[SHARE] Update Lusca Release - r14371 (November 18, 2009)

grage95

mungkin yang perlu di bahas bareng2:

1. Sarat2 &  formula ideal  (hardisk & ram)
2. optimasi cache dengan fitur  store_rewrite_url (hanya ada di lusca & squid-2.7.x)
3. optimasi refresh_pattern
4. optimasi kernel
5. optimasi dnsmasq utk menghandle client besar
6. ….

silahkan barangkali ada yang perlu di tambahkan, nanti kita garap bareng2, masukan/saran di tunggu, kita bongkar rahasia proxy highperformance

berita menarik, setelah penasaran dengan performance freebsd, opensolaris & linux, ternyata dengan install minimalis OS dan optimasi kernel,  spek mesin dan config yang hampir sama (beda di pengaturan di directory log saja ) lebih unggul di freebsd, saking penasaranya dengan freebsd ini, kernel freebsd ini di ganti dengan mengcopy kernel dari pfsense saja tepar hihihi.  monitoring dengan menggunakan mrtg eksternal (mrtg di box lain hanya menyedot snmp proxy "enable-snmp"), urutannya keunggulan ini di tinjau dari  efisiensi memory, kecepatan untuk menyimpan cache dan ke stabilan dari req/hits yang tinggi.

1. freebsd-7.2-release (ufs dgn option noatime mantap tenan)
2. opensolaris (zfs nya edun euy, quick tapi boros memory hiks hiks)
3. linux (reiserfs (utk file2 kecil) dan ext4 (utk file2 besar) podo wae walopun udah di tuning di fstab notail, noatime, nyoba reiser4 waktu load tinggi kernel panic, udah utak atik sysctl.conf tetep saja hiks)

servis yang jalan hanya dns cache dan lusca

utk cache hits di total hampir sama, cuma beda timing saja
salute 4 jempol untuk developer pfsense ini (quick, easy, fast & stable)

zass

Salam , mahu bertanya, bagaimana mahu aktifkan SNMP ,  sudah cuba baca di cacti forum , tapi tak berhasil

T/K
zass

grage95


download package pfSense Lusca Release - r14371 (November 18, 2009) with patch + snmp + arp

pkg_delete lusca*
or
pkg_delete squid*

and then install
pkg_add -rv http://squid-proxy-pkg.googlecode.com/files/lusca-pfsense-arp-snmp-r14371_2.tbz

enable snmp on squid.inc

acl snmp_host src 127.0.0.1
snmp_port 3401
acl snmppublic snmp_community public
snmp_access allow snmppublic snmp_host
snmp_access deny all

info :
build with

pf-bsd72# squid -v
Squid Cache: Version LUSCA_HEAD
configure options:  '--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid' '--libexecdir=/usr/local/libexec/squid' '--localstatedir=/usr/local/squid' '--sysconfdir=/usr/local/etc/squid' '--enable-removal-policies=heap' '--disable-linux-netfilter' '--disable-linux-tproxy' '--disable-epoll' '--with-pthreads' '--enable-storeio=aufs coss' '--enable-delay-pools' '--enable-snmp' '--disable-carp' '--disable-wccp' '--disable-ident-lookups' '--enable-arp-acl' '--enable-pf-transparent' '--with-large-files' '--enable-large-cache-files' '--enable-err-languages=English' '--enable-default-err-language=English' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=i386-portbld-freebsd7.2' 'build_alias=i386-portbld-freebsd7.2' 'CC=cc' 'CFLAGS=-O2 -pipe -funroll-loops -ffast-math  -fno-strict-aliasing' 'LDFLAGS=' 'CPPFLAGS='

patch with  : aggressive.patch, 2451x.patch,lusca-vary.patch,loop2.patch (fix bug looping for use store_url_rewrite)

tips install squidstats

pkg_add -rv squidstats

after finisih, lets go config

_mkdir -p /var/db/squidstats/graphs
mkdir -p /var/db/squidstats/rrd
chown www:wheel /var/db/squidstats/graphs
chown proxy:wheel /var/db/squidstats/rrd

ln -s /var/db/squidstats/graphs /usr/local/www/data/
ln -s /usr/local/www/cgi-bin/graph-summary.cgi /usr/local/www/graph-summary.cgi
su -m proxy -c "/usr/local/bin/squidstats.pl createdb"
su -m proxy -c "/usr/local/bin/squidstats.pl gather 2"_
edit /etc/crontab
add this line

