Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I've been using the purge utility ie.
squidclient -m PURGE http://www.example.com/
The above command will purge that exact link but it leaves everything else under it in the cache. (eghttp://www.example.com/page1)
I was wondering is there a way to purge every document under that url?
I've had limited success messing with this line:
awk '{print $7}' /var/log/squid/access.log | grep www.example.com | sort | uniq | xargs -n 1 squidclient -m PURGE -s
First of all thank you KimVais for advising me to ask in serverfault, I have found a solution there.
as answered in serverfault:
The 3rd-party purge utility will do exactly what you seek:
The purge tool is a kind of magnifying glass into your squid-2 cache. You can use purge to have a look at what URLs are stored in which file within your cache. The purge tool can also be used to release objects which URLs match user specified regular expressions. A more troublesome feature is the ability to remove files squid does not seem to know about any longer.
For our accelerating (reverse) proxy, I use a config like this:
purge -c /etc/squid/squid.conf -p localhost:80 -P0 -se 'http://www.mysite.com/'
-P0 will show the list of URLs but not remove them; change it to -P1 to send PURGE to the cache, as you do in your example.
The net-purge gem adds Net::HTTP::Purge to ruby, so you can easily purge your cache.
require 'net-purge'
Net::HTTP.start('417east.com') {|http|
request = Net::HTTP::Purge.new('/')
response = http.request(request)
puts response.body # Guru Meditation
}
I'd like to add that there's no O(1) way to do invalidate multiple objects in Squid cache. See the Squid FAQ for details.
For comparison, Nginx and Apache Traffic Server seem to lack this feature, too. OTOH, Varnish implements banning, which in practice should do what you want.
We have a lot of ways to purge. Example 2 ways I alway use:
With client using MacOS or Linux:
curl -X PURGE http://URL.of.Site/ABC.txt
Direct on server which is running Squid:
squidclient -m PURGE http://URL.of.Site/ABC.txt
Absolutely, squid.conf must add
acl Purge method PURGE
http_access allow localhost Purge
http_access allow localnet Purge
http_access deny Purge
Apache Traffic Server v6.0.0 adds a "cache generation ID" which can be set per remap rule. So you can effectively purge an entire "site" at no cost at all, it really doesn't do anything other than making the old versions unavailable.
This works well with the ATS cache, because it's a cyclical cache (we call it cyclone cache), objects are never actively removed, just "lost".
Using this new option is fairly straight forward, e.g.
map http://example.com http://real.example.com \
#plugin=conf_remap.so \
proxy.config.http.cache.generation=1
To instantly (zero cost) purge all cached entries for example.com, simply bump the generation ID to 2, and reload the configuration the normal way.
I should also say that writing a plugin that loads these generation IDs from some other (external) source other than our remap.config would be very easy.
Related
This is my first post!
I have 100's of nodes managed by puppet/foreman. Everything is fine.
I did something I already did without problem in the past:
Change the hostname of a server.
This time I changed 2 hostnames:
Initially I had 'gate02' and 'gate03'.
I moved gate02 to 'gate02old' (with dummy IP, and switched the server OFF)
then I moved gate03 to gate02 ...
Now (the new) gate02 reports are updating the host called gate02old in foreman.
I did clean the certs in the puppetserver. I rm the ssl dir in the (new) gate02 and run puppet agent. I did not fing any reference to 'gate' in /var/lib/puppet. I changed the certname in puppet.conf and in hostname, and in sysconfig/network-script/ifcfg-xxxx.
The puppet agent run smoothly, and sends it to the puppetserver. But it updates the wrong host!
Anyone would have a clue on how to fix this ?
Thanks!
Foreman 2.0.3
Puppet 6
I do not accept that the sequence of events described led to the behavior described. If reports for the former gate03, now named gate02, are being logged on the server for name gate02old, then that is because that machine is presenting a cert to the server that identifies it as gate02old (and the server is accepting that cert). The sequence of events presented does not explain how that might be, but my first guess would be that it is actually (new) gate02old that is running and requesting catalogs from the server, not (new) gate02.
