Adding your Squid to Shoal

This page describes how to configure a Squid server with shoal-agent. If you already have a squid installed you only need to install shoal-agent and make sure your squid is accessible to the outside world.

If you don't already have Squid installed and configured, follow the instructions for installing the frontier squid variant. The frontier squid is nicely packaged and optimized for Frontier and CVMFS.

For the Impatient using SL 6

If you have a working squid accessible to the web

%STARTCONSOLE% curl | bash service shoal-agent start %ENDCONSOLE%

For those a little more cautious

Follow the instructions in the Github documentation to install Shoal Agent.

Then edit the configuration file /etc/shoal/shoal_agent.conf :

%STARTCONSOLE% amqp_server_url = amqp_port = 5672 %ENDCONSOLE%

Squid Configuration

The recommended modus operandi when using Shoal is to allow client connections to the squid from anywhere, but restrict destinations to the known CVMFS (and Frontier) servers. Here are good references for the syntax to use in :

You should have this in

uncomment("acl MAJOR_CVMFS")
uncomment("acl ATLAS_FRONTIER")
insertline("^# http_access deny !RESTRICT_DEST", "http_access allow MAJOR_CVMFS")
insertline("^# http_access deny !RESTRICT_DEST", "http_access allow ATLAS_FRONTIER")
setoption("acl NET_LOCAL src", "")

Note that this will allow connections that are either:

  • from the specified NET_LOCAL subnet(s) to anywhere
  • or, from anywhere to a CVMFS or Frontier server
Edit | Attach | Watch | Print version | History: r16 | r13 < r12 < r11 < r10 | Backlinks | Raw View | More topic actions...
Topic revision: r11 - 2015-03-05 - rptaylor
  • Edit
  • Attach
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback