Using Augeas to modify Squid configuration

Question

I'm running squid-deb-proxy and I want to alter the configuration using Puppet/Augeas.

When I try this:

augeas {'squid-deb-proxy.conf':
    lens    => 'Squid.lns',
    incl    => '/etc/squid-deb-proxy/squid-deb-proxy.conf',
    changes => ["set http_port 3129"],
    require => Package['squid-deb-proxy']
}

I get the following error from Puppet:

err: /Stage[main]/Portal::Packages::Squid-deb-proxy/Augeas[squid-deb-proxy.conf]: Could not evaluate: Save failed with return code false

I tried the following with augtool:

augtool> rm /augeas/load/*
rm : /augeas/load/* 867
augtool> set /augeas/load/Squid/lens Squid.lns
augtool> set /augeas/load/Squid/incl /etc/squid-deb-proxy/squid-deb-proxy.conf
augtool> load
augtool> print
/augeas
/augeas/root = "/"
/augeas/context = "/files"
/augeas/variables
/augeas/version = "0.10.0"
/augeas/version/save
/augeas/version/save/mode[1] = "backup"
/augeas/version/save/mode[2] = "newfile"
/augeas/version/save/mode[3] = "noop"
/augeas/version/save/mode[4] = "overwrite"
/augeas/version/defvar
/augeas/version/defvar/expr
/augeas/version/pathx
/augeas/version/pathx/functions
/augeas/version/pathx/functions/count
/augeas/version/pathx/functions/glob
/augeas/version/pathx/functions/label
/augeas/version/pathx/functions/last
/augeas/version/pathx/functions/position
/augeas/version/pathx/functions/regexp
/augeas/save = "overwrite"
/augeas/span = "disable"
/augeas/load
/augeas/load/Squid
/augeas/load/Squid/lens = "Squid.lns"
/augeas/load/Squid/incl = "/etc/squid-deb-proxy/squid-deb-proxy.conf"
/augeas/files
/augeas/files/etc
/augeas/files/etc/squid-deb-proxy
/augeas/files/etc/squid-deb-proxy/squid-deb-proxy.conf
/augeas/files/etc/squid-deb-proxy/squid-deb-proxy.conf/path = "/files/etc/squid-deb-proxy/squid-deb-proxy.conf"
/augeas/files/etc/squid-deb-proxy/squid-deb-proxy.conf/mtime = "1335175492"
/augeas/files/etc/squid-deb-proxy/squid-deb-proxy.conf/lens = "Squid.lns"
/augeas/files/etc/squid-deb-proxy/squid-deb-proxy.conf/lens/info = "/usr/share/augeas/lenses/dist/squid.aug:433.18-.95:"
/augeas/files/etc/squid-deb-proxy/squid-deb-proxy.conf/error = "parse_failed"
/augeas/files/etc/squid-deb-proxy/squid-deb-proxy.conf/error/pos = "1449"
/augeas/files/etc/squid-deb-proxy/squid-deb-proxy.conf/error/line = "42"
/augeas/files/etc/squid-deb-proxy/squid-deb-proxy.conf/error/char = "0"
/augeas/files/etc/squid-deb-proxy/squid-deb-proxy.conf/error/lens = "/usr/share/augeas/lenses/dist/squid.aug:433.18-.95:"
/augeas/files/etc/squid-deb-proxy/squid-deb-proxy.conf/error/message = "Iterated lens matched less than it should"
/files

Which seems to suggest that the lens can't parse the config file. Line 42 of squid-deb-proxy.conf reads:

cache_access_log /var/log/squid-deb-proxy/access.log

And cache_access_log doesn't appear to be listed in /usr/share/augeas/lenses/dist/squid.aug.

So... it appears to me that the Squid lens shipping with Augeas 0.10.0 doesn't cover all of the Squid configuration options. Doesn't this make the lens configurations tremendously brittle? I haven't looked into lenses, but why don't they just define the 'structure' of the file (e.g. "name whitespace value-including-spaces", or "name tabs-only value-list-space-separated", etc.)? It seems a bit strange, and a bit of a maintenance headache, to have to have the lenses know about all of the configuration options.

Have I correctly diagnosed this? And if so, what can I do about it (ideally without having to modify the lens by hand, etc.)

I would submit a bug report to the Augeas project? You seem to have done enough research first :-) — Kyle Smith, Apr 23 '12 at 11:55
Thanks Kyle. As suggested by you and Raphink, I've raised a bug report. (Sort of!) — dty, Apr 23 '12 at 12:30

score 1 · Accepted Answer · answered Apr 23 '12 at 12:15

1

I can confirm that the current lens doesn't support the cache_access_log parameter, and the best thing to do about this indeed is to open a ticket on the Augeas trac.

Some configuration files are trivial to map, and you can just specify a pattern (such as "key = value"). Others are more tricky, where some entries have a specific syntax, and others have a different one. For example, in the case of the squid lens, http_access or acl entries have a different syntax than the rest of the file. For this reason, it is necessary to list all know keys in the file to map them to the proper parser.

For such lenses, the best thing to do when a key is missing in the lens is to report it (or even better, to send a patch to the list, it's quite trivial in this case).

Looking forward to your ticket/patch!

answered Apr 23 '12 at 12:15

raphink

11,337
6
36
47

Hi. I've sent a bug report to the mailing list, as I can't face creating Yet Another User Account just to raise the report direct in Trac. Thanks for your help! – dty Apr 23 '12 at 12:30
Sorry the Fedora project doesn't let you log in using your stackexchange credentials yet... – raphink Apr 23 '12 at 12:34
I'm sure it's not your fault :-) – dty Apr 23 '12 at 12:45
Oh no, I'm not even a Fedora guy to start with ;-) – raphink Apr 23 '12 at 12:47

Using Augeas to modify Squid configuration

1 Answers1