Fix it by
Ensuring that the machine you want running is in fact the one that is running, and that its hostname is in fact what you intend for it to be.
Shutting down the agent on (new) gate02. If it is running in daemon mode then shut down the daemon and disable it. If it is being scheduled by an external scheduler then stop and disable it there. Consider also using puppet agent --disable.
Deactivating the node on the server and cleaning out its data, including certs:
puppet node deactivate gate02
puppet node deactivate gate02old
puppet node deactivate gate03
You may want to wait a bit at this point, then ...
puppet node clean gate02
puppet node clean gate02old
puppet node clean gate03
Cleaning out the nodes' certs. For safety, I would do this on both nodes. Removing /opt/puppetlabs/puppet/ssl (on the nodes, not the server!) should work for that, or you could remove the puppet-agent package altogether, remove any files left behind, and then reinstall.
Updating the puppet configuration on the new gate02 as appropriate.
Re-enabling the agent on gate02, and starting it or running it in --test mode.
Signing the new CSR (unless you have autosigning enabled), which should have been issued for gate02 or whatever certname is explicitly specified in in that node's puppet configuration.
Thanks for the answer, though it was not the right one.
I did get to the right point by changing again the hostname of the old gateold02 to a another existing-for-testing one, starting the server and get it back in Foreman. Once that done, removing (again!) the certs of the new gate02 put it right, and its reports now updates the right entry in Foreman.
I still beleive there is something (a db ?) that was not updated right so foreman was sure that the host called 'gate02' was in the GUI 'gateold02'.
I am very sorry if you don't beleive me.
Not to say rather disappointed.
Cheers.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I have rsync executed continuously between 2 systems which has the tcp connection getting interrupted due to known reasons.
In a rare case, it so happens that the entire rsync destination directory is deleted and the data gets synced to alternative location.
The rsync option used is "-rpt -iP --stats --inplace" I read about --inplace being inconsistent with interrupted connection.
-rpt -iP --stats --inplace >> FAILS
Need help to come up with safest approach to avoid inconsistencies in rsync in an environment with frequent connection disruption
If you need a consistent way to syncing whole directory use:
rsync -avz \
--partial \
--partial-dir=.rsync-partial/ \
--delay-updates \
--delete \
--stats \
...
Linux man says about --inplace:
This has several effects: (1) in-use binaries cannot be updated (either the OS will prevent this from happening, or binaries that attempt to swap-in their data will misbehave or crash), (2) the file's data will be in an inconsistent state during the transfer, (3) a file's data may be left in an inconsistent state after the transfer if the transfer is interrupted or if an update fails
So, --inplace can not be used for consistent syncing. Instead use delay-updates algorithm that guarantees that destination-dir changes will be implied only after successfully completed transfer.
Also you may decide to use -a instead of -rpt. -a param is equivalent to -rlptgoD and this is complete params set for consistent syncing. -vz params useful for verbose output and compression while transfer (reducing traffic).
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
Suppose servers myLaptop, A and B. The same ssh-agent should allow me to go over A and B without readding the ssh-agent in the server A to go to B.
$ eval `ssh-agent`; ssh-add ~/.ssh/mePriv #In myLaptop
$ ssh me#kosh.A.com #Works without typing pwd
$ ssh me#triton.A.com #Won't work, ssh-agent not alive in A?!
$ eval `ssh-agent`; ssh-add ~/.ssh/mePriv; ssh me#triton.A.com #Works, dupe...
where now I have the ssh-agent running in myLaptop and in A. Is there some easy way so that I could only have the ssh-agent set up once in myLaptop without retyping everything again in A?
P.s. I am not sure about technical terms but the same thing I am trying to achieve here to connect to server B through the server A can be done with something like ssh-forwarding/ssh-tunneling, not sure about correct terminology. For this question, focus on ssh-agent. Easiest solution very well appreciated!
Please, see the answer here.
