Project

General

Profile

Task #13122

review the new infrastructure of CMS backup, opportunistic CVMFS backup squid services

Added by HyunWoo Kim over 3 years ago. Updated over 3 years ago.

Status:
New
Priority:
Normal
Assignee:
Start date:
07/06/2016
Due date:
% Done:

0%

Estimated time:
Duration:

Description

review the new infrastructure of squid services

History

#1 Updated by HyunWoo Kim over 3 years ago

Summary:
The following is the current configuration:

3128 is served by cmsbproxy.fnal.gov
3127 is servied by cmsopsquid.fnal.gov
3126 is served by cvmfsbproxy.fnal.gov
3125 is served by lhchomeproxy.fnal.gov

Your Self-Hosted Website: cmsextproxy.fnal.govon IP address: 131.225.205.133 with Ports: 3125-3128 was reviewed by Computer Security and ACL changes entered.
Your Self-Hosted Website: cmsextproxy.fnal.govon IP address: 131.225.205.134 with Ports: 3125-3128 was reviewed by Computer Security and ACL changes entered.
[hyunwoo@ssiadmin1 ~]$ nslookup 131.225.205.133 name = cmssrv244.fnal.gov
[hyunwoo@ssiadmin1 ~]$ nslookup 131.225.205.134 name = cmssrv245.fnal.gov

cmsextproxy.fnal.gov is DNS R/R
- Address: 131.225.205.133
- Address: 131.225.205.134

cmsextproxy.fnal.gov has the following canonical names(CNAME)
cvmfsbproxy.fnal.gov
lhchomeproxy.fnal.gov
cmsopsquid.fnal.gov

<to do>
cmsbproxy.fnal.gov should stop being DNS R/R
and must become another CNAME for cmsextproxy.fnal.gov
</to do>

[hyunwoo@ssiadmin1 ~]$ nslookup cmsbproxy.fnal.gov
cmsbproxy.fnal.gov canonical name = cmsextproxy.fnal.gov.
Name: cmsextproxy.fnal.gov
Address: 131.225.205.133
Name: cmsextproxy.fnal.gov
Address: 131.225.205.134

cmssrv244.fnal.gov has the following canonical names(CNAME)
cmsextproxy1.fnal.gov
cvmfsbproxy1.fnal.gov
lhchomeproxy1.fnal.gov
cmsopsquid1.fnal.gov

[hyunwoo@ssiadmin1 ~]$ nslookup cmsbproxy01.fnal.gov
cmsbproxy01.fnal.gov canonical name = cmssrv244.fnal.gov.
Name: cmssrv244.fnal.gov
Address: 131.225.205.133

[hyunwoo@ssiadmin1 ~]$ nslookup cmsbproxy02.fnal.gov
cmsbproxy02.fnal.gov canonical name = cmssrv245.fnal.gov.
Name: cmssrv245.fnal.gov
Address: 131.225.205.134

[hyunwoo@ssiadmin1 fef]$ emacs profiles/p_cmsextsquid/manifests/init.pp
  firewall { '003 squid port open to outside':
    action => 'accept',
    proto  => 'tcp',
    dport  => '3125-3128',
  }

[root@cmssrv244 ~]# iptables --list | grep squid
ACCEPT     tcp  --  anywhere             anywhere            multiport dports a13-an:squid /* 003 squid port open to outside */

#2 Updated by HyunWoo Kim over 3 years ago

  • Subject changed from review the new infrastructure of squid services to review the new infrastructure of CMS backup, opportunistic CVMFS backup squid services


Also available in: Atom PDF