[gilug.org] squid i apt-proxy
David Casals hakd0c telefonica net
2007-09-30 17:44:13 UTC
Bueno vaig fent petits passos.
Ara ja em funciona correctament l'squid en mode transparent pel
contingut web i també em funciona correctament l'apt-proxy si modifico
el sources.list dels clientsi els faig apuntar cap al servidor.
Em funciona tant per Debian i Ubuntu.
El què no em funciona es sense modificar els clients que automaticament
redirigeixi cap una banda o cap a l'altre.
el redirector.py no l'he modificat
redirector_class.py:
"""Reloadable module allows arbitrary url transformations.
must define reload_after (an integer), and rewrite(url)."""
from sets import Set
debian_multimedia = Set(["http://www.debian-multimedia.org/"])
security = Set(["http://security.debian.org/"])
security_ubuntu = Set(["http://security.ubuntu.com/"])
srcips = Set(["192.168.xx."])
def log(s):
f = open("/var/log/squid/redirector_class.log","a")
f.write(s[0]+'\n')
f.close()
def rewrite(url):
#url= array('c', [url,src_address,ident,method])
#log(url)
"""just rewrites urls."""
for m in srcips:
if url[1].find(m) is 0:
if url[0].find('http://') is 0:
for l in security_ubuntu:
if url[0].find(l) is 0:
return url[0].replace(l,
"http://localhost:9999/ubuntu-security/")
for l in debian_multimedia:
if url[0].find(l) is 0:
return url[0].replace(l,
"http://localhost:9999/debian-multimedia/")
for l in security:
if url[0].find(l) is 0:
return url[0].replace(l, "http://localhost:9999/security/")
if url[0].find('/debian/pool/') >= 0:
p = url[0].split('/debian/pool')
return 'http://localhost:9999/debian/pool' + p[1]
if url[0].find('/debian/dists/') >= 0:
p = url[0].split('/debian/dists')
return 'http://localhost:9999/debian/dists' + p[1]
if url[0].find('/ubuntu/pool/') >= 0:
p = url[0].split('/ubuntu/pool')
return 'http://localhost:9999/ubuntu/pool' + p[1]
if url[0].find('/ubuntu/dists/') >= 0:
p = url[0].split('/ubuntu/dists')
return 'http://localhost:9999/ubuntu/dists' + p[1]
return url[0]
reload_after = 5
log("reloading user redirector module")
squid.conf:
http_port 3128 transparent
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny query
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mem 200 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 650000 KB
cache_dir ufs /var/spool/squid 8600 16 256
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
client_lifetime 15 day
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl Safe_ports port 901
acl purge method PURGE
acl CONNECT method CONNECT
url_rewrite_program /etc/apt-proxy/redirector.py
url_rewrite_children 50
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 192.168.99.0/24
http_access allow our_networks
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
cache_mgr
cache_effective_user proxy
#cache_effective_group proxy
visible_hostname mnemosine.associacio-aoe.org
logfile_rotate 3
forwarded_for on
always_direct allow our_networks
coredump_dir /var/spool/squid
apt-proxy-v2.conf:
[DEFAULT]
;; All times are in seconds, but you can add a suffix
;; for minutes(m), hours(h) or days(d)
;; Server IP to listen on
address = 192.168.99.1 127.0.0.1
;; Server port to listen on
port = 9999
;; Control files (Packages/Sources/Contents) refresh rate
;;
;; Minimum age of a file before it is refreshed
min_refresh_delay = 1h
;; Minimum age of a file before attempting an update (NOT YET IMPLEMENTED)
;min_age = 23h
;; Uncomment to make apt-proxy continue downloading even if all
;; clients disconnect. This is probably not a good idea on a
;; dial up line.
complete_clientless_downloads = 1
;; Debugging settings.
