**NethServer Version: NethServer release 7.7.1908 (final)
**Module: Web Proxy & Filter
Good Morning,
For a few days the Squid service has begun to stop for no apparent reason, which did not happen before, I leave you some captures that I have taken at the moment I cut to see if it helps you to determine where the problem is going.
Thanks greetings!
squid: ERROR: could not send signal 15 to process 20744: (3) No such process
Any error from:
squid -k parse
squid -k check
ls -l /var/run/squid.pid
If the service is not starting, you can try to start it after removing the pid file:
cat /var/run/squid.pid
rm /var/run/squid.pid
It should be regenerated when starting the service.
On the log I notice what could be a non-default file group ownership for squid.pid:
-rw-r–r-- 1 root usuarios del dominio@MARINA.LOCAL 5 Jan 15 12:11 /var/run/squid.pid
instead of root:squid
For squid service stopping after a while check the previous links (related to too many queued negotiateauthenticator requests).
Do you have any solution?
Maybe change this
To this:
Sorry was away from keyboard. Yes (untested), increasing at least auth_param negotiate children xx
You may need a custom template as it comes from /etc/e-smith/templates/etc/squid/squid.conf/20acl_10_auth
That custom templeate did not quite understand it, putting that in the terminal should be reconfigured alone those parameters or I have to manually modify the squid.conf file
Bear in mind that technically as I have been able to read that crash, it is because the Squid is not able to process all the requests and this computing capacity as I have been able to understand is determined by those parameters.
With the command
/etc/e-smith/templates/etc/squid/squid.conf/20acl_10_auth
What parameters do you modify specifically? The active directory is approximately 800 simultaneous users …
Untested…
mkdir -p /etc/e-smith/templates-custom/etc/squid/squid.conf/
cp /etc/e-smith/templates/etc/squid/squid.conf/20acl_10_auth /etc/e-smith/templates-custom/etc/squid/squid.conf/20acl_10_auth_custom
Edit custom template:
vi /etc/e-smith/templates-custom/etc/squid/squid.conf/20acl_10_auth_custom
{
use esmith::NetworksDB;
use NethServer::SSSD;
my $ndb = esmith::NetworksDB->open_ro();
my $green_mode = $squid{'GreenMode'} || "manual";
my $blue_mode = $squid{'BlueMode'} || "manual";
my $sssd = new NethServer::SSSD();
if ($green_mode eq 'authenticated' || (defined($ndb->blue()) && $blue_mode eq 'authenticated')) {
$OUT .= "# Custom Authentication Parameters\n";
if ($sssd->isAD()) {
$OUT .= "auth_param negotiate children 20\n";
}
}
}
signal-event nethserver-squid-update
This will create a duplicate entry for auth_param negotiate children xx. If squid takes the last one then it will be effectively overwriting the default with the custom one.
For the number of children helpers there was some recommendation on squid manual. Let me check.
FTR, here’s a similar issue:
That modifies only
auth_param negotiate children 10
The parameter auth_param basic credentialsttl 1 hours by default is technically 2 hours
I understand that Nethserver uses templates for the subject of future updates, right? If I modify the file /etc/squid/squid.conf it would work now but would the changes be lost with the updates?
I do not quite understand you, sorry but it is a server in production and I do not want to mess it up
Yes. It will work if squid service is not restarted and if squid.conf file is not expanded from templates.
Just was pointing out (For The Record) another thread with same or similar problem and how the user solved it.
So:
mkdir -p /etc/e-smith/templates-custom/etc/squid/squid.conf/
cp /etc/e-smith/templates/etc/squid/squid.conf/20acl_10_auth /etc/e-smith/templates-custom/etc/squid/squid.conf/21acl_10_auth_custom
I edit:
vi /etc/e-smith/templates-custom/etc/squid/squid.conf/21acl_10_auth_custom
and I execute:
signal-event nethserver-squid-update
It is not necessary to restart the Squid service or anything else? Does that automatically modify the parameters and apply them in the /etc/squid/squid.conf?
Sorry to be so heavy dnutan and thank you so much for the help!
Yes, signaling the event takes care of file expansion and service restart. To be sure you can check if squid.conf has the change.
Sorry, didn’t find the reference to calculate recommended number of children for auth_param
As I’ve seen it set to 20
Note: edited code on previous post. Just the custom template file name to keep it right after 20_acl_10_auth file (result shall be the same).
i lose the actual config?
With the filename change? No, it’s the same. You can keep it as is (no change), or just rename 21_acl_10_auth_custom to 20_acl_10_auth_custom and execute expand-template /etc/squid/squid.conf
Final result will be practically the same.
I understand that I have to eliminate duplicate lines that don’t interest me, right?