Instructions for registering Squid services on the WLCG

Contents of this page:

Purpose

Squid registrations are primarily used for identifying squids to be monitored. This WLCG squid monitor makes use of the registrations, as do the failover monitors that identify direct worker node connections from sites that use squids. The registrations are also used as an input into the Web Proxy Auto Discovery service that jobs can use to locate squids. All non-U.S. WLCG sites that are registered in GOCDB are now asked to register their squid services there as well, and all U.S. sites are asked to register their squids in the Open Science Grid's topology system. Details are below. Non-U.S. Tier 3 sites that have not yet registered any other services in GOCDB are asked to instead request by email to be added to a squid monitoring exception list, details also below. All squids used by either Frontier or CVMFS (or both) should be registered, and squids for other purposes may also be registered if monitoring is desired.

This kind of central monitoring of squids has proven to be invaluable for debugging problems that have occurred over the many years of experience with Squid in High Energy Physics projects, with both Frontier and CVMFS. The monitors help squid experts to assist site administrators with problems that arise, and they help protect the central servers that depend on the site squids to handle most of the load. So all sites are strongly encouraged to enable their squids to be monitored. Even if sites decline the SNMP-based monitoring, they should still register their squids for the sake of the other purposes.

Registration instructions

Squid services should be registered by site administrators under the fully qualified domain names that have monitoring ports (typically UDP port 3401) and public IP addresses. If there is more than one squid in a DNS round-robin, register just the round-robin alias. If there is not yet a DNS round-robin alias but there are multiple squids supplying the same service, it is recommended to make a round-robin alias first. The squid monitor will automatically pick up multiple names in a round-robin, plus it will make an aggregated plot combining the squids in the service. Even if there is only one squid in the service, it is recommended to register a DNS alias to make it easier to move to a different machine in the future including preserving the monitoring history without needing to change the registration. Note that just the fully qualified domain names should be registered, without a :port at the end. If a site is declining the SNMP-based monitoring (against the strong advice of WLCG squid experts) it should still be registered under its publicly-accessible DNS name; it will still be used by the failover monitors. More than one service can be registered at each site; if there is more than one squid service, please include an indication of the purpose of each service in the registered DNS name.

If the squid has not yet been enabled for UDP monitoring then if you are using the frontier-squid package follow these instructions or if you are using squid from some other source follow these instructions.

If you have something non-standard (for example a non-standard monitoring port, more than one squid service on a machine, or a DNS alias where some machines get removed during maintenance) then please notify the operations team as described below.

Open Science Grid (OSG) sites should skip down to the OSG topology instructions below. Non-OSG Tier 0, 1, and 2 sites follow the GOCDB instructions below.

Non-OSG Tier-3 sites

Since the GOCDB requirements for adding sites are often too difficult for Tier-3 sites, if a Tier 3 is not already registered in GOCDB they should instead send an email to wlcg-squid-ops@cern.ch requesting that their squid be monitored by exception list. Provide the public internet name of the squid where UDP port 3401 can be reached, and a name for your site.

GOCDB

Non-OSG site administrators that have already registered in GOCDB follow these instructions to register a squid service:

1. From the GOCDB portal using your certificate, click the Add Service button to add a service to your site.
2. In the Service Type field, select org.squid-cache.Squid.
3. In the Host name field, fill in the fully qualified domain name of the service as detailed in the registration instructions above.
4. In the Is this service monitored? field, select Y unless WLCG SNMP-based monitoring is declined.
5. Select whether or not the service is in production.
6. Fill in a contact e-mail.

The other fields are not used by the squid monitoring service.

OSG topology

U.S. sites that are not yet registered should first follow the instructions to register a new site and resource group in the OSG topology system.

Registered sites should follow the OSG instructions for registering frontier squid.

OIM

The OSG Information Management system (OIM) has been replaced by the OSG topology system.

Verify monitor

After a few hours, verify that your squids are being monitored on the WLCG squid monitoring machine and that they show monitoring data. The name should be based on the site name for GOCDB or the Resource Group name for OSG, plus the registered fully qualified domain name. If the squid is not in use so there's no data to plot, then look for an extra line under the line saying "The statistics were last updated" that says the squid "had been up for" a period of time; all squids that are responding should have that "had been up for" line. If the squid is not there at all or is not responding, contact the squid operations team for help.

Contacting squid operations team

If there's a problem, everyone except CMS site administrators should submit a general GGUS ticket and Assign to support unit WLCG Squid Operations. Set the Concerned VO if the issue is related to a particular VO. CMS administrators should instead submit a CMS GGUS ticket with type of problem = CMS_Facilities and CMS Support Unit = CMS Frontier & Squid. If you have a question you can send it to wlcg-squid-ops@cern.ch.

-- DaveDykstra - 29 Oct 2014