TestEngineering/Services/FxATestEnvironments
< TestEngineering | Services
Jump to navigation
Jump to search
FxA, TokenServer, and Sync Production Environments
- Content server: https://accounts.firefox.com
- Auth server: https://api.accounts.firefox.com
- Verifier: https://verifier.accounts.firefox.com (talks to Auth Server via TokenServer)
- TokenServer: https://token.services.mozilla.com
- Sync 1.5 Nodes (for now in AWS):
- sync-1-us-east-2.sync.services.mozilla.com
- sync-2-us-east-2.sync.services.mozilla.com
- Versions:
- FxA-Auth-Server: curl https://api.accounts.firefox.com/; echo
- FxA-Content-Server: curl https://accounts.firefox.com/ver.json; echo
- Monitoring
- Heka shared:
- Heka FxA:
- Kibana shared: https://kibana.shared.us-west-2.prod.mozaws.net/#/dashboard/file/default.json
- Kibana FxA: https://kibana.fxa.us-west-2.prod.mozaws.net/index.html#/dashboard/file/weblogs.json
- Kibana FxA errors: https://kibana.fxa.us-west-2.prod.mozaws.net/index.html#/dashboard/elasticsearch/Endpoint%20Errors
- Others: see the "load" folder/pull-down
- StackDriver:
- Main: https://app.stackdriver.com/
- https://app.stackdriver.com/groups/4208/prod-persona
- https://app.stackdriver.com/groups/4251/production-all
- https://app.stackdriver.com/groups/4337/prod-fxa
- https://app.stackdriver.com/groups/3879/prod-sync-15
- https://app.stackdriver.com/groups/3828/prod-tokenserver
- QA Access: not allowed
- Pointing Nightly to Production FxA/Sync:
- Set/Verify the following Firefox configs:
- services.sync.clusterURL = (should get automatically set by the TokenServer)
- services.sync.tokenServerURI = https://token.services.mozilla.com/1.0/sync/1.5
- services.sync.fxaccounts.enabled=true (NEW FOR NIGHTLY FF 29 - SHOULD BE SET BY DEFAULT)
- services.sync.log.appender.file.logOnError = Yes
- services.sync.log.appender.file.logOnSuccess = Yes
- services.sync.log.appender.file.level = Trace
- identity.fxaccounts.auth.uri = https://api.accounts.firefox.com/v1
- identity.fxaccounts.remote.uri = https://accounts.firefox.com/?service=sync&context=...
- Set/Verify the following Firefox configs:
FxA Stage Environment
- URLs
- Content Server: https://accounts.stage.mozaws.net/
- Auth Server: https://api-accounts.stage.mozaws.net/
- Verifier: https://verifier.stage.mozaws.net (talks to Auth Server via TokenServer)
- Versions:
- FxA-Auth-Server: curl https://api-accounts.stage.mozaws.net/; echo
- FxA-Content-Server: curl https://accounts.stage.mozaws.net/ver.json; echo
- AWS
- New FxA-shared services:
- svcops-fxa-stage-heka
- svcops-fxa-stage-amqp
- svcops-fxa-stage-elasticsearch
- svcops-fxa-stage-asg-sns-topic
- Other shared Stage Services:
- svcops-stage-heka (combined heka+kibana behind an ELB)
- svcops-stage-amqp (shared RabbitMQ cluster)
- svcops-stage-elasticsearch ( Elasticsearch cluster)
- svcops-stage-asg-sns-topic
- svcops-stage-bastion-servers (Bastion hosts for Stage)
- Load Balancers:
- ContentServerELB
- AuthServerELB
- BastionELB
- BastionExternalFQDN
- DB Instances (RDS):
- RDSInstance = fxa-rds-stage
- All instances: Search in AWS Console using the Env column to find "stage"
- shared-elasticsearch
- shared-elasticsearch
- shared-elasticsearch
- shared-elasticsearch
- shared-rabbitmq
- shared-rabbitmq
- shared-bastion
- shared-heka
- fxa-elasticsearch
- fxa-rabbitmq
- fxa-heka
- fxa-logbox
- fxa-auth (2 instances, m3.large)
- fxa-content_server (1 small instance)
- New FxA-shared services:
- Files
- /data
- /etc/puppet
- Processes
- fxa-auth-server:
- Look for processes owned by app, nginx, circus
- fxa-content-server:
- Look for processes owned by node, heka, nginx, circus
- fxa-auth-server:
- Logs
- /var/log/nginx
- /var/log/circus.log
- fxa-auth-server
- /media/ephemeral0/fxa-auth-server/auth_err.log.*
- /media/ephemeral0/fxa-auth-server/auth_out.log
- /media/ephemeral0/heka/hekad_err.log
- /media/ephemeral0/heka/hekad_out.log
- /media/ephemeral0/nginx/logs/access.log
- /media/ephemeral0/nginx/logs/error.log
- fxa-content-server
- /media/ephemeral0/fxa-content-server/content_err.log
- /media/ephemeral0/fxa-content-server/content_out.log
- /media/ephemeral0/heka/hekad_err.log
- /media/ephemeral0/heka/hekad_out.log
- /media/ephemeral0/nginx/access.log
- /media/ephemeral0/nginx/logs/error.log
- Log Aggregation
- Look at /data/hekad/hekad.toml
- Check here: [aggregator-output]
- hekad --> rabbitmq --> elasticsearch --> kibana (since Kibana is the UI on top of ES)
- Stack code
- How to find the stack instance size and number of instances
- https://github.com/mozilla-services/svcops/tree/master/cloudformations/firefox-accounts
- Environment, number of hosts, and host/instance size deployed by default (per stack/service):
- Look in the json files for the CF stacks in github:
fxa-auth-server.json:
defaults for "Environment", "AuthServerInstanceType", and "AuthServerDesiredCapacity"
fxa-content-server.json:
defaults for "Environment", "InstanceType", and "NumServers"
fxa-db-rds.json:
defaults for "Environment" and "DBInstanceType"
Compare this to what is actually live in AWS (via the Console or awsboxen)
- Monitoring:
- Kibana: https://kibana.fxa.us-east-1.stage.mozaws.net/#/dashboard
- Kibana: https://kibana.fxa.us-east-1.stage.mozaws.net/#/dashboard/file/weblogs.json
- Heka:
- Note: Make sure to have the Mozilla Root Cert set up in your browser: https://wiki.mozilla.org/MozillaRootCertificate
- OPs has set up the following in StackDriver
- QA Access via a Bastion Host
- SSH with AWS keys to the Stage bastion host in US East 1. From there SSH directly into any instance.
- Pointing Nightly to Stage FxA/Sync:
- Set/Verify the following Firefox configs:
- services.sync.clusterURL = (should get automatically set by the TokenServer)
- services.sync.tokenServerURI = https://token.stage.mozaws.net/1.0/sync/1.5
- services.sync.fxaccounts.enabled=true (NEW FOR NIGHTLY FF 29 - SHOULD BE SET BY DEFAULT)
- services.sync.log.appender.file.logOnError = Yes
- services.sync.log.appender.file.logOnSuccess = Yes
- services.sync.log.appender.file.level = Trace
- identity.fxaccounts.auth.uri = https://api-accounts.stage.mozaws.net/v1
- identity.fxaccounts.remote.uri = https://accounts.stage.mozaws.net/?service=sync
- Set/Verify the following Firefox configs:
TokenServer Stage Environment
- URLs
- TokenServer: https://token.stage.mozaws.net
- Verifier: https://verifier.stage.mozaws.net
- IdP: https://mockmyid.s3-us-west-2.amazonaws.com/
- OLD IdP: https://mockmyid.com/
- Versions:
TokenServer: rpm -qa | grep token Example: tokenserver-svcops <latest version> Verifier: rpm -qa | grep verifier Example: fxa-browserid-verifier-svcops <latest version>
- AWS
- shared-elasticsearch
- shared-elasticsearch
- shared-elasticsearch
- shared-elasticsearch
- shared-rabbitmq
- shared-rabbitmq
- shared-bastion
- shared-heka
- tokenserver app server (2 m3.medium instances behind a CF stack and ELB)
- tokenserver db (1 large DB instance behind RDS)
- fxa-browserid-verifier (2 c3.large instances behind a CF stack and ELB)
- Files
- /data/tokenserver/*
- Processes
- tokenserver app server:
- Search for token, circus, nginx, gunicorn
- fxa-browserid-verifer:
- Search for node, heka, nginx, circus
- tokenserver app server:
- Logs
- Tokenserver
- /media/ephemeral0/logs/
- /media/ephemeral0/logs/nginx/access.log
- /media/ephemeral0/logs/nginx/error.log
- /media/ephemeral0/logs/tokenserver/token.error.log
- /media/ephemeral0/logs/tokenserver/token.log.*
- /media/ephemeral0/logs/tokenserver/process_account_deletions.error.log
- /media/ephemeral0/logs/tokenserver/process_account_deletions.log
- Verifier:
- /media/ephemeral0/fxa-browserid-verifier/verifier_err.log
- /media/ephemeral0/fxa-browserid-verifier/verifier_out.log
- /media/ephemeral0/heka/hekad_err.log
- /media/ephemeral0/heka/hekad_out.log
- /media/ephemeral0/nginx/logs/access.log
- /media/ephemeral0/nginx/logs/error.log
- /media/ephemeral0/nginx/logs/squid/access.log
- Tokenserver
- Hekad
- /etc/puppet/modules/hekad
- QA Access via a Bastion Host
- SSH with AWS keys to the Stage bastion host in US East 1. From there SSH directly into any instance.
