Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Syntax check when restarting. #76

Closed
dal00 opened this issue Dec 14, 2017 · 3 comments
Closed

Syntax check when restarting. #76

dal00 opened this issue Dec 14, 2017 · 3 comments
Labels
enhancement New feature or request

Comments

@dal00
Copy link

dal00 commented Dec 14, 2017

Affected Puppet, Ruby, OS and module versions/distributions

  • Puppet: 5.3.3
  • Ruby: bundled with puppet (ruby 2.4.2p198 (2017-09-14 revision 59899) [x86_64-linux])
  • Distribution: Ubuntu 16.04
  • Module version: 0.6.1

How to reproduce (e.g Puppet code you use)

We just provide a wrong config for example duplicate lines in an allow.

What are you seeing

When a wrong squid config is generated and deployed puppet runs stop/start on squid.
This means no syntax check is made. What happens is that squid stops and can't start again.

What behaviour did you expect instead

Allow a syntax check/parse before squid stop, then return an error.

Output log

Dec 14 16:12:31 proxy2.abc.example.com puppet-agent[15922]: Computing checksum on file /etc/squid/squid.conf
Dec 14 16:12:31 proxy2.abc.example.com puppet-agent[15922]: (/Stage[main]/Squid::Config/Concat[/etc/squid/squid.conf]/File[/etc/squid/squid.conf]) Filebucketed /etc/squid/squid.conf to puppet with sum 9d58442d33b217aa95a150b7aeee9a12
Dec 14 16:12:31 proxy2.abc.example.com puppet-agent[15922]: (/Stage[main]/Squid::Config/Concat[/etc/squid/squid.conf]/File[/etc/squid/squid.conf]/content) content changed '{md5}9d58442d33b217aa95a150b7aeee9a12' to '{md5}dad5e225f455572c70ca7606afa20a5b'
Dec 14 16:12:31 proxy2.abc.example.com puppet-agent[15922]: (/Stage[main]/Squid::Config/Concat[/etc/squid/squid.conf]/File[/etc/squid/squid.conf]) The container Concat[/etc/squid/squid.conf] will propagate my refresh event
Dec 14 16:12:31 proxy2.abc.example.com puppet-agent[15922]: (/Stage[main]/Squid::Config/Concat[/etc/squid/squid.conf]/File[/etc/squid/squid.conf]) The container /etc/squid/squid.conf will propagate my refresh event
Dec 14 16:12:31 proxy2.abc.example.com puppet-agent[15922]: (/etc/squid/squid.conf) The container Concat[/etc/squid/squid.conf] will propagate my refresh event
Dec 14 16:12:31 proxy2.abc.example.com puppet-agent[15922]: (Concat[/etc/squid/squid.conf]) The container Class[Squid::Config] will propagate my refresh event
Dec 14 16:12:31 proxy2.abc.example.com puppet-agent[15922]: (Class[Squid::Service]) Scheduling refresh of Service[squid]
Dec 14 16:12:31 proxy2.abc.example.com puppet-agent[15922]: Executing: '/bin/systemctl is-active squid'
Dec 14 16:12:31 proxy2.abc.example.com puppet-agent[15922]: Executing: '/bin/systemctl is-enabled squid'
Dec 14 16:12:31 proxy2.abc.example.com puppet-agent[15922]: Executing: '/bin/systemctl is-active squid'
Dec 14 16:12:31 proxy2.abc.example.com puppet-agent[15922]: Executing: '/bin/systemctl restart squid'
Dec 14 16:12:31 proxy2.abc.example.com squid: Bungled /etc/squid/squid.conf line 543: acl alloweddwhdomains dstdomain .maxmind.com
Dec 14 16:12:31 proxy2.abc.example.com squid[16690]: * Stopping Squid HTTP Proxy squid
Dec 14 16:12:33 proxy2.abc.example.com squid[16690]: * Waiting...
Dec 14 16:12:38 proxy2.abc.example.com squid[16690]: * ...
Dec 14 16:12:43 proxy2.abc.example.com squid[16690]: * ...
Dec 14 16:12:48 proxy2.abc.example.com squid[16690]: * ...
Dec 14 16:12:53 proxy2.abc.example.com squid[16690]: * ...
Dec 14 16:12:58 proxy2.abc.example.com squid[16690]: * ...
Dec 14 16:13:02 proxy2.abc.example.com squid[15827]: Squid Parent: (squid-3) process 15830 exited with status 0
Dec 14 16:13:03 proxy2.abc.example.com squid[16690]: * ...
Dec 14 16:13:05 proxy2.abc.example.com squid[15827]: Squid Parent: (squid-coord-4) process 15829 exited with status 0
Dec 14 16:13:05 proxy2.abc.example.com squid[15827]: Squid Parent: (squid-2) process 15831 exited with status 0
Dec 14 16:13:05 proxy2.abc.example.com squid[15827]: Squid Parent: (squid-1) process 15832 exited with status 0
Dec 14 16:13:08 proxy2.abc.example.com squid[16690]: * ...
Dec 14 16:13:08 proxy2.abc.example.com squid[16690]: ...done.
Dec 14 16:13:08 proxy2.abc.example.com squid[16690]: ...done.
Dec 14 16:13:08 proxy2.abc.example.com squid: Bungled /etc/squid/squid.conf line 543: acl alloweddwhdomains dstdomain .maxmind.com
Dec 14 16:13:08 proxy2.abc.example.com squid: Bungled /etc/squid/squid.conf line 543: acl alloweddwhdomains dstdomain .maxmind.com
Dec 14 16:13:08 proxy2.abc.example.com squid[16729]: * Starting Squid HTTP Proxy squid
Dec 14 16:13:08 proxy2.abc.example.com squid: Bungled /etc/squid/squid.conf line 543: acl alloweddwhdomains dstdomain .maxmind.com
Dec 14 16:13:08 proxy2.abc.example.com squid: message repeated 3 times: [ Bungled /etc/squid/squid.conf line 543: acl alloweddwhdomains dstdomain .maxmind.com]
Dec 14 16:13:08 proxy2.abc.example.com squid[16729]: 2017/12/14 16:13:08| ERROR: '.download.maxmind.com' is a subdomain of '.maxmind.com'
Dec 14 16:13:08 proxy2.abc.example.com squid[16729]: 2017/12/14 16:13:08| ERROR: You need to remove '.download.maxmind.com' from the ACL named 'alloweddwhdomains'
Dec 14 16:13:08 proxy2.abc.example.com squid: Bungled /etc/squid/squid.conf line 543: acl alloweddwhdomains dstdomain .maxmind.com
Dec 14 16:13:08 proxy2.abc.example.com squid[16729]: FATAL: Bungled /etc/squid/squid.conf line 543: acl alloweddwhdomains dstdomain .maxmind.com
Dec 14 16:13:08 proxy2.abc.example.com squid[16729]: Squid Cache (Version 3.5.12): Terminated abnormally.

