This page describes how to configure a Squid server with shoal-agent.

Install Squid

If you don't already have Squid installed and configured, follow https://twiki.cern.ch/twiki/bin/view/Frontier/InstallSquid (these instructions are specific to the frontier-squid repackaging of squid).

Install shoal-agent

Follow https://github.com/hep-gc/shoal/blob/master/shoal-agent/README.md

shoal-agent configuration

shoal_agent.conf should have:

amqp_server_url = shoal.heprc.uvic.ca
amqp_port = 5672

You can also set log_file=/var/log/shoal_agent.log and chown the log file to the appropriate user.

Squid Configuration

The modus operandi when using Shoal is to allow client connections to the squid from anywhere, but restrict destinations to the known CVMFS servers. See https://twiki.cern.ch/twiki/bin/view/Frontier/InstallSquid#Restricting_the_destination

You should end up with something like:

acl NET_LOCAL src 0.0.0.0/32
acl RESTRICT_DEST dstdom_regex ^|cvmfs-stratum-one\.cern\.ch|cernvmfs\.gridpp\.rl\.ac\.uk|cvmfs\.racf\.bnl\.gov|cvmfs\.fnal\.gov|cvmfs02\.grid\.sinica\.edu\.tw|$
http_access deny !RESTRICT_DEST

-- RyanTaylor - 2014-02-20

Edit | Attach | Watch | Print version | History: r16 | r4 < r3 < r2 < r1 | Backlinks | Raw View | More topic actions...
Topic revision: r1 - 2014-02-20 - rptaylor
 
  • Edit
  • Attach
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback