Environments¶
Mozilla runs several instances of Normandy; this document provides information about each one of them, including what preferences you need to set to point an instance of Firefox towards them.
Each environment may have several hostnames associated with it. Generally, there is a public, read-only server, a legacy admin server, a new Bearer auth admin server, a Remote Settings server, and an API CDN. Not all environments have all of these.
To change the Remote Settings server, the easiest thing is to use the Remote Settings Devtools. Otherwise when changing from one environment to another (i.e. prod to stage), you run the risk of previously-synced data lingering and preventing syncs from the new environment.
Production¶
Production is the live, user-facing instance of Normandy that is hit by every active user of Firefox. The public read-only API server is served through a CDN with a cache time of a few minutes.
Public Read-only API server: https://normandy.cdn.mozilla.net/
VPN-Only Admin API server: https://prod-admin.normandy.prod.cloudops.mozgcp.net/
Preferences¶
Set the following preferences to have Firefox execute recipes from the production server:
- app.normandy.api_url
https://normandy.cdn.mozilla.net/api/v1
- security.content.signature.root_hash
97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E
Staging¶
Staging is a test environment used to test the deployment process. It is useful for testing a version of Normandy before it is deployed to users, but is not guaranteed to be functional or available at all times. Unlike Production, Stage does not use a VPN for the public API server.
Public Read-only API server: https://stage.normandy.nonprod.cloudops.mozgcp.net/
VPN-Only Admin API server: https://stage-admin.normandy.nonprod.cloudops.mozgcp.net/ (VPN Required)
Preferences¶
Set the following preferences to have Firefox execute recipes from the staging server:
- app.normandy.api_url
https://stage.normandy.nonprod.cloudops.mozgcp.net/api/v1
- security.content.signature.root_hash
3C:01:44:6A:BE:90:36:CE:A9:A0:9A:CA:A3:A5:20:AC:62:8F:20:A7:AE:32:CE:86:1C:B2:EF:B7:0F:A0:C7:45
Dev¶
Dev is an environment that deploys automatically from the master branch. It can be used for testing admin frontends to Normandy, and always has the latest code. Sometimes it is broken. Unlike Production and Staging, Dev doesn’t require use of the VPN to access the admin server.
Read-only API server: https://dev.normandy.nonprod.cloudops.mozgcp.net/
Admin API server: https://dev-admin.normandy.nonprod.cloudops.mozgcp.net/
Preferences¶
Set the following preferences to have Firefox execute recipes from the dev server:
- app.normandy.api_url
https://dev.normandy.nonprod.cloudops.mozgcp.net/api/v1
- security.content.signature.root_hash
TODO: The value is currently unknown. It would be the root hash used for Autograph development servers.
Local¶
This section is for an instance of normandy you are running yourself, such as by following the instructions in this set of docs, or by running a Docker container.
These environments don’t always have Autograph set up, but when they do, the hash to use is the one below. It is possible to configure Autograph to use different keys than the default ones provided for Normandy. That is a not a supported configuration for local development.
The server run this way works as both a bearer auth server, and can be used with local Django authentication. It is not generally configured to use the legacy authentication method, though that is possible as well.
Preferences¶
Set the following preferences to have Firefox execute recipes from a typical local server:
- app.normandy.api_url
https://localhost:8000/api/v1
Note that the Normandy API must be accessed via HTTPS, even for local development.
- security.content.signature.root_hash
4C:35:B1:C3:E3:12:D9:55:E7:78:ED:D0:A7:E7:8A:38:83:04:EF:01:BF:FA:03:29:B2:46:9F:3C:C5:EC:36:04