Adding your Squid to Shoal

This page describes how to configure a Squid server with shoal-agent. If you already have a squid installed you only need to install shoal-agent and make sure your squid is accessible to the outside world.

If you don't already have Squid installed and configured, follow the instructions for installing the frontier squid variant. The frontier squid is nicely packaged and optimized for Frontier and CVMFS.

For the Impatient using SL 6

If you have a working squid accessible to the web

%STARTCONSOLE% curl https://raw.github.com/hep-gc/shoal/master/scripts/production-agent-install-for-hep.sh | bash service shoal-agent start %ENDCONSOLE%

For those a little more cautious

Follow the instructions in the Github documentation to install Shoal Agent.

Then edit the configuration file /etc/shoal/shoal_agent.conf :

%STARTCONSOLE% amqp_server_url = shoal.heprc.uvic.ca amqp_port = 5672 %ENDCONSOLE%

Squid Configuration

The modus operandi when using Shoal is to allow client connections to the squid from anywhere, but restrict destinations to the known CVMFS (and Frontier) servers. Here are good references for the syntax to use in customize.sh :

You should end up with something like the following in your squid configuration:

%STARTCONSOLE% acl NET_LOCAL src 0.0.0.0/32 acl RESTRICT_DEST dstdom_regex ^|cvmfs-stratum-one\.cern\.ch|cernvmfs\.gridpp\.rl\.ac\.uk|cvmfs\.racf\.bnl\.gov|cvmfs\.fnal\.gov|cvmfs02\.grid\.sinica\.edu\.tw|frontier[0-9]*\.racf\.bnl\.gov|atlasfrontier[0-9]*\.cern\.ch|ccsqfatlasli[0-9]*\.in2p3\.fr|lcgvo-frontier[0-9]*\.gridpp\.rl\.ac\.uk|$ http_access deny RESTRICT_DEST %ENDCONSOLE%

Edit | Attach | Watch | Print version | History: r16 | r9 < r8 < r7 < r6 | Backlinks | Raw View | More topic actions...
Topic revision: r7 - 2014-09-23 - rptaylor
 
  • Edit
  • Attach
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback