🔗 CARP SMP 工作进程集群
Squid SMP 支持是在 Squid-3.2 及更高版本中持续改进的一部分。此处的配置可能不完全是最新的。或者可能需要您安装更新的版本。
🔗 目录
Squid-3.2 及更高版本支持多核系统上的 SMP 扩展,并且可以更简单地配置多进程系统。然而,对于所有组件(尤其是 UFS 缓存存储系统)的支持尚未完成。因此,UFS/AUFS/diskd 存储缓存中的对象重复问题仍然存在。在旧版本中,通过在多层多进程设计中使用 CARP 对等选择算法,该问题得到了部分解决。
此配置概述了如何利用 Squid-3.2 SMP 支持来简化 Squid CARP 集群的配置,同时保留 CARP 对象去重的好处。它面向 **资深系统管理员**。了解转发循环控制和 SMP 工作进程编号将有助于理解此配置。
此 配置示例 中概述的设置旨在在一个运行带有 SMP 工作进程的 squid 的系统上创建一个
- “前端”工作进程,它负责
- 身份验证
- 授权
- 日志记录、延迟池等。
- 内存中热对象缓存
- 后端进程的负载均衡
- 重定向等 — 以及一个“后端”工作进程池,每个进程负责
- 磁盘缓存
- 处理网络密集型任务
虽然此设置预计会提高多核系统的整体吞吐量并简化 CARP 集群的维护,但好处受到限制,因为前端工作进程仍然预计会成为瓶颈。
如果有人将此投入生产,请鼓励他们分享结果,以帮助他人评估解决方案的有效性。
🔗 Squid 配置文件
需要使用 3 个配置文件。您可以通过点击每个文件下方的文件名来下载它。
🔗 squid.conf
# DO change this "somepassword"
cachemgr_passwd somepassword all
acl localnet src 192.168.0.0/24
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# basic safety net access controls.
# NOTE that user access and local access controls are all in frontend.conf
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
# 3 workers, using worker #1 as the frontend is important
workers 3
if ${process_number} = 1
include /etc/squid/frontend.conf
else
include /etc/squid/backend.conf
endif
http_access deny all
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
🔗 frontend.conf
http_port 3128
# add user authentication and similar options here
http_access allow manager localhost
http_access deny manager
# add backends - one line for each additional worker you configured
# NOTE how the port number matches the kid number
cache_peer localhost parent 4002 0 carp login=PASS name=backend-kid2
cache_peer localhost parent 4003 0 carp login=PASS name=backend-kid3
#you want the frontend to have a significant cache_mem
cache_mem 512 MB
# change /tmp to your own log directory, e.g. /var/log/squid
access_log /var/log/squid/frontend.access.log
cache_log /var/log/squid/frontend.cache.log
# the frontend requires a different name to the backend(s)
visible_hostname frontend.example.com
🔗 backend.conf
# each backend must listen on a unique port
# without this the CARP algorithm would be useless
http_port localhost:400${process_number}
# a 10 GB cache of small (up to 32KB) objects accessible by any backend worker
cache_dir rock /mnt/cacheRock 10240 max-size=32768
# NP: for now AUFS does not support SMP but the CARP algorithm helps reduce object duplications
# a 10 GB cache of large (over 32KB) objects per-worker
cache_dir aufs /mnt/cache${process_number} 10240 128 128 min-size=32769
# the default maximum cached object size is a bit small
# you want the backend to be able to cache some fairly large objects
maximum_object_size 512 MB
# you want the backend to have a small cache_mem
cache_mem 4 MB
# the backends require a different name to frontends, but can share one
# this prevents forwarding loops between backends while allowing
# frontend to forward via the backend
visible_hostname backend${process_number}.example.com
# change /var/log/squid to your own log directory
access_log /var/log/squid/backend${process_number}.access.log
cache_log /var/log/squid/backend${process_number}.cache.log
# add just enough access permissions to allow the frontend
http_access allow localhost
⚠️ Disclaimer: Any example presented here is provided "as-is" with no support
or guarantee of suitability. If you have any further questions about
these examples please email the squid-users mailing list.
类别: ConfigExample
导航:网站搜索、网站页面、分类、🔼 向上