Re: [squid-users] Squid 2.7STABLE7 randomly crashes
Anyone? On Wed, Jan 20, 2010 at 4:17 PM, myocella wrote: > Greetings, > > A Squid server (RHEL-5.2 64-bit) is serving around 1000 users with > NTLM (winbindd), > Basic, wbinfo, and URL rewriter (Websense). Squid has randomly crashed with > the following messages: > > FATAL: Received Segment Violation...dying. > 2010/01/20 15:53:29| storeDirWriteCleanLogs: Starting... > 2010/01/20 15:53:29| WARNING: Closing open FD 183 > 2010/01/20 15:53:29| commSetEvents: epoll_ctl(EPOLL_CTL_DEL): failed > on fd=183: (1) Operation not permitted > 2010/01/20 15:53:29| 65536 entries written so far. > 2010/01/20 15:53:29| 131072 entries written so far. > ... > ... > 2010/01/20 15:53:35| Finished. Wrote 10511684 entries. > 2010/01/20 15:53:35| Took 6.2 seconds (1702503.8 entries/sec). > CPU Usage: 3406.086 seconds = 2431.073 user + 975.013 sys > Maximum Resident Size: 0 KB > Page faults with physical i/o: 3 > Memory usage for squid via mallinfo(): > total space in arena: -1092812 KB > Ordinary blocks: -1096748 KB 3986 blks > Small blocks: 0 KB 24 blks > Holding blocks: 24108 KB 8 blks > Free Small blocks: 1 KB > Free Ordinary blocks: 3935 KB > Total in use: -1072640 KB 100% > Total free: 3936 KB 0% > 2010/01/20 15:54:48| Starting Squid Cache version 2.7.STABLE7 for > x86_64-unknown-linux-gnu... > > > > Ran gdb over the core dump file and got this result: > > # gdb /usr/local/squid/sbin/squid core.30068 > GNU gdb Red Hat Linux (6.5-37.el5rh) > Copyright (C) 2006 Free Software Foundation, Inc. > GDB is free software, covered by the GNU General Public License, and you are > welcome to change it and/or distribute copies of it under certain conditions. > Type "show copying" to see the conditions. > There is absolutely no warranty for GDB. Type "show warranty" for details. > This GDB was configured as "x86_64-redhat-linux-gnu"...Using host libthread_db > library "/lib64/libthread_db.so.1". > > Reading symbols from /lib64/libcrypt.so.1...done. > Loaded symbols for /lib64/libcrypt.so.1 > Reading symbols from /lib64/libpthread.so.0...done. > Loaded symbols for /lib64/libpthread.so.0 > Reading symbols from /lib64/libm.so.6...done. > Loaded symbols for /lib64/libm.so.6 > Reading symbols from /lib64/libnsl.so.1...done. > Loaded symbols for /lib64/libnsl.so.1 > Reading symbols from /lib64/libc.so.6...done. > Loaded symbols for /lib64/libc.so.6 > Reading symbols from /lib64/ld-linux-x86-64.so.2...done. > Loaded symbols for /lib64/ld-linux-x86-64.so.2 > Reading symbols from /lib64/libnss_files.so.2...done. > Loaded symbols for /lib64/libnss_files.so.2 > Reading symbols from /lib64/libnss_dns.so.2...done. > Loaded symbols for /lib64/libnss_dns.so.2 > Reading symbols from /lib64/libresolv.so.2...done. > Loaded symbols for /lib64/libresolv.so.2 > Core was generated by `(squid)'. > Program terminated with signal 6, Aborted. > #0 0x00376b630215 in raise () from /lib64/libc.so.6 > (gdb) bt > #0 0x00376b630215 in raise () from /lib64/libc.so.6 > #1 0x00376b631cc0 in abort () from /lib64/libc.so.6 > #2 0x00474515 in death (sig=) at tools.c:327 > #3 > #4 0x0044271a in httpHeaderGetEntry (hdr=0x141868f8, > pos=0x7fff2c609774) at HttpHeader.c:595 > #5 0x004427fe in httpHeaderFindEntry (hdr=0x141868f8, > id=HDR_CONTENT_TYPE) at HttpHeader.c:619 > #6 0x00443037 in httpHeaderGetStr (hdr=0x141868f8, > id=HDR_CONTENT_TYPE) at HttpHeader.c:1086 > #7 0x004075b9 in aclMatchAclList (list=0x2aaac246fa40, > checklist=0x2aaad3524738) at acl.c:2010 > #8 0x00407d82 in aclCheck (checklist=0x2aaad3524738) at acl.c:2178 > #9 0x0042daae in externalAclHandleReply (data=0x2aaab26015d0, > reply=0x2aaac6951e38 "") at external_acl.c:985 > #10 0x0043cd65 in helperHandleRead (fd=, > data=) at helper.c:769 > #11 0x00427511 in comm_select (msec=) > at comm_generic.c:264 > #12 0x0044f7a6 in main (argc=, > argv=0x7fff2c609a58) at main.c:863 > > The configure options read > > ./configure --prefix=/usr/local/squid --enable-async-io --enable-snmp --enab > le-epoll --enable-storeio=aufs null --enable-removal-policies=heap lru > --enable- > large-cache-files --with-large-files --disable-poll --disable-select > --disable-c > arp --disable-wccp --disable-ident-lookups --with-maxfd=32768 > --enable-ntlm-auth > -helpers=SMB --enable-external-acl-helpers=wbinfo_group ldap_group > --enable-auth > =basic ntlm --enable-basic-auth-helpers=LDAP --enable-err-languages
