-- LuisRodriguez - 2018-04-20

What? Proxy server (http://www.squid-cache.org/) used by the AIS applications to connect to external web services like https://scandium.scandit.com/api. There are two instances: squid_aisproxy01_dev and squid_aisproxy01_prod

How? squid is listening for request on 3128 port and it is behind the aisproxy alias (you can look for it on https://apex-sso.cern.ch/pls/htmldb_cerndb1/f?p=391). So if from any AIS box you make a request like == curl -x aisproxy:3128 http://google.com== you should get an output like

301 Moved

301 Moved

The document has moved here. And if you check the access log file on /ORA/dbs01/syscontrol/entities/squid_aisproxy01_prod/log/access.log (squid user) you should see your request.

1524240280.291 0 188.185.75.159 TCP_MEM_HIT/301 803 GET http://google.com/ - HIER_NONE/- text/html The squid entities implement the squid_aisproxy command group in SYSCONTROL.

Current proxies (26 Oct 2018) devaisproxy

137.138.62.56 ---> db-ga544.cern.ch 137.138.32.47 ---> db-gb544.cern.ch

ENTITY CATEG0RY TYPE STATE HOST ALIAS TYPE2 STARTUP DOMAIN PROJECTS


-------- ---- ----- ---- ----- ----- ------- ------ -------- squid_aisproxy01_dev APPSRV SQUID active db-ga544 devaisproxy DEV yes AISAPP AIS squid_aisproxy01_dev APPSRV SQUID active db-gb544 devaisproxy DEV yes AISAPP AIS aisproxy

188.185.104.67 ---> db-gb535.cern.ch 188.185.79.40 ---> db-ga535.cern.ch 188.185.74.68 ---> db-gc535.cern.ch

ENTITY CATEG0RY TYPE STATE HOST ALIAS TYPE2 STARTUP DOMAIN PROJECTS


-------- ---- ----- ---- ----- ----- ------- ------ -------- squid_aisproxy01_prod APPSRV SQUID active db-ga535 aisproxy PROD yes AISAPP AIS squid_aisproxy01_prod APPSRV SQUID active db-gb535 aisproxy PROD yes AISAPP AIS squid_aisproxy01_prod APPSRV SQUID active db-gc535 aisproxy PROD yes AISAPP AIS dbproxy

137.138.152.228 ---> db-ga524.cern.ch 188.185.67.81 ---> db-gc526.cern.ch

ENTITY CATEG0RY TYPE STATE HOST ALIAS TYPE2 STARTUP DOMAIN PROJECTS


-------- ---- ----- ---- ----- ----- ------- ------ -------- squid_itdbproxy APPSRV SQUID active db-ga524 dbproxy PROD yes INTAPP DES squid_itdbproxy APPSRV SQUID active db-gc526 dbproxy PROD yes INTAPP DES Firewall setup Only the boxes hosting entities which SC-DOMAIN=AISAPP should be able to access aisproxy IPs. Artur implemented a nice trick: = wassh -c appserver 'sc-cli list | grep AIS >/dev/null 2>&1; if [ $? -eq 0 ]; then AIS=yes; else AIS=no ;fi; if curl --connect-timeout 2 -x 188.185.104.67:3128 http://google.com >/dev/null 2>&1 ; then { echo proxy=OK AIS=$AIS; }; else { echo proxy=failed AIS=$AIS; }; fi ' >/tmp/proxy_start_db-gb535 2>&1=
Edit | Attach | Watch | Print version | History: r3 < r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r3 - 2018-10-26 - PaulSmith
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    Sandbox All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback