Squid

From ISPWiki
Jump to: navigation, search

This article will go you through the steps you need to perform for setting up squid to run with VMmanager and DCImanager.

Hierarchy: VMmanager KVM -> OS templates section
VMmanager Cloud -> OS templates section

VMmanager and DCImanager can use a caching proxy-server to fasten OS installation.

It will cache packets downloaded from mirrors, OS repositories.

Following is the squid installation process:

Installation

CentOS 6

yum install squid
chkconfig --add squid

CentOS 7

yum install squid
systemctl enable squid.service

Configuration

Configuration file on CentOS - /etc/squid/squid.conf

To apply the changes, restart squid

service squid reload

Centos 7

systemctl restart squid.service

Specify IP-addresses from which you want to allow access (IPs of virtual machines and dedicated servers).

Specify IP addresses using acl

acl install_net src 1.1.1.0/24
acl install_net src 2.2.2.0/24
acl install_net src 1111:2222:3333::4444/64

Allow access from these networks and deny from others

http_access allow install_net
http_access deny all

Allow caching of large files. The default value will not allow caching of OS kernel and FreeBSD archives.

maximum_object_size 1024 MB

Following is the example for VMmamanger (squid 3.1):

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
 
acl install_net src 1.1.1.0/24
acl install_net src 2.2.2.0/24
acl install_net src 1111:2222:3333::4444/64
 
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
acl Purge method PURGE
http_access allow localhost Purge
http_access deny Purge
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
 
http_access allow localhost
 
http_access allow install_net
http_access deny all
http_port 3128
cache_dir ufs /var/spool/squid 4096 16 256
 
maximum_object_size 1024 MB
 
coredump_dir /var/spool/squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i /mirrorlist.centos.org/      1440    20%     10080
refresh_pattern -i /download.ispsystem.com/     0       20%     30
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern -i repomd.xml   0    0%      0
refresh_pattern -i /repodata\/repomd\.xml/      5    10%      160
refresh_pattern -i /repodata.+gz/ 0    0%      60
refresh_pattern -i (Packages.gz|Release|Release.gpg)$ 0    10%      60
refresh_pattern -i /vmmgr?/ 0    0%      0
refresh_pattern -i /dcimgr?/ 0    0%      0
refresh_pattern -i /install\.5\.sh/ 0    0%      0
refresh_pattern -i /\.treeinfo/ 0    0%      0
refresh_pattern -i /\w+\.lic/ 0    0%      0
refresh_pattern . 0       20%     4320

Examples of the configuration file can be found here Configuring Squid

Make sure the partition where the directory from the cache_dir parameter has enough free space, not less than 10 Gb. When you install squid, the /var/spool/squid directory will be created automatically. However, if the service restart failed, check the output of the systemctl status squid.service function:

squid[21524]: Failed to make swap directory /var/spool/squid: (13) Permission denied

In this case create a directory:

mkdir /var/spool/squid
chown -R squid:squid /var/spool/squid

Checks

Try to download a file by wget through proxy.

Something like this:

http_proxy=http://127.1.1.1:3128/ wget -O /dev/null http://ftp.freebsd.org/pub/FreeBSD/ports/ports/ports.tar.gz

View the squid log. If you run CentOS - /var/log/squid/access.log If no errors occurred, you will see something like this:

1381394282.324  12352 1.1.1.1 TCP_MISS/200 52127893 GET http://ftp.freebsd.org/pub/FreeBSD/ports/ports/ports.tar.gz - DIRECT/2001:6c8:130:800::4 application/x-gzip

Downloading for the second time will change TCP_MISS into TCP_HIT or TCP_HIT_MEM

1381394328.563    235 1.1.1.1 TCP_HIT/200 52127902 GET http://ftp.freebsd.org/pub/FreeBSD/ports/ports/ports.tar.gz - NONE/- application/x-gzip


Configure VMmanager (DCImanager)

Specify the following parameters into the configuration files

VMmanager:

HTTPProxyv4 http://127.1.1.1.1:3128/
HTTPProxyv6 http://[1111:2222:3333::4444]:3128/

DCImanager:

HTTPProxy http://127.1.1.1.1:3128/
HTTPProxyv6 http://[1111:2222:3333::4444]:3128/

Specify your IP-addresses and ports. If you use IPv6, you should specify HTTPProxyv6.

Note: You should specify real IP addresses that a virtual machine or dedicated server can connect to. If the proxy-server is located on the same node as VMmanager, do not specifyloopback-address as a parameter for HTTPProxyv4 or HTTPProxyv6, because this IP must be accessed from any cluster node.