2011년 11월 26일 토요일

SCM - 캐시 서버 구축 (Squid in Linux)


Linux

설치
  1. 설치해야 할 패키지:
    1. openssl : yum -y install openssl (or sudo apt-get install openssl  TIP: gksudo gnome-terminal)
    2. openssl-dev  (or libssl-dev)
    3. gcc, g++
    4. make
    5. perl
    6. vim (다른 편집기도 사용 가능)
  2. squid 3.0(http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE25.tar.gz) 압축 풀기
    wget http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE25.tar.gz
    (or wget http://www.squid-cache.org/Versions/v3/3.1/squid-3.1.12.tar.gz )
    tar zxvf squid-3.0.STABLE25.tar.gz
  3. cd squid-3.0.STABLE25
    (참고 : http://wiki.squid-cache.org/SquidFaq/CompilingSquid )
  4. 컴파일/링크변수 설정
    -참조 : http://gcc.gnu.org/onlinedocs/gcc/i386-and-x86_002d64-Options.html
    -참조 : http://en.gentoo-wiki.com/wiki/Safe_Cflags/Intel
              gcc -c -Q -march=native --help=target (GCC 4.2 and above support -march=native)
    -참조 : http://en.gentoo-wiki.com/wiki/Safe_Cflags/AMD

    • 64비트 OS : export CFLAGS="-O2 -pipe -m64 -march=core2 -fomit-frame-pointer -s"
      32비트 OS : export CFLAGS="-O2 -pipe -m32 -fomit-frame-pointer -s"
    • 64비트 OS : export CXXFLAGS="-O2 -pipe -m64 -march=core2 -fomit-frame-pointer -s"
      32비트 OS : export CXXFLAGS="-O2 -pipe -m32 -fomit-frame-pointer -s"
    • 64비트 OS : export LDFLAGS="-m64 -s -Wl,-O1"
      32비트 OS : export LDFLAGS="-m32 -s -Wl,-O1"
  5. ./configure -prefix=/usr/local/squid --with-pthreads --enable-storeio=ufs,aufs --enable-removal-policies=lru,heap --enable-ssl --with-large-files

    @Ubuntu
    sudo ./configure --prefix=/usr --localstatedir=/var --libexecdir=${prefix}/lib/squid --srcdir=. --datadir=${prefix}/share/squid --sysconfdir=/etc/squid --with-default-user=proxy --with-logdir=/var/log --with-pidfile=/var/run/squid.pid --with-pthreads --enable-storeio=ufs,aufs --enable-removal-policies=lru,heap --enable-ssl --with-large-files --with-filedescriptors=65535 
    -> 참조 : https://help.ubuntu.com/community/Squid : /usr/sbin/squid, /etc/squid/squid.conf
    @Ubuntu
  6. sudo make
  7. sudo make install
  8. /usr/local/squid 쓰기 가능한지 체크 

구성

  1. /usr/local/squid/etc/squid.conf 아래와 같이 대체
    (참조 : http://www.squid-cache.org/Versions/v3/3.0/cfgman/ )

    cache_store_log     none 
    cache_peer      parent 0 no-query originserver name=httpsAccel ssl
    (앞줄 계속) login=PROXYPASS sslflags=DONT_VERIFY_PEER 
    cache_peer_access     httpsAccel allow all
    coredump_dir /usr/local/squid/var/cache 
    http_access     allow all 
    https_port      cert=/usr/local/squid/etc/server.pem accel key=/usr/local/squid/etc/privkey.pem vhost 
    refresh_pattern     . 0 20% 4320 
    cache_replacement_policy     heap GDSF 
    memory_replacement_policy     heap GDSF 
    cache_dir     aufs /usr/local/squid/var/cache 256 256 
    cache_mem      MB 
    cachemgr_passwd     disable all 
    maximum_object_size     1048576 KB 
    maximum_object_size_in_memory     16384 KB 
    buffered_logs     on 
    visible_hostname     
    1. Replace all references of with the hostname of the server you wish to proxy.
    2. Replace all references of with the port name that your jazz server listens upon.
    3. Replace all references of with the hostname of your proxy machine.
    4. Replace all references of with the port of your proxy machine.
    5. Replace all references of with the amount of RAM that you want to allocate to squid's caching.  This must be less than the available memory on the machine. 
    6. Replace all references of  in MBytes with the amount of diskspace you want ot allocate to squid.  This must be less than the available disk space in "/usr/local/squid/var/cache".  
    Squid 설정 예
    cache_store_log none
    cache_peer x.x.x.x parent 9443 0 no-query originserver name=httpsAccel ssl login=PROXYPASS sslflags=DONT_VERIFY_PEER
    cache_peer_access httpsAccel allow all
    coredump_dir /usr/local/squid/var/cache
    http_access allow all
    https_port 9443 cert=/usr/local/squid/etc/server.pem accel key=/usr/local/squid/etc/privkey.pem vhost
    refresh_pattern . 0 20% 4320
    cache_replacement_policy heap GDSF
    memory_replacement_policy heap GDSF
    cache_dir aufs /home/SquidCache 131072 256 256
    cache_swap_low 70
    cache_swap_high 97
    cache_mem 4096 MB
    cachemgr_passwd disable all
    maximum_object_size 1048576 KB
    maximum_object_size_in_memory 16384 KB
    buffered_logs on
    visible_hostname x.x.x.x

  2. server.pem과 privkey.pem 파일을 /usr/local/squid/etc 아래로 복사
    • 인증서 만들기
      1. openssl req -new -keyform PEM -x509 -out server.pem
      2. openssl rsa -in privkey.pem -out privkey.pem.new
      3. cp privkey.pem.new privkey.pem
      4. cp server.pem /usr/local/squid/etc/
      5. cp privkey.pem /usr/local/squid/etc/
  3. cd /usr/local/squid/sbin
  4. 캐시 디렉토리(/usr/local/squid/var/cache) 구조화/초기화 실행 :

    @Ubuntu
    sudo touch /var/log/cache.log /var/log/access.log
    sudo chown proxy /var/log/cache.log /var/log/access.log
    @Ubuntu

    sudo su proxy
    ./squid -z(참조 : http://manpages.ubuntu.com/manpages/dapper/en/man8/squid.8.html )
  5. 프락시서버 데몬 실행 :
    sudo ./squid
If things are not working properly, check the var/logs/cache.log for errors
you will see TCP_HIT and TCP_MISS logging in the access.log which will indicate whether or not the cache is being hit

출처 : https://jazz.net/wiki/bin/view/Main/SCMWithCachingProxy


Squid 로그 처리

/usr/local/squid/var/logs/cache.log

You need to rotate your log files with a cron job. For example in /etc/crontab:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7)  OR
#sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  *  command to be executed
    0  0   *   *  * /usr/local/squid/sbin/squid -k rotate



프락시 캐시 서버 16GB/8GB인 경우 Squid 설정값 예 



cache_replacement_policy heap GDSF 

memory_replacement_policy heap GDSF 

cache_dir aufs /usr/local/squid/var/cache 102400 256 256 

cache_mem 12288 MB (8GB인 경우 6144 MB) 

cache_store_log none 

cache_peer xxx.xxx.xxx.xxx parent 9443 0 no-query originserver name=httpsAccel ssl login=PROXYPASS sslflags=DONT_VERIFY_PEER 

cache_peer_access httpsAccel allow all 

coredump_dir /usr/local/squid/var/cache 

http_access allow all 

https_port 9443 cert=/usr/local/squid/etc/server.pem accel key=/usr/local/squid/etc/privkey.pem vhost 

refresh_pattern .              0       20%     4320 

cachemgr_passwd disable all 

maximum_object_size 1024 MB 

maximum_object_size_in_memory 16 MB 

buffered_logs on 

visible_hostname xxx.xxx.xxx.xxx 

cache_swap_low 90 

cache_swap_high 95 



오타와 Lab의 Squid 설정값


    

  • used 256 Level1 dirs
    • 

  • aufs storage (coss would be even better but is not recommended for production in 3.0 yet).
    • 

  • Disable the cache_store_log.
    • 

  • 4GB of memory cache
    • 

  • max object size in memory: 16MB
    • 

  • 16GB of disk cache
    • 

  • max cached object size: 1GB
    • 

  • GDSF as memory and disk cache replacement policy
    • 

  • turned on buffered logs
    • 

  • set up cron to rotate the logs every day.
    • 






캐시서버로 권고하는 RAID 구성RAID 0 



- 이유는 속도가 가장 빠르고,  캐시인 까닭에 미러링을 덜 고려할 수 있습니다.



 캐시서버 스펙 예




    

  • OS : RedHat Enterprise Server 
    • 

  • 캐시 서버 S/W : Squid (오픈소스) 
    • 

  • CPU : Intel Xeon 3.16 Ghz * 2 
    • 

  • RAM : 8GB RAM 
    • 

  • HDD : SCSI HDD 6 * 146 GB with RAID 0 
    • 






HDD는 일반 PC급 DISK가 아닌 서버급 HDD를 권장하며, Squid를 사용하기 위해서 Linux 서버급 운영체제를 권장합니다.







RTC 2.0.0.1 캐싱 자료 - http://jazz.net/library/article/325

RTC 1.0.1 캐싱 자료 - http://jazz.net/library/techtip/94










글쓴이:



























라벨:
,
,


















댓글 1개:





































        

      









피드 구독하기:
댓글 (Atom)