Trace: squid

Squid Setup

  1. Create a user for Squid
  2. Set password for the user account 

[root@grow-prod ~]# useradd -c “Frontier Squid” -n dbfrontier -s /bin/bash
[root@grow-prod ~]# passwd dbfrontier

Sync user and config with cluster. 

[root@grow-prod ~]# sudo ssh-agent $SHELL
[root@grow-prod ~]# sudo ssh-add
[root@grow-prod ~]# sudo rocks sync config
[root@grow-prod ~]# sudo rocks sync users

Create a directory for Squid and change ownership to the new Squid user account. 

[root@grow-prod ~]# mkdir /export/squid
[root@grow-prod ~]# chown dbfrontier:users /export/squid

  1. Download Squid.
  2. Unpack tar file.
  3. Change directory into newly unpacked directory.
  4. Call the configuration script.Provide the script with the answers below. 

[root@grow-prod ~]# wget “http://frontier.cern.ch/dist/frontier-squid-2.7.STABLE9-5.tar.gz”
[root@grow-prod ~]# tar -xvzf frontier-squid-2.7.STABLE9-5.tar.gz
[root@grow-prod ~]# cd frontier-squid-2.7.STABLE9-5
[root@grow-prod frontier-squid-2.7.STABLE9-5]# ./configure
Installation directory: /export/squid
Network & netmask: 128.255.0.0/254.255.0.0 10.1.0.0/255.255.0.0
Cache RAM (MB): 128
Cache disk (MB): 40000

Install Squid by executing: 

[root@grow-prod frontier-squid-2.7.STABLE9-5]# make
[root@grow-prod frontier-squid-2.7.STABLE9-5]# make install

Start the Squid server: 

[root@grow-prod frontier-squid-2.7.STABLE9-5]# /export/squid/frontier-cache/utils/bin/fn-local-squid.sh start

You can start the Squid server at boot time. As root (logout from dbfrontier back to root): 

[root@grow-prod frontier-squid-2.7.STABLE9-5]# cp /export/squid/frontier-cache/utils/init.d/frontier-squid.sh /etc/init.d/.
[root@grow-prod frontier-squid-2.7.STABLE9-5]# sudo /sbin/chkconfig –add frontier-squid.sh

Create a cron job to rotate the logs: 

[root@grow-prod frontier-squid-2.7.STABLE9-5]# crontab /export/squid/frontier-cache/utils/cron/crontab.dat

We choose to restrict Squid access to CMS Frontier queries, since the IPs allowed by Squid include addresses not in our cluster. Edit customize.sh and add the lines inside the {}: 

[root@grow-prod frontier-squid-2.7.STABLE9-5]# sudo vi /export/squid/frontier-cache/squid/etc/customize.sh

Uncomment these lines:

/export/squid/frontier-cache/squid/etc/customize.sh
acl RESTRICT_DEST
http_access deny !RESTRICT_DEST

Then tell Squid to use the new configuration: 

[root@grow-prod frontier-squid-2.7.STABLE9-5]# /export/squid/frontier-cache/utils/bin/fn-local-squid.sh reload

Test Squid by clicking here.
Register Squid by clicking here

To provide new configuration options, get a fresh install execute: 

[root@grow-prod frontier-squid-2.7.STABLE9-5]# /export/squid/frontier-cache/utils/bin/fn-local-squid.sh stop
[root@grow-prod frontier-squid-2.7.STABLE9-5]# make clean
[root@grow-prod frontier-squid-2.7.STABLE9-5]# make

Contact Info

This Dokuwiki page is maintained by:
Daniel Squires
University of Iowa
Department of Computer Science
Email: daniel-squires@uiowa.edu