Adding your Squid to Shoal

This page describes how to configure a Squid server with shoal-agent. If you already have a squid installed you only need to install shoal-agent and make sure your squid is accessible to the outside world.

If you don't already have Squid installed and configured, follow the instructions for installing the frontier squid variant. The frontier squid is nicely packaged and optimized for Frontier and CVMFS.

For the Impatient using SL 6

If you have a working squid accessible to the web

%STARTCONSOLE% curl https://raw.github.com/hep-gc/shoal/master/scripts/production-agent-install-for-hep.sh | bash service shoal-agent start %ENDCONSOLE%

For those a little more cautious

Follow the instructions in the Github documentation to install Shoal Agent.

Then edit the configuration file /etc/shoal/shoal_agent.conf :

%STARTCONSOLE% amqp_server_url = shoal.heprc.uvic.ca amqp_port = 5672 %ENDCONSOLE%

Squid Configuration

The recommended modus operandi when using Shoal is to allow client connections to the squid from anywhere, but restrict destinations to the known CVMFS (and Frontier) servers. Here are good references for the syntax to use in customize.sh :

• https://twiki.cern.ch/twiki/bin/view/Frontier/InstallSquid#Restricting_the_destination
• https://twiki.cern.ch/twiki/bin/view/AtlasComputing/T2SquidDeployment#ATLAS_specific_site_configuratio

You should have this in customize.sh

uncomment("acl MAJOR_CVMFS")
uncomment("acl ATLAS_FRONTIER")
insertline("^# http_access deny !RESTRICT_DEST", "http_access allow MAJOR_CVMFS")
insertline("^# http_access deny !RESTRICT_DEST", "http_access allow ATLAS_FRONTIER")
setoption("acl NET_LOCAL src", "192.168.0.0/16")

Note that this will allow connections that are either:

• from the specified NET_LOCAL subnet(s) to anywhere
• or, from anywhere to a CVMFS or Frontier server