On Sun, 9 Jun 2013 09:14:37 -0700 Squidblacklist <webmaster@xxxxxxxxxxxxxxxxxx> wrote: > On Sun, 09 Jun 2013 09:59:54 -0600 > Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > > > On 06/09/2013 03:29 AM, Eliezer Croitoru wrote: > > > > > Would you prefer a filtering based on a reload or a persistent DB > > > like mongoDB or tokyo tyrant? > > > > I would prefer to improve Squid so that reconfiguration has no > > disrupting effects on traffic, eliminating the "reload is disruptive > > for Squid but not for my ICAP service" difference. > > > > There are many important differences between ACL lists, eCAP > > adapters, and ICAP services. Reconfiguration handling should not be > > one of them. > > > > > > Cheers, > > > > Alex. > > > > > > This should be easily achieved by simply spawning a second squid > process. to temporarily handle the traffic while the primary squid is > reloading the conf. > > Similar to how it works if you had a parent proxy that was reloading, > the sibling ignores it and bypasses it until it returns to normal > operation. > > Im not a programmer, ive no idea how the devels would implement it, > but thats an idea. > > Signed, > > Fix Nichols > > http://www.squidblacklist.org > Acuallly, this can easily be done with a simple bash script. I just jotted this down so dont take it verbatum, but it gives you the basic idea how simple it really would be to write a script to achieve this. Just temporarily changing your iptables to redirect to a temporary squidbox until the reload is completed, then reloading your normal iptables rules to redirect back to the other squid once the reload is finished. ----------------------------------------------------------------- #/bin/bash #Firewall rules to redirect to temporary , second squid process. # iptables-restore < iptables.temp.rules ; #Execute second instance of squid /path/to/squid3/squid3 -c /someplace/alternate.conf ; squid3-k reconfigure ; #reload normal iptables rules iptables-restore < iptables.normal.rules ; #EOF ------------------------------------------------------------------ But I think rather, just setting two instances of squid proxy, or two servers w/e, settimg up a parent and sibling proxy would be easier and less complicated. Since the child proxy will bypass the parent while its reloading the conf anyway and illiminating any downtime you might have. - Signed, Fix Nichols http://www.squidblacklist.org
