TestEngineering/Services/FxATestEnvironments: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
 
(49 intermediate revisions by one other user not shown)
Line 1: Line 1:
== FxA, TokenServer, and Sync Production Environments ==
NOTE: This site needs an update for all the extra Dev environments and the new environments - OAuth and Profile, etc...
* Content server: https://accounts.firefox.com
* Auth server: https://api.accounts.firefox.com
* Verifier: https://verifier.accounts.firefox.com (talks to Auth Server via TokenServer)


* TokenServer: https://token.services.mozilla.com
== FxA Production Environments ==
* Sync 1.5 Nodes (for now in AWS):
* URLs
** sync-1-us-east-2.sync.services.mozilla.com
** Content server: https://accounts.firefox.com
** sync-2-us-east-2.sync.services.mozilla.com
** Auth server: https://api.accounts.firefox.com
** Verifier: https://verifier.accounts.firefox.com (talks to Auth Server via TokenServer)
** OAuth server: https://oauth.accounts.firefox.com
** Profile server: https://profile.accounts.firefox.com


* Versions:
* Versions:
** FxA-Auth-Server: curl https://api.accounts.firefox.com/; echo  
** FxA-Auth-Server: curl https://api.accounts.firefox.com/; echo  
** FxA-Content-Server: curl https://accounts.firefox.com/ver.json; echo
** FxA-Content-Server: curl https://accounts.firefox.com/ver.json; echo
* Monitoring
** Heka shared: https://heka.shared.us-west-2.prod.mozaws.net/#health
** Heka FxA: https://heka.fxa.us-west-2.prod.mozaws.net/#health
** Kibana shared: https://kibana.shared.us-west-2.prod.mozaws.net/#/dashboard/file/default.json
** Kibana FxA: https://kibana.fxa.us-west-2.prod.mozaws.net/index.html#/dashboard/file/weblogs.json
** Kibana FxA errors: https://kibana.fxa.us-west-2.prod.mozaws.net/index.html#/dashboard/elasticsearch/Endpoint%20Errors
** Others: see the "load" folder/pull-down
** StackDriver:
*** Main: https://app.stackdriver.com/
*** https://app.stackdriver.com/groups/4208/prod-persona
*** https://app.stackdriver.com/groups/4251/production-all
*** https://app.stackdriver.com/groups/4337/prod-fxa
*** https://app.stackdriver.com/groups/3879/prod-sync-15
*** https://app.stackdriver.com/groups/3828/prod-tokenserver


* QA Access: not allowed
* QA Access: not allowed


* Pointing Nightly to Production FxA/Sync:
* Pointing Fx Nightly to Production FxA/Sync:
** Set/Verify the following Firefox configs:
** Set/Verify the following Firefox configs:
*** services.sync.clusterURL = (should get automatically set by the TokenServer)
*** services.sync.clusterURL = (should get automatically set by the TokenServer)
Line 46: Line 31:
** Auth Server: https://api-accounts.stage.mozaws.net/
** Auth Server: https://api-accounts.stage.mozaws.net/
** Verifier: https://verifier.stage.mozaws.net (talks to Auth Server via TokenServer)
** Verifier: https://verifier.stage.mozaws.net (talks to Auth Server via TokenServer)
** OAuth server: https://oauth.stage.mozaws.net
** Profile server: https://profile.stage.mozaws.net


* Versions:
* Versions:
Line 85: Line 72:
*** fxa-auth                  (2 instances, m3.large)
*** fxa-auth                  (2 instances, m3.large)
*** fxa-content_server        (1 small instance)
*** fxa-content_server        (1 small instance)
* Versions
** Contained in ver.json
* Files
* Files
** /data
** /data
Line 119: Line 104:


* Stack code
* Stack code
** https://github.com/mozilla-services/svcops-oompaloompas/tree/master/cloudformations/firefox-accounts
** https://github.com/mozilla-services/svcops/tree/master/cloudformations/firefox-accounts
** https://github.com/mozilla-services/puppet-config/tree/master/fxa
** https://github.com/mozilla-services/puppet-config/tree/master/fxa
** https://github.com/mozilla-services/puppet-config/tree/master/shared
** https://github.com/mozilla-services/puppet-config/tree/master/shared


* How to find the stack instance size and number of instances
* How to find the stack instance size and number of instances
** https://github.com/mozilla-services/svcops-oompaloompas/tree/master/cloudformations/firefox-accounts
** https://github.com/mozilla-services/svcops/tree/master/cloudformations/firefox-accounts
** Environment, number of hosts, and host/instance size deployed by default (per stack/service):
** Environment, number of hosts, and host/instance size deployed by default (per stack/service):
*** Look in the json files for the CF stacks in github:
*** Look in the json files for the CF stacks in github:
Line 134: Line 119:
     defaults for "Environment" and "DBInstanceType"
     defaults for "Environment" and "DBInstanceType"
  Compare this to what is actually live in AWS (via the Console or awsboxen)
  Compare this to what is actually live in AWS (via the Console or awsboxen)
* Monitoring:
** Kibana: https://kibana.fxa.us-east-1.stage.mozaws.net/#/dashboard/file/weblogs.json
** Heka: https://heka.fxa.us-east-1.stage.mozaws.net/#health
** Note: Make sure to have the Mozilla Root Cert set up in your browser: https://wiki.mozilla.org/MozillaRootCertificate
** OPs has set up the following in StackDriver
*** https://app.stackdriver.com/
*** https://app.stackdriver.com/groups/4393/stage-fxa


* QA Access via a Bastion Host
* QA Access via a Bastion Host
** SSH with AWS keys to the Stage bastion host in US East 1. From there SSH directly into any instance.
** Old Dev IAM
*** SSH with AWS keys to the Stage bastion host in US-East-1. From there SSH directly into any instance.
** New Dev IAM
*** SSH with AWS keys to the Stage bastion host in US-East-1 or EU-West-1. From there SSH directly into any instance.


* Pointing Nightly to Stage FxA/Sync:
* Pointing Fx Nightly to Stage FxA/Sync:
** Set/Verify the following Firefox configs:
** Set/Verify the following Firefox configs:
*** services.sync.clusterURL = (should get automatically set by the TokenServer)
*** services.sync.clusterURL = (should get automatically set by the TokenServer)
Line 157: Line 137:
*** identity.fxaccounts.remote.uri = https://accounts.stage.mozaws.net/?service=sync
*** identity.fxaccounts.remote.uri = https://accounts.stage.mozaws.net/?service=sync


== TokenServer Stage Environment ==
== Loads V1 Services Cluster Environment ==
* URLs
* For details on the Loads V1 cluster, see the following link:
** TokenServer: https://token.stage.mozaws.net
** https://wiki.mozilla.org/QA/Services/LoadsToolsAndTesting1
** Verifier: https://verifier.stage.mozaws.net
** IdP: https://mockmyid.s3-us-west-2.amazonaws.com/
** OLD IdP: https://mockmyid.com/
* AWS
*** shared-elasticsearch
*** shared-elasticsearch
*** shared-elasticsearch
*** shared-elasticsearch
*** shared-rabbitmq
*** shared-rabbitmq 
*** shared-bastion
*** shared-heka
** tokenserver app server          (3 small instances behind a CF stack and ELB)
** tokenserver db                  (1 large DB instance behind RDS)
** fxa-browserid-verifier          (3 medium instances behind a CF stack and ELB)
* Version checking
** rpm -qa | grep token
** rpm -qa | grep verifier
* Files
** /data/tokenserver/*
* Processes
** tokenserver app server:
*** Search for token, circus, nginx, gunicorn
** fxa-browserid-verifer:
*** Search for node, heka, nginx, circus
* Logs
** Tokenserver
*** /media/ephemeral0/logs/
*** /media/ephemeral0/logs/nginx/access.log
*** /media/ephemeral0/logs/nginx/error.log
*** /media/ephemeral0/logs/tokenserver/token.error.log
*** /media/ephemeral0/logs/tokenserver/token.log
** Verifier:
*** /media/ephemeral0/fxa-browserid-verifier/fxa-browserid-verifier-8000-err.log
*** /media/ephemeral0/fxa-browserid-verifier/fxa-browserid-verifier-8000-out.log
*** /media/ephemeral0/fxa-browserid-verifier/fxa-browserid-verifier-8001-err.log
*** /media/ephemeral0/fxa-browserid-verifier/fxa-browserid-verifier-8001-out.log
*** /media/ephemeral0/heka/hekad_err.log
*** /media/ephemeral0/heka/hekad_out.log
*** /media/ephemeral0/nginx/logs/access.log
*** /media/ephemeral0/nginx/logs/error.log
*** /media/ephemeral0/nginx/logs/squid/access.log
* Hekad
** /etc/puppet/modules/hekad
* QA Access via a Bastion Host
** SSH with AWS keys to the Stage bastion host in US East 1. From there SSH directly into any instance.
* Monitoring
** Kibana
*** https://kibana.shared.us-east-1.stage.mozaws.net/
*** https://kibana.shared.us-east-1.stage.mozaws.net/#/dashboard/file/weblogs.json
*** https://kibana.shared.us-east-1.stage.mozaws.net/index.html#/dashboard/elasticsearch/Sync-Stage-Dash
*** https://kibana.shared.us-east-1.stage.mozaws.net/#/dashboard/elasticsearch/APK%20Signer%20Log%20Search
*** NOTE: The above 2 are currently broken.
*** See https://github.com/mozilla-services/puppet-config/issues/278
*** and https://github.com/mozilla-services/puppet-config/issues/281
** Heka
*** https://heka.shared.us-east-1.stage.mozaws.net/#health
** Stackdriver:
*** Stage main: https://app.stackdriver.com
*** https://app.stackdriver.com/groups/4388/stage-services-tag-sync15
* Firefox Configs
** services.sync.clusterURL should get automatically set by the TokenServer
** services.sync.tokenServerURI = https://token.stage.mozaws.net/1.0/sync/1.5


