols are in the root of the bucket
https://s3-REGION.amazonaws.com/BUCKETNAME/

# If symbols are in a directory in the bucket
https://s3-REGION.amazonaws.com/BUCKETNAME/path/to/symbols/

For publicly available buckets, add access=public to the querystring of the url.

For example:

DJANGO_SYMBOL_URLS=https://s3-us-west-2.amazonaws.com/pubbucket/?access=public,https://s3-us-west-2.amazonaws.com/privatebucket/

Tecken looks for symbols in the buckets in the order specified by DJANGO_SYMBOL_URLS. This is used for downloading symbols and for symbolication.

DJANGO_UPLOAD_DEFAULT_URL

URL to indicates which bucket uploads go into by default.

For example:

DJANGO_UPLOAD_DEFAULT_URL=https://s3-us-west-2.amazonaws.com/pubbucket/
DJANGO_UPLOAD_URL_EXCEPTIONS

Python dictionary that maps an email address or email address glob pattern to an upload URL.

For example:

DJANGO_UPLOAD_BUCKET_EXCEPTIONS={"*example.com": "https://s3-us-west-2.amazonaws.com/privbucket/", "foo@bar.com": "https://s3-us-west-2.amazonaws.com/special/"}
DJANGO_ALLOW_UPLOAD_BY_DOWNLOAD_DOMAINS

Comma-delimited string specifying domains that we allow upload-by-download from.

For example:

DJANGO_ALLOW_UPLOAD_BY_DOWNLOAD_DOMAINS=queue.taskcluster.net,public-artifacts.taskcluster.net

Note

Note that, if you decide to add another domain, if requests to that domain trigger redirects to another domain you have to add that domain too. For example, if you have a mybigsymbolzips.example.com that redirects to cloudfront.amazonaws.net you need to add both.

AWS

The following variables need to be set for access:

AWS_ACCESS_KEY_ID

The AWS access key.

AWS_SECRET_ACCESS_KEY

The AWS Secret access key.

The account used needs to be able to read, write, and list the org.mozilla.crash-stats.symbols-public bucket which is in us-west-2.

Tecken will never create S3 buckets–they are expected to exist.

PostgreSQL

DATABASE_URL

This configures the database to use. The connection needs to be able connect in SSL mode.

For example:

DATABASE_URL="postgres://username:password@hostname/databasename"

Redis Cache

REDIS_URL

The URL to configure the Redis client.

For example:

REDIS_URL="redis://test.v8jvds.0001.usw1.cache.amazonaws.com:6379/0"
DJANGO_REDIS_IGNORE_EXCEPTIONS

The Redis cache is used for caching. Because of that, exceptions that are kicked up by django-redis are ignored. This alleviates the site from going down when AWS Elasticache is unresponsive.

If you want to disable this and have all Redis Cache exceptions result in an HTTP 500 an an error sent to Sentry, set the variable to False.

For example:

DJANGO_REDIS_IGNORE_EXCEPTIONS=False
DJANGO_REDIS_SOCKET_CONNECT_TIMEOUT

Defaults to 1 second.

DJANGO_REDIS_SOCKET_TIMEOUT

Defaults to 2 seconds.

Redis Store

The Redis Store points to a second Redis instance used for caching the output of parsing symbols files.

REDIS_STORE_URL

The URL to configure the Redis client for the Redis Store.

For example:

REDIS_STORE_URL="redis://store.deef34.0001.usw1.cache.amazonaws.com:6379/0"
DJANGO_REDIS_STORE_SOCKET_CONNECT_TIMEOUT

Defaults to 1 second.

DJANGO_REDIS_STORE_SOCKET_TIMEOUT

Defaults to 2 seconds.

This cache is very large and needs to keep running even at max memory capacity. It needs to be configured to have a maxmemory-policy config set to the value allkeys-lru.

In Docker (development) this is automatically set at start-up time but in AWS ElastiCache config is not a valid command. So this needs to be configured once in AWS by setting up an ElastiCache Redis Parameter Group. In particular the expected config is: maxmemory-policy=allkeys-lru.

Expected version is 3.2 or higher.

StatsD and metrics

DJANGO_STATSD_HOST

Defaults to "localhost".

DJANGO_STATSD_PORT

Defaults to 8125.

DJANGO_STATSD_NAMESPACE

Defaults to "" (empty string).

Try builds

Try build symbols are symbols that come from builds with a much more relaxed access policy. That’s why it’s important that these kinds of symbols don’t override the non-Try build symbols. Also, the nature of them is much more short-lived and when stored in S3 they should have a much shorter expiration time than all other symbols.

DJANGO_UPLOAD_TRY_SYMBOLS_URL

URL to indicates which bucket Try symbol uploads go into by default.

For example:

DJANGO_UPLOAD_TRY_SYMBOLS_URL=https://s3-us-west-2.amazonaws.com/pubbucket/try/

If this isn’t set, it defaults to the value of DJANGO_UPLOAD_DEFAULT_URL with try added just after the bucket name.

Authentication

In the production and stage environments, Tecken uses Mozilla SSO which is a self-hosted Auth0 instance that integrates with Mozilla’s LDAP system.

