Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

http mode should not be always using $HTTP_PROXY #60

Open
DrDaveD opened this issue Apr 21, 2023 · 6 comments
Open

http mode should not be always using $HTTP_PROXY #60

DrDaveD opened this issue Apr 21, 2023 · 6 comments

Comments

@DrDaveD
Copy link

DrDaveD commented Apr 21, 2023
edited
Loading

I saw a squid log where stashcp is using the squid.

172.28.23.112 - - [21/Apr/2023:11:28:26.372 -0500] "GET http://128.142.248.156/stashservers.dat?list=xroot HTTP/1.1" 200 1091 TCP_REFRESH_MODIFIED:HIER_DIRECT 107 "- -" "-" "stashcp/6.10.0"
172.28.23.112 - - [21/Apr/2023:11:28:26.388 -0500] "GET http://osg-kansas-city-stashcache.nrp.internet2.edu:8000/osgconnect/public/osg/testfile.txt HTTP/1.1" 200 289 TCP_REFRESH_MODIFIED:HIER_DIRECT 15 "- -" "-" "grab"

It must be honoring $HTTP_PROXY. That's fine for stashservers.dat and small, frequently used files such as testfile.txt, but larger files and low cache re-use can potentially thrash a squid, depending on usage. The OSDF is not supposed to be going through squid. I request that HTTP_PROXY be unset when doing data transfers.
@DrDaveD
Copy link
Author

DrDaveD commented May 17, 2023

This is important, it needs to get fixed. It is overloading squids.

@matyasselmeci
Copy link
Collaborator

We added environment variables to disable the proxy in #38, we just need to modify our pilots to make use of it.

@rynge
Copy link

rynge commented May 17, 2023

I can get that configured on Jetstream, but how would a regular site know that they need to set these variables?

@matyasselmeci
Copy link
Collaborator

We could modify the pilot startup scripts to have it be the default.

@bbockelm
Copy link

I'm fine with changing the default but we should really think about how to do this loudly -- and how to give sites tools to manage this.

In the past, we've had sites (SLAC comes to mind) where use of $http_proxy is mandatory for any HTTP traffic -- site security policy. To go from complying with policy to suddenly bypassing it (even though I've got strong opinions on the policy in the first place...) would be surprising for sites.

Within the OSG context, how about we do something like:

  • Write a documentation page about how to manage this setting from a CE (or a section, perhaps here,
  • Update to ternary logic (enabled / disabled / auto),
  • Give notice as a prominent item in the release notes,
  • Subsequent release switches the default.

@DrDaveD
Copy link
Author

DrDaveD commented May 18, 2023

I think that it would be best to both modify the pilot and to change the default. Changing the pilot would be the most immediate impact, since it will take a lot longer for everybody's stashcp to get updated. On the other hand, there are probably also a lot of different pilot scripts in different VOs so it will also take a while for that to propagate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rynge @bbockelm @DrDaveD @matyasselmeci