How to Install the CVMFS clients
First you need to install 1 squid servers per site. The recommended number are two for the service to run smoothly.
- Create 2 machines: squid0 and squid1 (just examples)
- Configure in al ui's and WN's
Install to install the SQUID server
- Please follow the next instructions:
Please pay attention to the configuration file at /etc/squid/squid.conf
# # Recommended minimum configuration: # acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 8000 # CVMFS acl CONNECT method CONNECT # # Recommended minimum Access Permission configuration: # # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow localnet http_access allow localhost # Squid normally listens to port 3128 http_port 3128 # We recommend you to use at least the following line. hierarchy_stoplist cgi-bin ? # Uncomment and adjust the following to add a disk cache directory. #cache_dir ufs /var/spool/squid 100 16 256 # Leave coredumps in the first cache dir coredump_dir /var/spool/squid # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 # CVMFS Squid Config params max_filedesc 8192 maximum_object_size 1024 MB cache_mem 128 MB maximum_object_size_in_memory 128 KB cache_dir ufs /var/spool/squid 50000 16 256 # ACLS local networks acl GridServices src XXX.XXX.XXX.XXX http_access allow GridServices # ACLS acl cvmfs dst cvmfs-stratum-one.cern.ch acl cvmfs dst cernvmfs.gridpp.rl.ac.uk acl cvmfs dst cvmfs.racf.bnl.gov acl cvmfs dst cvmfs02.grid.sinica.edu.tw acl cvmfs dst cvmfs.fnal.gov acl cvmfs dst cvmfs-atlas-nightlies.cern.ch acl cvmfs dst cvmfs-egi.gridpp.rl.ac.uk acl cvmfs dst klei.nikhef.nl acl cvmfs dst cvmfsrepo.lcg.triumf.ca acl cvmfs dst cvmfsrep.grid.sinica.edu.tw acl cvmfs dst cvmfs-s1bnl.opensciencegrid.org acl cvmfs dst cvmfs-s1fnal.opensciencegrid.org acl cvmfs dst cvmfs-egi.gridpp.rl.ac.uk http_access allow cvmfs # And finally deny all other access to this proxy http_access deny all
How to configure CVMFS clients to support phys.vo.ibergrid.eu
How to publish CVMFS support to phys.vo.ibergrid.eu
We also would like to request that sites include the CVMFS-PHYS_VO_IBERGRID_EU tag in the CE Runtime Environment. This would make life easier for users. To perform, this change, you can use one of two options:
- Include the tag directly in the /var/lib/bdii/gip/ldif/static-file-Cluster.ldif file of your CE (or of your glite-CLUSTER node), and then restart the bdii. Please be aware this will not make the change permanent. Next time you reconfigure your CE with yaim, this change will be lost (unless yaim is already changed as recommended in the following step).
# grep CVMFS-PHYS_VO_IBERGRID_EU /var/lib/bdii/gip/ldif/static-file-Cluster.ldif GlueHostApplicationSoftwareRunTimeEnvironment: CVMFS-PHYS_VO_IBERGRID_EU
- Include the tag in your yaim configuration files, and rerun yaim for the relevant node, either creamCE of Cluster (in principle, you just have to execute the config_cream_gip function):
CE_RUNTIMEENV="
CVMFS-PHYS_VO_IBERGRID_EU
(...)
"
$ /opt/glite/yaim/bin/yaim -r -s site-info.def -f config_cream_gip -n creamCE -n (...)