- Monitoring
- Kibana
- https://kibana.shared.us-east-1.stage.mozaws.net/
- https://kibana.shared.us-east-1.stage.mozaws.net/#/dashboard/file/weblogs.json
- https://kibana.shared.us-east-1.stage.mozaws.net/index.html#/dashboard/elasticsearch/Sync-Stage-Dash
- https://kibana.shared.us-east-1.stage.mozaws.net/#/dashboard/elasticsearch/APK%20Signer%20Log%20Search
- NOTE: The above 2 are currently broken.
- See https://github.com/mozilla-services/puppet-config/issues/278
- and https://github.com/mozilla-services/puppet-config/issues/281
- Heka
- Stackdriver:
- Kibana
- Firefox Configs
- services.sync.clusterURL should get automatically set by the TokenServer
- services.sync.tokenServerURI = https://token.stage.mozaws.net/1.0/sync/1.5
Sync 1.5 Stage Environment
- This is a work in progress. Right now, there are only a small number of sync nodes (instances) in AWS.
- URLs
- Versions
Server-Syncstorage (sync node): rpm -qa | grep syncstorage Example: server-syncstorage <latest version>
- AWS
- Search for sync node instances in US East: "stage-sync-node-X"
- Each node is a specific large instance (mixed m3 and c3)
- Files
- /data/server-syncstorage/*
- /var/log/nginx
- Processes
- Search for sync, mysql, circusd, hekad, nginx, memcached
- Logs
- /media/ephemeral0/logs (most important)
- nginx/access.log
- (what about error.log?)
- sync/sync.err
- sync/sync.log
- /var/log/nginx
- /var/log/circus.log
- /media/ephemeral0/logs (most important)
- Hekad
- /etc/heka.d/sync_1_5.toml
- QA Access via a Bastion Host
- SSH with AWS keys to the Stage bastion host in US East 1. From there SSH directly into any instance.
- Monitoring
- Kibana
- https://kibana.shared.us-east-1.stage.mozaws.net/
- https://kibana.shared.us-east-1.stage.mozaws.net/#/dashboard/file/weblogs.json
- https://kibana.shared.us-east-1.stage.mozaws.net/index.html#/dashboard/elasticsearch/Sync-Stage-Dash
- https://kibana.shared.us-east-1.stage.mozaws.net/#/dashboard/elasticsearch/APK%20Signer%20Log%20Search
- NOTE: The above 2 are currently broken.
- See https://github.com/mozilla-services/puppet-config/issues/278
- and https://github.com/mozilla-services/puppet-config/issues/281
- Heka
- Stackdriver:
- Kibana
- Firefox Configs
- services.sync.clusterURL should get automatically set by the TokenServer
- Note: There is no longer a Sync 1.1 Stage environment.
FxA Load Test Environment
- NOTE: Available in AWS only as needed.
- URLs
- AWS in US West
- CF: loads-lcip-org
- CF: loadtest-lcip-org
- LoadsBroker: broker.loads.lcip.org
- IdP: api-accounts.loadtest.lcip.org
- Logger: logs.loadtest.lcip.org
- Redis Server: redis.loadtest.lcip.org
- LoadsAgentLoadBalancer
- IdPLoadBalancer
Loads Services Cluster Environment
- URLs
- Versions
Loads Cluster/Broker/Agents: $ cd /home/ubuntu/loads/bin $ ./loads-runner --version
- AWS in US West
- loads-master (broker and agent processes)
- loads-slave-1 (agent processes)
- loads-slave-2 (agent processes)
- NOTE: there is no stack or ELB for this cluster
- Files
- /home/ubuntu
- loads
- loads-aws
- loads-web
- /home/ubuntu
- Processes
- Search for processes owned by ubuntu, loads, nginx, circus
- Logs
- /var/log/redis
- /var/log/nginx
- QA access
- You need special access to be able to SSH into these devices
- You need to make some changes to your .ssh/config file
- Monitoring
- Directly from the web interface: http://loads.services.mozilla.com/
- And from StackDriver: https://app.stackdriver.com/groups/6664/stage-loads-cluster
- Cluster status
- Check from any loadtest folder or loads install:
../bin/loads-runner --ping-broker --ssh=ubuntu@loads.services.mozilla.com ../bin/loads-runner --check-cluster --ssh=ubuntu@loads.services.mozilla.com (or similar)
- Links
TokenServer and Sync 1.5 Dev Environments
- Versions
TokenServer: rpm -qa | grep token Example: tokenserver-svcops <latest version> Verifier: rpm -qa | grep verifier Example: fxa-browserid-verifier-svcops <latest version> Server-Syncstorage (sync node): rpm -qa | grep syncstorage Example: server-syncstorage <latest version>
- AWS
- This is part of the dev-lcip-org CloudFormation stack
- TokenServer: Search for the fxa-tokenserver instance
- SyncServer2: Search for the fxa-syncstorage instance
- SyncServer1: Search for the fxa-syncstorage instance
- LogServer: Search for the fxa-logbox instance
- This is part of the dev-lcip-org CloudFormation stack
- Files
- TBD
- Processes
- TBD
- Logs
- TBD
- QA Access
- SSH with AWS keys to the various instances
- Firefox configs:
- services.sync.clusterURL = https://sync1.dev.lcip.org/ (should get automatically set by the TokenServer)
- services.sync.tokenServerURI = https://token.dev.lcip.org/1.0/sync/1.5
FxA Development Environments - partial
- QA Access
- SSH with AWS keys to the various instances
- Content Server
- URLs
- https://accounts.dev.lcip.org/
- non-auto-updating environment (AWS - US East)
- https://accounts-latest.dev.lcip.org/
- auto-updated environment (AWS - US East)
- https://accounts.dev.lcip.org/
- AWS
- Search for the following in US East:
- rfk's awsbox deployment (accounts-latest.dev.lcip.org)
- rfk's awsbox deployment (accounts.dev.lcip.org)
- Search for the following in US East:
- Versions
- Files
- /home/app
- /home/proxy
- Processes
- Look at any process owned by root, mysql, app, proxy
- Logs
- /var/log/nginx/access.log and error.log
- /home/app/var/log/browserid-certifier.js.log
- /home/app/var/log/firefox_account_bridge.js.log
- URLs
- Auth Server
- URLs
- AWS
- Search for the following in US East:
- rfk's awsbox deployment (api-accounts-latest.dev.lcip.org)
- rfk's awsbox deployment (api-accounts.dev.lcip.org)
- Search for the following in US East:
- Versions
- Files
- /home/app
- Processes
- Search for any process owned by app, root, mysql, proxy
- Logs
- /home/app/hekad/*.log
- /home/app/var/log/*.log
- /home/proxy/var/log/nginx
- Log Aggregation
- Default Firefox configs for Nightly:
- services.sync.clusterURL = http://db1.oldsync.dev.lcip.org/ (should get automatically set by the TokenServer)
- services.sync.tokenServerURI = http://auth.oldsync.dev.lcip.org/1.0/sync/1.1
- firefox.accounts.remoteUrl = https://accounts.dev.lcip.org/?service=sync
- identity.fxaccounts.enabled=true (NO LONGER NEEDED, BUT STILL CAN BE DEFINED)
- services.sync.fxaccounts.enabled=true (NEW FOR NIGHTLY FF 29 - SHOULD BE SET BY DEFAULT)
- services.sync.log.appender.file.logOnError = Yes
- services.sync.log.appender.file.logOnSuccess = Yes
- services.sync.log.appender.file.level = Trace
- identity.fxaccounts.auth.uri = https://api-accounts.dev.lcip.org/v1
- And to hit the TokenServer/Sync 1.5 Dev services, change the following:
- services.sync.clusterURL = https://sync1.dev.lcip.org/ (should get automatically set by the TokenServer)
- services.sync.tokenServerURI = https://token.dev.lcip.org/1.0/sync/1.5
- And to hit the TokenServer/Sync 1.5 Stage services, change the following:
- services.sync.clusterURL = https://sync-X-us-east-1.stage.mozaws.net/ (should get automatically set by the TokenServer)
- services.sync.tokenServerURI = https://token.stage.mozaws.net/1.0/sync/1.5
- And to hit the TokenServer/Sync 1.5 Prod services, change the following:
- services.sync.clusterURL = https://sync-X-us-east-2.sync.services.mozilla.com/ (should get automatically set by the TokenServer)
- services.sync.tokenServerURI = https://token.services.mozilla.com/1.0/sync/1.5
- Other Dev Deployments:
- AWS: api-accounts-legacy.dev.lcip.org
- AWS: accounts-legacy.dev.lcip.org
- AWS: api-accounts-onepw.dev.lcip.org
OPs Mana and GitHub Pages
- NOTE: Talk to OPs for the links to Mana.
- Puppet Config: https://github.com/mozilla-services/puppet-config
- Cloud Formation: https://github.com/mozilla-services/svcops