Re: SquidShell,any ideas/suggestions? from Alex Rousskov on 2011-08-10 (squid-dev)

From: Alex Rousskov <rousskov_at_measurement-factory.com>
Date: Wed, 10 Aug 2011 22:30:51 -0600

On 08/10/2011 06:02 PM, Amos Jeffries wrote:
> On Wed, 10 Aug 2011 14:18:21 -0600, Alex Rousskov wrote:
>> On 08/10/2011 10:15 AM, Arthur Tumanyan wrote:
>>
>>> Hi dear developers.I want to inform you,that i'm trying to realize
>>> something
>>> like shell specially for squid.it will be squid full control tool via
>>> command line.SquidShell will be a part of squid and will listen a
>>> specified
>>> port for incoming connections.
>>> If there are any suggestions or advices or something else,please feel
>>> free
>>> to inform me.
>>
>> Currently, cache manager serves a similar function via HTTP, but with a
>> very small set of available commands. I would recommend considering
>> implementing your CLI "shell" as a program that communicates with Squid
>> via cache manager interface (you can add new commands to cache manager
>> as needed). In other words, your CLI program will translate user
>> shell-like input into cache manager requests and then display possibly
>> preprocessed results.
>>
>> This way, you will allow remote Squid management via CLI, will not have
>> to redo Squid management access controls, and enhance Squid cache
>> manager for everybody to enjoy.
>
> I was thinking something very similar. But a but more seamless than the
> HTTP interface to cache manager allows.
>
> Consider connecting to the coordinator IPC channel (UDS socket
> $PREFIX/var/run/squid/coordinator.ipc) when it is available. That way
> the manger actions can be sent in a pre-processed format for faster
> handling.
>
> This can be used as if it was internal to squid but not built into the
> main binary footprint.

Yes, that is a good option as well. Compared to using cache manager, we
would gain easier message parsing and some efficiency. We would lose:
- remote access ability (UDS are local);
- reusable access controls (there are no Coordinator ACLs for now);
- management transaction logging (no Coordinator actions log for now);
- a better understood firewall-friendly text-based protocol (HTTP+CGI
query strings compared to undocumented UDS Coordinator messages).

Since performance is not an issue here, it feels like using cache
manager HTTP interface would be an overall better approach, especially
if we want non-programmers to be able to script beautiful yet
secure/traceable interfaces.

Cheers,

Alex.
Received on Thu Aug 11 2011 - 04:31:11 MDT

This archive was generated by hypermail 2.2.0 : Thu Aug 11 2011 - 12:00:02 MDT