Shortly
run ssh-keygen in your server
move the private-key id_rsa to your laptop's $HOME/.ssh/id_rsa
remove the private key id_rsa from your server
create the following $HOME/.ssh/config in your laptop
run ssh-add $HOME/.ssh/id_rsa
copy the public key to the laptop's $HOME/.ssh/id_rsa.pub
add the public key to the server's $HOME/.ssh/authorized_keys
Have .ssh/config like
Host server.myhomepage.com
User masi
Port 22
Hostname server.myhomepage.com
IdentityFile ~/.ssh/id_rsa
TCPKeepAlive yes
IdentitiesOnly yes
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 8 years ago.
Improve this question
Are there any open source HTTP caching proxies I can use to give myself a good starting point?
I want to write a personal HTTP caching proxy to achieve the following purposes
Serve content instantly even if the remote site is slow
Serve content even if the network is down
Allow me to read old content if I'd like to
Why do I want to do this?
The speed of Internet connection in my area is far from spectacular.
I want to cache contents even if the HTTP headers tell me not to
I really don't like it when I couldn't quickly access content that I've read in the past.
I feel powerless when a website removes useful content and I find no way to get it back
The project comprises
A proxy running it on the local network (or perhaps on localhost), and
A browser plugin or a desktop program to show content-updated notifications
What's special about the proxy?
The browser initiates an HTTP request
The proxy serves the content first, if it's already in the cache
Then the proxy contacts the remote website and check whether the content has been updated
If the content has been updated, send a notification to the desktop/browser (e.g. to show a little popup or change the color of a plug-in icon), and download the content in the background.
Every time the proxy download new content, save it into the cache
Let me choose to load the updated content or not (if not, stop downloading the new content; if yes, stream the new content to me)
Let me assign rules to always/never load fresh content from certain websites
Automatically set the rules if the proxy finds that (1) I always want to load fresh content from a certain website, or (2) the website's content frequently updates
Note:
Caching everything does not pose a security problem, as I'm the only one with physical access to the proxy, and the proxy is only serving me (from the local network)
I think this is technologically feasible (let me know if you see any architectural problems)
I haven't decided whether I should keep old versions of the webpages. But given that my everyday bandwidth usage is just 1-2 GB, a cheap 1TB hard drive can easily hold two years of data!
Does my plan make sense? Any suggestions/objections/recommedations?
Take a look at polipo:
http://www.pps.univ-paris-diderot.fr/~jch/software/polipo/
Source is here:
https://github.com/jech/polipo
It is a caching web proxy implemented in C. It should definitely help you.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I'm trying to set up a mechanism whereby files can be mailed to addresses at a domain, to be processed by a script etc etc. There'll be a postfix server listening for mail to the domain (in postfix terms, I think it's a "virtual domain"), it'll use a PostgreSQL lookup to distinguish real from bogus recipients, and then it should hand off the mail body to a script that'll do various things.
I think that I understand how to get the server to listen for mail for a domain, and I'm pretty sure I've got the PostgreSQL configuration right (and I can test it with postmap and it seems to work). What's really confusing me however is how to get the transport mechanism set up. I think that what I need to do is define something via the "pipe" service in "master.cf", but the vastness of postfix and the myriad things it can do over and above the 1 simple thing I happen to want it to do are daunting impediments.
Is there some sort of easy-to-digest howto somewhere for this? There are all sorts of fascinating how-to articles for postfix, but so far the ones I've found are all about weird esoteric mail server challenges and not about the (probably dirt-simple) thing I need to do.
For what it's worth here's what I think is necessary for a basic, not necessarily secure, setup:
create a "transport" in "master.cf" that uses "pipe" to hook up to the program/script of your own design. Your script will be passed the mail messages as standard input, and can be configured (in master.cf) with all sorts of useful arguments - see the postfix "pipe" command documentation
create a virtual domain for your virtual mailboxes. Don't use "virtual-alias-foo", use "virtual-mailbox-foo".
if you're looking up addresses in a PostgreSQL database like me, add a .cf file for the database lookups. This part is pretty easy really; you just need to write a query that'll return when it finds a good address. One thing I don't entirely know for sure is what the script should return - I have mine return the original destination address when it finds a good one.
That's about it I think ...