Any additional information you'd like to impart

Ubuntu uses generated systemd services from sysv. It does not use the restart function in the initscript but just uses stop/start. This means that the syntax check in the initscript is bypassed and the only thing that will happen is that it will be stopped and fail. but if reload is used then systemd will use the reload function which just sends a signal to squid to reload the config without a stop/start, there is a syntax check before this.
Will try to specify the restart option in the service and see if that works.. but maybe this should be a feature in puppet itself. What is your opinion about this?

@dal00
Copy link
Author

dal00 commented Dec 15, 2017

After further investigation I have found that the init script in Ubuntu has an incorrect test condition:
reload|force-reload)
res=$DAEMON -k parse -f $CONFIG 2>&1 | grep -o "FATAL .*"

Where the log output is in fact:

  • FATAL: Bungled /etc/squid/squid.conf line 543: acl alloweddwhdomains dstdomain .maxmind.com

Since the colon is not accounted for in the regex it will always allow a restart/reload and fail if the config has an error. This will need to be fixed upstream as well. Will check if there is a bug for this in launchpad.

@traylenator
Copy link
Contributor

Was going to add this sounds more like something for debian to fix.

@dal00
Copy link
Author

dal00 commented Dec 15, 2017

Funny that you say that.. Debian actually fixed this years ago but then Ubuntu messed up with importing the fix..

I created a bug in launchpad with a patch.. https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/1738412

@juniorsysadmin juniorsysadmin added the enhancement New feature or request label Dec 25, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants