Re: SquidShell is already in progress

From: Alex Rousskov <rousskov_at_measurement-factory.com>
Date: Wed, 31 Aug 2011 11:32:40 -0600

On 08/31/2011 03:08 AM, Amos Jeffries wrote:
> On 31/08/11 18:18, Alex Rousskov wrote:
>> On 08/17/2011 06:56 PM, Amos Jeffries wrote:
>>
>>> The "set" should _all_ work immediately
>>
>> I do not think that is practical. Consider a list of ACLs or an ICAP
>> configuration directives. Most of them cannot be applied to a running
>> Squid immediately when typed, one-by-one. They only make sense when
>> applied together, as a whole:
>>
>> tweak
>> tweak
>> tweak
>> apply
>
> For example:
>
> set http_access {
> tweak
> tweak
> tweak
> }
>
>
> I'm thinking along the lines of a POST to the mgr:config action where
> the body is the set of ACLs to reconfigure with.

This is still too restricting because I may need to change a lot more
than http_access ACLs, and I need all those changes to apply
"atomically" to work correctly. The "apply" command or similar is
essential if we are to allow any partial modifications of the configuration.

The easy alternative, which I would actually recommend as a starting
point, is to just have:

   squid% reconfigure <filename>

shell command, where all the options are loaded from the configuration
file, sent to Squid, and applied at once, using the existing
reconfiguration code. Configuration editing is done elsewhere.

> To work with our current configure system the shell will need to ensure
> that the set fully replaces the existing set. All management of line
> numbers and inserting midway, etc, etc done by the tool outside of Squid.

The current configuration system does not have a notion of a "set" of
independent commands that can always be atomically applied without
possible negative side-effects to Squid state. Most squid.conf options
can be inter-dependent in certain environments.

I do not think such sets can even be defined in general, but even if I
am wrong, it is a lot of work unrelated to the Shell concept as such and
it should not be done now or as a part of this project.

Cheers,

Alex.
Received on Wed Aug 31 2011 - 17:32:58 MDT

This archive was generated by hypermail 2.2.0 : Wed Aug 31 2011 - 12:00:03 MDT