*/5  *  *  *  *    /usr/local/bin/squidstats.pl gather 2 > /dev/null

restart crontab /etc/rc.d/cron restart

test open with your browser

http://your-ip/graph-summary.cgi

zass

Ertinya kalau saya buat sampai di sini saja :

"pkg_delete lusca*
or
pkg_delete squid*

and then install
pkg_add -rv http://squid-proxy-pkg.googlecode.com/files/lusca-pfsense-arp-snmp-r14371_2.tbz

enable snmp on squid.inc

acl snmp_host src 127.0.0.1
snmp_port 3401
acl snmppublic snmp_community public
snmp_access allow snmppublic snmp_host
snmp_access deny all  "

squid sudah support snmp > dan boleh di ambil datanya dari server lain ,

misalnya gunakan cacti ?

tq

grage95

jika menggunkan mrtg di cacti other box

acl snmp_host src your-ip-cacti
acl snmp_host src  127.0.0.1
snmp_port 3401
acl snmppublic snmp_community public
snmp_access allow snmppublic snmp_host
snmp_access deny all  "

dan di firewall open port 3401 protocol udp

di box cacti install net-snmp dan cacti-template-squidstats

edit /etc/snmpd.conf
tambahkan line ini :

#sec.name                source          community
com2sec local            localhost        public
com2sec mynetwork  1.2.3.0/24      public

check with snmpwalk

snmpwalk -v2c -c public your-ip-pfsense-squid-box:3401 .1.3.6.1.4.1.3495.1.1

zass

tq,tq.tq  ;D saya coba dulu !

zass

Grage5, mengapa saya punya tiada option snmp ?

$ squid -v
Squid Cache: Version LUSCA_HEAD
configure options:  '–bindir=/usr/local/sbin'
'--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid'
'--libexecdir=/usr/local/libexec/squid' '--localstatedir=/usr/local/squid'
'--sysconfdir=/usr/local/etc/squid' '--enable-removal-policies=lru heap'
'--disable-linux-netfilter' '--disable-linux-tproxy' '--disable-epoll'
'--with-pthreads' '--enable-storeio=aufs' '--enable-delay-pools'
'--disable-carp' '--disable-wccp' '--disable-ident-lookups'
'--enable-pf-transparent' '--with-large-files' '--enable-large-cache-files'
'--enable-err-languages=English' '--enable-default-err-language=English'
'--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/'
'--build=i386-portbld-freebsd7.2' 'build_alias=i386-portbld-freebsd7.2'
'CC=cc' 'CFLAGS=-O2 -pipe -funroll-loops -ffast-math  -fno-strict-aliasing'
'LDFLAGS=' 'CPPFLAGS='

tq

grage95

sudah mengupdate package dnegan http://squid-proxy-pkg.googlecode.com/files/lusca-pfsense-arp-snmp-r14371_2.tbz
dan sudah di rehash ?

dedieko

Bos Grage, ada sedikit masalah:

su -m proxy -c "/usr/local/bin/squidstats.pl createdb"

Can't locate RRDs.pm in @INC (@INC contains: /usr/local/lib/perl5/5.8.8/BSDPAN /usr/local/lib/perl5/site_perl/5.8.8/mach /usr/local/lib/perl5/site_perl/5.8.8 /usr/local/lib/perl5/site_perl /usr/local/lib/perl5/5.8.8/mach /usr/local/lib/perl5/5.8.8 .) at /usr/local/bin/squidstats.pl line 4.
BEGIN failed–compilation aborted at /usr/local/bin/squidstats.pl line 4.

grage95

kok perl nya versinya beda ya,
perl5/5.8.8

kalau di saya

perl5/5.8.9
pfsense vesi 1.3.xx

perlu di upgrade perlnya mungkin,

jika menggunakan pfsense 1.3

setenv PACKAGESITE "ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.2-release/Latest/"

pkg-delete -f perl-5*
pkg_add -rv perl

dedieko

@grage95:

kok perl nya versinya beda ya,
perl5/5.8.8

kalau di saya

perl5/5.8.9
pfsense vesi 1.3.xx

perlu di upgrade perlnya mungkin,

jika menggunakan pfsense 1.3

setenv PACKAGESITE "ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.2-release/Latest/"

pkg-delete -f perl-5*
pkg_add -rv perl

Saya pakai Pfsense 1.2.3 bos, upgraded from 1.2

zass

Akhir , berhasil tkasih grage5  ;D

111ichael

@grage95:

kok perl nya versinya beda ya,
perl5/5.8.8

kalau di saya

perl5/5.8.9
pfsense vesi 1.3.xx

perlu di upgrade perlnya mungkin,

jika menggunakan pfsense 1.3

setenv PACKAGESITE "ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.2-release/Latest/"

pkg-delete -f perl-5*
pkg_add -rv perl

tolong dong di bantuin saya pkg_add -rv perl hasilx nongol seperti ini….

# pkg_add -rv perl
pkg_add: can't stat package file 'perl'
pkg_add: 1 package addition(s) failed

perl saya sudah tdak ada… gimana????  :-[

dedieko

Hi everybody,

LUSCA sudah running selama 2/3 hari di pfsense 1.2.3

Pagi ini saya memperhatikan ada yang line seperti ini:

2009/12/13 07:25:22| Ready to serve requests.
2009/12/13 07:25:23| Store rebuilding is 100.0% complete
2009/12/13 07:25:23|   /var/squid/cache: completed rebuild
2009/12/13 07:25:23| Done scanning /var/squid/cache (27283 entries)
2009/12/13 07:25:23| Finished rebuilding storage from disk.
2009/12/13 07:25:23|     27283 Entries scanned
2009/12/13 07:25:23|         0 Invalid entries.
2009/12/13 07:25:23|         0 With invalid flags.
2009/12/13 07:25:23|     24072 Objects loaded.
2009/12/13 07:25:23|         0 Objects expired.
2009/12/13 07:25:23|      1338 Objects cancelled.
2009/12/13 07:25:23|       221 Duplicate URLs purged.
2009/12/13 07:25:23|      1426 Swapfile clashes avoided.
2009/12/13 07:25:23|   Took 1.0 seconds (24494.6 objects/sec).
2009/12/13 07:25:23| Beginning Validation Procedure
2009/12/13 07:25:23|   Completed Validation Procedure
2009/12/13 07:25:23|   Validated 22734 Entries
2009/12/13 07:25:23|   store_swap_size = 363114k
2009/12/13 07:25:24| storeLateRelease: released 0 objects
2009/12/13 07:41:38| squidaio_queue_request: WARNING - Queue congestion
2009/12/13 07:53:28| squidaio_queue_request: WARNING - Queue congestion

Hasil penelusuran di google menunjukkan kalo "Queue Congestion" terjadi jika CPU overload atau disk saya I/O-nya sudah mentok

Berikut Data System

# dmesg | grep CPU

CPU: Intel(R) Celeron(R) CPU 2.00GHz (1999.95-MHz 686-class CPU)
cpu0: <acpi cpu="">on acpi0
p4tcc0: <cpu frequency="" thermal="" control="">on cpu0

atacontrol list

ATA channel 0:
   Master:  ad0 <st340014a 8.01="">ATA/ATAPI revision 6
   Slave:       no device present
ATA channel 1:
   Master:      no device present
   Slave:       no device present

dmesg | grep memory

real memory  = 1065287680 (1015 MB)
avail memory = 1028685824 (981 MB)
agp0: detected 8060k stolen memory

swapinfo -k

Device          1K-blocks     Used    Avail Capacity
/dev/ad0s1b       2097152        0  2097152     0%

