Bug 40593 - Add option dbtemp to squidguard
Add option dbtemp to squidguard
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Squid
UCS 4.0
Other Linux
: P5 normal (vote)
: UCS 4.0-4-errata
Assigned To: Sönke Schwardt-Krummrich
Florian Best
:
Depends on: 40541 40595
Blocks:
  Show dependency treegraph
 
Reported: 2016-02-05 13:17 CET by Sönke Schwardt-Krummrich
Modified: 2016-03-02 13:53 CET (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sönke Schwardt-Krummrich univentionstaff 2016-02-05 13:17:02 CET
squidguard is part of UCS, so the patched package should be delivered also via errata updates, so avoid update problems later on (see bug 40541).

+++ This bug was initially created as a clone of Bug #40541 +++

Ticket#2016012821000323

In /var/tmp were lot's of files (~15000; 77GB) from the last 3 years.
The files were owned by proxy:proxy and contained database information.

I digged into the code of squidguard and libdb and for me it looks like if 
squidguard is using an unnamed in-memory btree via libdb. If the amount of 
data still fits into the in memory cache, no file is created. If too much data 
is stored within the btree, a temporary backing file is created in /var/tmp 
(if nothing else is defined in DB_ENV).

Currently I have no idea who is responsible for the backing file. If I'm 
right, squidguard does not get an file handle for the backing file and is 
therefore unable to take care of it.

It is possible to define a different tmpdir for the backing files but e.g. 
/tmp is no real solution since we have multiple squidguard instances running 
which are quite often restarted. On each start of an instance, a new backing 
file is created.

The problem got much worse since the increase of started squidguard instances (2→20).

See also:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721314
Comment 1 Sönke Schwardt-Krummrich univentionstaff 2016-02-05 17:50:09 CET
squidguard has been patched. A new config option "dbtemp" has been added. If defined, the bdb backing files will be placed within that directory. If unset, squidguard shows the old behaviour (using /var/tmp as temp dir for backing files).

In UCS@school in ucs-test-ucsschool the test 11_squidguard_test_dbtemp_option has been added to test the new option and correct functionality.

squidguard.yaml:
r67235 | Bug #40593: updated squidguard.yaml
r67228 | Bug #40593: added squidguard.yaml

Patch in
squidguard/4.0-0-0-ucs/1.5-1-ucs-school-4.0r2/001-added_dbtemp_option.patch:
r15857 | Bug #40541: added option "dbtemp" to specify directory for temporary backing files
r15855 | Bug #40541: added option "dbtemp" to specify directory for temporary backing files
r15854 | Bug #40541: added option "dbtemp" to specify directory for temporary backing files
r15853 | Bug #40541: added option "dbtemp" to specify directory for temporary backing files
r15852 | Bug #40541: added option "dbtemp" to specify directory for temporary backing files
r15851 | Bug #40541: added option "dbtemp" to specify directory for temporary backing files
r15850 | Bug #40541: converted patch to debian patch
r15813 | Bug #40541: converted patch to debian patch
r15812 | Bug #40541: set tmp dir for libdb in squidguard
r15811 | Bug #40541: set tmp dir for libdb in squidguard
Comment 2 Sönke Schwardt-Krummrich univentionstaff 2016-02-05 17:55:02 CET
During QA please check if there's a memory that may cause problems during regular use.
Comment 3 Sönke Schwardt-Krummrich univentionstaff 2016-02-09 12:13:32 CET
Please note: squidguard has been patched and built in ucs-school-4.0r2 AND errata4.0-4 to avoid problems with security/debian updates later on.
Comment 4 Florian Best univentionstaff 2016-03-01 10:48:09 CET
OK squidguard 1.5-1.23.201602051322
OK squidguard 1.5-1.25.201602051324
Comment 5 Florian Best univentionstaff 2016-03-01 10:48:43 CET
YAML: OK
Comment 6 Janek Walkenhorst univentionstaff 2016-03-02 13:53:59 CET
<http://errata.software-univention.de/ucs/4.0/404.html>