For When You Can't Have The Real Thing
[ start | index | login ]
start > Linux > squid > Configuring a Yum Cache

Configuring a Yum Cache

Created by dave. Last edited by dave, 14 years and 343 days ago. Viewed 11,750 times. #2
[diff] [history] [edit] [rdf]
labels
attachments

Configuring Squid to act as a Yum Cache

My /etc/squid/squid.conf file boils down to:

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 10.10.10.0/24
http_access allow our_networks
http_access allow localhost
http_access deny all
icp_access allow all
http_port 3128
hierarchy_stoplist cgi-bin ?
cache_dir ufs /var/spool/squid 50000 32 512
maximum_object_size 512000 KB
access_log /var/log/squid/access.log squid
acl QUERY urlpath_regex cgi-bin ?
cache deny QUERY
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
visible_hostname kickstart
coredump_dir /var/spool/squid

Notes:

  • This is basically the squid.conf that comes with CentOS 5 with a few changes. I'm not bothering with authentication at this point.
  • You must change the cache_dir parameter to reflect how big you want your cache to grow because the default is something useless like 100MB. I have 50GB here. I picked the simple ufs cache method because it seems to expire based on last-referred. If your cache size is too small, this will lead to cache thrashing, but at 50GB (or ten times the current size of a distribution) that's not likely to happen.
  • You must change the maximum_object_size to something larger than the default 4MB or you won't cache anything. I have 512MB here, which means I'll probably end up caching .ISOs and crap too...
  • I had to set visible_hostname as there was no default.
  • You have to set an ACL to permit your local subnet to access the proxy; these lines do that:
acl our_networks src 10.10.10.0/24
http_access allow our_networks

Configuring Yum to use the squid proxy

In your /etc/yum.conf, add this line:

proxy=http://$PROXY:3128
I set the IP address, but there's no reason why a name won't work if it works under normal circumstances.
no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt