HA for Squid Proxy with Pacemaker, Fencing, and Floating IP address

At a high level, this 2-node High Availability (HA) cluster configuration for Squid Proxy works as follows:

  • VMWare virtual machines hosting CentOS 7 are set up as HA nodes for the Squid Proxy servers 

  • HA nodes are set up in an active/passive configuration by using the Pacemaker package for CentOS 7. Pacemaker HA service and Squid Proxy service must be allowed on the CentOS firewalls on the HA nodes. 

  • The etc/hosts file on the nodes contains the IP address to HA node hostname mappings for the nodes in the HA cluster.

  • Fencing agents on the HA nodes ensure that only the active node accesses the file system for the Squid Proxy cluster group.

  • Squid Proxy cluster group and virtual IP address resources for the HA cluster are monitored regularly for availability.

  • Virtual IP (Floating IP) address of the Squid Proxy HA cluster and the port you select for the Squid Proxy service must be factored into the CLI installation command and/or scripts to install the agents the assets.

Prerequisites

  • VMWare virtual machines with the following sizing - 2 vCPUs, 4 GB RAM, 100 GB disk space, and 1 Gbps throughput

  • Names and values of the parameters required to set up the Squid Proxy HA cluster

    For Support packages and basic HA requirements
    Configuration parameter Sample value

    Hostname of the HA nodes

    Squid1

    Squid2

    IP addresses of the HA nodes

    10.30.58.89

    10.30.58.94

    Pacemaker HA service that must be allowed on the firewall

    high-availability

    Username, password, and names of the HA nodes for Pacemaker cluster management.

    clusteradmin

    cluster_2node

    squid01

    squid02

    Name of the Pacemaker cluster

    squid_cluster

    For Squid Proxy Server HA cluster
    Configuration parameter Sample value

    Port to allow Squid proxy service on the firewall.

    3128/tcp

    Name of the Squid Proxy cluster resource group and the interval to monitor (in seconds)

    squid_group

    10s

    Virtual IP address and subnet mask of the Squid Proxy cluster, and name of the virtual IP resource, and the interval to monitor (in seconds)

    10.30.58.222 

    /24

    squid_vip

    30s

Example: 2-node Squid Proxy HA cluster setup

The following example assumes a 2-node HA setup using the sample values listed before. You can scale the setup to up to 16 nodes, with the appropriate hostname to IP address mappings in the nodes.

1. Install supporting packages on HA nodes
yum update -y && reboot
install pacemaker -y
yum install pcs -y
yum install fence-agents-all –y
2. Add host entries in the etc/hosts file on HA nodes
cat /etc/hosts
10.30.58.89 squid01 Squid1
10.30.58.94 squid02 Squid2
3. Enable services on HA nodes
Start and enable the Pacemaker service
systemctl start pcsd.service
systemctl enable pcsd.service
(Optional) Tune the firewall for Pacemaker HA service
firewall-cmd --permanent --add-service=high-availability
firewall-cmd –reload
4. Enable HA cluster
Add Pacemaker cluster management credentials to HA nodes
echo cluster_2node | passwd --stdin hacluster
Authorize HA nodes and form a Pacemaker cluster (from the primary node)
pcs cluster auth squid01 squid02
pcs cluster setup --start --name squid_cluster squid01 squid02
Start the pcs cluster service and verify (from the primary node)
pcs cluster enable –all
pcs cluster status
pcs status
5. Install Squid Proxy Server and tune firewall for Squid Proxy service on HA nodes
yum install squid -y
firewall-cmd --add-port=3128/tcp --permanent
firewall-cmd –reload
6. Set up Squid Proxy HA cluster on the primary node
Set up Squid Proxy cluster resources and cluster group
/dev/mapper/centos-root /mnt/
/etc/squid/* /mnt/
umount /mnt/
pcs resource create squidfs1 Filesystem device=/dev/mapper/centos-root directory=/etc/squid fstype=xfs --group squid_group
pcs resource create squidfs2 Filesystem device=/dev/mapper/centos-root directory=/var/spool/squid fstype=xfs --group squid_group
pcs resource create proxy systemd:squid op monitor interval=10s  --group squid_group

The steps to set up the cluster resource and cluster group can vary by setting up the fencing for the Squid Proxy cluster group.

Set virtual IP, subnet mask, and monitoring interval for Squid cluster
pcs resource create squid_vip ocf:heartbeat:IPaddr2 ip=10.30.58.222 cidr_netmask=24 op monitor interval=30s --group squid_group
7. Verify HA configuration (on the primary node)
Verify Pacemaker service status
pcs status
Verify Squid Proxy service status
systemctl status squid
Verify virtual IP of Squid Proxy cluster
ip a s

 

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.