[Jyri Virkki:]
| I like to write
| "This project delivers ..."
| Like I said, a nit...
done.
| > /etc/squid/squid.conf.default
| > /etc/squid/mime.conf.default
| > /etc/squid/msntauth.conf.default
| > /etc/cachemgr.conf
|
| Are these the working names of the files? Or samples? As with the
| apache discussion, squid should deliver a working configuration such
| that it'll work out of the box as soon as admin enables the squid
| service.
updated to *.conf .
| Is there anything under /var? On my Linux box I see a /var/spool/squid/,
| do we need this as well?
There is var/log directory where the logs are written, (updated.)
and a var/cache for disk cache.
| > 7. Squid Interfaces
| >
| > 7.1. Interface Stability
| >
| > The Squid project has not changed the configuration file format from
| > the time it started. It is a plain text file with space separated key
| > and values. However, newer configuration keys and values have been
| > added in the releases.
| >
| > Squid does not support loadable modules. Thus binary compatibility is
| > not relevant for Squid.
|
| So can we assert that future squid versions will very likely continue
| to be config and interface compatible? In other words we can continue
| updating the versions through patches and there won't be any of the
| issues faced by apache & php? That's nice, simplifies everything..
Yes, AFAIK
| > 2.3 Modules
| >
| > The modules are compiled statically into Squid, thus each release of
| > Squid needs to recompile the modules that it supports.
|
| So unlike apache, there is no notion of user-generated modules then?
There are no loadable modules.
| > 4. Squid Documentation.
| >
| > Squid comes with generic documentation in man page format for squid.8
| > cachemgr.cgi.8, squid_db_auth.8, ncsa_auth.9, squid_ldap_auth.8,
| > pam_auth.8, squid_unix_group.8 and squid_ldap_group.8. These will be
| > placed in the /usr/squid/man/man8 directory as done by the canonical
| > distribution.
|
| Some other components deliver a stub manpage in the system location,
| which points to the component-specific manpages available in the
| above location. (For example /usr/share/man/man1/php.1 for php).
I had opted to follow the apache model since apache was the closest to
squid. more over the bin/sbin directories (which are documented by man) are
under squid too.
| > 7.2. Imported Interfaces
| >
| > Squid imports interfaces from
|
| Here the spec needs a reference to the ARC case where each imported
| interface was defined and make a note in the table of the stability
| classification the exporting case used.
I am in the process of adding that in the wiki (link at the end.)
| > Solaris Trusted Extensions library (libtsol)
|
| Can you expand on this? squid will depend on TX?
the squid binaries that link to it are:
squid/libexec/squid_ldap_auth
squid/libexec/digest_ldap_auth
squid/libexec/squid_ldap_group
|
| > In addition, the following external Interfaces is imported:
| >
| > SMCdb (BerkeleyDB4.2 libdb-4)
| > SMCsasl (SASL2 libsasl2)
|
| I guess the db dependency is gone, right?
Yes, the SMCdb is removed, also SMCsasl is not required, since the sasl
that sun distributes with OpenSolaris is sasl2.
|
| > ================================================================
| > Addendum 1: Squid Integration Directory and File Structure.
| >
| > 1. The following files are included in the Squid integration:
| > /usr/squid
| ...
| > etc
| > squid.conf.default
|
| I assume this is:
| /etc
| (i.e. it's not under /usr/squid)
updated, had missed it.
The updated draft ARC case is attached,
It is also available under
http://wikis.sun.com/display/WebStack/SquidARC
rahul
--
1. e4 _
-------------- next part --------------
{noformat}
Including Squid 2.6.STABLE16 with Solaris - DRAFT
19 September 2007
1. Summary and motivation
1.1. Introduction
This FastTrack delivers Squid Cache 2.6.STABLE16[1] as a component in
sfw stack.
From the Squid HomePage [2], "Squid is a fully-featured HTTP/1.0 proxy
which is almost (but not quite - we're getting there!) HTTP/1.1. Squid
offers a rich access control, authorization and logging environment to
develop web proxy and content serving applications."
This FastTrack proposes the integration of the most recent stable
release of Squid 2.6 (STABLE16),
This case seeks Minor Release Binding.
2. Technical issues
2.1. Key objects
/etc/squid/squid.conf
/etc/squid/mime.conf
/etc/squid/msntauth.conf
/etc/squid/cachemgr.conf
/usr/squid/sbin/squid
/usr/squid/bin/squidclient
/usr/squid/bin/RunCache
/usr/squid/bin/RunAccel
/usr/squid/bin/squidclient
/usr/squid/bin/cossdump
/usr/squid/libexec/diskd-daemon
/usr/squid/libexec/pinger
/usr/squid/libexec/unlinkd
/usr/squid/libexec/squid_db_auth
/usr/squid/libexec/squid_kerb_auth
/usr/squid/libexec/squid_ldap_auth
/usr/squid/libexec/ncsa_auth
/usr/squid/libexec/yp_auth
/usr/squid/libexec/pam_auth
/usr/squid/libexec/getpwname_auth
/usr/squid/libexec/msnt_auth
/usr/squid/libexec/pop3.pl
/usr/squid/libexec/sasl_auth
/usr/squid/libexec/smb_auth.pl
/usr/squid/libexec/smb_auth
/usr/squid/libexec/smb_auth.sh
/usr/squid/libexec/ntlm_auth
/usr/squid/libexec/fakeauth_auth
/usr/squid/libexec/digest_ldap_auth
/usr/squid/libexec/digest_pw_check
/usr/squid/libexec/ip_user_chec
/usr/squid/libexec/squid_unix_group
/usr/squid/libexec/squid_ldap_group
/usr/squid/libexec/wbinfo_group.pl
/usr/squid/libexec/cachemgr.cgi
/usr/squid/share/mib.txt
/usr/squid/share/icons/
/usr/squid/share/errors/
/usr/squid/man/man8/
/var/squid/logs/
/var/squid/cache/
2.2. Versioning
The Squid follows a simple development model. The development and
stable versions coexist. There are three tags used to indicate the
state of a version. STABLE, PRE and DEVEL.[3]
DEVEL is the version that undergoes active development and addition
of features. When it matures it is tagged PRE as beta after which it
is tagged STABLE when the release approaches stability.
There are two active versions in existence now. Squid 2.6.STABLE16 and
Squid-3.0.PRE6. This case deals with Squid 2.6.STABLE16 alone.
( Referred to by Squid in the rest of this document)
2.3 Modules
The modules are compiled statically into Squid, thus each release of
Squid needs to recompile the modules that it supports.
2.4 Directory Naming and Structure
The proposed directory layout for Squid is
/usr/squid/
/bin
/sbin
/libexec
/share
/man/man8
/etc/squid/
/squid.conf
/mime.conf
/msntauth.conf
/cachemgr.conf
/var/squid/logs/
/var/squid/cache/
The detailed directory and file layout for Squid is provided in
Addendum 1.
3. Core Modules
These are the proposed (statically linked) modules enabled by initial
integration.
Asynchronous IO
CARP - Cache Array Routing Protocol
HTCP - Hyper Text Caching Protocol
Cache-Digests
WCCP Versions 1 and 2
Large cache and log file support
Delay pools
Arp Access control lists
SSL support
SNMP support
Forward via Database
Store IO with DISKD, UFS, AUFS and COSS (Different modes of Cache IO)
Authentication scheme with the following supported.
Basic with:
DB,NCSA,YP,LDAP,PAM,getpwnam,MSNT,POP3,
SASL,multi-domain-NTLM,SMB
NTLM with:
SMB,fakeauth
Digest with:
ldap, password
Negotiate with:
kerberose
Acl helpers :
ip_user,unix_group,ldap_group,wbinfo_group
We do not support Acl Helpers Session since it requires Berkeley DB 4 to
compile.
4. Squid Documentation.
Squid comes with generic documentation in man page format for squid.8
cachemgr.cgi.8, squid_db_auth.8, ncsa_auth.9, squid_ldap_auth.8,
pam_auth.8, squid_unix_group.8 and squid_ldap_group.8. These will be
placed in the /usr/squid/man/man8 directory as done by the canonical
distribution.
5. Squid Internationalization
Internationalization of error messages is provided by squid and the
localized error messages are provided in /usr/squid/share/errors
directory for each supported language.
6. Packaging and Delivery
We propose to package squid under SUNWsquid. Multiple versions
coexisting on the same machine is not anticipated since this is not
a development platform, and general usage pattern is to have a single
instance.
7. Squid Interfaces
7.1. Interface Stability
The Squid project has not changed the configuration file format from
the time it started. It is a plain text file with space separated key
and values. However, newer configuration keys and values have been
added in the releases.
Squid does not support loadable modules. Thus binary compatibility is
not relevant for Squid.
7.2. Imported Interfaces
Squid imports interfaces from
Basic security library (libbsm)
C library (libv)
Encryption/decryption library (libcrypt)
Dynamic linking library (libdl)
String pattern-matching library (libgen)
C math library (libm)
Message Digest library (libmd)
Multiple precision library (libmp)
Network services library (libnsl)
PAM (Pluggable Authentication Module) library (libpam)
POSIX threads library (libpthread)
Resolver library (libresolv)
POSIX.1b Realtime Extensions library (librt)
Simple authentication and security layer library (libsasl)
Service configuration facility library (libscf)
Security attributes database library (libsecdb)
Sockets library (libsocket)
Threads library (libthread)
Solaris Trusted Extensions library (libtsol)
SUNWcsl Core Solaris (libcryptoutil,libldap,libuutil)
SUNWpr Netscape Portable Runtime (libnspr4,libplc4,libplds4)
SUNWtls Network Security Services (libnss3,libsoftokn3,libssl3)
SUNWkrbu Kerberos version 5 support (mech_krb5)
SUNWopenssl-libraries OpenSSL Libraries (libcrypto,libssl)
SUNWcry (libcrypto_extra) (SUNWOpenssl
links to it.)
7.3. Exported Interfaces
NAME STABILITY NOTES
/usr/squid/sbin/squid Uncommitted Executable location
/usr/squid/bin/squidclient Uncommitted Executable location
/usr/squid/bin/RunCache Uncommitted Squid Watchdog
Script
/usr/squid/bin/RunAccel Uncommitted Squid Watchdog
Script
/usr/squid/bin/cossdump Uncommitted Executable location
/usr/squid/libexec/unlinkd Uncommitted Executable location
/usr/squid/libexec/cachemgr.cgi Uncommitted Executable script
location
/usr/squid/libexec/diskd-daemon Uncommitted Executable location
/usr/squid/libexec/pinger Uncommitted Executable location
/usr/squid/libexec/unlinkd Uncommitted Executable location
/usr/squid/libexec/squid_db_auth Uncommitted Executable script
location
/usr/squid/libexec/ncsa_auth Uncommitted Executable location
/usr/squid/libexec/yp_auth Uncommitted Executable location
/usr/squid/libexec/squid_ldap_auth Uncommitted Executable location
/usr/squid/libexec/pam_auth Uncommitted Executable location
/usr/squid/libexec/getpwname_auth Uncommitted Executable location
/usr/squid/libexec/msnt_auth Uncommitted Executable location
/usr/squid/libexec/pop3.pl Uncommitted Executable script
location
/usr/squid/libexec/smb_auth.pl Uncommitted Executable script
location
/usr/squid/libexec/smb_auth Uncommitted Executable location
/usr/squid/libexec/smb_auth.sh Uncommitted Executable script
location
/usr/squid/libexec/ntlm_auth Uncommitted Executable location
/usr/squid/libexec/fakeauth_auth Uncommitted Executable location
/usr/squid/libexec/digest_ldap_auth Uncommitted Executable location
/usr/squid/libexec/digest_pw_auth Uncommitted Executable location
/usr/squid/libexec/ip_user_check Uncommitted Executable location
/usr/squid/libexec/squid_unix_group Uncommitted Executable location
/usr/squid/libexec/squid_ldap_group Uncommitted Executable location
/usr/squid/libexec/wbinfo_group.pl Uncommitted Executable script
location
/usr/squid/libexec/cachemgr.cgi Uncommitted Executable script
location
/usr/squid/libexec/sasl_auth Uncommitted Executable location
/usr/squid/libexec/no_check.pl Uncommitted Executable script
location
/usr/squid/libexec/squid_kerb_auth Uncommitted Executable location
/etc/squid/squid.conf Uncommitted Squid Configuration
/etc/squid/mime.conf Uncommitted Additional
Configuration
/etc/squid/msntauth.conf Uncommitted Additional
Configuration
/etc/squid/cachemgr.conf Uncommitted Additional
Configuration
/usr/squid/man/man8/squid.8 Uncommitted Manual Page
/usr/squid/man/man8/cachemgr.cgi.8 Uncommitted Manual Page
/usr/squid/man/man8/squid_db_auth.8 Uncommitted Manual Page
/usr/squid/man/man8/ncsa_auth.8 Uncommitted Manual Page
/usr/squid/man/man8/squid_ldap_auth.8 Uncommitted Manual Page
/usr/squid/man/man8/pam_auth.8 Uncommitted Manual Page
/usr/squid/man/man8/squid_unix_group.8 Uncommitted Manual Page
/usr/squid/man/man8/squid_ldap_group.8 Uncommitted Manual Page
svc:/network/http:squid committed FMRI
/var/svc/manifest/network/http-squid.xml Project Private SMF Manifest
8. References
[1] http://www.squid-cache.org/Versions/
[2] http://www.squid-cache.org/
[3] http://www.squid-cache.org/Versions/
[4] http://sac.sfbay/arc/LSARC/2007/299/
================================================================
Addendum 1: Squid Integration Directory and File Structure.
1. The following files are included in the Squid integration:
/usr/squid
bin
RunCache
squidclient
cossdump
libexec
diskd-daemon
pinger
unlinkd
squid_db_auth
ncsa_auth
yp_auth
squid_ldap_auth
pam_auth
getpwname_auth
msnt_auth
pop3.pl
smb_auth.pl
smb_auth
smb_auth.sh
ntlm_auth
fakeauth_auth
digest_ldap_auth
digest_pw_auth
ip_user_check
squid_unix_group
squid_ldap_group
wbinfo_group.pl
cachemgr.cgi
sasl_auth
no_check.pl
squid_kerb_auth
sbin
squid
share
mib.txt
icons
anthony-binhex.gif
anthony-bomb.gif
anthony-box.gif
anthony-box2.gif
anthony-c.gif
anthony-compressed.gif
anthony-dir.gif
anthony-dirup.gif
anthony-dvi.gif
anthony-f.gif
anthony-image.gif
anthony-image2.gif
anthony-layout.gif
anthony-link.gif
anthony-movie.gif
anthony-pdf.gif
anthony-portal.gif
anthony-ps.gif
anthony-quill.gif
anthony-script.gif
anthony-sound.gif
anthony-tar.gif
anthony-tex.gif
anthony-text.gif
anthony-unknown.gif
anthony-xbm.gif
anthony-xpm.gif
errors
Armenian
Azerbaijani
Bulgarian
Catalan
Czech
Danish
Dutch
English
Estonian
Finnish
French
German
Greek
Hebrew
Hungarian
Italian
Japanese
Korean
Lithuanian
Polish
Portuguese
Romanian
Russian-1251
Russian-koi8-r
Serbian
Simplify_Chinese
Slovak
Spanish
Swedish
Traditional_Chinese
Turkish
man
man8
squid.8
cachemgr.cgi.8
squid_db_auth.8
ncsa_auth.8
squid_ldap_auth.8
pam_auth.8
squid_unix_group.8
squid_ldap_group.8
/etc/squid
squid.conf
mime.conf
msntauth.conf
cachemgr.conf
/var/squid/logs/
/var/squid/cache/
Under each language directories the following files reside
ERR_ACCESS_DENIED
ERR_CACHE_ACCESS_DENIED
ERR_CACHE_MGR_ACCESS_DENIED
ERR_CANNOT_FORWARD
ERR_CONNECT_FAIL
ERR_DNS_FAIL
ERR_FORWARDING_DENIED
ERR_FTP_DISABLED
ERR_FTP_FAILURE
ERR_FTP_FORBIDDEN
ERR_FTP_NOT_FOUND
ERR_FTP_PUT_CREATED
ERR_FTP_PUT_ERROR
ERR_FTP_PUT_MODIFIED
ERR_FTP_UNAVAILABLE
ERR_INVALID_REQ
ERR_INVALID_RESP
ERR_INVALID_URL
ERR_LIFETIME_EXP
ERR_NO_RELAY
ERR_ONLY_IF_CACHED_MISS
ERR_READ_ERROR
ERR_READ_TIMEOUT
ERR_SHUTTING_DOWN
ERR_SOCKET_FAILURE
ERR_TOO_BIG
ERR_UNSUP_REQ
ERR_URN_RESOLVE
ERR_WRITE_ERROR
ERR_ZERO_SIZE_OBJECT
{noformat}