DJANGO_OIDC_RP_CLIENT_ID
DJANGO_OIDC_RP_CLIENT_SECRET
DJANGO_OIDC_OP_AUTHORIZATION_ENDPOINT
DJANGO_OIDC_OP_TOKEN_ENDPOINT
DJANGO_OIDC_OP_USER_ENDPOINT
DJANGO_OIDC_VERIFY_SSL
DJANGO_ENABLE_AUTH0_BLOCKED_CHECK

To use the provider in local development:

  1. Load http://localhost:3000

  2. Click “Sign In” to start an OpenID Connect session on oidcprovider

  3. Click “Sign up” to create an oidcprovider account:
    • Username: A non-email username, like username

    • Email: Your email address

    • Password: Any password, like password

  4. Click “Authorize” to authorize Tecken to use your oidcprovider account

  5. You are returned to http://localhost:3000. If needed, a parallel Tecken User will be created, with default permissions and identified by email address.

You’ll remain logged in to oidcprovider, and the account will persist until the oidcprovider container is stopped. You can visit http://oidc.127.0.0.1.nip.io:8081/account/logout to manually log out.

Symbolication Service configuration (Eliot)

Webapp

The Symbolication Service (aka Eliot) is run as worker processes by Gunicorn which is run by Honcho.

Gunicorn configuration:

ELIOT_GUNICORN_WORKERS

Specify the number of gunicorn workers. The default is 4.

Gunicorn docs suggest to set it to (2 x $num_cores) + 1.

https://docs.gunicorn.org/en/stable/settings.html#workers

http://docs.gunicorn.org/en/stable/design.html#how-many-workers

ELIOT_GUNICORN_TIMEOUT

Specify the timeout value. The default is 300.

https://docs.gunicorn.org/en/stable/settings.html#timeout

ELIOT_GUNICORN_PORT

Set the port to listen to. Defaults to 8000.

ELIOT_GUNICORN_CMD_PREFIX

Set any command prefix to run the gunicorn process in. Default is "".

Webapp configuration:

Configuration
Options
  • ELIOT_LOCAL_DEV_ENV (bool) –

    Whether or not this is a local development environment.

    Defaults to 'False'.

  • ELIOT_HOST_ID (str) –

    Identifier for the host that is running Eliot. This identifies this Eliot instance in the logs and makes it easier to correlate Eliot logs with other data. For example, the value could be a public hostname, an instance id, or something like that. If you do not set this, then socket.gethostname() is used instead.

    Defaults to ''.

  • ELIOT_LOGGING_LEVEL (str) –

    The logging level to use. DEBUG, INFO, WARNING, ERROR or CRITICAL

    Defaults to 'INFO'.

  • ELIOT_STATSD_HOST (str) –

    Hostname for statsd server.

    Defaults to 'localhost'.

  • ELIOT_STATSD_PORT (int) –

    Port for statsd server.

    Defaults to '8124'.

  • ELIOT_STATSD_NAMESPACE (str) –

    Namespace for statsd metrics.

    Defaults to ''.

  • ELIOT_SECRET_SENTRY_DSN (str) –

    Sentry DSN to use. If this is not set an unhandled exception logging middleware will be used instead. See https://docs.sentry.io/quickstart/#configure-the-dsn for details.

    Defaults to ''.

  • ELIOT_SYMBOLS_CACHE_DIR (str) –

    Location for caching symcache files.

    Defaults to '/tmp/cache'.

  • ELIOT_SYMBOLS_URLS (<ListOf(str)>) –

    Comma-separated list of urls to pull symbols files from.

    Defaults to 'https://symbols.mozilla.org/try/'.

Disk cache manager

The disk cache manager is run as a single process by Honcho.

Configuration
Options
  • ELIOT_LOCAL_DEV_ENV (bool) –

    Whether or not this is a local development environment.

    Defaults to 'False'.

  • ELIOT_HOST_ID (str) –

    Identifier for the host that is running Eliot. This identifies this Eliot instance in the logs and makes it easier to correlate Eliot logs with other data. For example, the value could be a public hostname, an instance id, or something like that. If you do not set this, then socket.gethostname() is used instead.

    Defaults to ''.

  • ELIOT_LOGGING_LEVEL (str) –

    The logging level to use. DEBUG, INFO, WARNING, ERROR or CRITICAL

    Defaults to 'INFO'.

  • ELIOT_STATSD_HOST (str) –

    Hostname for statsd server.

    Defaults to 'localhost'.

  • ELIOT_STATSD_PORT (int) –

    Port for statsd server.

    Defaults to '8124'.

  • ELIOT_STATSD_NAMESPACE (str) –

    Namespace for statsd metrics.

    Defaults to ''.

  • ELIOT_SECRET_SENTRY_DSN (str) –

    Sentry DSN to use. If this is not set an unhandled exception logging middleware will be used instead.

    See https://docs.sentry.io/quickstart/#configure-the-dsn for details.

    Defaults to ''.

  • ELIOT_SYMBOLS_CACHE_DIR (str) –

    Location for caching symcache files.

    Defaults to '/tmp/cache'.

  • ELIOT_SYMBOLS_CACHE_MAX_SIZE (int) –

    Max size (bytes) of symbols cache. You can use _ to group digits for legibility.

    Defaults to '1073741824'.