[squid-users] Squid 2.7STABLE7 randomly crashes
og cache_store_log none pid_filename /var/run/squid.pid coredump_dir /var/spool/squid/crash log_icp_queries off client_db on half_closed_clients off cache_mem 512 MB maximum_object_size 768000 KB maximum_object_size_in_memory 96 KB memory_pools off forwarded_for off snmp_port 1601 snmp_incoming_address 0.0.0.0 snmp_outgoing_address 255.255.255.255 auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param ntlm keep_alive on auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm User Authentication external_acl_type ads-group children=20 %LOGIN /usr/local/squid/libexec/wbinfo_group.pl url_rewrite_children 50 redirector_bypass off url_rewrite_program /opt/Websense/bin/WsRedtor Does anyone have any idea how to fix this problem? Many Thanks myOcella
[squid-users] auth failed to downstream squid proxy
I've 2 proxy servers chained together. Both authenticates against different AD domains. The downstream proxy is running on Windows (squid/2.5.STABLE1-CVS) supporting only basic auth (nt_auth.exe). This proxy server has a cache_peer basic auth setup to the upstream proxy: cache_peer upstream.proxy 3128 0 no-query login=UPSTREAM_DOMAIN\dummyuser:password The upstream is running on RHEL (squid/2.7.STABLE7) supporting NTLM,Basic with AD using this guide http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory, plus wb_info.pl for the group lookup. The users in UPSTREAM_DOMAIN can browse Internet using upstream proxy. However, the downstream proxy users can't browse the Internet. Their browser prompt for username and password twice - the first time it showed the downstream Realm which makes sense, but the second prompt showed the upstream Realm!. In the access.log file on downstream, it showed the authentication successfully with username. x.x.x.x - downstream_domain\user [09/Oct/2009:12:58:59] "GET http://www.google.com/ HTTP/1.0" 200 240 TCP_MISS:FIRST_UP_PARENT But the access.log file on the upstream proxy showed 407 with the "UPSTREAM_DOMAIN\dummyuser", which is correct. downstream.proxy - upstream_domain\user [09/Oct/2009:12:58:59] "GET http://www.google.com/ HTTP/1.0" 407 1685 TCP_DENIED:NONE Below here is auth conf on the upstream proxy.. auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 40 auth_param ntlm keep_alive off auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Internet Access external_acl_type ads-group children=20 %LOGIN /usr/local/squid/libexec/wbinfo_group.pl -d acl downstream_user proxy_auth -i upstream_domain\dummyuser http_access allow downstream_user http_reply_access allow downstream_user Does anyone has any idea how to resolve this problem? Thank you myocella
[squid-users] Number of clients accessing cache is always 0
Hi there, I just setup a new Squid proxy server. There are around 800-1000 users using this proxy but the "Number of clients accessing cache" is always 0. I'm using squid-2.7.STABLE6 on RHEL5. This is the build option: "./configure" \ "--prefix=/usr/local/squid" \ "--enable-async-io" \ "--enable-snmp" \ "--enable-epoll" \ "--enable-storeio=aufs null" \ "--enable-removal-policies=heap lru" \ "--enable-large-cache-files" \ "--with-large-files" \ "--disable-poll" \ "--disable-select" \ "--disable-carp" \ "--disable-wccp" \ "--disable-ident-lookups" \ "--with-maxfd=32768" \ "--enable-ntlm-auth-helpers=SMB" \ "--enable-external-acl-helpers=wbinfo_group ldap_group" \ "--enable-auth=basic ntlm" \ "--enable-basic-auth-helpers=LDAP" \ "--enable-err-languages=English" Another older squid reports the number correctly. It is on squid-2.6.STABLE20. Thanks PT