#top
last pid:  6357;  load averages:  0.12,  0.11,  0.09                                                                                 up 0+00:42:45  08:06:17
111 processes: 2 running, 92 sleeping, 17 waiting
CPU:  0.0% user,  0.0% nice,  100% system,  0.0% interrupt,  0.0% idle
Mem: 70M Active, 32M Inact, 54M Wired, 632K Cache, 52M Buf, 829M Free
Swap: 2048M Total, 2048M Free
…</st340014a></cpu></acpi>

Mohon pencerahannya
Terima kasih, Matur nuwun, thank you

grage95

kalau menggunakan lusca
perbesar  n_aiops_threads jadi 32

grage95

@111ichael:

# pkg_add -rv perl
pkg_add: can't stat package file 'perl'
pkg_add: 1 package addition(s) failed

perl saya sudah tdak ada… gimana????  :-[

[/quote]

cek dengan pkg_info |grep perl
jika sudah tidak ada install ulang, tapi harus sesuaikan dengan versi kernel pfsensenya
jika masih ada silangkan di uninstall
pkg_delete -f perl*

coba di uname -a

kalau menggunakan
FreeBSD 7.2-Release : pkg_add -rv http://125.160.17.22/freebsd/ports/i386/packages-7.2-release/lang/perl-5.8.9_2.tbz
FreeBSD 7-STABLE : pkg_add -rv http://125.160.17.22/freebsd/ports/i386/packages-7-stable/lang/perl-5.8.9_3.tbz

dan jangan lupa di rehash

111ichael

@grage95:

@111ichael:

cek dengan pkg_info |grep perl
jika sudah tidak ada install ulang, tapi harus sesuaikan dengan versi kernel pfsensenya
jika masih ada silangkan di uninstall
pkg_delete -f perl*

coba di uname -a

kalau menggunakan
FreeBSD 7.2-Release : pkg_add -rv http://125.160.17.22/freebsd/ports/i386/packages-7.2-release/lang/perl-5.8.9_2.tbz
FreeBSD 7-STABLE : pkg_add -rv http://125.160.17.22/freebsd/ports/i386/packages-7-stable/lang/perl-5.8.9_3.tbz

dan jangan lupa di rehash

Makasih atas pencerahannya…..  om Grage ;D

ipoelnet

Kalau keluar gini pada cache.log

2009/12/15 17:57:10| Beginning Validation Procedure
2009/12/15 17:57:10|    262144 Entries Validated so far.
2009/12/15 17:57:10|    524288 Entries Validated so far.
2009/12/15 17:57:10|  Completed Validation Procedure
2009/12/15 17:57:10|  Validated 559523 Entries
2009/12/15 17:57:10|  store_swap_size = 6777879k
2009/12/15 17:57:10| storeLateRelease: released 0 objects

apa penyebabnya, dan apa berpengaruh Om2?

tomplee

om grage saya pake pfsense 1.2.2 lusca pake yang versi ini http://shakau.googlepages.com/vanila-arp-lusca-1.4_2.tbz
yang lusca vanila versi ini kok gak mau di gabung ma adzap versi ini  adzap-20090301.tbz dia pake perl 5.8.9_3 kalau perl-nya yang tak pake yang ini sesuai permintaan adzap luscanya gak mau jalan. solusinya kira bgm ya..

grage95

coba cek dulu perlnya ang sudah terinstall

pkg_info perl*

jika masih menggunakan perl 5.8.8, update perlnya ke versi 5.8.9

coba lusca paket baru lebih responsip hasil patch utak atik gathuk :) , lumayan responsif dan stabil,
cuman cache swap nya harus di delete dulu baru di squid -z,

http://squid-proxy-pkg.googlecode.com/files/pfsense-lusca-head-r14371_3.tbz (menggunakan perl-5.8.9_3.tbz) dan bisa jalan dengan perl-5.8.9_2.tbz

atau update versi pfsensenya,
versi 1.2.3 release lebih maknyuss paralel threadnya utk proxy daripada versi 1.2.2 release dan banyak lagi perbaikannya