diff options
-rw-r--r-- | config/squid-reverse/squid.inc | 77 | ||||
-rw-r--r-- | config/squid-reverse/squid.xml | 5 | ||||
-rw-r--r-- | config/squid-reverse/swapstate_check.php | 48 | ||||
-rw-r--r-- | pkg_config.8.xml | 2 | ||||
-rw-r--r-- | pkg_config.8.xml.amd64 | 2 |
5 files changed, 109 insertions, 25 deletions
diff --git a/config/squid-reverse/squid.inc b/config/squid-reverse/squid.inc index 9a951f56..151f710c 100644 --- a/config/squid-reverse/squid.inc +++ b/config/squid-reverse/squid.inc @@ -210,6 +210,8 @@ function squid_install_command() { exec("/bin/rm /usr/local/etc/rc.d/squid"); squid_write_rcfile(); exec("chmod a+rx /usr/local/libexec/squid/dnsserver"); + if(file_exists("/usr/local/pkg/swapstate_check.php")) + exec("/bin/chmod a+x /usr/local/pkg/swapstate_check.php"); foreach (array( SQUID_CONFBASE, SQUID_ACLDIR, @@ -581,20 +583,29 @@ function squid_install_cron($should_install) { global $config, $g; if($g['booting']==true) return; - $is_installed = false; + $rotate_is_installed = false; + $swapstate_is_installed = false; + if(!$config['cron']['item']) return; + $settings = $config['installedpackages']['squidcache']['config'][0]; $x=0; + $rotate_job_id=-1; + $swapstate_job_id=-1; foreach($config['cron']['item'] as $item) { if(strstr($item['task_name'], "squid_rotate_logs")) { - $is_installed = true; - break; + + $rotate_job_id = $x; + } elseif(strstr($item['task_name'], "squid_check_swapstate")) { + $swapstate_job_id = $x; } $x++; } + $need_write = false; switch($should_install) { case true: - if(!$is_installed) { + $cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); + if($rotate_job_id < 0) { $cron_item = array(); $cron_item['task_name'] = "squid_rotate_logs"; $cron_item['minute'] = "0"; @@ -603,25 +614,46 @@ function squid_install_cron($should_install) { $cron_item['month'] = "*"; $cron_item['wday'] = "*"; $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/local/sbin/squid -k rotate"; + $cron_item['command'] = "/bin/rm {$cachedir}/swap.state; /usr/local/sbin/squid -k rotate"; + $config['cron']['item'][] = $cron_item; + $need_write = true; + } + if($swapstate_job_id < 0) { + $cron_item = array(); + $cron_item['task_name'] = "squid_check_swapstate"; + $cron_item['minute'] = "*/15"; + $cron_item['hour'] = "*"; + $cron_item['mday'] = "*"; + $cron_item['month'] = "*"; + $cron_item['wday'] = "*"; + $cron_item['who'] = "root"; + $cron_item['command'] = "/usr/local/pkg/swapstate_check.php"; + $config['cron']['item'][] = $cron_item; + $need_write = true; + } + if ($need_write) { $config['cron']['item'][] = $cron_item; parse_config(true); - write_config("Squid Log Rotation"); - configure_cron(); + write_config("Adding Squid Cron Jobs"); } break; case false: - if($is_installed == true) { - if($x > 0) { - unset($config['cron']['item'][$x]); - parse_config(true); - write_config(); - } - configure_cron(); - } + if($rotate_job_id >= 0) { + unset($config['cron']['item'][$rotate_job_id]); + $need_write = true; + } + if($swapstate_job_id >= 0) { + unset($config['cron']['item'][$swapstate_job_id]); + $need_write = true; + } + if ($need_write) { + parse_config(true); + write_config("Removing Squid Cron Jobs"); + } break; } -} + configure_cron(); + } function squid_resync_general() { global $g, $config, $valid_acls; @@ -672,13 +704,12 @@ cache_store_log none EOD; - if (!empty($settings['log_rotate'])) { - $conf .= "logfile_rotate {$settings['log_rotate']}\n"; - squid_install_cron(true); - } - else { - squid_install_cron(false); - } +// Per squid docs, setting logfile_rotate to 0 is safe and causes a simple close/reopen. +// Rotating also ensures that swap.state is rewritten, so is useful even if the logs +// are not being rotated. +$rotate = empty($settings['log_rotate']) ? 0 : $settings['log_rotate']; +$conf .= "logfile_rotate {$rotate}\n"; +squid_install_cron(true); $conf .= <<<EOD shutdown_lifetime 3 seconds diff --git a/config/squid-reverse/squid.xml b/config/squid-reverse/squid.xml index f33327e4..5cb5ea4a 100644 --- a/config/squid-reverse/squid.xml +++ b/config/squid-reverse/squid.xml @@ -152,6 +152,11 @@ <chmod>0755</chmod> <item>http://www.pfsense.org/packages/config/squid-reverse/squid_cache.xml</item> </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/squid-reverse/swapstate_check.php</item> + </additional_files_needed> <fields> <field> <fielddescr>Proxy interface</fielddescr> diff --git a/config/squid-reverse/swapstate_check.php b/config/squid-reverse/swapstate_check.php new file mode 100644 index 00000000..ab5b11d8 --- /dev/null +++ b/config/squid-reverse/swapstate_check.php @@ -0,0 +1,48 @@ +#!/usr/local/bin/php -q +<?php +/* + swapstate_check.php + Copyright (C) 2011 Jim Pingle + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +require_once('config.inc'); +require_once('util.inc'); + +$settings = $config['installedpackages']['squidcache']['config'][0]; +$cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); +$swapstate = $cachedir . '/swap.state'; +$disktotal = disk_total_space(dirname($cachedir)); +$diskfree = disk_free_space(dirname($cachedir)); +$diskusedpct = round((($disktotal - $diskfree) / $disktotal) * 100); +$swapstate_size = filesize($swapstate); +$swapstate_pct = round(($swapstate_size / $disktotal) * 100); + +// If the swap.state file is taking up more than 75% disk space, +// or the drive is 90% full and swap.state is larger than 1GB, +// kill it and initiate a rotate to write a fresh copy. +if (($swapstate_pct > 75) || (($diskusedpct > 90) && ($swapstate_size > 1024*1024*1024))) { + mwexec_bg("/bin/rm $swapstate; /usr/local/sbin/squid -k rotate"); + log_error(gettext(sprintf("Squid swap.state file exceeded size limits. Removing and rotating. File was %d bytes, %d%% of total disk space.", $swapstate_size, $swapstate_pct))); +} +?>
\ No newline at end of file diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 0be2493b..6239beea 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -925,7 +925,7 @@ <descr>High performance web proxy cache with HTTP / HTTPS reverse proxy and Exchange-Web-Access Assistant.</descr> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>2.7.9_1</version> + <version>2.7.9_2</version> <status>Stable</status> <required_version>2.0</required_version> <maintainer>fernando@netfilter.com.br seth.mos@xs4all.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 4d820cc2..93f5fd66 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -85,7 +85,7 @@ <descr>High performance web proxy cache with HTTP / HTTPS reverse proxy and Exchange-Web-Access Assistant.</descr> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>2.7.9_1</version> + <version>2.7.9_2</version> <status>Stable</status> <required_version>2.0</required_version> <maintainer>fernando@netfilter.com.br seth.mos@xs4all.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> |