Re: [squid-users] cache_peer_domain with file list

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 24 Aug 2009 16:39:23 +1200

On Sun, 23 Aug 2009 20:59:50 -0700, Waitman Gobble <waitman_at_waitman.net>
wrote:
> Amos Jeffries wrote:
>>> running (squid/3.0.STABLE18)
>>>
>>> The following squid.conf directive does not seem to work.
>>>
>>> cache_peer_domain server_www "/usr/local/squid/etc/domains"
>>>
>> To do what you are trying:
>> acl our_domains dstdomain "/path/to.file"
>> cache_peer_access server_www allow our_domains
>>
>>
>> Amos
>>
>
> Thanks Amos, that work perfectly.
>
> It seems to work in the order of the file -

> as a simple example, with backend servers, s1, s2 and 4 domains ex1 ex2
> ex3 ex4,
> if i want ex1 and ex2 on s1 and ex3 and ex4 on s2
> but there are "backups" of ex1 and ex2 on s2 and vice-versa -
>
>
> acl s1_primary dstdomain "/s1primary"
> cache_peer_access server_s1 allow s1_primary
> acl s2_primary dstdomain "/s2primary"
> cache_peer_access server_s1 allow s2_primary
> acl s1_secondary dstdomain "/s2primary"
> cache_peer_access server_s1 allow s1_secondary
> acl s2_secondary dstdomain "/s1primary"
> cache_peer_access server_s1 allow s2_secondary
>
> if s1 catches fire requests for all 4 domains would go to s2
> and if s2 was bricked by a felon the requests for all 4 would go to s1
>
> essentially both s1 and s2 could all 4 domains if something bad happens
but
> not very happily, everything runs better when they're split up on
different
> machines.
>

?huh? your example omits cache_peer order.
Which is half the critical config for failover sequencing.

Squid passes requests to the server depending on "cache_peer" lines order.
With cache_peer_access used to prune the full list of cache_peer down to
only the servers usable.

Content of the ACL file should be sorted alphabetically sorted on load.
Anything else is a bug that might be fixed one day when the dstdomain gets
its next upgrade.

So example #1:
cache_peer ... name=s1
cache_peer ... name=s2

all requests will go to s1 until it fails or gets really slow. Failover
requests go to s2 when s1 cant handle things.

Example #2:
cache_peer ... name=s1
cache_peer ... name=s2

acl ex1 dstdomain www.example.com example.com
cache_peer_access s1 allow ex1
acl ex2 dstdomain .example.com
cache_peer_access s2 allow ex2

all requests for www.example.com and example.com go to s1. Other
sub-domains go to s2.
Failover requests for www.example.com and example.com get pushed to s2 as
well.

Example #3:

cache_peer ... name=s2
cache_peer ... name=s1

acl ex1 dstdomain www.example.com example.com
cache_peer_access s1 allow ex1
acl ex2 dstdomain .example.com
cache_peer_access s2 allow ex2

all requests got to s2. Failover requests for www.example.com and
example.com go to s1.
Failover requests for all other sub-domains die with an 'cannot forward' or
'connection failed' error page.

Amos
Received on Mon Aug 24 2009 - 04:39:29 MDT

This archive was generated by hypermail 2.2.0 : Mon Aug 24 2009 - 12:00:04 MDT