Re: carp and squid

2016-12-22 Thread Craig Skinner 
Hi Frank,

On Wed, 21 Dec 2016 12:41:43 +0100 Frank White wrote:
> Does 2 nodes clustered openbsd firewall work with squid?
> Is there any specific configuration?
> 

carp may not be needed as:
*) PAC files can list multiple proxies
*) A DNS entry can have multiple IP addresses

See the Squid FAQ:
http://wiki.squid-cache.org/SquidFaq/ConfiguringBrowsers#Redundant_Proxy_Auto-Configuration
http://wiki.squid-cache.org/SquidFaq/ConfiguringBrowsers#Fully_Automatic_Configuration

Also: http://FindProxyForURL.com/example-pac-file/

Symlink a proxy.pac file as wpad.dat

Cheers,
-- 
Craig Skinner | http://linkd.in/yGqkv7

Re: carp and squid

2016-12-21 Thread Jiri B 
On Wed, Dec 21, 2016 at 12:41:43PM +0100, Frank White wrote:
> Hi, does 2 nodes clustered openbsd firewall work with squid ?
> is there any specific configuration ?

If squid on each node would have its own cache dir, ie. not sharing
data, then pointing your clients to squid hostname linked to CARP
IP should work, shouldn't it?

If squid daemons on both nodes would share cache dir, then you should
somehow prevent "failed" node not to continue to mess with storage.
Typical solution is STONITH (shoot the other node in the head - ie.
power fencing). Then you could maybe use ifstated to monitor CARP interface
and start squid daemon if CARP IP is local.

I would be also interested in solutions used by various
OpenBSD users.

j.

carp and squid

2016-12-21 Thread Frank White 
Hi, does 2 nodes clustered openbsd firewall work with squid ?
is there any specific configuration ?