;; for all debug information use this:
;; debug = all:9
debug = all:4 db:0
;; Debugging remote python console
;; Do not enable in an untrusted environment
;telnet_port = 9998
;telnet_user = apt-proxy
;telnet_password = secret
;; Network timeout when retrieving from backend servers
timeout = 15
;; Cache directory for apt-proxy
cache_dir = /var/cache/apt-proxy
;; Use passive FTP? (default=on)
;passive_ftp = on
;; Use HTTP proxy?
http_proxy = localhost:3128
;; Limit download rate from backend servers (http and rsync only), in
bytes/sec
;bandwidth_limit = 100000
;;--------------------------------------------------------------
;; Cache housekeeping
;; Time to perform periodic housekeeping:
;; - delete files that have not been accessed in max_age
;; - scan cache directories and update internal tables
cleanup_freq = 1d
;; Maximum age of files before deletion from the cache (seconds)
max_age = 120d
;; Maximum number of versions of a .deb to keep per distribution
max_versions = 3
;; Add HTTP backends dynamicaly if not already defined? (default=on)
;dynamic_backends = on
;;---------------------------------------------------------------
;;---------------------------------------------------------------
;; Backend servers
;;
;; Place each server in its own [section]
[debian]
backends =
http://ftp.us.debian.org/debian
http://ftp.de.debian.org/debian
http://ftp2.de.debian.org/debian
ftp://ftp.uk.debian.org/debian
min_refresh_delay = 1d
[security]
;; Debian security archive
backends =
http://security.debian.org/debian-security
http://ftp2.de.debian.org/debian-security
min_refresh_delay = 1m
[debian-multimedia]
backends = http://www.debian-multimedia.org
[ubuntu]
;; Ubuntu archive
backends = http://archive.ubuntu.com/ubuntu
min_refresh_delay = 15m
[ubuntu-security]
;; Ubuntu security updates
backends = http://security.ubuntu.com/ubuntu
min_refresh_delay = 1m
[backports.org]
;; backports.org
backends = http://backports.org/debian
min_refresh_delay = 1d
;[blackdown]
;; Blackdown Java
;backends = http://ftp.gwdg.de/pub/languages/java/linux/debian
min_refresh_delay = 1d
;[debian-people]
;; people.debian.org
;backends = http://people.debian.org
;[emdebian]
;; The Emdebian project
;backends = http://emdebian.sourceforge.net/emdebian
;[rsync]
;; An example using an rsync server. This is not recommended
;; unless http is not available, becuause rsync is only more
;; efficient for transferring uncompressed files and puts much
;; more overhead on the server.
;backends = rsync://ftp.uk.debian.org/debian
En/na David Casals ha escrit:
> En/na David Casals ha escrit:
>
>> Hola a tots,
>>
>> He estat seguint el manual d'en Jordi Pujol de com
>>
>>
>> Actualitzant Debian en una xarxa local amb múltiples màquines de la
>> pagina del gilug http://www.gilug.org/?q=node/286
>>
>>
>> Jo fins al moment sempre ho havia fet només amb l'squid.
>>
>>
>> Qui guarda els paquets descarregats? Jo pensava que ho faria apt-proxy i
>> li he reservat 150Gb mentre que per l'squid n'hi he deixat 10Gb un cop
>> actualitzada la una màquina client(ha actualitzat 88 paquets amb
>> aproximadament 200Mb) em trobo que al fer un du -h o un df -h la
>> particio de l'squid si que ha augmentat amb dades grabades, mentre que
>> la de l'apt-proxy no ho ha pas fet proporcionalment.
>>
>>
> Un dels meus errors es que l'script fet amb python que s'utilitza
> redirector_class.py, només hi ha posats els repositoris de debian i jo
> necessito els d'ubuntu i els de nexenta.
>
> Ara em poso a revisar com fer-ho.
>
> Si algu ho te fet que avisi.
>
>
>
>> Algu ho ha provat? quina relació d'espai s'hauria de deixar? En un
>> principi la màquina ha de cachejar debian, ubuntu i nexenta (son 3
>> xerrades de la volcanica on es necessita paquets tipus debian.
>>
>> Atentament
>> David Casals
>> hakd0c
>>
>> _______________________________________________
>> Llista del GiLUG
>>
>> http://gilug.org/cgi-bin/mailman/listinfo/llista
>> * Tots els missatges queden publicats a:
>> http://gilug.org/pipermail/llista/
>>
>>
>>
>
> _______________________________________________
> Llista del GiLUG
>
> http://gilug.org/cgi-bin/mailman/listinfo/llista
> * Tots els missatges queden publicats a:
> http://gilug.org/pipermail/llista/
>
>
Més informació sobre la llista de correu gilug