On Mon, Sep 23, 2024 at 1:27 PM Stuart Henderson
<stu.li...@spacehopper.org> wrote:
>
> On 2024-09-23, Rick Rackow <r...@rackow.io> wrote:
> > Hey Team,
> > We have the following scenario: we get a list of IPs from an external
> > service, add them to our squid ACLs via a cronjob and then in the same
> > cronjob also reload squid. In this scenario it can happen that occasionally
> > we get some nonsense response from the external service and that lands in
> > the config, causing the config file to be invalid. Now if we to `systemctl
> > reload squid` squid crashes on the restart because the config is invalid
> > and thereafter can’t be restarted without explicitly stating `systemctl
> > start squid`.
> >
> > The question is, has it been considered to validate the config file before
> > performing the actual reload, so there’s no disruption to squid if there
> > was a working config beforehand?
>
> That's easy to do from your cronjob: write the new config to a temporary
> file, check it with "squid -f $filename -k parse", only move into place
> and reload if ok.
Note however that will only protect from malformed configuration
candidates, not from configuration candidates that, while being
syntactically well formed, contain gibberish. For that you probably
want to do something like having some guard values that, if not
present, alert fail the reconfigure test.
--
Francesco
_______________________________________________
squid-dev mailing list
squid-dev@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-dev