[squid-users] Upstream Squid to identify user
Greeting I have set up an upstream Squid proxy to receive proxy traffic from other Squid servers. I would like to log user access on the upstream proxy. The downstream has this line: cache_peer upstreamproxy.foo.com parent 8080 7 no-query login=*:foo However, there is no username showing in the upstream Squid log. What do I need to add into the Squid conf? Currently it just allows access from dowstream IPs. No auth-param is setup. cheers, myocella
[squid-users] Upstream Squid to identify user
Greeting I have set up an upstream Squid proxy to receive proxy traffic from other Squid servers. I would like to log user access on the upstream proxy. The downstream has this line: cache_peer upstreamproxy.foo.com parent 8080 7 no-query login=*:foo However, there is no username showing in the upstream Squid log. What do I need to add into the Squid conf? Currently it just allows access from dowstream IPs. No auth-param is setup. cheers, myocella
[squid-users] TCP connection failed - problem
Hello, I'm working on setting up Squid as proxy + cache on Linux (OpenSuSE 10.3) to serve around 300 concurrent connections. The proxy was working well for a few hours (or less), and then it started showing "TCP connection to xxx.xxx.xxx.xxx/8080 failed" messages in cache.log file. There is another Squid proxy which has been running on AIX platform using the same upstream proxy server as Linux does, but it never got the TCP connection failed mesg. Both proxy are running the same version of squid, squid-2.6-STABLE18. I have been searching and found many people have this problem but there is no solid solution to resolve the problem. I've tried to recompile Squid with different of options, plus tuning the kernel, but still got the message. Does anyone how to fix this? Appreciate for all comments. Feel free to let me know if you need any more info. Thank you. Phil Hardware Dual Intel Xeon MP CPU 3.00GHz (32-bit) Disks SCSI 10k rpm Mirrored disks for OS 3 x 15GB JBOD Cache dirs (ReiserFS with noatime,notail) Server/OS specification OpenSUSE 10.3 32-bit Linux 2.6.22.5-31-default #1 SMP 2007/09/21 22:29:00 UTC i686 Kernel/TCP Stack tuning net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.icmp_ignore_bogus_error_responses = 1 net.ipv4.conf.all.rp_filter = 1 net.ipv4.ip_forward=0 net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.all.accept_redirects = 0 kernel.sysrq = 0 net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_keepalive_time = 400 net.ipv4.tcp_sack = 0 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 3 net.ipv4.conf.all.log_martians = 1 net.ipv4.tcp_max_syn_backlog = 8192 net.ipv4.tcp_max_tw_buckets = 144 net.ipv4.ip_local_port_range = 2048 65535 net.ipv4.tcp_rfc1337 = 1 net.ipv4.tcp_window_scaling = 1 net.core.optmem_max = 20480 net.core.somaxconn = 512 fs.inotify.max_user_watches = 65536 kernel.msgmni = 2048 fs.file-max = 334591 kernel.sem = 500 1024000 64 2048 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.core.wmem_max = 16777216 net.core.rmem_max = 16777216 net.core.netdev_max_backlog = 2500 net.ipv4.tcp_rmem = 4096 87380 16777216 net.ipv4.tcp_wmem = 4096 65536 16777216 Squid compile options (note: tried both below CFLAGS and without CFLAGS) CFLAGS="-march=native \ -O2 \ -pipe \ -fomit-frame-pointer" \ ./configure --prefix=/usr/local/squid \ --enable-async-io \ --enable-snmp \ '--enable-storeio=diskd aufs' \ '--enable-removal-policies=heap lru' \ --with-maxfd=32768 \ --enable-epoll \ --disable-ident-lookups \ --enable-large-cache-files \ --disable-carp \ --disable-wccp \ --enable-underscores \ '--enable-auth=basic ntlm' \ --enable-basic-auth-helpers=LDAP \ --enable-ntlm-auth-helpers=SMB \ --enable-external-acl-helpers=ldap_group \ --with-pthreads \ --enable-cachemgr-hostname=www-proxy3 \ --disable-poll \ --disable-select \ --with-large-files \ --with-aufs-threads=32 \ --enable-gnuregex \ --enable-err-languages=English