Installing Squid for a Frontier launchpad

Every Frontier launchpad machine runs frontier-squid in addition to a frontier-tomcat. This squid is configured in what as known as a "reverse proxy" which automatically forwards all connections to the backend server process.


The hardware requirements for squid on a launchpad tend to be much less than on a site proxy squid, because the bandwidth requested and the number of queries requested is usually much lower. That is because launchpads usually have far fewer clients: only other squids rather than worker node jobs. The recommended disk space for launchpads are at least 100GB for squid cache and 60GB for squid logs.



It is best if you set the user and group id for squid to be the same as that used for tomcat as described in the InstallSquid Preparation section.


For installation, use the regular InstallSquid Installation instructions. Increase the file descriptors to 16384 as shown in the section on running out of file descriptors.

If you have yum auto updates enabled, it's generally not a good idea to autoupdate the application service on a production system. If you have autoupdates enabled it is recommended to avoid updating frontier packages. Some ways to handle this are:

  • Keep the frontier-* rpms in a local mirror repository instead
  • Set enabled=0 in /etc/yum.repos.d/cern-frontier.repo. Then to really upgrade, add the yum install option --enablerepo=cern-frontier.
  • Add exclude=frontier-* in /etc/yum.repos.d/cern-frontier.repo. Then when you want to really upgrade, add the yum install option --disableexcludes=cern-frontier.


In addition to the regular InstallSquid Configuration instructions, add these /etc/squid/ entries for launchpads:

    setoption("http_port", "8000 accel defaultsite= no-vhost")
    setoption("cache_peer", " parent 8080 0 no-query originserver")
    commentout("acl NET_LOCAL src")
    commentout("http_access allow NET_LOCAL")
    insertline("^http_access deny all", "http_access allow to_localhost")
    setoption("read_ahead_gap", "100 MB")
    setoption("shutdown_lifetime", "0 seconds")

Also set the default maximum squid per-log size in /etc/sysconfig/frontier-squid as described on the InstallSquid page.

Cloudflare configuration

Cloudflare supports only port 8080 (besides 80), so the first difference is to change the tomcat port number to 8880 and change the 8080 in the cache_peer parent line above to 8880. Next, set up the squid for 2 services so the caches can be separately managed. Instead of setting the http_port directly with setserviceoption, use the following:

if ($1 == "http_port") {
    print "if ${service_name} = 0"
    $0 = "http_port 8000 accel defaultsite= no-vhost"
    print "else"
    $2 = "8080"
    print "endif"
    $0 = ""

In order to set the size of the cache for Cloudflare to a smaller amount than the primary cache, such as 10GB, use the following and set the primary size on the third line:

if ($1 == "cache_dir") {
    print "if ${service_name} = 0"
    $4 = "100000"
    print "else"
    $4 = "10000"
    print "endif"
    $0 = ""

Finally, at the very end of the script after the awk script add the following:

cat <<'!EOF!'
if ${service_name} = 1
request_header_add X-Frontier-Opts DontCacheErrors all


Use the regular InstallSquid Testing instructions, except don't set http_proxy, replace with the name of your server, and replace FrontierProd with the name of your servlet.

Responsible: DaveDykstra

Edit | Attach | Watch | Print version | History: r11 < r10 < r9 < r8 < r7 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r11 - 2020-01-02 - DaveDykstra
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    Frontier All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback