Installing Squid for a Frontier launchpad

Every Frontier launchpad machine runs frontier-squid in addition to a frontier-tomcat. This squid is configured in what as known as a "reverse proxy" which automatically forwards all connections to the backend server process.

Hardware

The hardware requirements for squid on a launchpad tend to be much less than on a site proxy squid, because the bandwidth requested and the number of queries requested is usually much lower. That is because launchpads usually have far fewer clients: only other squids rather than worker node jobs. The recommended disk space for launchpads are at least 100GB for squid cache and 60GB for squid logs.

Software

Preparation

It is best if you set the user and group id for squid to be the same as that used for tomcat as described in the InstallSquid Preparation section.

Installation

For installation, use the regular InstallSquid Installation instructions. Increase the file descriptors to 16384 as shown in the section on running out of file descriptors.

If you have yum auto updates enabled, it's generally not a good idea to autoupdate the application service on a production system. If you have autoupdates enabled it is recommended to avoid updating frontier packages. Some ways to handle this are:

  • Keep the frontier-* rpms in a local mirror repository instead
  • Set enabled=0 in /etc/yum.repos.d/cern-frontier.repo. Then to really upgrade, add the yum install option --enablerepo=cern-frontier.
  • Add exclude=frontier-* in /etc/yum.repos.d/cern-frontier.repo. Then when you want to really upgrade, add the yum install option --disableexcludes=cern-frontier.

Configuration

In addition to the regular InstallSquid Configuration instructions, add these /etc/squid/customize.sh entries for launchpads:

    setoption("http_port", "8000 accel defaultsite=127.0.0.1:8080 no-vhost")
    setoption("cache_peer", "127.0.0.1 parent 8080 0 no-query originserver")
    commentout("acl NET_LOCAL src")
    commentout("http_access allow NET_LOCAL")
    insertline("^http_access deny all", "http_access allow to_localhost")
    setoption("read_ahead_gap", "100 MB")
    setoption("shutdown_lifetime", "0 seconds")

Also set the default maximum squid per-log size in /etc/sysconfig/frontier-squid as described on the InstallSquid page.

Testing

Use the regular InstallSquid Testing instructions, except don't set http_proxy, replace cmsfrontier.cern.ch with the name of your server, and replace FrontierProd with the name of your servlet.

Responsible: DaveDykstra

Edit | Attach | Watch | Print version | History: r9 < r8 < r7 < r6 < r5 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r9 - 2017-03-22 - DaveDykstra
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    Frontier All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback