On 22/01/11 07:41, Tiz wrote:
> Hi,
>
> I am using squid to front two yum servers as a reverse-proxy. Both yum
> servers are essentially the same. I would like to load balance between the
> two and have some kind of redundancy failover.
>
> Config follows, but I think I am mis-understanding the idea of round-robin
> and how it relates to defaultsite. In this setup, the request always goes
> to defaultsite. Links to docs and sample configs greatly appreciated.
>
> What is the correct way to load balance these two devices? What am I
> missing?
Traffic which is received through an "Accel" mode port is normally
missing the domain name and protocol type part of the URL.
example:
GET /index.html HTTP/1.1
In order to figure out where it is coming from Squid is required to do
some magic. Which magic to perform is defined by the http_port settings.
Firstly "accel" flags indicates that magic is to be done.
Then "defaultsite=" option explicitly says what the domain name is.
So the above example request when made to your server becomes:
GET http://yum-slave-01/index.html HTTP/1.1
Only after this magic is done can the access controls and peer selection
get run.
So...
>
> cache_dir ufs /squid 20000 16 256
> http_port 80 accel defaultsite=yum-slave-01
> cache_peer 1.1.1.1 parent 80 0 no-query round-robin name=yum1
> acl yum1_sites dstdomain yum-slave-01
> cache_peer_access yum1 allow yum1_sites
URL http://yum-slave-01/ matches "yum1_sites". This peer will be selected.
> cache_peer 2.2.2.2 parent 80 0 no-query round-robin name=yum2
> acl yum2_sites dstdomain yum-slave-02
> cache_peer_access yum2 allow yum2_sites
URL http://yum-slave-01/ fails to match "yum2_sites". This peer will be
ignored.
You have based this directly on the "BasicAccelerator" I would guess.
That config is *basic*; one peer server. One website being gatewayed. No
balancing. No failovers. Nothing special *at all*.
There is an easy solution. But it has a very strict requirement: both
servers are full mirrors. That means a query to either server will get
the same response whether it be testing the MD5 of an object, its update
time, or existence. There is some small leeway for mirroring update lag.
That config is:
http_port 80 accel defaultsite=yum-slave-01
cache_peer 1.1.1.1 parent 80 0 no-query round-robin name=yum1
forcedomain=yum-slave-01
cache_peer 2.2.2.2 parent 80 0 no-query round-robin name=yum2
forcedomain=yum-slave-02
cache_peer_access yum1 allow all
cache_peer_access yum2 allow all
What this does is ignore the domain name and force it to be the peers
domain when relaying requests there.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.10 Beta testers wanted for 3.2.0.4Received on Sat Jan 22 2011 - 03:57:52 MST
This archive was generated by hypermail 2.2.0 : Sat Jan 22 2011 - 12:00:04 MST