The cluster is now more or less set up. Now we have the task of administering the cluster. There are a couple of admin interfaces available for SquidGuard but none of them did exactly what I wanted, so I wrote my own. My script will allow you to perform the following tasks:
- Modify custom blacklists and whitelists
- Modify Squid configuration
- Modify SquidGuard configuration
- Rebuild blacklist databases
- Search blacklists
- Browse backups of modified files
- Manage Basic authentication users (if configured - not covered here)
- View cluster status
- Start/reload/restart/stop Squid
- Reset database directory permissions
- Clear Squid's cache
- Initiate a csync2 replication
Here is a brief tutorial on how to use it.
SquidGuard Cluster Admin (referred to as SGAdmin from here on) is by no means a sophisticated script. It is written in rudimentary PHP and is rendered using basic HTML tables with a little bit of CSS, but it does the job quite well. When you access the /admin directory on the director webserver, you will see the following page after authenticating (if you have configured it as such):
Modifying Squid & SquidGuard configuration
The first two items in the menu in the Edit Configuration screen are squid.conf and squidGuard.conf. These are the two main config files for Squid and SquidGuard respectively. Take considerable care when editing these (once set up you shouldn't need to change them often) as one character out of place could cause either service to fail. Simply click the file you wish to edit and it will be opened in the panel to the right. Click Save to save the modified file to the director, ready for synchronisation. You can initiate a sync by clicking Replicate Configuration and then the Replicate button.
If you make a mistake when modifying the squidGuard.conf file, you will be notified after saving it. Be sure to revert your changes otherwise SquidGuard will not filter any URLs!
Modifying Blacklists
The bulk of items in the Edit Configuration menu are various blacklists and whitelists. Only custom lists are shown by default as modifying community-maintained lists is pointless (they are refreshed every night so any changes you make will be lost). You can control the files displayed in the menu by modifying the $squidguardfiles array in /admin/conf.php. In my setup I have create a couple of extra lists for students and staff. You edit blacklist/whitelist files in the same way as Squid and SquidGuard configuration files. After you hit save, the list is recompiled into its database form. You will then need to either manually replicate or wait for the next scheduled sync to take place.
Rebuild Databases
You should rarely ever need to do this, but should a blacklist's text file be newer than its database version, you can manually compile it here. Any files that require this will be highlighted in red. Note that because only domain and url lists are compiled into databases, only filenames containing "domains" or "urls" will be listed - bear this in mind when creating your own lists.
Search
Requires little explanation. If a site is being blocked and you don't know why, see if it appears in any blacklist first.
Cluster Status
Clicking this will allow you to see the current status of IPVS (NLB) and crm_mon (HA cluster). Data is generated every 5 seconds by directormonitor.sh and read from a text file by SGAdmin.
Start/Stop Services
Here you can stop, start, reload or restart the Squid service, clear its cache and reset SquidGuard database permissions. Clicking the relevant link will generate a bash script inside control.sh that will run on all backend hosts it is replicated to, but only make changes on the host you have designated.
That's all for this post. There is one last thing to configure in the cluster - centralised logging. Move on to the next post to find out how.