carp and squid

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

carp and squid

mediomen27
Hi, does 2 nodes clustered openbsd firewall work with squid ?
is there any specific configuration ?

Reply | Threaded
Open this post in threaded view
|

Re: carp and squid

Jiri B-2
On Wed, Dec 21, 2016 at 12:41:43PM +0100, Frank White wrote:
> Hi, does 2 nodes clustered openbsd firewall work with squid ?
> is there any specific configuration ?

If squid on each node would have its own cache dir, ie. not sharing
data, then pointing your clients to squid hostname linked to CARP
IP should work, shouldn't it?

If squid daemons on both nodes would share cache dir, then you should
somehow prevent "failed" node not to continue to mess with storage.
Typical solution is STONITH (shoot the other node in the head - ie.
power fencing). Then you could maybe use ifstated to monitor CARP interface
and start squid daemon if CARP IP is local.

I would be also interested in solutions used by various
OpenBSD users.

j.

Reply | Threaded
Open this post in threaded view
|

Re: carp and squid

Craig Skinner-3
In reply to this post by mediomen27
Hi Frank,

On Wed, 21 Dec 2016 12:41:43 +0100 Frank White wrote:
> Does 2 nodes clustered openbsd firewall work with squid?
> Is there any specific configuration?
>

carp may not be needed as:
*) PAC files can list multiple proxies
*) A DNS entry can have multiple IP addresses

See the Squid FAQ:
http://wiki.squid-cache.org/SquidFaq/ConfiguringBrowsers#Redundant_Proxy_Auto-Configuration
http://wiki.squid-cache.org/SquidFaq/ConfiguringBrowsers#Fully_Automatic_Configuration

Also: http://FindProxyForURL.com/example-pac-file/

Symlink a proxy.pac file as wpad.dat

Cheers,
--
Craig Skinner | http://linkd.in/yGqkv7