Squid stop without reason

**NethServer Version: NethServer release 7.7.1908 (final)
**Module: Web Proxy & Filter

Good Morning,

For a few days the Squid service has begun to stop for no apparent reason, which did not happen before, I leave you some captures that I have taken at the moment I cut to see if it helps you to determine where the problem is going.

Thanks greetings!




squid: ERROR: could not send signal 15 to process 20744: (3) No such process

Any error from:

squid -k parse
squid -k check
ls -l /var/run/squid.pid


https://wiki.squid-cache.org/KnowledgeBase/TooManyQueued



That capture is just at a time where it has stopped …

If the service is not starting, you can try to start it after removing the pid file:

cat /var/run/squid.pid
rm /var/run/squid.pid

It should be regenerated when starting the service.
On the log I notice what could be a non-default file group ownership for squid.pid:

-rw-r–r-- 1 root usuarios del dominio@MARINA.LOCAL 5 Jan 15 12:11 /var/run/squid.pid

instead of root:squid

For squid service stopping after a while check the previous links (related to too many queued negotiateauthenticator requests).

Do you have any solution?

Maybe change this

imagen

To this:

imagen

Sorry was away from keyboard. Yes (untested), increasing at least auth_param negotiate children xx

You may need a custom template as it comes from /etc/e-smith/templates/etc/squid/squid.conf/20acl_10_auth

That custom templeate did not quite understand it, putting that in the terminal should be reconfigured alone those parameters or I have to manually modify the squid.conf file

Bear in mind that technically as I have been able to read that crash, it is because the Squid is not able to process all the requests and this computing capacity as I have been able to understand is determined by those parameters.

With the command

/etc/e-smith/templates/etc/squid/squid.conf/20acl_10_auth

What parameters do you modify specifically? The active directory is approximately 800 simultaneous users …

Untested…

mkdir -p /etc/e-smith/templates-custom/etc/squid/squid.conf/
cp /etc/e-smith/templates/etc/squid/squid.conf/20acl_10_auth /etc/e-smith/templates-custom/etc/squid/squid.conf/20acl_10_auth_custom

Edit custom template:

vi /etc/e-smith/templates-custom/etc/squid/squid.conf/20acl_10_auth_custom
{
   use esmith::NetworksDB;
   use NethServer::SSSD;
   
   my $ndb = esmith::NetworksDB->open_ro();
   my $green_mode = $squid{'GreenMode'} || "manual";
   my $blue_mode = $squid{'BlueMode'} || "manual";
   my $sssd = new NethServer::SSSD();
   if ($green_mode eq 'authenticated' || (defined($ndb->blue()) && $blue_mode eq 'authenticated')) {
       $OUT .= "# Custom Authentication Parameters\n";

       if ($sssd->isAD()) {
           $OUT .= "auth_param negotiate children 20\n";
       }
   }
}
signal-event nethserver-squid-update

This will create a duplicate entry for auth_param negotiate children xx. If squid takes the last one then it will be effectively overwriting the default with the custom one.

For the number of children helpers there was some recommendation on squid manual. Let me check.

FTR, here’s a similar issue:

That modifies only

auth_param negotiate children 10

The parameter auth_param basic credentialsttl 1 hours by default is technically 2 hours

I understand that Nethserver uses templates for the subject of future updates, right? If I modify the file /etc/squid/squid.conf it would work now but would the changes be lost with the updates?

I do not quite understand you, sorry but it is a server in production and I do not want to mess it up

Yes. It will work if squid service is not restarted and if squid.conf file is not expanded from templates.

Just was pointing out (For The Record) another thread with same or similar problem and how the user solved it.

So:

mkdir -p /etc/e-smith/templates-custom/etc/squid/squid.conf/

cp /etc/e-smith/templates/etc/squid/squid.conf/20acl_10_auth /etc/e-smith/templates-custom/etc/squid/squid.conf/21acl_10_auth_custom

I edit:
vi /etc/e-smith/templates-custom/etc/squid/squid.conf/21acl_10_auth_custom

and I execute:

signal-event nethserver-squid-update

It is not necessary to restart the Squid service or anything else? Does that automatically modify the parameters and apply them in the /etc/squid/squid.conf?

Sorry to be so heavy dnutan and thank you so much for the help!

Yes, signaling the event takes care of file expansion and service restart. To be sure you can check if squid.conf has the change.

Sorry, didn’t find the reference to calculate recommended number of children for auth_param

As I’ve seen it set to 20

Note: edited code on previous post. Just the custom template file name to keep it right after 20_acl_10_auth file (result shall be the same).

i lose the actual config?

With the filename change? No, it’s the same. You can keep it as is (no change), or just rename 21_acl_10_auth_custom to 20_acl_10_auth_custom and execute expand-template /etc/squid/squid.conf
Final result will be practically the same.

I understand that I have to eliminate duplicate lines that don’t interest me, right?