Service Card for CVMFS
CVMFS is a package running on the WNs that needs a squid proxy to cache requests.
Definition
Currently, the host in which the squid for cvmfs is installed is
cvmfs.lcg.cscs.ch
and is a Sun server with:
- Scientific Linux 6.2 x86_64
- Squid 3.1.10 (squid-3.1.10-1.el6_2.1.x86_64)
Operations
Interesting information like how to deal with the service.
Client tools
Testing
Start/stop procedures
# service squid status
squid (pid 2268) is running...
Failover check
The WNs are configured to query both Squid servers in case of failure:
# cat default.local
#CVMFS_REPOSITORIES=atlas.cern.ch,atlas-condb.cern.ch,cms.cern.ch,lhcb.cern.ch,hone.cern.ch,grid.cern.ch
CVMFS_REPOSITORIES=atlas,atlas-condb,lhcb,hone,cms
CVMFS_HTTP_PROXY="http://cvmfs.lcg.cscs.ch:3128|http://ppcvmfs.lcg.cscs.ch:3128"
CVMFS_CACHE_BASE=/cvmfs_local
CVMFS_QUOTA_LIMIT=30000
Checking logs
Set up
Instructions on how to set up the service, like:
Dependencies (other services, mount points, ...)
Redundancy notes
Installation
Easy:
# yum install squid
Configuration (
/etc/squid/squid.conf
) is managed by cfengine.
Upgrade
Monitoring
The remote monitoring by WLCG via SNMP on 3401/udp has to be enabled in the Squid configuration (through CFEngine as usual) on
cvmfs.lcg.cscs.ch
and
cvmfs1.lcg.cscs.ch
along with the ACLs required to let the remote monitoring from CERN network and CERN Hungary data center:
[root@cvmfs:~]# vim /etc/squid/squid.conf
[...]
acl HOST_MONITOR src 127.0.0.1/32 128.142.0.0/16 188.184.128.0/17 188.185.128.0/17
acl snmppublic snmp_community public
[...]
snmp_access allow snmppublic HOST_MONITOR
snmp_access deny all
snmp_port 3401
[...]
[root@cvmfs:~]# service squid reload
[root@cvmfs:~]# netstat -tlpun | grep 3401
udp 0 0 :::3401 :::* 20818/(squid)
Of course the firewall has to be set in order to allow inbound connections from those networks:
-A INPUT -s 128.142.0.0/16 -p udp --dport 3401 -m state --state NEW -j ACCEPT
-A INPUT -s 188.184.128.0/17 -p udp --dport 3401 -m state --state NEW -j ACCEPT
-A INPUT -s 188.185.128.0/17 -p udp --dport 3401 -m state --state NEW -j ACCEPT
The status of the Squid servers running on
cvmfs
and
cvmfs1
can be checked on the official monitoring pages:
Squid_cvmfs,
Squid_cvmfs1,
Squid_monitors.
Nagios
Ganglia
Self Sanity / revival?
Other?
Manuals
External links to manuals
Issues
Information about issues found with this service, and how to deal with them.
Define a reasonable size of Squid disk cache
It is a good idea to set a reasonable value for the disk cache size being used by the Squid server run on CMVFS machines in order to avoid to fill up the whole disk or partition dedicated to it:
[root@cvmfs1:~]# vim /etc/squid/squid.conf
[...]
cache_dir aufs /squid_cache/squid 400000 16 256
[...]
In the example a disk cache size of 400GB has been defined along with the limit of 16 first-level directories and 256 second-level directories created under the Squid cache directory defined as second argument. Currently we manage this configuration file via CFEngine as usual.
Issue2
References