== Sync 1.5 Stage Environment ==
== Monitoring the Production Environment ==
* This is a work in progress. Right now, there are only a small number of sync nodes (instances) in AWS.
* Heka FxA:  
* URLs
** https://heka.fxa.us-west-2.prod.mozaws.net/
** https://sync-1-us-east-1.stage.mozaws.net
** https://heka.fxa.us-west-2.prod.mozaws.net/#health
** https://sync-2-us-east-1.stage.mozaws.net
** https://heka.fxa.us-west-2.prod.mozaws.net/#sandboxes
** https://sync-3-us-east-1.stage.mozaws.net
* AWS
** Search for sync node instances in US East: "stage-sync-node-X"
* Version checking
** rpm -qa | grep server
* Files
** /data/server-syncstorage/*
** /var/log/nginx
* Processes
** Search for sync, mysql, circusd, hekad, nginx, memcached
* Logs
** /media/ephemeral0/logs (most important)
*** nginx/access.log
*** (what about error.log?)
*** sync/sync.err
*** sync/sync.log
** /var/log/nginx
** /var/log/circus.log
* Hekad
** /etc/heka.d/sync_1_5.toml
* QA Access via a Bastion Host
** SSH with AWS keys to the Stage bastion host in US East 1. From there SSH directly into any instance.
* Monitoring
** Kibana
*** https://kibana.shared.us-east-1.stage.mozaws.net/
*** https://kibana.shared.us-east-1.stage.mozaws.net/#/dashboard/file/weblogs.json
*** https://kibana.shared.us-east-1.stage.mozaws.net/index.html#/dashboard/elasticsearch/Sync-Stage-Dash
*** https://kibana.shared.us-east-1.stage.mozaws.net/#/dashboard/elasticsearch/APK%20Signer%20Log%20Search
*** NOTE: The above 2 are currently broken.
*** See https://github.com/mozilla-services/puppet-config/issues/278
*** and https://github.com/mozilla-services/puppet-config/issues/281
** Heka
*** https://heka.shared.us-east-1.stage.mozaws.net/#health
** Stackdriver:
*** Stage main: https://app.stackdriver.com
*** https://app.stackdriver.com/groups/4388/stage-services-tag-sync15
* Firefox Configs
** services.sync.clusterURL should get automatically set by the TokenServer


* Note: There is no longer a Sync 1.1 Stage environment.
* Kibana FxA:
** Kibana FxA: https://kibana.fxa.us-west-2.prod.mozaws.net/index.html#/dashboard/file/weblogs.json
** Kibana FxA errors: https://kibana.fxa.us-west-2.prod.mozaws.net/index.html#/dashboard/elasticsearch/Endpoint%20Errors
** Others: see the "load" folder/pull-down


== FxA Load Test Environment ==
* StackDriver:
* NOTE: Available in AWS only as needed.
** Main: https://app.stackdriver.com/
* URLs
** https://app.stackdriver.com/groups/4208/prod-persona
** http://broker.loads.lcip.org
** https://app.stackdriver.com/groups/4251/production-all
** http://api-accounts.loadtest.lcip.org
** https://app.stackdriver.com/groups/4337/prod-fxa
** http://logs.loadtest.lcip.org
** http://redis.loadtest.lcip.org
* AWS in US West
** CF: loads-lcip-org
** CF: loadtest-lcip-org
** LoadsBroker: broker.loads.lcip.org
** IdP: api-accounts.loadtest.lcip.org
** Logger: logs.loadtest.lcip.org
** Redis Server: redis.loadtest.lcip.org
** LoadsAgentLoadBalancer
** IdPLoadBalancer


== Loads Services Cluster Environment ==
== Monitoring the Stage Environment ==
* URLs
* Kibana:
** http://loads.services.mozilla.com/
** Kibana: https://kibana.fxa.us-east-1.stage.mozaws.net/#/dashboard
** or http://ec2-54-212-44-143.us-west-2.compute.amazonaws.com/
** Kibana: https://kibana.fxa.us-east-1.stage.mozaws.net/#/dashboard/file/weblogs.json
* AWS in US West
** loads-master (broker and agent processes)
** loads-slave-1 (agent processes)
** loads-slave-2 (agent processes)
** NOTE: there is no stack or ELB for this cluster
* Versions
* N/A
* Files
** /home/ubuntu
*** loads
*** loads-aws
*** loads-web
* Processes
** Search for processes owned by ubuntu, loads, nginx, circus
* Logs
** /var/log/redis
** /var/log/nginx
* QA access
** You need special access to be able to SSH into these devices
** You need to make some changes to your .ssh/config file
* Monitoring
** Directly from the web interface: http://loads.services.mozilla.com/
* Cluster status
** Check from any loadtest folder or loads install:
../bin/loads-runner --ping-broker --broker=tcp://loads.services.mozilla.com:7780
../bin/loads-runner --check-cluster --broker=tcp://loads.services.mozilla.com:7780
(or similar)
* Links
** http://loads.readthedocs.org/en/latest/
** https://github.com/mozilla-services/loads
** https://github.com/mozilla-services/loads-aws


== TokenServer and Sync 1.5 Dev Environments ==
* Heka:
* URLs
** https://heka.fxa.us-east-1.stage.mozaws.net/
** https://sync1.dev.lcip.org/
** https://heka.fxa.us-east-1.stage.mozaws.net/#health
** https://token.dev.lcip.org/
** https://heka.fxa.us-east-1.stage.mozaws.net/#sandboxes
* AWS
** This is part of the dev-lcip-org CloudFormation stack
*** TokenServer: Search for the fxa-tokenserver instance
*** SyncServer2: Search for the fxa-syncstorage instance
*** SyncServer1: Search for the fxa-syncstorage instance
*** LogServer:  Search for the fxa-logbox instance
* Files
** TBD
* Processes
** TBD
* Logs
** TBD
* QA Access
** SSH with AWS keys to the various instances
* Firefox configs:
** services.sync.clusterURL = https://sync1.dev.lcip.org/ (should get automatically set by the TokenServer)
** services.sync.tokenServerURI = https://token.dev.lcip.org/1.0/sync/1.5


* StackDriver:
** https://app.stackdriver.com/
** https://app.stackdriver.com/groups/4393/stage-fxa


== FxA Development Environments - partial ==
== FxA Development Environments - partial ==
* NOTE: This is marked partial, because there are a number of more recent, ongoing Dev deploys for development and testing. They should get recorded here, soon...
* QA Access
* QA Access
** SSH with AWS keys to the various instances
** SSH with AWS keys to the various instances
Line 362: Line 190:
** Versions
** Versions
*** https://accounts-latest.dev.lcip.org/ver.txt
*** https://accounts-latest.dev.lcip.org/ver.txt
*** https://api-accounts-latest.dev.lcip.org/ver.txt
*** https://accounts.dev.lcip.org/ver.txt
*** https://accounts.dev.lcip.org/ver.txt
*** https://api-accounts.dev.lcip.org/ver.txt
** Files
** Files
*** /home/app
*** /home/app
Line 427: Line 257:
** AWS: accounts-legacy.dev.lcip.org
** AWS: accounts-legacy.dev.lcip.org
** AWS: api-accounts-onepw.dev.lcip.org
** AWS: api-accounts-onepw.dev.lcip.org
== OAuth Dev Environment ==
* NOTE: TBD


== OPs Mana and GitHub Pages ==
== OPs Mana and GitHub Pages ==
Line 432: Line 265:
* Puppet Config: https://github.com/mozilla-services/puppet-config
* Puppet Config: https://github.com/mozilla-services/puppet-config
** and https://github.com/mozilla-services/puppet-config/tree/master/fxa
** and https://github.com/mozilla-services/puppet-config/tree/master/fxa
* Cloud Formation: https://github.com/mozilla-services/svcops-oompaloompas
* Cloud Formation: https://github.com/mozilla-services/svcops
** and https://github.com/mozilla-services/svcops-oompaloompas/tree/master/cloudformations/firefox-accounts
** and https://github.com/mozilla-services/svcops/tree/master/cloudformations/firefox-accounts
** and https://github.com/mozilla-services/svcops-oompaloompas/tree/master/cloudformations/sync
** and https://github.com/mozilla-services/svcops-oompaloompas/tree/master/cloudformations/token

Latest revision as of 20:01, 26 August 2016

NOTE: This site needs an update for all the extra Dev environments and the new environments - OAuth and Profile, etc...

FxA Production Environments

  • QA Access: not allowed

FxA Stage Environment

  • AWS
    • New FxA-shared services:
      • svcops-fxa-stage-heka
      • svcops-fxa-stage-amqp
      • svcops-fxa-stage-elasticsearch
      • svcops-fxa-stage-asg-sns-topic
    • Other shared Stage Services:
      • svcops-stage-heka (combined heka+kibana behind an ELB)
      • svcops-stage-amqp (shared RabbitMQ cluster)
      • svcops-stage-elasticsearch ( Elasticsearch cluster)
      • svcops-stage-asg-sns-topic
      • svcops-stage-bastion-servers (Bastion hosts for Stage)
    • Load Balancers:
      • ContentServerELB
      • AuthServerELB
      • BastionELB
      • BastionExternalFQDN
    • DB Instances (RDS):
      • RDSInstance = fxa-rds-stage
    • All instances: Search in AWS Console using the Env column to find "stage"
      • shared-elasticsearch
      • shared-elasticsearch
      • shared-elasticsearch
      • shared-elasticsearch
      • shared-rabbitmq
      • shared-rabbitmq
      • shared-bastion
      • shared-heka
      • fxa-elasticsearch
      • fxa-rabbitmq
      • fxa-heka
      • fxa-logbox
      • fxa-auth (2 instances, m3.large)
      • fxa-content_server (1 small instance)
  • Files
    • /data
    • /etc/puppet
  • Processes
    • fxa-auth-server:
      • Look for processes owned by app, nginx, circus
    • fxa-content-server:
      • Look for processes owned by node, heka, nginx, circus
  • Logs
    • /var/log/nginx
    • /var/log/circus.log
    • fxa-auth-server
      • /media/ephemeral0/fxa-auth-server/auth_err.log.*
      • /media/ephemeral0/fxa-auth-server/auth_out.log
      • /media/ephemeral0/heka/hekad_err.log
      • /media/ephemeral0/heka/hekad_out.log
      • /media/ephemeral0/nginx/logs/access.log
      • /media/ephemeral0/nginx/logs/error.log
    • fxa-content-server
      • /media/ephemeral0/fxa-content-server/content_err.log
      • /media/ephemeral0/fxa-content-server/content_out.log
      • /media/ephemeral0/heka/hekad_err.log
      • /media/ephemeral0/heka/hekad_out.log
      • /media/ephemeral0/nginx/access.log
      • /media/ephemeral0/nginx/logs/error.log
  • Log Aggregation
    • Look at /data/hekad/hekad.toml
    • Check here: [aggregator-output]
    • hekad --> rabbitmq --> elasticsearch --> kibana (since Kibana is the UI on top of ES)
fxa-auth-server.json:
    defaults for "Environment", "AuthServerInstanceType", and "AuthServerDesiredCapacity"
fxa-content-server.json:
    defaults for "Environment", "InstanceType", and "NumServers"
fxa-db-rds.json:
    defaults for "Environment" and "DBInstanceType"
Compare this to what is actually live in AWS (via the Console or awsboxen)
  • QA Access via a Bastion Host
    • Old Dev IAM
      • SSH with AWS keys to the Stage bastion host in US-East-1. From there SSH directly into any instance.
    • New Dev IAM
      • SSH with AWS keys to the Stage bastion host in US-East-1 or EU-West-1. From there SSH directly into any instance.

Loads V1 Services Cluster Environment

Monitoring the Production Environment

Monitoring the Stage Environment

FxA Development Environments - partial

  • NOTE: This is marked partial, because there are a number of more recent, ongoing Dev deploys for development and testing. They should get recorded here, soon...
  • QA Access
    • SSH with AWS keys to the various instances


  • Other Dev Deployments:
    • AWS: api-accounts-legacy.dev.lcip.org
    • AWS: accounts-legacy.dev.lcip.org
    • AWS: api-accounts-onepw.dev.lcip.org

OAuth Dev Environment

  • NOTE: TBD

OPs Mana and GitHub Pages

Retrieved from "https://wiki.mozilla.org/index.php?title=TestEngineering/Services/FxATestEnvironments&oldid=1145553"